Warning: Permanently added '10.128.0.21' (ED25519) to the list of known hosts. executing program syzkaller login: [ 51.109252][ T3549] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 51.118121][ T3549] nci: nci_start_poll: failed to set local general bytes [ 56.206624][ T3549] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 56.215298][ T3549] [ 56.217632][ T3549] ====================================================== [ 56.224627][ T3549] WARNING: possible circular locking dependency detected [ 56.231618][ T3549] 6.1.69-syzkaller #0 Not tainted [ 56.236788][ T3549] ------------------------------------------------------ [ 56.243952][ T3549] syz-executor427/3549 is trying to acquire lock: [ 56.250340][ T3549] ffffffff8d9ca668 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x13/0x40 [ 56.259029][ T3549] [ 56.259029][ T3549] but task is already holding lock: [ 56.266363][ T3549] ffff888077b95350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 56.275741][ T3549] [ 56.275741][ T3549] which lock already depends on the new lock. [ 56.275741][ T3549] [ 56.286217][ T3549] [ 56.286217][ T3549] the existing dependency chain (in reverse order) is: [ 56.295373][ T3549] [ 56.295373][ T3549] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 56.302991][ T3549] lock_acquire+0x1f8/0x5a0 [ 56.307994][ T3549] __mutex_lock+0x132/0xd80 [ 56.312996][ T3549] nci_start_poll+0x59f/0xf20 [ 56.318182][ T3549] nfc_start_poll+0x184/0x2f0 [ 56.323378][ T3549] nfc_genl_start_poll+0x1e7/0x350 [ 56.328992][ T3549] genl_rcv_msg+0xc1a/0xf70 [ 56.333993][ T3549] netlink_rcv_skb+0x1cd/0x410 [ 56.339254][ T3549] genl_rcv+0x24/0x40 [ 56.343737][ T3549] netlink_unicast+0x7d8/0x970 [ 56.349377][ T3549] netlink_sendmsg+0xa26/0xd60 [ 56.354639][ T3549] ____sys_sendmsg+0x59e/0x8f0 [ 56.359908][ T3549] __sys_sendmsg+0x2a9/0x390 [ 56.364997][ T3549] do_syscall_64+0x3d/0xb0 [ 56.369918][ T3549] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.376328][ T3549] [ 56.376328][ T3549] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 56.384985][ T3549] lock_acquire+0x1f8/0x5a0 [ 56.389988][ T3549] __mutex_lock+0x132/0xd80 [ 56.394986][ T3549] nfc_urelease_event_work+0x113/0x2f0 [ 56.400944][ T3549] process_one_work+0x8a9/0x11d0 [ 56.406376][ T3549] worker_thread+0xa47/0x1200 [ 56.411549][ T3549] kthread+0x28d/0x320 [ 56.416119][ T3549] ret_from_fork+0x1f/0x30 [ 56.421040][ T3549] [ 56.421040][ T3549] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 56.428826][ T3549] lock_acquire+0x1f8/0x5a0 [ 56.433828][ T3549] __mutex_lock+0x132/0xd80 [ 56.438828][ T3549] nfc_register_device+0x38/0x310 [ 56.444349][ T3549] nci_register_device+0x7be/0x900 [ 56.449954][ T3549] virtual_ncidev_open+0x55/0xc0 [ 56.455412][ T3549] misc_open+0x304/0x380 [ 56.460156][ T3549] chrdev_open+0x54a/0x630 [ 56.465071][ T3549] do_dentry_open+0x7f9/0x10f0 [ 56.470333][ T3549] path_openat+0x2644/0x2e60 [ 56.475420][ T3549] do_filp_open+0x230/0x480 [ 56.480439][ T3549] do_sys_openat2+0x13b/0x500 [ 56.485613][ T3549] __x64_sys_openat+0x243/0x290 [ 56.491048][ T3549] do_syscall_64+0x3d/0xb0 [ 56.495962][ T3549] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.502624][ T3549] [ 56.502624][ T3549] -> #0 (nci_mutex){+.+.}-{3:3}: [ 56.509721][ T3549] validate_chain+0x1661/0x5950 [ 56.515092][ T3549] __lock_acquire+0x125b/0x1f80 [ 56.520442][ T3549] lock_acquire+0x1f8/0x5a0 [ 56.525442][ T3549] __mutex_lock+0x132/0xd80 [ 56.530442][ T3549] virtual_nci_close+0x13/0x40 [ 56.535723][ T3549] nci_close_device+0x3a8/0x5f0 [ 56.541088][ T3549] nci_unregister_device+0x3c/0x230 [ 56.546906][ T3549] virtual_ncidev_close+0x55/0x90 [ 56.552439][ T3549] __fput+0x3b7/0x890 [ 56.556937][ T3549] task_work_run+0x246/0x300 [ 56.562050][ T3549] do_exit+0xa73/0x26a0 [ 56.566739][ T3549] do_group_exit+0x202/0x2b0 [ 56.571840][ T3549] get_signal+0x16f7/0x17d0 [ 56.576852][ T3549] arch_do_signal_or_restart+0xb0/0x1a10 [ 56.582990][ T3549] exit_to_user_mode_loop+0x6a/0x100 [ 56.588806][ T3549] exit_to_user_mode_prepare+0xb1/0x140 [ 56.594937][ T3549] syscall_exit_to_user_mode+0x60/0x270 [ 56.600978][ T3549] do_syscall_64+0x49/0xb0 [ 56.606080][ T3549] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.612492][ T3549] [ 56.612492][ T3549] other info that might help us debug this: [ 56.612492][ T3549] [ 56.622705][ T3549] Chain exists of: [ 56.622705][ T3549] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 56.622705][ T3549] [ 56.636670][ T3549] Possible unsafe locking scenario: [ 56.636670][ T3549] [ 56.644110][ T3549] CPU0 CPU1 [ 56.649548][ T3549] ---- ---- [ 56.654973][ T3549] lock(&ndev->req_lock); [ 56.659369][ T3549] lock(&genl_data->genl_data_mutex); [ 56.667754][ T3549] lock(&ndev->req_lock); [ 56.674836][ T3549] lock(nci_mutex); [ 56.678721][ T3549] [ 56.678721][ T3549] *** DEADLOCK *** [ 56.678721][ T3549] [ 56.687365][ T3549] 1 lock held by syz-executor427/3549: [ 56.693087][ T3549] #0: ffff888077b95350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 56.702819][ T3549] [ 56.702819][ T3549] stack backtrace: [ 56.708704][ T3549] CPU: 0 PID: 3549 Comm: syz-executor427 Not tainted 6.1.69-syzkaller #0 [ 56.717102][ T3549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 56.727222][ T3549] Call Trace: [ 56.730479][ T3549] [ 56.733405][ T3549] dump_stack_lvl+0x1e3/0x2cb [ 56.738117][ T3549] ? nf_tcp_handle_invalid+0x642/0x642 [ 56.743585][ T3549] ? print_circular_bug+0x12b/0x1a0 [ 56.748772][ T3549] check_noncircular+0x2fa/0x3b0 [ 56.753692][ T3549] ? add_chain_block+0x850/0x850 [ 56.758616][ T3549] ? lockdep_lock+0x11f/0x2a0 [ 56.763353][ T3549] ? _find_first_zero_bit+0xd0/0x100 [ 56.768654][ T3549] validate_chain+0x1661/0x5950 [ 56.773576][ T3549] ? reacquire_held_locks+0x660/0x660 [ 56.778943][ T3549] ? prb_read_valid+0xf0/0xf0 [ 56.783599][ T3549] ? mark_lock+0x9a/0x340 [ 56.788254][ T3549] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 56.794233][ T3549] ? print_irqtrace_events+0x210/0x210 [ 56.799673][ T3549] ? mark_lock+0x9a/0x340 [ 56.803980][ T3549] ? __up_console_sem+0x124/0x1e0 [ 56.808987][ T3549] __lock_acquire+0x125b/0x1f80 [ 56.813914][ T3549] lock_acquire+0x1f8/0x5a0 [ 56.818401][ T3549] ? virtual_nci_close+0x13/0x40 [ 56.823424][ T3549] ? read_lock_is_recursive+0x10/0x10 [ 56.828964][ T3549] ? irq_work_queue+0xc6/0x150 [ 56.833709][ T3549] ? __might_sleep+0xb0/0xb0 [ 56.838292][ T3549] ? _printk+0xd1/0x111 [ 56.842425][ T3549] ? __wake_up_klogd+0xd5/0x100 [ 56.847251][ T3549] ? vprintk_emit+0x622/0x740 [ 56.851908][ T3549] ? printk_sprint+0x490/0x490 [ 56.856651][ T3549] ? _raw_spin_unlock_irq+0x1f/0x40 [ 56.861847][ T3549] __mutex_lock+0x132/0xd80 [ 56.866331][ T3549] ? virtual_nci_close+0x13/0x40 [ 56.871249][ T3549] ? _printk+0xd1/0x111 [ 56.875382][ T3549] ? virtual_nci_close+0x13/0x40 [ 56.880298][ T3549] ? mutex_lock_nested+0x10/0x10 [ 56.885218][ T3549] ? nci_send_cmd+0x1f4/0x320 [ 56.889879][ T3549] virtual_nci_close+0x13/0x40 [ 56.894620][ T3549] nci_close_device+0x3a8/0x5f0 [ 56.899461][ T3549] ? nci_unregister_device+0x230/0x230 [ 56.904895][ T3549] ? mutex_unlock+0x10/0x10 [ 56.909393][ T3549] nci_unregister_device+0x3c/0x230 [ 56.914568][ T3549] ? ima_file_free+0xe8/0x3c0 [ 56.919223][ T3549] virtual_ncidev_close+0x55/0x90 [ 56.924225][ T3549] ? virtual_ncidev_open+0xc0/0xc0 [ 56.929322][ T3549] __fput+0x3b7/0x890 [ 56.933299][ T3549] task_work_run+0x246/0x300 [ 56.937956][ T3549] ? task_work_cancel+0x2b0/0x2b0 [ 56.942975][ T3549] ? exit_task_namespaces+0xdd/0xf0 [ 56.948154][ T3549] do_exit+0xa73/0x26a0 [ 56.952381][ T3549] ? put_task_struct+0x80/0x80 [ 56.957145][ T3549] ? get_signal+0x137e/0x17d0 [ 56.961804][ T3549] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 56.967781][ T3549] ? print_irqtrace_events+0x210/0x210 [ 56.973222][ T3549] ? _raw_spin_lock_irq+0xdb/0x110 [ 56.978314][ T3549] do_group_exit+0x202/0x2b0 [ 56.982884][ T3549] ? _raw_spin_unlock_irq+0x1f/0x40 [ 56.988076][ T3549] ? lockdep_hardirqs_on+0x94/0x130 [ 56.993275][ T3549] get_signal+0x16f7/0x17d0 [ 56.997772][ T3549] ? ptrace_notify+0x370/0x370 [ 57.002540][ T3549] arch_do_signal_or_restart+0xb0/0x1a10 [ 57.008163][ T3549] ? ____sys_sendmsg+0x8f0/0x8f0 [ 57.013083][ T3549] ? vfs_write+0x923/0xba0 [ 57.017488][ T3549] ? rcu_is_watching+0x11/0xb0 [ 57.022228][ T3549] ? get_sigframe_size+0x10/0x10 [ 57.027141][ T3549] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 57.033104][ T3549] ? exit_to_user_mode_loop+0x39/0x100 [ 57.038727][ T3549] exit_to_user_mode_loop+0x6a/0x100 [ 57.043993][ T3549] exit_to_user_mode_prepare+0xb1/0x140 [ 57.049526][ T3549] syscall_exit_to_user_mode+0x60/0x270 [ 57.055053][ T3549] do_syscall_64+0x49/0xb0 [ 57.059543][ T3549] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.065440][ T3549] RIP: 0033:0x7f822cd7f509 [ 57.069830][ T3549] Code: Unable to access opcode bytes at 0x7f822cd7f4df. [ 57.076907][ T3549] RSP: 002b:00007f822cd1e238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.085383][ T3549] RAX: 0000000000000024 RBX: 00007f822ce09378 RCX: 00007f822cd7f509 [ 57.093864][ T3549] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 57.101825][ T3549] RBP: 00007f822ce09370 R08: 0000000000000003 R09: 00007f822cd1e6c0 executing program [ 57.109779][ T3549] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f822cdd6074 [ 57.117735][ T3549] R13: 000000000000006e R14: 00007ffeb83f2be0 R15: 00007ffeb83f2cc8 [ 57.125705][ T3549] executing program [ 57.356443][ T3552] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 57.586827][ T3558] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 57.595543][ T3558] nci: nci_start_poll: failed to set local general bytes executing program [ 62.606379][ T3558] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 62.833904][ T3569] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 62.842694][ T3569] nci: nci_start_poll: failed to set local general bytes