program: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @null, @bpq0, 0x6, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default]}) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) ioctl$SIOCNRDECOBS(r0, 0x89e2) syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) (async) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) (async) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @null, @bpq0, 0x6, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default]}) (async) syz_init_net_socket$x25(0x9, 0x5, 0x0) (async) syz_init_net_socket$rose(0xb, 0x5, 0x0) (async) ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) (async) ioctl$SIOCNRDECOBS(r0, 0x89e2) (async) [ 68.611862][ T5308] Bluetooth: hci0: command tx timeout [ 68.648804][ T5323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.661904][ T5323] bond0: (slave rose0): Enslaving as an active interface with an up link [ 68.670286][ T5324] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 68.680168][ T5326] [ 68.681024][ T5326] ====================================================== [ 68.683589][ T5326] WARNING: possible circular locking dependency detected [ 68.686295][ T5326] 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 Not tainted [ 68.688867][ T5326] ------------------------------------------------------ [ 68.691561][ T5326] syz.0.0/5326 is trying to acquire lock: [ 68.693780][ T5326] ffffffff90254358 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_ioctl+0x39a/0xff0 [ 68.697176][ T5326] [ 68.697176][ T5326] but task is already holding lock: [ 68.699898][ T5326] ffff888036b58e70 (&nr_node->node_lock){+...}-{3:3}, at: nr_rt_ioctl+0x194/0xff0 [ 68.703399][ T5326] [ 68.703399][ T5326] which lock already depends on the new lock. [ 68.703399][ T5326] [ 68.707137][ T5326] [ 68.707137][ T5326] the existing dependency chain (in reverse order) is: [ 68.710507][ T5326] [ 68.710507][ T5326] -> #2 (&nr_node->node_lock){+...}-{3:3}: [ 68.713989][ T5326] lock_acquire+0x116/0x2f0 [ 68.716062][ T5326] _raw_spin_lock_bh+0x35/0x50 [ 68.718004][ T5326] nr_rt_device_down+0x159/0x7b0 [ 68.720156][ T5326] nr_device_event+0x134/0x150 [ 68.722302][ T5326] notifier_call_chain+0x1a5/0x3f0 [ 68.724478][ T5326] dev_close_many+0x33e/0x4c0 [ 68.726382][ T5326] netif_close+0x1c2/0x2d0 [ 68.728552][ T5326] dev_close+0x137/0x280 [ 68.730438][ T5326] bpq_device_event+0x36a/0x620 [ 68.732418][ T5326] notifier_call_chain+0x1a5/0x3f0 [ 68.734591][ T5326] dev_close_many+0x33e/0x4c0 [ 68.736586][ T5326] netif_close+0x1c2/0x2d0 [ 68.738583][ T5326] dev_close+0x137/0x280 [ 68.740360][ T5326] bond_setup_by_slave+0x64/0x420 [ 68.742454][ T5326] bond_enslave+0x7fb/0x38d0 [ 68.744482][ T5326] bond_do_ioctl+0x7c9/0xc00 [ 68.746496][ T5326] dev_ifsioc+0x97a/0x1010 [ 68.748500][ T5326] dev_ioctl+0x80f/0x1260 [ 68.750329][ T5326] sock_do_ioctl+0x22f/0x400 [ 68.752390][ T5326] sock_ioctl+0x644/0x900 [ 68.754332][ T5326] __se_sys_ioctl+0xf1/0x160 [ 68.756333][ T5326] do_syscall_64+0xf3/0x210 [ 68.758157][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.760602][ T5326] [ 68.760602][ T5326] -> #1 (nr_node_list_lock){+...}-{3:3}: [ 68.763426][ T5326] lock_acquire+0x116/0x2f0 [ 68.765485][ T5326] _raw_spin_lock_bh+0x35/0x50 [ 68.767469][ T5326] nr_rt_device_down+0xb5/0x7b0 [ 68.769533][ T5326] nr_device_event+0x134/0x150 [ 68.771694][ T5326] notifier_call_chain+0x1a5/0x3f0 [ 68.773889][ T5326] dev_close_many+0x33e/0x4c0 [ 68.776033][ T5326] netif_close+0x1c2/0x2d0 [ 68.778004][ T5326] dev_close+0x137/0x280 [ 68.779995][ T5326] bpq_device_event+0x36a/0x620 [ 68.782221][ T5326] notifier_call_chain+0x1a5/0x3f0 [ 68.784611][ T5326] dev_close_many+0x33e/0x4c0 [ 68.786631][ T5326] netif_close+0x1c2/0x2d0 [ 68.788561][ T5326] dev_close+0x137/0x280 [ 68.790397][ T5326] bond_setup_by_slave+0x64/0x420 [ 68.792481][ T5326] bond_enslave+0x7fb/0x38d0 [ 68.794556][ T5326] bond_do_ioctl+0x7c9/0xc00 [ 68.796562][ T5326] dev_ifsioc+0x97a/0x1010 [ 68.798510][ T5326] dev_ioctl+0x80f/0x1260 [ 68.800394][ T5326] sock_do_ioctl+0x22f/0x400 [ 68.802245][ T5326] sock_ioctl+0x644/0x900 [ 68.804085][ T5326] __se_sys_ioctl+0xf1/0x160 [ 68.806118][ T5326] do_syscall_64+0xf3/0x210 [ 68.808034][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.810418][ T5326] [ 68.810418][ T5326] -> #0 (nr_neigh_list_lock){+...}-{3:3}: [ 68.813280][ T5326] validate_chain+0xa69/0x24e0 [ 68.815280][ T5326] __lock_acquire+0xad5/0xd80 [ 68.817295][ T5326] lock_acquire+0x116/0x2f0 [ 68.819238][ T5326] _raw_spin_lock_bh+0x35/0x50 [ 68.821455][ T5326] nr_rt_ioctl+0x39a/0xff0 [ 68.823338][ T5326] sock_do_ioctl+0x152/0x400 [ 68.825320][ T5326] sock_ioctl+0x644/0x900 [ 68.827179][ T5326] __se_sys_ioctl+0xf1/0x160 [ 68.829211][ T5326] do_syscall_64+0xf3/0x210 [ 68.831043][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.833550][ T5326] [ 68.833550][ T5326] other info that might help us debug this: [ 68.833550][ T5326] [ 68.837368][ T5326] Chain exists of: [ 68.837368][ T5326] nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock [ 68.837368][ T5326] [ 68.842424][ T5326] Possible unsafe locking scenario: [ 68.842424][ T5326] [ 68.845440][ T5326] CPU0 CPU1 [ 68.847756][ T5326] ---- ---- [ 68.849778][ T5326] lock(&nr_node->node_lock); [ 68.851686][ T5326] lock(nr_node_list_lock); [ 68.854399][ T5326] lock(&nr_node->node_lock); [ 68.857265][ T5326] lock(nr_neigh_list_lock); [ 68.859121][ T5326] [ 68.859121][ T5326] *** DEADLOCK *** [ 68.859121][ T5326] [ 68.862162][ T5326] 2 locks held by syz.0.0/5326: [ 68.864012][ T5326] #0: ffffffff902543b8 (nr_node_list_lock){+...}-{3:3}, at: nr_rt_ioctl+0x102/0xff0 [ 68.867551][ T5326] #1: ffff888036b58e70 (&nr_node->node_lock){+...}-{3:3}, at: nr_rt_ioctl+0x194/0xff0 [ 68.871141][ T5326] [ 68.871141][ T5326] stack backtrace: [ 68.873313][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) [ 68.873326][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.873333][ T5326] Call Trace: [ 68.873340][ T5326] [ 68.873346][ T5326] dump_stack_lvl+0x241/0x360 [ 68.873363][ T5326] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.873376][ T5326] ? __pfx__printk+0x10/0x10 [ 68.873388][ T5326] ? print_lock+0x171/0x1a0 [ 68.873404][ T5326] print_circular_bug+0x2e1/0x300 [ 68.873416][ T5326] check_noncircular+0x142/0x160 [ 68.873428][ T5326] validate_chain+0xa69/0x24e0 [ 68.873442][ T5326] __lock_acquire+0xad5/0xd80 [ 68.873452][ T5326] lock_acquire+0x116/0x2f0 [ 68.873460][ T5326] ? nr_rt_ioctl+0x39a/0xff0 [ 68.873469][ T5326] ? nr_rt_ioctl+0x39a/0xff0 [ 68.873478][ T5326] _raw_spin_lock_bh+0x35/0x50 [ 68.873487][ T5326] ? nr_rt_ioctl+0x39a/0xff0 [ 68.873496][ T5326] nr_rt_ioctl+0x39a/0xff0 [ 68.873505][ T5326] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 68.873518][ T5326] ? get_vfs_caps_from_disk+0x2d0/0x6c0 [ 68.873530][ T5326] sock_do_ioctl+0x152/0x400 [ 68.873542][ T5326] ? __pfx_sock_do_ioctl+0x10/0x10 [ 68.873554][ T5326] ? __lock_acquire+0xad5/0xd80 [ 68.873568][ T5326] sock_ioctl+0x644/0x900 [ 68.873578][ T5326] ? __pfx_sock_ioctl+0x10/0x10 [ 68.873587][ T5326] ? __fget_files+0x2a/0x420 [ 68.873596][ T5326] ? __fget_files+0x2a/0x420 [ 68.873605][ T5326] ? __fget_files+0x2a/0x420 [ 68.873615][ T5326] ? __pfx_sock_ioctl+0x10/0x10 [ 68.873625][ T5326] __se_sys_ioctl+0xf1/0x160 [ 68.873638][ T5326] do_syscall_64+0xf3/0x210 [ 68.873648][ T5326] ? clear_bhb_loop+0x45/0xa0 [ 68.873657][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.873664][ T5326] RIP: 0033:0x7f5b1b18e169 [ 68.873674][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.873682][ T5326] RSP: 002b:00007f5b1bfe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 68.873694][ T5326] RAX: ffffffffffffffda RBX: 00007f5b1b3b6160 RCX: 00007f5b1b18e169 [ 68.873700][ T5326] RDX: 0000000000000000 RSI: 00000000000089e2 RDI: 0000000000000004 [ 68.873706][ T5326] RBP: 00007f5b1b210a68 R08: 0000000000000000 R09: 0000000000000000 [ 68.873712][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.873718][ T5326] R13: 0000000000000001 R14: 00007f5b1b3b6160 R15: 00007ffca24ce7b8 [ 68.873726][ T5326]