program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xd, 0xd, &(0x7f00000000c0)=@framed={{0x18, 0x2}, [@func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit, @printk={@ld={0x18, 0x0}, {}, {0x5}, {}, {0x5}, {}, {0x85, 0x0, 0x0, 0x8}}]}, &(0x7f0000000180)='GPL\x00'}, 0x90) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0xff, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1}, 0x50) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f0000000280)={'ip6_vti0\x00', 0x0, 0x2f, 0x6, 0x9, 0x0, 0x4, @private2, @local, 0x10, 0x8000, 0x9, 0x4}}) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000480), 0xc200, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$P9_RREAD(r1, &(0x7f0000000100)={0x139, 0x75, 0x2, {0x12e, "0f73576c5dcec6ac353f67005578ef55127538a4fe58b6253c2468d41c434f4fb464762a49002629c6be3e3cd3a95da6efc80d2f830841f59b5f0068006c5d8d8ab543f693c7cf4db1b9ff6c81e573589a5b1a83d8714e57f48c3bd3bb086ccb18dc5ac7184bb845c8b2e0e3223578b701729e0752440b519e138053f0bfb3467b9179b405a9280217d533f48aff62e8d8f743a2ae4699f0eba12c18c256c89f6f8e65a0e44abfe533f1a5199b11db0fc6111f199c1b4f4353adf40c0061d03c14a153dade55339ada3552ea797b6d237e1f3f06e50adec5a797404e1553cc191c7d1e767ccc9cc81113de97da1bded3cca5c96bf2b2f14efc4d5906a551db5e1785b5584b9f3465b9631728229a426e19f7103b42d9c467b5920caa10519859f76aa59f30e23df87a236fc43650"}}, 0x139) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0xffff, 'syz0\x00', @default, 0xfffffdba, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}) ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x1, @default, @bpq0, 0x6, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r5, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) ioctl$FITRIM(r1, 0x40406f06, &(0x7f0000000380)={0x0, 0x0, 0x8}) r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x10000, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xfffffdb6, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x10001, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}) ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f0000000440)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x8, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000004c0)={{0x1, 0x1, 0x18, r0, {0x7b0}}, './file0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@bloom_filter={0x1e, 0x9, 0x1, 0x9, 0x4100, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x5, 0x8}, 0x50) [ 86.367503][ T5342] Bluetooth: hci0: command tx timeout [ 86.490069][ T5366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.506380][ T5366] bond0: (slave rose0): Enslaving as an active interface with an up link [ 86.529132][ T5366] [ 86.530318][ T5366] ====================================================== [ 86.533270][ T5366] WARNING: possible circular locking dependency detected [ 86.536446][ T5366] syzkaller #0 Not tainted [ 86.538724][ T5366] ------------------------------------------------------ [ 86.541873][ T5366] syz.0.0/5366 is trying to acquire lock: [ 86.544558][ T5366] ffffffff8f690058 (nr_neigh_list_lock){+...}-{3:3}, at: nr_remove_neigh+0x25/0xe0 [ 86.548608][ T5366] [ 86.548608][ T5366] but task is already holding lock: [ 86.551837][ T5366] ffff888036b86570 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570 [ 86.555115][ T5366] [ 86.555115][ T5366] which lock already depends on the new lock. [ 86.555115][ T5366] [ 86.558680][ T5366] [ 86.558680][ T5366] the existing dependency chain (in reverse order) is: [ 86.561915][ T5366] [ 86.561915][ T5366] -> #2 (&nr_node->node_lock){+...}-{3:3}: [ 86.565180][ T5366] lock_acquire+0x120/0x360 [ 86.567363][ T5366] _raw_spin_lock_bh+0x36/0x50 [ 86.569558][ T5366] nr_rt_device_down+0x12a/0x720 [ 86.572111][ T5366] nr_device_event+0x137/0x150 [ 86.574532][ T5366] notifier_call_chain+0x1b6/0x3e0 [ 86.577208][ T5366] netif_close_many+0x29c/0x410 [ 86.579802][ T5366] netif_close+0x158/0x210 [ 86.581977][ T5366] dev_close+0x10a/0x220 [ 86.583969][ T5366] bpq_device_event+0x377/0x6a0 [ 86.586469][ T5366] notifier_call_chain+0x1b6/0x3e0 [ 86.588859][ T5366] netif_close_many+0x29c/0x410 [ 86.591178][ T5366] netif_close+0x158/0x210 [ 86.593361][ T5366] dev_close+0x10a/0x220 [ 86.595409][ T5366] bond_setup_by_slave+0x5f/0x3f0 [ 86.597416][ T5366] bond_enslave+0x7a0/0x3a20 [ 86.599672][ T5366] bond_do_ioctl+0x635/0x9b0 [ 86.602205][ T5366] dev_ifsioc+0x90b/0xf00 [ 86.604699][ T5366] dev_ioctl+0x7b4/0x1150 [ 86.606860][ T5366] sock_do_ioctl+0x22c/0x300 [ 86.609316][ T5366] sock_ioctl+0x576/0x790 [ 86.611535][ T5366] __se_sys_ioctl+0xf9/0x170 [ 86.614133][ T5366] do_syscall_64+0xfa/0x3b0 [ 86.616448][ T5366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.619605][ T5366] [ 86.619605][ T5366] -> #1 (nr_node_list_lock){+...}-{3:3}: [ 86.623111][ T5366] lock_acquire+0x120/0x360 [ 86.625226][ T5366] _raw_spin_lock_bh+0x36/0x50 [ 86.627534][ T5366] nr_rt_device_down+0xa9/0x720 [ 86.629938][ T5366] nr_device_event+0x137/0x150 [ 86.632245][ T5366] notifier_call_chain+0x1b6/0x3e0 [ 86.634524][ T5366] netif_close_many+0x29c/0x410 [ 86.637133][ T5366] netif_close+0x158/0x210 [ 86.639479][ T5366] dev_close+0x10a/0x220 [ 86.641689][ T5366] bpq_device_event+0x377/0x6a0 [ 86.644357][ T5366] notifier_call_chain+0x1b6/0x3e0 [ 86.646960][ T5366] netif_close_many+0x29c/0x410 [ 86.649320][ T5366] netif_close+0x158/0x210 [ 86.651566][ T5366] dev_close+0x10a/0x220 [ 86.653722][ T5366] bond_setup_by_slave+0x5f/0x3f0 [ 86.656195][ T5366] bond_enslave+0x7a0/0x3a20 [ 86.658460][ T5366] bond_do_ioctl+0x635/0x9b0 [ 86.660877][ T5366] dev_ifsioc+0x90b/0xf00 [ 86.663472][ T5366] dev_ioctl+0x7b4/0x1150 [ 86.665869][ T5366] sock_do_ioctl+0x22c/0x300 [ 86.668085][ T5366] sock_ioctl+0x576/0x790 [ 86.670401][ T5366] __se_sys_ioctl+0xf9/0x170 [ 86.672707][ T5366] do_syscall_64+0xfa/0x3b0 [ 86.674985][ T5366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.677692][ T5366] [ 86.677692][ T5366] -> #0 (nr_neigh_list_lock){+...}-{3:3}: [ 86.681100][ T5366] validate_chain+0xb9b/0x2140 [ 86.683779][ T5366] __lock_acquire+0xab9/0xd20 [ 86.686442][ T5366] lock_acquire+0x120/0x360 [ 86.688720][ T5366] _raw_spin_lock_bh+0x36/0x50 [ 86.691116][ T5366] nr_remove_neigh+0x25/0xe0 [ 86.693542][ T5366] nr_add_node+0x1d9f/0x2570 [ 86.695866][ T5366] nr_rt_ioctl+0xc12/0xd50 [ 86.698007][ T5366] sock_do_ioctl+0xdc/0x300 [ 86.700358][ T5366] sock_ioctl+0x576/0x790 [ 86.702900][ T5366] __se_sys_ioctl+0xf9/0x170 [ 86.705347][ T5366] do_syscall_64+0xfa/0x3b0 [ 86.707740][ T5366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.710659][ T5366] [ 86.710659][ T5366] other info that might help us debug this: [ 86.710659][ T5366] [ 86.715041][ T5366] Chain exists of: [ 86.715041][ T5366] nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock [ 86.715041][ T5366] [ 86.719901][ T5366] Possible unsafe locking scenario: [ 86.719901][ T5366] [ 86.723072][ T5366] CPU0 CPU1 [ 86.725364][ T5366] ---- ---- [ 86.727403][ T5366] lock(&nr_node->node_lock); [ 86.729324][ T5366] lock(nr_node_list_lock); [ 86.731753][ T5366] lock(&nr_node->node_lock); [ 86.734927][ T5366] lock(nr_neigh_list_lock); [ 86.736937][ T5366] [ 86.736937][ T5366] *** DEADLOCK *** [ 86.736937][ T5366] [ 86.740573][ T5366] 1 lock held by syz.0.0/5366: [ 86.742777][ T5366] #0: ffff888036b86570 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570 [ 86.747492][ T5366] [ 86.747492][ T5366] stack backtrace: [ 86.750159][ T5366] CPU: 0 UID: 0 PID: 5366 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.750173][ T5366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.750180][ T5366] Call Trace: [ 86.750186][ T5366] [ 86.750191][ T5366] dump_stack_lvl+0x189/0x250 [ 86.750207][ T5366] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.750216][ T5366] ? __pfx__printk+0x10/0x10 [ 86.750226][ T5366] ? stack_trace_save+0x9c/0xe0 [ 86.750240][ T5366] print_circular_bug+0x2ee/0x310 [ 86.750249][ T5366] check_noncircular+0x134/0x160 [ 86.750257][ T5366] validate_chain+0xb9b/0x2140 [ 86.750268][ T5366] __lock_acquire+0xab9/0xd20 [ 86.750281][ T5366] ? nr_remove_neigh+0x25/0xe0 [ 86.750290][ T5366] lock_acquire+0x120/0x360 [ 86.750300][ T5366] ? nr_remove_neigh+0x25/0xe0 [ 86.750314][ T5366] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 86.750327][ T5366] ? nr_remove_neigh+0x25/0xe0 [ 86.750339][ T5366] _raw_spin_lock_bh+0x36/0x50 [ 86.750349][ T5366] ? nr_remove_neigh+0x25/0xe0 [ 86.750357][ T5366] nr_remove_neigh+0x25/0xe0 [ 86.750370][ T5366] nr_add_node+0x1d9f/0x2570 [ 86.750383][ T5366] ? __asan_memcpy+0x40/0x70 [ 86.750395][ T5366] ? nr_call_to_digi+0x126/0x1b0 [ 86.750407][ T5366] nr_rt_ioctl+0xc12/0xd50 [ 86.750422][ T5366] ? kasan_quarantine_put+0xdd/0x220 [ 86.750432][ T5366] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 86.750447][ T5366] ? apparmor_capable+0x137/0x1b0 [ 86.750461][ T5366] ? capable+0x89/0xe0 [ 86.750469][ T5366] ? nr_ioctl+0x1b1/0x3b0 [ 86.750476][ T5366] sock_do_ioctl+0xdc/0x300 [ 86.750487][ T5366] ? __pfx_sock_do_ioctl+0x10/0x10 [ 86.750497][ T5366] ? __lock_acquire+0xab9/0xd20 [ 86.750515][ T5366] sock_ioctl+0x576/0x790 [ 86.750526][ T5366] ? __pfx_sock_ioctl+0x10/0x10 [ 86.750537][ T5366] ? __fget_files+0x2a/0x420 [ 86.750552][ T5366] ? __fget_files+0x3a0/0x420 [ 86.750563][ T5366] ? __fget_files+0x2a/0x420 [ 86.750571][ T5366] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.750579][ T5366] ? __pfx_sock_ioctl+0x10/0x10 [ 86.750586][ T5366] __se_sys_ioctl+0xf9/0x170 [ 86.750593][ T5366] do_syscall_64+0xfa/0x3b0 [ 86.750606][ T5366] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.750615][ T5366] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.750622][ T5366] ? clear_bhb_loop+0x60/0xb0 [ 86.750630][ T5366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.750637][ T5366] RIP: 0033:0x7ff3e6d8ebe9 [ 86.750646][ T5366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.750653][ T5366] RSP: 002b:00007ff3e7cba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.750662][ T5366] RAX: ffffffffffffffda RBX: 00007ff3e6fb5fa0 RCX: 00007ff3e6d8ebe9 [ 86.750667][ T5366] RDX: 0000200000000440 RSI: 000000000000890b RDI: 000000000000000b [ 86.750672][ T5366] RBP: 00007ff3e6e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 86.750677][ T5366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.750682][ T5366] R13: 00007ff3e6fb6038 R14: 00007ff3e6fb5fa0 R15: 00007fff120bea28 [ 86.750690][ T5366] [ 86.933171][ T9] cfg80211: failed to load regulatory.db