nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
======================================================
WARNING: possible circular locking dependency detected
5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted
------------------------------------------------------
syz-executor.0/3332 is trying to acquire lock:
ffffffff84fc0408 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58 drivers/nfc/virtual_ncidev.c:44
but task is already holding lock:
ffffaf8012b57350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de net/nfc/nci/core.c:560
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&ndev->req_lock){+.+.}-{3:3}:
lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
__mutex_lock_common kernel/locking/mutex.c:600 [inline]
__mutex_lock+0x114/0xade kernel/locking/mutex.c:733
mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
nci_request net/nfc/nci/core.c:148 [inline]
nci_set_local_general_bytes net/nfc/nci/core.c:770 [inline]
nci_start_poll+0x4de/0x6b8 net/nfc/nci/core.c:834
nfc_start_poll+0x10c/0x1e8 net/nfc/core.c:225
nfc_genl_start_poll+0xfe/0x252 net/nfc/netlink.c:828
genl_family_rcv_msg_doit+0x19a/0x23c net/netlink/genetlink.c:731
genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
genl_rcv_msg+0x236/0x3ba net/netlink/genetlink.c:792
netlink_rcv_skb+0xf8/0x2be net/netlink/af_netlink.c:2494
genl_rcv+0x36/0x4c net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x40e/0x5fe net/netlink/af_netlink.c:1343
netlink_sendmsg+0x4e0/0x994 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg+0xa0/0xc4 net/socket.c:725
____sys_sendmsg+0x46e/0x484 net/socket.c:2413
___sys_sendmsg+0x16c/0x1f6 net/socket.c:2467
__sys_sendmsg+0xba/0x150 net/socket.c:2496
__do_sys_sendmsg net/socket.c:2505 [inline]
sys_sendmsg+0x2c/0x3a net/socket.c:2503
ret_from_syscall+0x0/0x2
-> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}:
lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
__mutex_lock_common kernel/locking/mutex.c:600 [inline]
__mutex_lock+0x114/0xade kernel/locking/mutex.c:733
mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
nfc_urelease_event_work+0x126/0x218 net/nfc/netlink.c:1810
process_one_work+0x654/0xffe kernel/workqueue.c:2307
worker_thread+0x360/0x8fa kernel/workqueue.c:2454
kthread+0x19e/0x1fa kernel/kthread.c:377
ret_from_exception+0x0/0x10
-> #1 (nfc_devlist_mutex){+.+.}-{3:3}:
lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
__mutex_lock_common kernel/locking/mutex.c:600 [inline]
__mutex_lock+0x114/0xade kernel/locking/mutex.c:733
mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
nfc_register_device+0x44/0x29e net/nfc/core.c:1116
nci_register_device+0x538/0x612 net/nfc/nci/core.c:1252
virtual_ncidev_open+0x82/0x12c drivers/nfc/virtual_ncidev.c:143
misc_open+0x272/0x2c8 drivers/char/misc.c:141
chrdev_open+0x1d4/0x478 fs/char_dev.c:414
do_dentry_open+0x2a4/0x7d4 fs/open.c:824
vfs_open+0x52/0x5e fs/open.c:959
do_open fs/namei.c:3476 [inline]
path_openat+0x12b6/0x189e fs/namei.c:3609
do_filp_open+0x10e/0x22a fs/namei.c:3636
do_sys_openat2+0x174/0x31e fs/open.c:1214
do_sys_open fs/open.c:1230 [inline]
__do_sys_openat fs/open.c:1246 [inline]
sys_openat+0xdc/0x164 fs/open.c:1241
ret_from_syscall+0x0/0x2
-> #0 (nci_mutex){+.+.}-{3:3}:
check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2143
check_prev_add kernel/locking/lockdep.c:3063 [inline]
check_prevs_add kernel/locking/lockdep.c:3186 [inline]
validate_chain kernel/locking/lockdep.c:3801 [inline]
__lock_acquire+0x19a4/0x333e kernel/locking/lockdep.c:5027
lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
__mutex_lock_common kernel/locking/mutex.c:600 [inline]
__mutex_lock+0x114/0xade kernel/locking/mutex.c:733
mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
virtual_nci_close+0x28/0x58 drivers/nfc/virtual_ncidev.c:44
nci_close_device+0x12e/0x1de net/nfc/nci/core.c:588
nci_unregister_device+0x34/0x182 net/nfc/nci/core.c:1287
virtual_ncidev_close+0x9c/0xbc drivers/nfc/virtual_ncidev.c:163
__fput+0x164/0x502 fs/file_table.c:311
____fput+0x1a/0x24 fs/file_table.c:344
task_work_run+0xdc/0x154 kernel/task_work.c:164
get_signal+0xc0c/0x1754 kernel/signal.c:2630
do_signal arch/riscv/kernel/signal.c:271 [inline]
do_notify_resume+0x11a/0xa56 arch/riscv/kernel/signal.c:317
ret_from_exception+0x0/0x10
other info that might help us debug this:
Chain exists of:
nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ndev->req_lock);
lock(&genl_data->genl_data_mutex);
lock(&ndev->req_lock);
lock(nci_mutex);
*** DEADLOCK ***
1 lock held by syz-executor.0/3332:
#0: ffffaf8012b57350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de net/nfc/nci/core.c:560
stack backtrace:
CPU: 0 PID: 3332 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113
[<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119
[<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106
[<ffffffff83175742>] dump_stack+0x1c/0x24 lib/dump_stack.c:113
[<ffffffff8010f7b8>] print_circular_bug+0x34e/0x3d8 kernel/locking/lockdep.c:2021
[<ffffffff8010fa20>] check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2143
[<ffffffff80113c26>] check_prev_add kernel/locking/lockdep.c:3063 [inline]
[<ffffffff80113c26>] check_prevs_add kernel/locking/lockdep.c:3186 [inline]
[<ffffffff80113c26>] validate_chain kernel/locking/lockdep.c:3801 [inline]
[<ffffffff80113c26>] __lock_acquire+0x19a4/0x333e kernel/locking/lockdep.c:5027
[<ffffffff80116582>] lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
[<ffffffff8011682a>] lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
[<ffffffff831a8ea4>] __mutex_lock_common kernel/locking/mutex.c:600 [inline]
[<ffffffff831a8ea4>] __mutex_lock+0x114/0xade kernel/locking/mutex.c:733
[<ffffffff831a9882>] mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
[<ffffffff8148d766>] virtual_nci_close+0x28/0x58 drivers/nfc/virtual_ncidev.c:44
[<ffffffff830cf612>] nci_close_device+0x12e/0x1de net/nfc/nci/core.c:588
[<ffffffff830d0372>] nci_unregister_device+0x34/0x182 net/nfc/nci/core.c:1287
[<ffffffff8148d508>] virtual_ncidev_close+0x9c/0xbc drivers/nfc/virtual_ncidev.c:163
[<ffffffff804cb3c0>] __fput+0x164/0x502 fs/file_table.c:311
[<ffffffff804cb7d2>] ____fput+0x1a/0x24 fs/file_table.c:344
[<ffffffff800a0530>] task_work_run+0xdc/0x154 kernel/task_work.c:164
[<ffffffff8007ca6a>] get_signal+0xc0c/0x1754 kernel/signal.c:2630
[<ffffffff80008498>] do_signal arch/riscv/kernel/signal.c:271 [inline]
[<ffffffff80008498>] do_notify_resume+0x11a/0xa56 arch/riscv/kernel/signal.c:317
[<ffffffff80005724>] ret_from_exception+0x0/0x10