nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
======================================================
WARNING: possible circular locking dependency detected
5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted
------------------------------------------------------
syz-executor.1/6172 is trying to acquire lock:
ffffffff84fc0408 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58 drivers/nfc/virtual_ncidev.c:44

but task is already holding lock:
ffffaf800cef1350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de net/nfc/nci/core.c:560

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&ndev->req_lock){+.+.}-{3:3}:
       lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
       lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
       __mutex_lock_common kernel/locking/mutex.c:600 [inline]
       __mutex_lock+0x114/0xade kernel/locking/mutex.c:733
       mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
       nci_request net/nfc/nci/core.c:148 [inline]
       nci_set_local_general_bytes net/nfc/nci/core.c:770 [inline]
       nci_start_poll+0x4de/0x6b8 net/nfc/nci/core.c:834
       nfc_start_poll+0x10c/0x1e8 net/nfc/core.c:225
       nfc_genl_start_poll+0xfe/0x252 net/nfc/netlink.c:828
       genl_family_rcv_msg_doit+0x19a/0x23c net/netlink/genetlink.c:731
       genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
       genl_rcv_msg+0x236/0x3ba net/netlink/genetlink.c:792
       netlink_rcv_skb+0xf8/0x2be net/netlink/af_netlink.c:2494
       genl_rcv+0x36/0x4c net/netlink/genetlink.c:803
       netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
       netlink_unicast+0x40e/0x5fe net/netlink/af_netlink.c:1343
       netlink_sendmsg+0x4e0/0x994 net/netlink/af_netlink.c:1919
       sock_sendmsg_nosec net/socket.c:705 [inline]
       sock_sendmsg+0xa0/0xc4 net/socket.c:725
       ____sys_sendmsg+0x46e/0x484 net/socket.c:2413
       ___sys_sendmsg+0x16c/0x1f6 net/socket.c:2467
       __sys_sendmsg+0xba/0x150 net/socket.c:2496
       __do_sys_sendmsg net/socket.c:2505 [inline]
       sys_sendmsg+0x2c/0x3a net/socket.c:2503
       ret_from_syscall+0x0/0x2

-> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}:
       lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
       lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
       __mutex_lock_common kernel/locking/mutex.c:600 [inline]
       __mutex_lock+0x114/0xade kernel/locking/mutex.c:733
       mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
       nfc_urelease_event_work+0x126/0x218 net/nfc/netlink.c:1810
       process_one_work+0x654/0xffe kernel/workqueue.c:2307
       worker_thread+0x360/0x8fa kernel/workqueue.c:2454
       kthread+0x19e/0x1fa kernel/kthread.c:377
       ret_from_exception+0x0/0x10

-> #1 (nfc_devlist_mutex){+.+.}-{3:3}:
       lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
       lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
       __mutex_lock_common kernel/locking/mutex.c:600 [inline]
       __mutex_lock+0x114/0xade kernel/locking/mutex.c:733
       mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
       nfc_register_device+0x44/0x29e net/nfc/core.c:1116
       nci_register_device+0x538/0x612 net/nfc/nci/core.c:1252
       virtual_ncidev_open+0x82/0x12c drivers/nfc/virtual_ncidev.c:143
       misc_open+0x272/0x2c8 drivers/char/misc.c:141
       chrdev_open+0x1d4/0x478 fs/char_dev.c:414
       do_dentry_open+0x2a4/0x7d4 fs/open.c:824
       vfs_open+0x52/0x5e fs/open.c:959
       do_open fs/namei.c:3476 [inline]
       path_openat+0x12b6/0x189e fs/namei.c:3609
       do_filp_open+0x10e/0x22a fs/namei.c:3636
       do_sys_openat2+0x174/0x31e fs/open.c:1214
       do_sys_open fs/open.c:1230 [inline]
       __do_sys_openat fs/open.c:1246 [inline]
       sys_openat+0xdc/0x164 fs/open.c:1241
       ret_from_syscall+0x0/0x2

-> #0 (nci_mutex){+.+.}-{3:3}:
       check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2143
       check_prev_add kernel/locking/lockdep.c:3063 [inline]
       check_prevs_add kernel/locking/lockdep.c:3186 [inline]
       validate_chain kernel/locking/lockdep.c:3801 [inline]
       __lock_acquire+0x19a4/0x333e kernel/locking/lockdep.c:5027
       lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
       lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
       __mutex_lock_common kernel/locking/mutex.c:600 [inline]
       __mutex_lock+0x114/0xade kernel/locking/mutex.c:733
       mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
       virtual_nci_close+0x28/0x58 drivers/nfc/virtual_ncidev.c:44
       nci_close_device+0x12e/0x1de net/nfc/nci/core.c:588
       nci_unregister_device+0x34/0x182 net/nfc/nci/core.c:1287
       virtual_ncidev_close+0x9c/0xbc drivers/nfc/virtual_ncidev.c:163
       __fput+0x164/0x502 fs/file_table.c:311
       ____fput+0x1a/0x24 fs/file_table.c:344
       task_work_run+0xdc/0x154 kernel/task_work.c:164
       tracehook_notify_resume include/linux/tracehook.h:188 [inline]
       do_notify_resume+0x894/0xa56 arch/riscv/kernel/signal.c:320
       ret_from_exception+0x0/0x10

other info that might help us debug this:

Chain exists of:
  nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ndev->req_lock);
                               lock(&genl_data->genl_data_mutex);
                               lock(&ndev->req_lock);
  lock(nci_mutex);

 *** DEADLOCK ***

1 lock held by syz-executor.1/6172:
 #0: ffffaf800cef1350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de net/nfc/nci/core.c:560

stack backtrace:
CPU: 0 PID: 6172 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113
[<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119
[<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106
[<ffffffff83175742>] dump_stack+0x1c/0x24 lib/dump_stack.c:113
[<ffffffff8010f7b8>] print_circular_bug+0x34e/0x3d8 kernel/locking/lockdep.c:2021
[<ffffffff8010fa20>] check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2143
[<ffffffff80113c26>] check_prev_add kernel/locking/lockdep.c:3063 [inline]
[<ffffffff80113c26>] check_prevs_add kernel/locking/lockdep.c:3186 [inline]
[<ffffffff80113c26>] validate_chain kernel/locking/lockdep.c:3801 [inline]
[<ffffffff80113c26>] __lock_acquire+0x19a4/0x333e kernel/locking/lockdep.c:5027
[<ffffffff80116582>] lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
[<ffffffff8011682a>] lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
[<ffffffff831a8ea4>] __mutex_lock_common kernel/locking/mutex.c:600 [inline]
[<ffffffff831a8ea4>] __mutex_lock+0x114/0xade kernel/locking/mutex.c:733
[<ffffffff831a9882>] mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
[<ffffffff8148d766>] virtual_nci_close+0x28/0x58 drivers/nfc/virtual_ncidev.c:44
[<ffffffff830cf612>] nci_close_device+0x12e/0x1de net/nfc/nci/core.c:588
[<ffffffff830d0372>] nci_unregister_device+0x34/0x182 net/nfc/nci/core.c:1287
[<ffffffff8148d508>] virtual_ncidev_close+0x9c/0xbc drivers/nfc/virtual_ncidev.c:163
[<ffffffff804cb3c0>] __fput+0x164/0x502 fs/file_table.c:311
[<ffffffff804cb7d2>] ____fput+0x1a/0x24 fs/file_table.c:344
[<ffffffff800a0530>] task_work_run+0xdc/0x154 kernel/task_work.c:164
[<ffffffff80008c12>] tracehook_notify_resume include/linux/tracehook.h:188 [inline]
[<ffffffff80008c12>] do_notify_resume+0x894/0xa56 arch/riscv/kernel/signal.c:320
[<ffffffff80005724>] ret_from_exception+0x0/0x10