[   18.243485][ T3639] 8021q: adding VLAN 0 to HW filter on device bond0
[   18.247714][ T3639] eql: remember to turn off Van-Jacobson compression on your slave devices
[   18.297686][  T136] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   18.300869][ T3551] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   43.876618][ T3970] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   43.878842][ T3970] nci: nci_start_poll: failed to set local general bytes
[   48.916478][ T3970] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
[   48.918706][ T3970] 
[   48.919244][ T3970] ======================================================
[   48.920900][ T3970] WARNING: possible circular locking dependency detected
[   48.922439][ T3970] 5.15.112-syzkaller #0 Not tainted
[   48.923629][ T3970] ------------------------------------------------------
[   48.925291][ T3970] syz-executor164/3970 is trying to acquire lock:
[   48.926756][ T3970] ffff800015c6ae48 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58
[   48.928924][ T3970] 
[   48.928924][ T3970] but task is already holding lock:
[   48.930720][ T3970] ffff0000c9ac9350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0xf0/0x5dc
[   48.933103][ T3970] 
[   48.933103][ T3970] which lock already depends on the new lock.
[   48.933103][ T3970] 
[   48.935706][ T3970] 
[   48.935706][ T3970] the existing dependency chain (in reverse order) is:
[   48.937874][ T3970] 
[   48.937874][ T3970] -> #3 (&ndev->req_lock){+.+.}-{3:3}:
[   48.939720][ T3970]        __mutex_lock_common+0x194/0x2154
[   48.940983][ T3970]        mutex_lock_nested+0xa4/0xf8
[   48.942200][ T3970]        nci_start_poll+0x498/0x1204
[   48.943390][ T3970]        nfc_start_poll+0x164/0x2a4
[   48.944610][ T3970]        nfc_genl_start_poll+0x1b8/0x308
[   48.945965][ T3970]        genl_rcv_msg+0xc18/0x1018
[   48.947139][ T3970]        netlink_rcv_skb+0x20c/0x3b8
[   48.948517][ T3970]        genl_rcv+0x38/0x50
[   48.949582][ T3970]        netlink_unicast+0x664/0x938
[   48.950784][ T3970]        netlink_sendmsg+0x844/0xb38
[   48.952037][ T3970]        ____sys_sendmsg+0x584/0x870
[   48.953287][ T3970]        ___sys_sendmsg+0x214/0x294
[   48.954600][ T3970]        __arm64_sys_sendmsg+0x1ac/0x25c
[   48.956032][ T3970]        invoke_syscall+0x98/0x2b8
[   48.957255][ T3970]        el0_svc_common+0x138/0x258
[   48.958517][ T3970]        do_el0_svc+0x58/0x14c
[   48.959553][ T3970]        el0_svc+0x7c/0x1f0
[   48.960647][ T3970]        el0t_64_sync_handler+0x84/0xe4
[   48.961941][ T3970]        el0t_64_sync+0x1a0/0x1a4
[   48.963052][ T3970] 
[   48.963052][ T3970] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}:
[   48.965080][ T3970]        __mutex_lock_common+0x194/0x2154
[   48.966455][ T3970]        mutex_lock_nested+0xa4/0xf8
[   48.967672][ T3970]        nfc_urelease_event_work+0xfc/0x2a8
[   48.969089][ T3970]        process_one_work+0x790/0x11b8
[   48.970388][ T3970]        worker_thread+0x910/0x1034
[   48.971663][ T3970]        kthread+0x37c/0x45c
[   48.972725][ T3970]        ret_from_fork+0x10/0x20
[   48.974047][ T3970] 
[   48.974047][ T3970] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}:
[   48.975893][ T3970]        __mutex_lock_common+0x194/0x2154
[   48.977263][ T3970]        mutex_lock_nested+0xa4/0xf8
[   48.978292][ T3970]        nfc_register_device+0x4c/0x310
[   48.979276][ T3970]        nci_register_device+0x6ac/0x7c4
[   48.980348][ T3970]        virtual_ncidev_open+0x6c/0xd8
[   48.981701][ T3970]        misc_open+0x2f0/0x368
[   48.982921][ T3970]        chrdev_open+0x3e8/0x4fc
[   48.984091][ T3970]        do_dentry_open+0x780/0xed8
[   48.985349][ T3970]        vfs_open+0x7c/0x90
[   48.986461][ T3970]        path_openat+0x1f28/0x26f0
[   48.987666][ T3970]        do_filp_open+0x1a8/0x3b4
[   48.988855][ T3970]        do_sys_openat2+0x128/0x3d8
[   48.990003][ T3970]        __arm64_sys_openat+0x1f0/0x240
[   48.991327][ T3970]        invoke_syscall+0x98/0x2b8
[   48.992477][ T3970]        el0_svc_common+0x138/0x258
[   48.993674][ T3970]        do_el0_svc+0x58/0x14c
[   48.994774][ T3970]        el0_svc+0x7c/0x1f0
[   48.995780][ T3970]        el0t_64_sync_handler+0x84/0xe4
[   48.997130][ T3970]        el0t_64_sync+0x1a0/0x1a4
[   48.998374][ T3970] 
[   48.998374][ T3970] -> #0 (nci_mutex){+.+.}-{3:3}:
[   49.000102][ T3970]        __lock_acquire+0x32cc/0x7620
[   49.001408][ T3970]        lock_acquire+0x240/0x77c
[   49.002598][ T3970]        __mutex_lock_common+0x194/0x2154
[   49.003869][ T3970]        mutex_lock_nested+0xa4/0xf8
[   49.005112][ T3970]        virtual_nci_close+0x28/0x58
[   49.006349][ T3970]        nci_close_device+0x304/0x5dc
[   49.007657][ T3970]        nci_unregister_device+0x5c/0x22c
[   49.009019][ T3970]        virtual_ncidev_close+0x70/0xb0
[   49.010254][ T3970]        __fput+0x30c/0x7f0
[   49.011254][ T3970]        ____fput+0x20/0x30
[   49.012323][ T3970]        task_work_run+0x130/0x1e4
[   49.013487][ T3970]        do_exit+0x688/0x2134
[   49.014642][ T3970]        do_group_exit+0x110/0x268
[   49.015965][ T3970]        get_signal+0x634/0x1550
[   49.017128][ T3970]        do_notify_resume+0x3d0/0x32b8
[   49.018494][ T3970]        el0_svc+0xfc/0x1f0
[   49.019551][ T3970]        el0t_64_sync_handler+0x84/0xe4
[   49.020876][ T3970]        el0t_64_sync+0x1a0/0x1a4
[   49.022080][ T3970] 
[   49.022080][ T3970] other info that might help us debug this:
[   49.022080][ T3970] 
[   49.024515][ T3970] Chain exists of:
[   49.024515][ T3970]   nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock
[   49.024515][ T3970] 
[   49.027849][ T3970]  Possible unsafe locking scenario:
[   49.027849][ T3970] 
[   49.029594][ T3970]        CPU0                    CPU1
[   49.030867][ T3970]        ----                    ----
[   49.032136][ T3970]   lock(&ndev->req_lock);
[   49.033146][ T3970]                                lock(&genl_data->genl_data_mutex);
[   49.034947][ T3970]                                lock(&ndev->req_lock);
[   49.036622][ T3970]   lock(nci_mutex);
[   49.037522][ T3970] 
[   49.037522][ T3970]  *** DEADLOCK ***
[   49.037522][ T3970] 
[   49.039397][ T3970] 1 lock held by syz-executor164/3970:
[   49.040812][ T3970]  #0: ffff0000c9ac9350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0xf0/0x5dc
[   49.043217][ T3970] 
[   49.043217][ T3970] stack backtrace:
[   49.044658][ T3970] CPU: 0 PID: 3970 Comm: syz-executor164 Not tainted 5.15.112-syzkaller #0
[   49.046671][ T3970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   49.049179][ T3970] Call trace:
[   49.049951][ T3970]  dump_backtrace+0x0/0x530
[   49.051045][ T3970]  show_stack+0x2c/0x3c
[   49.052092][ T3970]  dump_stack_lvl+0x108/0x170
[   49.053185][ T3970]  dump_stack+0x1c/0x58
[   49.054170][ T3970]  print_circular_bug+0x150/0x1b8
[   49.055412][ T3970]  check_noncircular+0x2cc/0x378
[   49.056643][ T3970]  __lock_acquire+0x32cc/0x7620
[   49.057889][ T3970]  lock_acquire+0x240/0x77c
[   49.058969][ T3970]  __mutex_lock_common+0x194/0x2154
[   49.060182][ T3970]  mutex_lock_nested+0xa4/0xf8
[   49.061319][ T3970]  virtual_nci_close+0x28/0x58
[   49.062372][ T3970]  nci_close_device+0x304/0x5dc
[   49.063493][ T3970]  nci_unregister_device+0x5c/0x22c
[   49.064710][ T3970]  virtual_ncidev_close+0x70/0xb0
[   49.065849][ T3970]  __fput+0x30c/0x7f0
[   49.066819][ T3970]  ____fput+0x20/0x30
[   49.067801][ T3970]  task_work_run+0x130/0x1e4
[   49.068877][ T3970]  do_exit+0x688/0x2134
[   49.069844][ T3970]  do_group_exit+0x110/0x268
[   49.070916][ T3970]  get_signal+0x634/0x1550
[   49.071882][ T3970]  do_notify_resume+0x3d0/0x32b8
[   49.073027][ T3970]  el0_svc+0xfc/0x1f0
[   49.074049][ T3970]  el0t_64_sync_handler+0x84/0xe4
[   49.075222][ T3970]  el0t_64_sync+0x1a0/0x1a4