program:
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window], 0x3)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0xffff, 'syz0\x00', @default, 0xfffffdba, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]})
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x10001, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000440)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x8, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]})
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0xce)
bind$ax25(r4, &(0x7f0000000380)={{0x3, @default, 0x2}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x48)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$sock_ifreq(r5, 0x89f0, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})

[   80.906180][ T4657] Bluetooth: hci0: command tx timeout
[   80.909900][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[   80.912570][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[   81.092046][ T5312] 
[   81.093132][ T5312] ======================================================
[   81.096051][ T5312] WARNING: possible circular locking dependency detected
[   81.099085][ T5312] 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 Not tainted
[   81.102181][ T5312] ------------------------------------------------------
[   81.105248][ T5312] syz.0.0/5312 is trying to acquire lock:
[   81.107640][ T5312] ffff888034b4d370 (&nr_node->node_lock){+...}-{3:3}, at: nr_rt_device_down+0x12a/0x720
[   81.111842][ T5312] 
[   81.111842][ T5312] but task is already holding lock:
[   81.114872][ T5312] ffffffff8f44b538 (nr_node_list_lock){+...}-{3:3}, at: nr_rt_device_down+0xa9/0x720
[   81.118875][ T5312] 
[   81.118875][ T5312] which lock already depends on the new lock.
[   81.118875][ T5312] 
[   81.123214][ T5312] 
[   81.123214][ T5312] the existing dependency chain (in reverse order) is:
[   81.127025][ T5312] 
[   81.127025][ T5312] -> #2 (nr_node_list_lock){+...}-{3:3}:
[   81.130389][ T5312]        lock_acquire+0x120/0x360
[   81.132491][ T5312]        _raw_spin_lock_bh+0x36/0x50
[   81.134714][ T5312]        nr_rt_device_down+0xa9/0x720
[   81.137061][ T5312]        nr_device_event+0x137/0x150
[   81.139376][ T5312]        notifier_call_chain+0x1b3/0x3e0
[   81.141746][ T5312]        dev_close_many+0x29c/0x410
[   81.143939][ T5312]        netif_close+0x158/0x210
[   81.146044][ T5312]        dev_close+0x10a/0x220
[   81.148071][ T5312]        bpq_device_event+0x2f4/0x600
[   81.150392][ T5312]        notifier_call_chain+0x1b3/0x3e0
[   81.152841][ T5312]        dev_close_many+0x29c/0x410
[   81.155121][ T5312]        netif_close+0x158/0x210
[   81.157268][ T5312]        dev_close+0x10a/0x220
[   81.159293][ T5312]        bond_setup_by_slave+0x5f/0x3f0
[   81.161664][ T5312]        bond_enslave+0x7b4/0x3a40
[   81.163829][ T5312]        bond_do_ioctl+0x635/0x9b0
[   81.166020][ T5312]        bond_siocdevprivate+0x17e/0x350
[   81.168294][ T5312]        dev_ifsioc+0xb54/0xf00
[   81.170423][ T5312]        dev_ioctl+0x84c/0x1150
[   81.172493][ T5312]        sock_ioctl+0x719/0x790
[   81.174631][ T5312]        __se_sys_ioctl+0xf9/0x170
[   81.176817][ T5312]        do_syscall_64+0xf6/0x210
[   81.179008][ T5312]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.181729][ T5312] 
[   81.181729][ T5312] -> #1 (nr_neigh_list_lock){+...}-{3:3}:
[   81.185066][ T5312]        lock_acquire+0x120/0x360
[   81.187335][ T5312]        _raw_spin_lock_bh+0x36/0x50
[   81.189660][ T5312]        nr_remove_neigh+0x25/0xe0
[   81.191827][ T5312]        nr_add_node+0x1d9f/0x2570
[   81.193916][ T5312]        nr_rt_ioctl+0xc12/0xd50
[   81.195902][ T5312]        sock_do_ioctl+0xd9/0x300
[   81.198142][ T5312]        sock_ioctl+0x576/0x790
[   81.200276][ T5312]        __se_sys_ioctl+0xf9/0x170
[   81.202457][ T5312]        do_syscall_64+0xf6/0x210
[   81.204518][ T5312]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.207263][ T5312] 
[   81.207263][ T5312] -> #0 (&nr_node->node_lock){+...}-{3:3}:
[   81.210540][ T5312]        validate_chain+0xb9b/0x2140
[   81.213014][ T5312]        __lock_acquire+0xaac/0xd20
[   81.215217][ T5312]        lock_acquire+0x120/0x360
[   81.217334][ T5312]        _raw_spin_lock_bh+0x36/0x50
[   81.219550][ T5312]        nr_rt_device_down+0x12a/0x720
[   81.221967][ T5312]        nr_device_event+0x137/0x150
[   81.224224][ T5312]        notifier_call_chain+0x1b3/0x3e0
[   81.226644][ T5312]        dev_close_many+0x29c/0x410
[   81.228770][ T5312]        netif_close+0x158/0x210
[   81.231037][ T5312]        dev_close+0x10a/0x220
[   81.233124][ T5312]        bpq_device_event+0x2f4/0x600
[   81.235434][ T5312]        notifier_call_chain+0x1b3/0x3e0
[   81.237764][ T5312]        dev_close_many+0x29c/0x410
[   81.239880][ T5312]        netif_close+0x158/0x210
[   81.241977][ T5312]        dev_close+0x10a/0x220
[   81.243991][ T5312]        bond_setup_by_slave+0x5f/0x3f0
[   81.246165][ T5312]        bond_enslave+0x7b4/0x3a40
[   81.248200][ T5312]        bond_do_ioctl+0x635/0x9b0
[   81.250529][ T5312]        bond_siocdevprivate+0x17e/0x350
[   81.252983][ T5312]        dev_ifsioc+0xb54/0xf00
[   81.255082][ T5312]        dev_ioctl+0x84c/0x1150
[   81.257105][ T5312]        sock_ioctl+0x719/0x790
[   81.259224][ T5312]        __se_sys_ioctl+0xf9/0x170
[   81.261607][ T5312]        do_syscall_64+0xf6/0x210
[   81.263691][ T5312]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.266486][ T5312] 
[   81.266486][ T5312] other info that might help us debug this:
[   81.266486][ T5312] 
[   81.270643][ T5312] Chain exists of:
[   81.270643][ T5312]   &nr_node->node_lock --> nr_neigh_list_lock --> nr_node_list_lock
[   81.270643][ T5312] 
[   81.276414][ T5312]  Possible unsafe locking scenario:
[   81.276414][ T5312] 
[   81.279420][ T5312]        CPU0                    CPU1
[   81.281666][ T5312]        ----                    ----
[   81.284055][ T5312]   lock(nr_node_list_lock);
[   81.286060][ T5312]                                lock(nr_neigh_list_lock);
[   81.289076][ T5312]                                lock(nr_node_list_lock);
[   81.291748][ T5312]   lock(&nr_node->node_lock);
[   81.293690][ T5312] 
[   81.293690][ T5312]  *** DEADLOCK ***
[   81.293690][ T5312] 
[   81.297060][ T5312] 3 locks held by syz.0.0/5312:
[   81.299123][ T5312]  #0: ffffffff8f2f47c8 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x83c/0x1150
[   81.302699][ T5312]  #1: ffffffff8f44b4d8 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_device_down+0x28/0x720
[   81.306706][ T5312]  #2: ffffffff8f44b538 (nr_node_list_lock){+...}-{3:3}, at: nr_rt_device_down+0xa9/0x720
[   81.310734][ T5312] 
[   81.310734][ T5312] stack backtrace:
[   81.313193][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[   81.313207][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   81.313216][ T5312] Call Trace:
[   81.313226][ T5312]  <TASK>
[   81.313232][ T5312]  dump_stack_lvl+0x189/0x250
[   81.313252][ T5312]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.313266][ T5312]  ? __pfx__printk+0x10/0x10
[   81.313274][ T5312]  ? print_lock_name+0xde/0x100
[   81.313285][ T5312]  print_circular_bug+0x2ee/0x310
[   81.313294][ T5312]  check_noncircular+0x134/0x160
[   81.313302][ T5312]  validate_chain+0xb9b/0x2140
[   81.313311][ T5312]  __lock_acquire+0xaac/0xd20
[   81.313321][ T5312]  ? nr_rt_device_down+0x12a/0x720
[   81.313330][ T5312]  lock_acquire+0x120/0x360
[   81.313341][ T5312]  ? nr_rt_device_down+0x12a/0x720
[   81.313354][ T5312]  ? nr_rt_device_down+0x12a/0x720
[   81.313366][ T5312]  _raw_spin_lock_bh+0x36/0x50
[   81.313376][ T5312]  ? nr_rt_device_down+0x12a/0x720
[   81.313388][ T5312]  nr_rt_device_down+0x12a/0x720
[   81.313404][ T5312]  nr_device_event+0x137/0x150
[   81.313416][ T5312]  notifier_call_chain+0x1b3/0x3e0
[   81.313427][ T5312]  dev_close_many+0x29c/0x410
[   81.313439][ T5312]  ? __pfx_dev_close_many+0x10/0x10
[   81.313484][ T5312]  ? __try_to_del_timer_sync+0x34a/0x3a0
[   81.313499][ T5312]  ? bond_netdev_event+0x227/0xe80
[   81.313511][ T5312]  netif_close+0x158/0x210
[   81.313522][ T5312]  ? __pfx_netif_close+0x10/0x10
[   81.313532][ T5312]  ? tun_device_event+0x77/0x1020
[   81.313547][ T5312]  dev_close+0x10a/0x220
[   81.313558][ T5312]  bpq_device_event+0x2f4/0x600
[   81.313569][ T5312]  notifier_call_chain+0x1b3/0x3e0
[   81.313580][ T5312]  dev_close_many+0x29c/0x410
[   81.313592][ T5312]  ? __pfx_dev_close_many+0x10/0x10
[   81.313604][ T5312]  ? __lock_acquire+0xaac/0xd20
[   81.313617][ T5312]  netif_close+0x158/0x210
[   81.313626][ T5312]  ? __pfx_netif_close+0x10/0x10
[   81.313634][ T5312]  ? do_raw_spin_lock+0x121/0x290
[   81.313645][ T5312]  ? __local_bh_enable_ip+0x12d/0x1c0
[   81.313666][ T5312]  ? lockdep_hardirqs_on+0x9c/0x150
[   81.313676][ T5312]  dev_close+0x10a/0x220
[   81.313692][ T5312]  bond_setup_by_slave+0x5f/0x3f0
[   81.313705][ T5312]  bond_enslave+0x7b4/0x3a40
[   81.313717][ T5312]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   81.313729][ T5312]  ? arch_stack_walk+0xfc/0x150
[   81.313744][ T5312]  ? __pfx_bond_enslave+0x10/0x10
[   81.313753][ T5312]  ? stack_depot_save_flags+0x40/0x910
[   81.313765][ T5312]  ? apparmor_capable+0x137/0x1b0
[   81.313777][ T5312]  ? full_name_hash+0x92/0xe0
[   81.313793][ T5312]  ? netdev_name_node_lookup+0xdf/0x120
[   81.313808][ T5312]  bond_do_ioctl+0x635/0x9b0
[   81.313822][ T5312]  ? __pfx_bond_do_ioctl+0x10/0x10
[   81.313844][ T5312]  ? __lock_acquire+0xaac/0xd20
[   81.313858][ T5312]  ? __mutex_trylock_common+0x153/0x260
[   81.313870][ T5312]  ? __pfx___mutex_trylock_common+0x10/0x10
[   81.313888][ T5312]  bond_siocdevprivate+0x17e/0x350
[   81.313902][ T5312]  ? __pfx_bond_siocdevprivate+0x10/0x10
[   81.313915][ T5312]  ? __lock_acquire+0xaac/0xd20
[   81.313928][ T5312]  ? full_name_hash+0x92/0xe0
[   81.313941][ T5312]  ? netdev_name_node_lookup+0xdf/0x120
[   81.313953][ T5312]  dev_ifsioc+0xb54/0xf00
[   81.313964][ T5312]  dev_ioctl+0x84c/0x1150
[   81.313974][ T5312]  sock_ioctl+0x719/0x790
[   81.313993][ T5312]  ? __pfx_sock_ioctl+0x10/0x10
[   81.314007][ T5312]  ? __fget_files+0x3a0/0x420
[   81.314019][ T5312]  ? __fget_files+0x2a/0x420
[   81.314030][ T5312]  ? bpf_lsm_file_ioctl+0x9/0x20
[   81.314042][ T5312]  ? __pfx_sock_ioctl+0x10/0x10
[   81.314056][ T5312]  __se_sys_ioctl+0xf9/0x170
[   81.314066][ T5312]  do_syscall_64+0xf6/0x210
[   81.314079][ T5312]  ? clear_bhb_loop+0x45/0xa0
[   81.314091][ T5312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.314102][ T5312] RIP: 0033:0x7f7b1f58e969
[   81.314114][ T5312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.314123][ T5312] RSP: 002b:00007f7b20461038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   81.314134][ T5312] RAX: ffffffffffffffda RBX: 00007f7b1f7b6080 RCX: 00007f7b1f58e969
[   81.314142][ T5312] RDX: 0000200000000180 RSI: 00000000000089f0 RDI: 000000000000000a
[   81.314148][ T5312] RBP: 00007f7b1f610ab1 R08: 0000000000000000 R09: 0000000000000000
[   81.314154][ T5312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   81.314160][ T5312] R13: 0000000000000000 R14: 00007f7b1f7b6080 R15: 00007ffe8ff22b48
[   81.314169][ T5312]  </TASK>
[   81.584537][ T5312] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.589691][ T5312] bond0: (slave rose0): Enslaving as an active interface with an up link