Warning: Permanently added '10.128.1.126' (ED25519) to the list of known hosts.
syzkaller login: [   47.318337][ T4024] chnl_net:caif_netlink_parms(): no params data found
[   47.359855][ T4024] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.361559][ T4024] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.363666][ T4024] device bridge_slave_0 entered promiscuous mode
[   47.368869][ T4024] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.370383][ T4024] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.372557][ T4024] device bridge_slave_1 entered promiscuous mode
[   47.390118][ T4024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.394262][ T4024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.409376][ T4024] team0: Port device team_slave_0 added
[   47.413187][ T4024] team0: Port device team_slave_1 added
[   47.426881][ T4024] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.428247][ T4024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.433137][ T4024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.438378][ T4024] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.439881][ T4024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.445881][ T4024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.526438][ T4024] device hsr_slave_0 entered promiscuous mode
[   47.584356][ T4024] device hsr_slave_1 entered promiscuous mode
[   47.725109][ T4024] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   47.767252][ T4024] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   47.816615][ T4024] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   47.877145][ T4024] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   47.963684][ T4024] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.965458][ T4024] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.967287][ T4024] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.968795][ T4024] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.012547][ T4024] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.023709][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.028604][  T608] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.031989][  T608] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.036445][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   48.044709][ T4024] 8021q: adding VLAN 0 to HW filter on device team0
[   48.051268][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   48.053515][  T608] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.055189][  T608] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.062073][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   48.064526][  T608] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.066061][  T608] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.079627][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   48.082238][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   48.090621][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   48.098348][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   48.104295][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   48.109129][ T4024] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   48.121989][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   48.123743][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   48.132195][ T4024] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.146068][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   48.159554][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   48.162403][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   48.167572][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   48.171986][ T4024] device veth0_vlan entered promiscuous mode
[   48.180686][ T4024] device veth1_vlan entered promiscuous mode
[   48.198197][ T4024] device veth0_macvtap entered promiscuous mode
[   48.202161][ T4024] device veth1_macvtap entered promiscuous mode
[   48.206134][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   48.208621][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   48.211467][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   48.213744][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   48.225791][ T4024] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.228153][  T608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   48.235900][ T4024] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.237875][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   48.243178][ T4024] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.248240][ T4024] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.250015][ T4024] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.251684][ T4024] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   48.292871][    C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[   48.305674][ T4024] 
[   48.306187][ T4024] ======================================================
[   48.307664][ T4024] WARNING: possible circular locking dependency detected
[   48.309091][ T4024] 5.15.175-syzkaller #0 Not tainted
[   48.310120][ T4024] ------------------------------------------------------
[   48.311592][ T4024] syz-executor153/4024 is trying to acquire lock:
[   48.312823][ T4024] ffff0000cded9450 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0xd0/0x1c0
[   48.315048][ T4024] 
[   48.315048][ T4024] but task is already holding lock:
[   48.316474][ T4024] ffff0000cded8120 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x1f4/0x574
[   48.318362][ T4024] 
[   48.318362][ T4024] which lock already depends on the new lock.
[   48.318362][ T4024] 
[   48.321005][ T4024] 
[   48.321005][ T4024] the existing dependency chain (in reverse order) is:
[   48.322779][ T4024] 
[   48.322779][ T4024] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}:
[   48.324408][ T4024]        lock_sock_nested+0xec/0x1ec
[   48.325569][ T4024]        smc_listen_out+0x11c/0x3fc
[   48.326651][ T4024]        smc_listen_work+0x1f4/0xe6c
[   48.327666][ T4024]        process_one_work+0x790/0x11b8
[   48.328865][ T4024]        worker_thread+0x910/0x1034
[   48.329953][ T4024]        kthread+0x37c/0x45c
[   48.330852][ T4024]        ret_from_fork+0x10/0x20
[   48.331860][ T4024] 
[   48.331860][ T4024] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}:
[   48.334037][ T4024]        __lock_acquire+0x32d4/0x7638
[   48.335146][ T4024]        lock_acquire+0x240/0x77c
[   48.336124][ T4024]        __flush_work+0xf8/0x1c0
[   48.337249][ T4024]        __cancel_work_timer+0x3ec/0x548
[   48.338404][ T4024]        cancel_work_sync+0x24/0x38
[   48.339429][ T4024]        smc_clcsock_release+0x64/0xec
[   48.340642][ T4024]        __smc_release+0x388/0x540
[   48.341780][ T4024]        smc_close_non_accepted+0xdc/0x298
[   48.343056][ T4024]        smc_close_active+0x908/0xc8c
[   48.344151][ T4024]        __smc_release+0x9c/0x540
[   48.345216][ T4024]        smc_release+0x26c/0x574
[   48.346192][ T4024]        sock_close+0xb8/0x1fc
[   48.347209][ T4024]        __fput+0x1c4/0x800
[   48.348143][ T4024]        ____fput+0x20/0x30
[   48.349090][ T4024]        task_work_run+0x130/0x1e4
[   48.350242][ T4024]        do_exit+0x670/0x20bc
[   48.351209][ T4024]        do_group_exit+0x110/0x268
[   48.352309][ T4024]        __wake_up_parent+0x0/0x60
[   48.353384][ T4024]        invoke_syscall+0x98/0x2b8
[   48.354468][ T4024]        el0_svc_common+0x138/0x258
[   48.355663][ T4024]        do_el0_svc+0x58/0x14c
[   48.356763][ T4024]        el0_svc+0x7c/0x1f0
[   48.357938][ T4024]        el0t_64_sync_handler+0x84/0xe4
[   48.359232][ T4024]        el0t_64_sync+0x1a0/0x1a4
[   48.360213][ T4024] 
[   48.360213][ T4024] other info that might help us debug this:
[   48.360213][ T4024] 
[   48.362266][ T4024]  Possible unsafe locking scenario:
[   48.362266][ T4024] 
[   48.363709][ T4024]        CPU0                    CPU1
[   48.364820][ T4024]        ----                    ----
[   48.365856][ T4024]   lock(sk_lock-AF_SMC/1);
[   48.366861][ T4024]                                lock((work_completion)(&new_smc->smc_listen_work));
[   48.368901][ T4024]                                lock(sk_lock-AF_SMC/1);
[   48.370489][ T4024]   lock((work_completion)(&new_smc->smc_listen_work));
[   48.371939][ T4024] 
[   48.371939][ T4024]  *** DEADLOCK ***
[   48.371939][ T4024] 
[   48.373552][ T4024] 2 locks held by syz-executor153/4024:
[   48.374727][ T4024]  #0: ffff0000e1577410 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x80/0x1fc
[   48.376693][ T4024]  #1: ffff0000cded8120 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x1f4/0x574
[   48.378586][ T4024] 
[   48.378586][ T4024] stack backtrace:
[   48.379836][ T4024] CPU: 0 PID: 4024 Comm: syz-executor153 Not tainted 5.15.175-syzkaller #0
[   48.381429][ T4024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   48.383529][ T4024] Call trace:
[   48.384168][ T4024]  dump_backtrace+0x0/0x530
[   48.385052][ T4024]  show_stack+0x2c/0x3c
[   48.385845][ T4024]  dump_stack_lvl+0x108/0x170
[   48.386728][ T4024]  dump_stack+0x1c/0x58
[   48.387534][ T4024]  print_circular_bug+0x150/0x1b8
[   48.388521][ T4024]  check_noncircular+0x2cc/0x378
[   48.389510][ T4024]  __lock_acquire+0x32d4/0x7638
[   48.390470][ T4024]  lock_acquire+0x240/0x77c
[   48.391371][ T4024]  __flush_work+0xf8/0x1c0
[   48.392278][ T4024]  __cancel_work_timer+0x3ec/0x548
[   48.393286][ T4024]  cancel_work_sync+0x24/0x38
[   48.394226][ T4024]  smc_clcsock_release+0x64/0xec
[   48.395210][ T4024]  __smc_release+0x388/0x540
[   48.396114][ T4024]  smc_close_non_accepted+0xdc/0x298
[   48.397202][ T4024]  smc_close_active+0x908/0xc8c
[   48.398205][ T4024]  __smc_release+0x9c/0x540
[   48.399118][ T4024]  smc_release+0x26c/0x574
[   48.399990][ T4024]  sock_close+0xb8/0x1fc
[   48.400837][ T4024]  __fput+0x1c4/0x800
[   48.401633][ T4024]  ____fput+0x20/0x30
[   48.402438][ T4024]  task_work_run+0x130/0x1e4
[   48.403396][ T4024]  do_exit+0x670/0x20bc
[   48.404251][ T4024]  do_group_exit+0x110/0x268
[   48.405176][ T4024]  __wake_up_parent+0x0/0x60
[   48.406126][ T4024]  invoke_syscall+0x98/0x2b8
[   48.407065][ T4024]  el0_svc_common+0x138/0x258
[   48.408003][ T4024]  do_el0_svc+0x58/0x14c
[   48.408825][ T4024]  el0_svc+0x7c/0x1f0
[   48.409632][ T4024]  el0t_64_sync_handler+0x84/0xe4
[   48.410634][ T4024]  el0t_64_sync+0x1a0/0x1a4