Warning: Permanently added '10.128.0.115' (ECDSA) to the list of known hosts.
syzkaller login: [   42.636029][ T4053] chnl_net:caif_netlink_parms(): no params data found
[   42.678714][ T4053] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.680687][ T4053] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.683077][ T4053] device bridge_slave_0 entered promiscuous mode
[   42.687968][ T4053] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.689733][ T4053] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.692361][ T4053] device bridge_slave_1 entered promiscuous mode
[   42.710527][ T4053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   42.714970][ T4053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   42.733370][ T4053] team0: Port device team_slave_0 added
[   42.736953][ T4053] team0: Port device team_slave_1 added
[   42.752359][ T4053] batman_adv: batadv0: Adding interface: batadv_slave_0
[   42.754184][ T4053] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   42.760705][ T4053] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   42.765409][ T4053] batman_adv: batadv0: Adding interface: batadv_slave_1
[   42.767081][ T4053] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   42.773526][ T4053] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   42.831023][ T4053] device hsr_slave_0 entered promiscuous mode
[   42.867531][ T4053] device hsr_slave_1 entered promiscuous mode
[   42.990637][ T4053] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   43.040437][ T4053] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   43.079965][ T4053] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   43.119938][ T4053] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   43.204141][ T4053] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.206005][ T4053] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.208287][ T4053] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.210191][ T4053] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.258986][ T4053] 8021q: adding VLAN 0 to HW filter on device bond0
[   43.266315][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.271192][ T1530] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.274400][ T1530] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.278659][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   43.286148][ T4053] 8021q: adding VLAN 0 to HW filter on device team0
[   43.293466][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.296043][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.297921][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.304403][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.306793][ T1530] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.308656][ T1530] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.328426][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   43.331407][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   43.340282][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   43.346133][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.352548][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.358391][ T4053] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   43.371226][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   43.373237][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   43.381907][ T4053] 8021q: adding VLAN 0 to HW filter on device batadv0
[   43.396586][ T4063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.412771][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.415395][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   43.419599][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   43.424303][ T4053] device veth0_vlan entered promiscuous mode
[   43.432617][ T4053] device veth1_vlan entered promiscuous mode
[   43.452230][ T4063] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   43.454818][ T4063] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   43.457574][ T4063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.462511][ T4053] device veth0_macvtap entered promiscuous mode
[   43.467111][ T4053] device veth1_macvtap entered promiscuous mode
[   43.479630][ T4053] batman_adv: batadv0: Interface activated: batadv_slave_0
[   43.481703][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.484831][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   43.490930][ T4053] batman_adv: batadv0: Interface activated: batadv_slave_1
[   43.495217][ T4053] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   43.499193][ T4053] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   43.501358][ T4053] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   43.503556][ T4053] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   43.507066][ T4063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.564834][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   43.567038][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   43.575133][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   43.585723][  T321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   43.589273][  T321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   43.591951][ T4063] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
executing program
[   43.832552][ T4068] nci: nci_start_poll: failed to set local general bytes
[   48.848574][ T4053] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
[   48.850917][ T4053] 
[   48.851490][ T4053] ======================================================
[   48.853246][ T4053] WARNING: possible circular locking dependency detected
[   48.855039][ T4053] 5.15.98-syzkaller #0 Not tainted
[   48.856397][ T4053] ------------------------------------------------------
[   48.858277][ T4053] syz-executor667/4053 is trying to acquire lock:
[   48.859964][ T4053] ffff800015cd4fe8 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58
[   48.862248][ T4053] 
[   48.862248][ T4053] but task is already holding lock:
[   48.864158][ T4053] ffff0000d01f9350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0xf0/0x5dc
[   48.866598][ T4053] 
[   48.866598][ T4053] which lock already depends on the new lock.
[   48.866598][ T4053] 
[   48.869328][ T4053] 
[   48.869328][ T4053] the existing dependency chain (in reverse order) is:
[   48.871694][ T4053] 
[   48.871694][ T4053] -> #3 (&ndev->req_lock){+.+.}-{3:3}:
[   48.873715][ T4053]        __mutex_lock_common+0x194/0x2154
[   48.875261][ T4053]        mutex_lock_nested+0xa4/0xf8
[   48.876651][ T4053]        nci_start_poll+0x498/0x1204
[   48.878049][ T4053]        nfc_start_poll+0x164/0x2a4
[   48.879425][ T4053]        nfc_genl_start_poll+0x1b8/0x308
[   48.880987][ T4053]        genl_rcv_msg+0xc18/0x1018
[   48.882296][ T4053]        netlink_rcv_skb+0x20c/0x3b8
[   48.883666][ T4053]        genl_rcv+0x38/0x50
[   48.884883][ T4053]        netlink_unicast+0x664/0x938
[   48.886319][ T4053]        netlink_sendmsg+0x814/0xb00
[   48.887687][ T4053]        ____sys_sendmsg+0x584/0x870
[   48.889064][ T4053]        ___sys_sendmsg+0x214/0x294
[   48.890408][ T4053]        __arm64_sys_sendmsg+0x1ac/0x25c
[   48.891869][ T4053]        invoke_syscall+0x98/0x2b8
[   48.893207][ T4053]        el0_svc_common+0x138/0x258
[   48.894490][ T4053]        do_el0_svc+0x58/0x14c
[   48.895757][ T4053]        el0_svc+0x7c/0x1f0
[   48.896960][ T4053]        el0t_64_sync_handler+0x84/0xe4
[   48.898428][ T4053]        el0t_64_sync+0x1a0/0x1a4
[   48.899781][ T4053] 
[   48.899781][ T4053] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}:
[   48.902098][ T4053]        __mutex_lock_common+0x194/0x2154
[   48.903640][ T4053]        mutex_lock_nested+0xa4/0xf8
[   48.905018][ T4053]        nfc_urelease_event_work+0xfc/0x2a8
[   48.906654][ T4053]        process_one_work+0x82c/0x1478
[   48.908055][ T4053]        worker_thread+0x910/0x1034
[   48.909445][ T4053]        kthread+0x37c/0x45c
[   48.910657][ T4053]        ret_from_fork+0x10/0x20
[   48.912024][ T4053] 
[   48.912024][ T4053] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}:
[   48.914142][ T4053]        __mutex_lock_common+0x194/0x2154
[   48.915711][ T4053]        mutex_lock_nested+0xa4/0xf8
[   48.917102][ T4053]        nfc_register_device+0x4c/0x310
[   48.918560][ T4053]        nci_register_device+0x6ac/0x7c4
[   48.920015][ T4053]        virtual_ncidev_open+0x6c/0xd8
[   48.921466][ T4053]        misc_open+0x2f0/0x368
[   48.922743][ T4053]        chrdev_open+0x3e8/0x4fc
[   48.924063][ T4053]        do_dentry_open+0x780/0xed8
[   48.925407][ T4053]        vfs_open+0x7c/0x90
[   48.926571][ T4053]        path_openat+0x1f00/0x26c4
[   48.927923][ T4053]        do_filp_open+0x1a8/0x3b4
[   48.929214][ T4053]        do_sys_openat2+0x128/0x3d8
[   48.930596][ T4053]        __arm64_sys_openat+0x1f0/0x240
[   48.932080][ T4053]        invoke_syscall+0x98/0x2b8
[   48.933411][ T4053]        el0_svc_common+0x138/0x258
[   48.934804][ T4053]        do_el0_svc+0x58/0x14c
[   48.936044][ T4053]        el0_svc+0x7c/0x1f0
[   48.937187][ T4053]        el0t_64_sync_handler+0x84/0xe4
[   48.938674][ T4053]        el0t_64_sync+0x1a0/0x1a4
[   48.939979][ T4053] 
[   48.939979][ T4053] -> #0 (nci_mutex){+.+.}-{3:3}:
[   48.941946][ T4053]        __lock_acquire+0x32cc/0x7620
[   48.943398][ T4053]        lock_acquire+0x2b8/0x894
[   48.944728][ T4053]        __mutex_lock_common+0x194/0x2154
[   48.946228][ T4053]        mutex_lock_nested+0xa4/0xf8
[   48.947695][ T4053]        virtual_nci_close+0x28/0x58
[   48.949111][ T4053]        nci_close_device+0x304/0x5dc
[   48.950530][ T4053]        nci_unregister_device+0x5c/0x22c
[   48.952041][ T4053]        virtual_ncidev_close+0x70/0xb0
[   48.953488][ T4053]        __fput+0x30c/0x7f0
[   48.954710][ T4053]        ____fput+0x20/0x30
[   48.955916][ T4053]        task_work_run+0x130/0x1e4
[   48.957232][ T4053]        do_notify_resume+0x262c/0x32b8
[   48.957249][ T4053]        el0_svc+0xfc/0x1f0
[   48.957261][ T4053]        el0t_64_sync_handler+0x84/0xe4
[   48.961308][ T4053]        el0t_64_sync+0x1a0/0x1a4
[   48.962625][ T4053] 
[   48.962625][ T4053] other info that might help us debug this:
[   48.962625][ T4053] 
[   48.965267][ T4053] Chain exists of:
[   48.965267][ T4053]   nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock
[   48.965267][ T4053] 
[   48.968878][ T4053]  Possible unsafe locking scenario:
[   48.968878][ T4053] 
[   48.970879][ T4053]        CPU0                    CPU1
[   48.972295][ T4053]        ----                    ----
[   48.973758][ T4053]   lock(&ndev->req_lock);
[   48.974941][ T4053]                                lock(&genl_data->genl_data_mutex);
[   48.977080][ T4053]                                lock(&ndev->req_lock);
[   48.978942][ T4053]   lock(nci_mutex);
[   48.980018][ T4053] 
[   48.980018][ T4053]  *** DEADLOCK ***
[   48.980018][ T4053] 
[   48.982201][ T4053] 1 lock held by syz-executor667/4053:
[   48.983654][ T4053]  #0: ffff0000d01f9350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0xf0/0x5dc
[   48.986308][ T4053] 
[   48.986308][ T4053] stack backtrace:
[   48.987897][ T4053] CPU: 1 PID: 4053 Comm: syz-executor667 Not tainted 5.15.98-syzkaller #0
[   48.990117][ T4053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   48.992812][ T4053] Call trace:
[   48.993663][ T4053]  dump_backtrace+0x0/0x530
[   48.994834][ T4053]  show_stack+0x2c/0x3c
[   48.995959][ T4053]  dump_stack_lvl+0x108/0x170
[   48.997201][ T4053]  dump_stack+0x1c/0x58
[   48.998291][ T4053]  print_circular_bug+0x150/0x1b8
[   48.999639][ T4053]  check_noncircular+0x2cc/0x378
[   49.000911][ T4053]  __lock_acquire+0x32cc/0x7620
[   49.002219][ T4053]  lock_acquire+0x2b8/0x894
[   49.003400][ T4053]  __mutex_lock_common+0x194/0x2154
[   49.004739][ T4053]  mutex_lock_nested+0xa4/0xf8
[   49.006031][ T4053]  virtual_nci_close+0x28/0x58
[   49.007323][ T4053]  nci_close_device+0x304/0x5dc
[   49.008591][ T4053]  nci_unregister_device+0x5c/0x22c
[   49.009955][ T4053]  virtual_ncidev_close+0x70/0xb0
[   49.011257][ T4053]  __fput+0x30c/0x7f0
[   49.012294][ T4053]  ____fput+0x20/0x30
[   49.013410][ T4053]  task_work_run+0x130/0x1e4
[   49.014588][ T4053]  do_notify_resume+0x262c/0x32b8
[   49.015963][ T4053]  el0_svc+0xfc/0x1f0
[   49.017013][ T4053]  el0t_64_sync_handler+0x84/0xe4
[   49.018351][ T4053]  el0t_64_sync+0x1a0/0x1a4