======================================================
WARNING: possible circular locking dependency detected
5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted
------------------------------------------------------
syz-executor.1/10036 is trying to acquire lock:
ffffaf802325e350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_request net/nfc/nci/core.c:148 [inline]
ffffaf802325e350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_set_local_general_bytes net/nfc/nci/core.c:770 [inline]
ffffaf802325e350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x4de/0x6b8 net/nfc/nci/core.c:834

but task is already holding lock:
ffffaf802325f520 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0xf4/0x252 net/nfc/netlink.c:826

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}:
       lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
       lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
       __mutex_lock_common kernel/locking/mutex.c:600 [inline]
       __mutex_lock+0x114/0xade kernel/locking/mutex.c:733
       mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
       nfc_urelease_event_work+0x126/0x218 net/nfc/netlink.c:1810
       process_one_work+0x654/0xffe kernel/workqueue.c:2307
       worker_thread+0x360/0x8fa kernel/workqueue.c:2454
       kthread+0x19e/0x1fa kernel/kthread.c:377
       ret_from_exception+0x0/0x10

-> #2 (nfc_devlist_mutex){+.+.}-{3:3}:
       lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
       lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
       __mutex_lock_common kernel/locking/mutex.c:600 [inline]
       __mutex_lock+0x114/0xade kernel/locking/mutex.c:733
       mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
       nfc_register_device+0x44/0x29e net/nfc/core.c:1116
       nci_register_device+0x538/0x612 net/nfc/nci/core.c:1252
       virtual_ncidev_open+0x82/0x12c drivers/nfc/virtual_ncidev.c:143
       misc_open+0x272/0x2c8 drivers/char/misc.c:141
       chrdev_open+0x1d4/0x478 fs/char_dev.c:414
       do_dentry_open+0x2a4/0x7d4 fs/open.c:824
       vfs_open+0x52/0x5e fs/open.c:959
       do_open fs/namei.c:3476 [inline]
       path_openat+0x12b6/0x189e fs/namei.c:3609
       do_filp_open+0x10e/0x22a fs/namei.c:3636
       do_sys_openat2+0x174/0x31e fs/open.c:1214
       do_sys_open fs/open.c:1230 [inline]
       __do_sys_openat fs/open.c:1246 [inline]
       sys_openat+0xdc/0x164 fs/open.c:1241
       ret_from_syscall+0x0/0x2

-> #1 (nci_mutex){+.+.}-{3:3}:
       lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
       lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
       __mutex_lock_common kernel/locking/mutex.c:600 [inline]
       __mutex_lock+0x114/0xade kernel/locking/mutex.c:733
       mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
       virtual_nci_close+0x28/0x58 drivers/nfc/virtual_ncidev.c:44
       nci_open_device net/nfc/nci/core.c:544 [inline]
       nci_dev_up+0x33a/0x3fe net/nfc/nci/core.c:627
       nfc_dev_up+0x128/0x26c net/nfc/core.c:118
       nfc_genl_dev_up+0x5e/0x8a net/nfc/netlink.c:770
       genl_family_rcv_msg_doit+0x19a/0x23c net/netlink/genetlink.c:731
       genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
       genl_rcv_msg+0x236/0x3ba net/netlink/genetlink.c:792
       netlink_rcv_skb+0xf8/0x2be net/netlink/af_netlink.c:2494
       genl_rcv+0x36/0x4c net/netlink/genetlink.c:803
       netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
       netlink_unicast+0x40e/0x5fe net/netlink/af_netlink.c:1343
       netlink_sendmsg+0x4e0/0x994 net/netlink/af_netlink.c:1919
       sock_sendmsg_nosec net/socket.c:705 [inline]
       sock_sendmsg+0xa0/0xc4 net/socket.c:725
       ____sys_sendmsg+0x46e/0x484 net/socket.c:2413
       ___sys_sendmsg+0x16c/0x1f6 net/socket.c:2467
       __sys_sendmsg+0xba/0x150 net/socket.c:2496
       __do_sys_sendmsg net/socket.c:2505 [inline]
       sys_sendmsg+0x2c/0x3a net/socket.c:2503
       ret_from_syscall+0x0/0x2

-> #0 (&ndev->req_lock){+.+.}-{3:3}:
       check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2143
       check_prev_add kernel/locking/lockdep.c:3063 [inline]
       check_prevs_add kernel/locking/lockdep.c:3186 [inline]
       validate_chain kernel/locking/lockdep.c:3801 [inline]
       __lock_acquire+0x19a4/0x333e kernel/locking/lockdep.c:5027
       lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
       lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
       __mutex_lock_common kernel/locking/mutex.c:600 [inline]
       __mutex_lock+0x114/0xade kernel/locking/mutex.c:733
       mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
       nci_request net/nfc/nci/core.c:148 [inline]
       nci_set_local_general_bytes net/nfc/nci/core.c:770 [inline]
       nci_start_poll+0x4de/0x6b8 net/nfc/nci/core.c:834
       nfc_start_poll+0x10c/0x1e8 net/nfc/core.c:225
       nfc_genl_start_poll+0xfe/0x252 net/nfc/netlink.c:828
       genl_family_rcv_msg_doit+0x19a/0x23c net/netlink/genetlink.c:731
       genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
       genl_rcv_msg+0x236/0x3ba net/netlink/genetlink.c:792
       netlink_rcv_skb+0xf8/0x2be net/netlink/af_netlink.c:2494
       genl_rcv+0x36/0x4c net/netlink/genetlink.c:803
       netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
       netlink_unicast+0x40e/0x5fe net/netlink/af_netlink.c:1343
       netlink_sendmsg+0x4e0/0x994 net/netlink/af_netlink.c:1919
       sock_sendmsg_nosec net/socket.c:705 [inline]
       sock_sendmsg+0xa0/0xc4 net/socket.c:725
       ____sys_sendmsg+0x46e/0x484 net/socket.c:2413
       ___sys_sendmsg+0x16c/0x1f6 net/socket.c:2467
       __sys_sendmsg+0xba/0x150 net/socket.c:2496
       __do_sys_sendmsg net/socket.c:2505 [inline]
       sys_sendmsg+0x2c/0x3a net/socket.c:2503
       ret_from_syscall+0x0/0x2

other info that might help us debug this:

Chain exists of:
  &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&genl_data->genl_data_mutex);
                               lock(nfc_devlist_mutex);
                               lock(&genl_data->genl_data_mutex);
  lock(&ndev->req_lock);

 *** DEADLOCK ***

4 locks held by syz-executor.1/10036:
 #0: ffffffff85636050 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x4c net/netlink/genetlink.c:802
 #1: ffffffff85635f88 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline]
 #1: ffffffff85635f88 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x2da/0x3ba net/netlink/genetlink.c:790
 #2: ffffaf802325f520 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0xf4/0x252 net/nfc/netlink.c:826
 #3: ffffaf802325f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #3: ffffaf802325f190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x60/0x1e8 net/nfc/core.c:208

stack backtrace:
CPU: 0 PID: 10036 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113
[<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119
[<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106
[<ffffffff83175742>] dump_stack+0x1c/0x24 lib/dump_stack.c:113
[<ffffffff8010f7b8>] print_circular_bug+0x34e/0x3d8 kernel/locking/lockdep.c:2021
[<ffffffff8010fa20>] check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2143
[<ffffffff80113c26>] check_prev_add kernel/locking/lockdep.c:3063 [inline]
[<ffffffff80113c26>] check_prevs_add kernel/locking/lockdep.c:3186 [inline]
[<ffffffff80113c26>] validate_chain kernel/locking/lockdep.c:3801 [inline]
[<ffffffff80113c26>] __lock_acquire+0x19a4/0x333e kernel/locking/lockdep.c:5027
[<ffffffff80116582>] lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
[<ffffffff8011682a>] lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
[<ffffffff831a8ea4>] __mutex_lock_common kernel/locking/mutex.c:600 [inline]
[<ffffffff831a8ea4>] __mutex_lock+0x114/0xade kernel/locking/mutex.c:733
[<ffffffff831a9882>] mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:785
[<ffffffff830d34ce>] nci_request net/nfc/nci/core.c:148 [inline]
[<ffffffff830d34ce>] nci_set_local_general_bytes net/nfc/nci/core.c:770 [inline]
[<ffffffff830d34ce>] nci_start_poll+0x4de/0x6b8 net/nfc/nci/core.c:834
[<ffffffff830b8dc8>] nfc_start_poll+0x10c/0x1e8 net/nfc/core.c:225
[<ffffffff830bb506>] nfc_genl_start_poll+0xfe/0x252 net/nfc/netlink.c:828
[<ffffffff8296f9ae>] genl_family_rcv_msg_doit+0x19a/0x23c net/netlink/genetlink.c:731
[<ffffffff82970420>] genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
[<ffffffff82970420>] genl_rcv_msg+0x236/0x3ba net/netlink/genetlink.c:792
[<ffffffff8296ded2>] netlink_rcv_skb+0xf8/0x2be net/netlink/af_netlink.c:2494
[<ffffffff8296ecb2>] genl_rcv+0x36/0x4c net/netlink/genetlink.c:803
[<ffffffff8296cbcc>] netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
[<ffffffff8296cbcc>] netlink_unicast+0x40e/0x5fe net/netlink/af_netlink.c:1343
[<ffffffff8296d29c>] netlink_sendmsg+0x4e0/0x994 net/netlink/af_netlink.c:1919
[<ffffffff826d264e>] sock_sendmsg_nosec net/socket.c:705 [inline]
[<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4 net/socket.c:725
[<ffffffff826d4dd4>] ____sys_sendmsg+0x46e/0x484 net/socket.c:2413
[<ffffffff826d8bca>] ___sys_sendmsg+0x16c/0x1f6 net/socket.c:2467
[<ffffffff826d8e78>] __sys_sendmsg+0xba/0x150 net/socket.c:2496
[<ffffffff826d8f3a>] __do_sys_sendmsg net/socket.c:2505 [inline]
[<ffffffff826d8f3a>] sys_sendmsg+0x2c/0x3a net/socket.c:2503
[<ffffffff80005716>] ret_from_syscall+0x0/0x2
nci: __nci_request: wait_for_completion_interruptible_timeout failed -512