Warning: Permanently added '10.128.0.46' (ED25519) to the list of known hosts. executing program [ 65.038595][ T3554] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 65.047651][ T3554] nci: nci_start_poll: failed to set local general bytes [ 70.062361][ T3554] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 70.070985][ T3554] [ 70.073351][ T3554] ====================================================== [ 70.080461][ T3554] WARNING: possible circular locking dependency detected [ 70.087473][ T3554] 6.1.55-syzkaller #0 Not tainted [ 70.092501][ T3554] ------------------------------------------------------ [ 70.099504][ T3554] syz-executor990/3554 is trying to acquire lock: [ 70.105902][ T3554] ffffffff8d9d1d48 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x13/0x40 [ 70.114627][ T3554] [ 70.114627][ T3554] but task is already holding lock: [ 70.121978][ T3554] ffff8880176c3350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 70.131577][ T3554] [ 70.131577][ T3554] which lock already depends on the new lock. [ 70.131577][ T3554] [ 70.142070][ T3554] [ 70.142070][ T3554] the existing dependency chain (in reverse order) is: [ 70.151082][ T3554] [ 70.151082][ T3554] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 70.158722][ T3554] lock_acquire+0x1f8/0x5a0 [ 70.163782][ T3554] __mutex_lock+0x132/0xd80 [ 70.168819][ T3554] nci_start_poll+0x59f/0xf20 [ 70.174020][ T3554] nfc_start_poll+0x184/0x2f0 [ 70.179221][ T3554] nfc_genl_start_poll+0x1e7/0x350 [ 70.184865][ T3554] genl_rcv_msg+0xc1a/0xf70 [ 70.189894][ T3554] netlink_rcv_skb+0x1cd/0x410 [ 70.195191][ T3554] genl_rcv+0x24/0x40 [ 70.199706][ T3554] netlink_unicast+0x7d8/0x970 [ 70.205000][ T3554] netlink_sendmsg+0xa26/0xd60 [ 70.210300][ T3554] ____sys_sendmsg+0x59e/0x8f0 [ 70.215613][ T3554] __sys_sendmsg+0x2a9/0x390 [ 70.220731][ T3554] do_syscall_64+0x3d/0xb0 [ 70.225778][ T3554] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.232286][ T3554] [ 70.232286][ T3554] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 70.240974][ T3554] lock_acquire+0x1f8/0x5a0 [ 70.246005][ T3554] __mutex_lock+0x132/0xd80 [ 70.251039][ T3554] nfc_urelease_event_work+0x113/0x2f0 [ 70.257041][ T3554] process_one_work+0x8a9/0x11d0 [ 70.262531][ T3554] worker_thread+0xa47/0x1200 [ 70.267747][ T3554] kthread+0x28d/0x320 [ 70.272444][ T3554] ret_from_fork+0x1f/0x30 [ 70.277639][ T3554] [ 70.277639][ T3554] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 70.285568][ T3554] lock_acquire+0x1f8/0x5a0 [ 70.290687][ T3554] __mutex_lock+0x132/0xd80 [ 70.295812][ T3554] nfc_register_device+0x38/0x310 [ 70.301365][ T3554] nci_register_device+0x7be/0x900 [ 70.307086][ T3554] virtual_ncidev_open+0x55/0xc0 [ 70.312548][ T3554] misc_open+0x304/0x380 [ 70.317323][ T3554] chrdev_open+0x54a/0x630 [ 70.322281][ T3554] do_dentry_open+0x7f9/0x10f0 [ 70.328021][ T3554] path_openat+0x2644/0x2e60 [ 70.333149][ T3554] do_filp_open+0x230/0x480 [ 70.338195][ T3554] do_sys_openat2+0x13b/0x500 [ 70.343411][ T3554] __x64_sys_openat+0x243/0x290 [ 70.348823][ T3554] do_syscall_64+0x3d/0xb0 [ 70.354475][ T3554] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.360925][ T3554] [ 70.360925][ T3554] -> #0 (nci_mutex){+.+.}-{3:3}: [ 70.368061][ T3554] validate_chain+0x1667/0x58e0 [ 70.373459][ T3554] __lock_acquire+0x125b/0x1f80 [ 70.378838][ T3554] lock_acquire+0x1f8/0x5a0 [ 70.383870][ T3554] __mutex_lock+0x132/0xd80 [ 70.388903][ T3554] virtual_nci_close+0x13/0x40 [ 70.394191][ T3554] nci_close_device+0x3a8/0x5f0 [ 70.399569][ T3554] nci_unregister_device+0x3c/0x230 [ 70.405295][ T3554] virtual_ncidev_close+0x55/0x90 [ 70.411124][ T3554] __fput+0x3b7/0x890 [ 70.417049][ T3554] task_work_run+0x246/0x300 [ 70.422176][ T3554] do_exit+0xa73/0x26a0 [ 70.426895][ T3554] do_group_exit+0x202/0x2b0 [ 70.432109][ T3554] get_signal+0x16f7/0x17d0 [ 70.437156][ T3554] arch_do_signal_or_restart+0xb0/0x1a10 [ 70.443410][ T3554] exit_to_user_mode_loop+0x6a/0x100 [ 70.449236][ T3554] exit_to_user_mode_prepare+0xb1/0x140 [ 70.455575][ T3554] syscall_exit_to_user_mode+0x60/0x270 [ 70.461650][ T3554] do_syscall_64+0x49/0xb0 [ 70.466684][ T3554] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.473132][ T3554] [ 70.473132][ T3554] other info that might help us debug this: [ 70.473132][ T3554] [ 70.483367][ T3554] Chain exists of: [ 70.483367][ T3554] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 70.483367][ T3554] [ 70.496970][ T3554] Possible unsafe locking scenario: [ 70.496970][ T3554] [ 70.504512][ T3554] CPU0 CPU1 [ 70.509876][ T3554] ---- ---- [ 70.515240][ T3554] lock(&ndev->req_lock); [ 70.519662][ T3554] lock(&genl_data->genl_data_mutex); [ 70.527732][ T3554] lock(&ndev->req_lock); [ 70.534691][ T3554] lock(nci_mutex); [ 70.540156][ T3554] [ 70.540156][ T3554] *** DEADLOCK *** [ 70.540156][ T3554] [ 70.548300][ T3554] 1 lock held by syz-executor990/3554: [ 70.553753][ T3554] #0: ffff8880176c3350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 70.563686][ T3554] [ 70.563686][ T3554] stack backtrace: [ 70.569570][ T3554] CPU: 1 PID: 3554 Comm: syz-executor990 Not tainted 6.1.55-syzkaller #0 [ 70.577982][ T3554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 70.588160][ T3554] Call Trace: [ 70.591456][ T3554] [ 70.594396][ T3554] dump_stack_lvl+0x1e3/0x2cb [ 70.599120][ T3554] ? nf_tcp_handle_invalid+0x642/0x642 [ 70.604599][ T3554] ? print_circular_bug+0x12b/0x1a0 [ 70.609815][ T3554] check_noncircular+0x2fa/0x3b0 [ 70.614774][ T3554] ? add_chain_block+0x850/0x850 [ 70.619725][ T3554] ? lockdep_lock+0x11f/0x2a0 [ 70.624418][ T3554] ? _find_first_zero_bit+0xd0/0x100 [ 70.629711][ T3554] validate_chain+0x1667/0x58e0 [ 70.634674][ T3554] ? reacquire_held_locks+0x660/0x660 [ 70.640062][ T3554] ? prb_read_valid+0xf0/0xf0 [ 70.644745][ T3554] ? mark_lock+0x9a/0x340 [ 70.649091][ T3554] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 70.655090][ T3554] ? print_irqtrace_events+0x210/0x210 [ 70.660588][ T3554] ? mark_lock+0x9a/0x340 [ 70.664948][ T3554] ? __up_console_sem+0x124/0x1e0 [ 70.670173][ T3554] __lock_acquire+0x125b/0x1f80 [ 70.675046][ T3554] lock_acquire+0x1f8/0x5a0 [ 70.679565][ T3554] ? virtual_nci_close+0x13/0x40 [ 70.684516][ T3554] ? read_lock_is_recursive+0x10/0x10 [ 70.690000][ T3554] ? irq_work_queue+0xc6/0x150 [ 70.694782][ T3554] ? __might_sleep+0xb0/0xb0 [ 70.699470][ T3554] ? _printk+0xd1/0x111 [ 70.703640][ T3554] ? __wake_up_klogd+0xd5/0x100 [ 70.708511][ T3554] ? vprintk_emit+0x622/0x740 [ 70.713251][ T3554] ? printk_sprint+0x490/0x490 [ 70.718050][ T3554] ? _raw_spin_unlock_irq+0x1f/0x40 [ 70.723260][ T3554] __mutex_lock+0x132/0xd80 [ 70.727799][ T3554] ? virtual_nci_close+0x13/0x40 [ 70.732743][ T3554] ? _printk+0xd1/0x111 [ 70.736912][ T3554] ? virtual_nci_close+0x13/0x40 [ 70.742202][ T3554] ? mutex_lock_nested+0x10/0x10 [ 70.747154][ T3554] ? nci_send_cmd+0x1f4/0x320 [ 70.751930][ T3554] virtual_nci_close+0x13/0x40 [ 70.756871][ T3554] nci_close_device+0x3a8/0x5f0 [ 70.761827][ T3554] ? nci_unregister_device+0x230/0x230 [ 70.767345][ T3554] ? mutex_unlock+0x10/0x10 [ 70.771900][ T3554] nci_unregister_device+0x3c/0x230 [ 70.780422][ T3554] ? ima_file_free+0xe8/0x3c0 [ 70.785117][ T3554] virtual_ncidev_close+0x55/0x90 [ 70.790175][ T3554] ? virtual_ncidev_open+0xc0/0xc0 [ 70.795373][ T3554] __fput+0x3b7/0x890 [ 70.799388][ T3554] task_work_run+0x246/0x300 [ 70.803991][ T3554] ? task_work_cancel+0x2b0/0x2b0 [ 70.809051][ T3554] ? exit_task_namespaces+0xdd/0xf0 [ 70.814258][ T3554] do_exit+0xa73/0x26a0 [ 70.818430][ T3554] ? put_task_struct+0x80/0x80 [ 70.823408][ T3554] ? get_signal+0x137e/0x17d0 [ 70.828103][ T3554] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 70.834272][ T3554] ? print_irqtrace_events+0x210/0x210 [ 70.839740][ T3554] ? _raw_spin_lock_irq+0xdb/0x110 [ 70.844926][ T3554] do_group_exit+0x202/0x2b0 [ 70.849568][ T3554] ? _raw_spin_unlock_irq+0x1f/0x40 [ 70.854773][ T3554] ? lockdep_hardirqs_on+0x94/0x130 [ 70.859976][ T3554] get_signal+0x16f7/0x17d0 [ 70.864500][ T3554] ? ptrace_notify+0x370/0x370 [ 70.869289][ T3554] arch_do_signal_or_restart+0xb0/0x1a10 [ 70.874929][ T3554] ? ____sys_sendmsg+0x8f0/0x8f0 [ 70.879874][ T3554] ? vfs_write+0x923/0xba0 [ 70.884306][ T3554] ? rcu_is_watching+0x11/0xb0 [ 70.889082][ T3554] ? get_sigframe_size+0x10/0x10 [ 70.894028][ T3554] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 70.900023][ T3554] ? exit_to_user_mode_loop+0x39/0x100 [ 70.905496][ T3554] exit_to_user_mode_loop+0x6a/0x100 [ 70.910793][ T3554] exit_to_user_mode_prepare+0xb1/0x140 [ 70.916545][ T3554] syscall_exit_to_user_mode+0x60/0x270 [ 70.922094][ T3554] do_syscall_64+0x49/0xb0 [ 70.926520][ T3554] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.932427][ T3554] RIP: 0033:0x7fc2d9170509 [ 70.937885][ T3554] Code: Unable to access opcode bytes at 0x7fc2d91704df. [ 70.944900][ T3554] RSP: 002b:00007fc2d910f238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.953320][ T3554] RAX: 0000000000000024 RBX: 00007fc2d91fa378 RCX: 00007fc2d9170509 executing program [ 70.961316][ T3554] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 70.969290][ T3554] RBP: 00007fc2d91fa370 R08: 0000000000000003 R09: 00007fc2d910f6c0 [ 70.977261][ T3554] R10: 0000000000000008 R11: 0000000000000246 R12: 00007fc2d91c7074 [ 70.985236][ T3554] R13: 000000000000006e R14: 00007fff0d90c970 R15: 00007fff0d90ca58 [ 70.993237][ T3554] [ 71.230688][ T3562] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 71.239437][ T3562] nci: nci_start_poll: failed to set local general bytes executing program [ 76.302134][ T3562] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 76.530365][ T3566] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 76.760004][ T3572] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 76.988479][ T3578] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 77.219521][ T3584] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 77.452358][ T3590] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 77.685884][ T3600] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 77.694707][ T3600] nci: nci_start_poll: failed to set local general bytes