Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. executing program [ 67.624737][ T3628] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 67.633745][ T3628] nci: nci_start_poll: failed to set local general bytes [ 72.657935][ T3628] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 72.666684][ T3628] [ 72.669008][ T3628] ====================================================== [ 72.676015][ T3628] WARNING: possible circular locking dependency detected [ 72.683070][ T3628] 6.1.19-syzkaller #0 Not tainted [ 72.688184][ T3628] ------------------------------------------------------ [ 72.695208][ T3628] syz-executor165/3628 is trying to acquire lock: [ 72.701620][ T3628] ffffffff8d7c6228 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x13/0x40 [ 72.710362][ T3628] [ 72.710362][ T3628] but task is already holding lock: [ 72.717734][ T3628] ffff88807e9e9350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 72.727084][ T3628] [ 72.727084][ T3628] which lock already depends on the new lock. [ 72.727084][ T3628] [ 72.737487][ T3628] [ 72.737487][ T3628] the existing dependency chain (in reverse order) is: [ 72.746531][ T3628] [ 72.746531][ T3628] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 72.754182][ T3628] lock_acquire+0x23a/0x630 [ 72.759233][ T3628] __mutex_lock_common+0x1d4/0x2520 [ 72.764956][ T3628] mutex_lock_nested+0x17/0x20 [ 72.770253][ T3628] nci_start_poll+0x59f/0xf20 [ 72.775456][ T3628] nfc_start_poll+0x184/0x2f0 [ 72.780658][ T3628] nfc_genl_start_poll+0x1e7/0x350 [ 72.786302][ T3628] genl_rcv_msg+0xc1a/0xf70 [ 72.791362][ T3628] netlink_rcv_skb+0x1cd/0x410 [ 72.796654][ T3628] genl_rcv+0x24/0x40 [ 72.801165][ T3628] netlink_unicast+0x7bf/0x990 [ 72.806467][ T3628] netlink_sendmsg+0xa26/0xd60 [ 72.811764][ T3628] ____sys_sendmsg+0x59e/0x8f0 [ 72.817076][ T3628] __sys_sendmsg+0x2a9/0x390 [ 72.822206][ T3628] do_syscall_64+0x3d/0xb0 [ 72.827146][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 72.833574][ T3628] [ 72.833574][ T3628] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 72.842267][ T3628] lock_acquire+0x23a/0x630 [ 72.847330][ T3628] __mutex_lock_common+0x1d4/0x2520 [ 72.853053][ T3628] mutex_lock_nested+0x17/0x20 [ 72.858356][ T3628] nfc_urelease_event_work+0x113/0x2f0 [ 72.864345][ T3628] process_one_work+0x909/0x1380 [ 72.869812][ T3628] worker_thread+0xa5f/0x1210 [ 72.875014][ T3628] kthread+0x268/0x300 [ 72.879602][ T3628] ret_from_fork+0x1f/0x30 [ 72.884548][ T3628] [ 72.884548][ T3628] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 72.892374][ T3628] lock_acquire+0x23a/0x630 [ 72.897407][ T3628] __mutex_lock_common+0x1d4/0x2520 [ 72.903134][ T3628] mutex_lock_nested+0x17/0x20 [ 72.908420][ T3628] nfc_register_device+0x38/0x310 [ 72.913975][ T3628] nci_register_device+0x7be/0x900 [ 72.919608][ T3628] virtual_ncidev_open+0x55/0xc0 [ 72.925090][ T3628] misc_open+0x304/0x380 [ 72.929884][ T3628] chrdev_open+0x54a/0x630 [ 72.934842][ T3628] do_dentry_open+0x7f9/0x10f0 [ 72.940150][ T3628] path_openat+0x2644/0x2e60 [ 72.945276][ T3628] do_filp_open+0x230/0x480 [ 72.950311][ T3628] do_sys_openat2+0x13b/0x500 [ 72.955527][ T3628] __x64_sys_openat+0x243/0x290 [ 72.960930][ T3628] do_syscall_64+0x3d/0xb0 [ 72.965887][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 72.972338][ T3628] [ 72.972338][ T3628] -> #0 (nci_mutex){+.+.}-{3:3}: [ 72.979467][ T3628] validate_chain+0x1667/0x58e0 [ 72.984845][ T3628] __lock_acquire+0x125b/0x1f80 [ 72.990239][ T3628] lock_acquire+0x23a/0x630 [ 72.995282][ T3628] __mutex_lock_common+0x1d4/0x2520 [ 73.001018][ T3628] mutex_lock_nested+0x17/0x20 [ 73.006324][ T3628] virtual_nci_close+0x13/0x40 [ 73.011631][ T3628] nci_close_device+0x3a8/0x5f0 [ 73.017015][ T3628] nci_unregister_device+0x3c/0x230 [ 73.022742][ T3628] virtual_ncidev_close+0x55/0x90 [ 73.028304][ T3628] __fput+0x3b7/0x890 [ 73.032813][ T3628] task_work_run+0x246/0x300 [ 73.037949][ T3628] do_exit+0x6fb/0x2300 [ 73.042635][ T3628] do_group_exit+0x202/0x2b0 [ 73.047768][ T3628] get_signal+0x16f7/0x17d0 [ 73.052809][ T3628] arch_do_signal_or_restart+0xb0/0x1a10 [ 73.058990][ T3628] exit_to_user_mode_loop+0x6a/0x100 [ 73.064904][ T3628] exit_to_user_mode_prepare+0xb1/0x140 [ 73.071008][ T3628] syscall_exit_to_user_mode+0x60/0x2d0 [ 73.077089][ T3628] do_syscall_64+0x49/0xb0 [ 73.082030][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.088550][ T3628] [ 73.088550][ T3628] other info that might help us debug this: [ 73.088550][ T3628] [ 73.098774][ T3628] Chain exists of: [ 73.098774][ T3628] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 73.098774][ T3628] [ 73.112508][ T3628] Possible unsafe locking scenario: [ 73.112508][ T3628] [ 73.119953][ T3628] CPU0 CPU1 [ 73.125315][ T3628] ---- ---- [ 73.130692][ T3628] lock(&ndev->req_lock); [ 73.135113][ T3628] lock(&genl_data->genl_data_mutex); [ 73.143092][ T3628] lock(&ndev->req_lock); [ 73.150029][ T3628] lock(nci_mutex); [ 73.153924][ T3628] [ 73.153924][ T3628] *** DEADLOCK *** [ 73.153924][ T3628] [ 73.162167][ T3628] 1 lock held by syz-executor165/3628: [ 73.167629][ T3628] #0: ffff88807e9e9350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 73.177394][ T3628] [ 73.177394][ T3628] stack backtrace: [ 73.183287][ T3628] CPU: 0 PID: 3628 Comm: syz-executor165 Not tainted 6.1.19-syzkaller #0 [ 73.191709][ T3628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 73.201770][ T3628] Call Trace: [ 73.205064][ T3628] [ 73.207996][ T3628] dump_stack_lvl+0x1e3/0x2cb [ 73.212697][ T3628] ? nf_tcp_handle_invalid+0x642/0x642 [ 73.218168][ T3628] ? print_circular_bug+0x12b/0x1a0 [ 73.223387][ T3628] check_noncircular+0x2fa/0x3b0 [ 73.228349][ T3628] ? add_chain_block+0x850/0x850 [ 73.233289][ T3628] ? lockdep_lock+0x11f/0x2a0 [ 73.238063][ T3628] ? prb_read_valid+0xf0/0xf0 [ 73.242762][ T3628] ? console_lock_spinning_disable_and_check+0x79/0xa0 [ 73.249636][ T3628] ? _find_first_zero_bit+0xd0/0x100 [ 73.254932][ T3628] validate_chain+0x1667/0x58e0 [ 73.259900][ T3628] ? __lock_acquire+0x125b/0x1f80 [ 73.264944][ T3628] ? desc_read+0x200/0x3f0 [ 73.269371][ T3628] ? memcpy+0x3c/0x60 [ 73.273358][ T3628] ? reacquire_held_locks+0x660/0x660 [ 73.278734][ T3628] ? desc_read+0x1a2/0x3f0 [ 73.283162][ T3628] ? _prb_read_valid+0xb46/0xbe0 [ 73.288111][ T3628] ? mark_lock+0x9a/0x340 [ 73.292464][ T3628] __lock_acquire+0x125b/0x1f80 [ 73.297334][ T3628] lock_acquire+0x23a/0x630 [ 73.301849][ T3628] ? virtual_nci_close+0x13/0x40 [ 73.306817][ T3628] ? read_lock_is_recursive+0x10/0x10 [ 73.312222][ T3628] ? __might_sleep+0xb0/0xb0 [ 73.316841][ T3628] ? find_next_clump8+0x1a0/0x1a0 [ 73.321908][ T3628] ? console_unlock+0x281/0x6e0 [ 73.326773][ T3628] ? console_unlock+0x6aa/0x6e0 [ 73.331640][ T3628] __mutex_lock_common+0x1d4/0x2520 [ 73.336854][ T3628] ? virtual_nci_close+0x13/0x40 [ 73.341811][ T3628] ? irq_work_queue+0xc6/0x150 [ 73.346601][ T3628] ? __wake_up_klogd+0xd5/0x100 [ 73.351457][ T3628] ? vprintk_emit+0x109/0x1f0 [ 73.356153][ T3628] ? virtual_nci_close+0x13/0x40 [ 73.361099][ T3628] ? _printk+0xd1/0x111 [ 73.365268][ T3628] ? mutex_lock_io_nested+0x60/0x60 [ 73.370475][ T3628] ? panic+0x75d/0x75d [ 73.374555][ T3628] ? _raw_spin_unlock_irq+0x1f/0x40 [ 73.379765][ T3628] mutex_lock_nested+0x17/0x20 [ 73.384550][ T3628] virtual_nci_close+0x13/0x40 [ 73.389336][ T3628] nci_close_device+0x3a8/0x5f0 [ 73.394236][ T3628] ? nci_unregister_device+0x230/0x230 [ 73.399713][ T3628] ? mutex_unlock+0x10/0x10 [ 73.404229][ T3628] nci_unregister_device+0x3c/0x230 [ 73.409440][ T3628] ? virtual_ncidev_open+0xc0/0xc0 [ 73.414563][ T3628] virtual_ncidev_close+0x55/0x90 [ 73.419602][ T3628] ? virtual_ncidev_open+0xc0/0xc0 [ 73.424736][ T3628] __fput+0x3b7/0x890 [ 73.428732][ T3628] task_work_run+0x246/0x300 [ 73.433337][ T3628] ? task_work_cancel+0x2b0/0x2b0 [ 73.438384][ T3628] ? exit_task_namespaces+0xdd/0xf0 [ 73.443592][ T3628] do_exit+0x6fb/0x2300 [ 73.447772][ T3628] ? read_lock_is_recursive+0x10/0x10 [ 73.453172][ T3628] ? put_task_struct+0x80/0x80 [ 73.457943][ T3628] ? get_signal+0x137e/0x17d0 [ 73.462649][ T3628] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 73.468641][ T3628] ? print_irqtrace_events+0x210/0x210 [ 73.474110][ T3628] ? _raw_spin_lock_irq+0xdb/0x110 [ 73.479231][ T3628] do_group_exit+0x202/0x2b0 [ 73.483833][ T3628] ? _raw_spin_unlock_irq+0x1f/0x40 [ 73.489126][ T3628] ? lockdep_hardirqs_on+0x94/0x130 [ 73.494331][ T3628] get_signal+0x16f7/0x17d0 [ 73.498869][ T3628] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 73.504861][ T3628] ? ptrace_notify+0x370/0x370 [ 73.509741][ T3628] arch_do_signal_or_restart+0xb0/0x1a10 [ 73.515380][ T3628] ? ____sys_sendmsg+0x8f0/0x8f0 [ 73.520338][ T3628] ? get_sigframe_size+0x10/0x10 [ 73.525634][ T3628] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 73.531632][ T3628] ? exit_to_user_mode_loop+0x39/0x100 [ 73.537182][ T3628] exit_to_user_mode_loop+0x6a/0x100 [ 73.542557][ T3628] exit_to_user_mode_prepare+0xb1/0x140 [ 73.548110][ T3628] syscall_exit_to_user_mode+0x60/0x2d0 [ 73.553668][ T3628] do_syscall_64+0x49/0xb0 [ 73.558093][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.564000][ T3628] RIP: 0033:0x7feca61549a9 [ 73.568419][ T3628] Code: Unable to access opcode bytes at 0x7feca615497f. [ 73.575436][ T3628] RSP: 002b:00007feca61051f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 73.583852][ T3628] RAX: 0000000000000024 RBX: 00007feca61dc428 RCX: 00007feca61549a9 [ 73.591823][ T3628] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 73.599806][ T3628] RBP: 00007feca61dc420 R08: 0000000000000000 R09: 0000000000000000 [ 73.607778][ T3628] R10: 0000000000000001 R11: 000