program: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x12, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1000, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xaa, 0x5, 0x0, 0x0, 0x0, 0x1, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x5, 0x6}, 0xa21, 0x809, 0x2000, 0x1, 0x6, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0xffffffffffff4643}, 0x0, 0x40000000000, 0xffffffffffffffff, 0x0) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x68042, 0x62) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004000000080000000100000039070000", @ANYRES8, @ANYBLOB="ff00490104017afab28300"/28, @ANYRES32=r2, @ANYRES32=r4, @ANYRES8=r7], 0x50) ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(r5, 0x890b, &(0x7f0000000340)={0x1, @null, @bpq0, 0xffff, 'syz0\x00', @default, 0xfffffdba, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}) ioctl$sock_netrom_SIOCADDRT(r5, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x10001, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}) ioctl$sock_netrom_SIOCADDRT(r5, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) ioctl$SIOCNRDECOBS(r5, 0x89e2) ftruncate(0xffffffffffffffff, 0x2007ffb) sendfile(r4, 0xffffffffffffffff, 0x0, 0x1000000201005) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) r8 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4) setsockopt$ax25_SO_BINDTODEVICE(r8, 0x101, 0x19, &(0x7f00000000c0)=@bpq0, 0x10) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) [ 86.116276][ T5332] [ 86.117350][ T5332] ====================================================== [ 86.120342][ T5332] WARNING: possible circular locking dependency detected [ 86.123343][ T5332] syzkaller #0 Not tainted [ 86.125376][ T5332] ------------------------------------------------------ [ 86.128397][ T5332] syz.0.0/5332 is trying to acquire lock: [ 86.130911][ T5332] ffffffff8f428b78 (nr_node_list_lock){+...}-{3:3}, at: nr_rt_device_down+0xa9/0x720 [ 86.135100][ T5332] [ 86.135100][ T5332] but task is already holding lock: [ 86.137940][ T5332] ffffffff8f428b18 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_device_down+0x28/0x720 [ 86.141985][ T5332] [ 86.141985][ T5332] which lock already depends on the new lock. [ 86.141985][ T5332] [ 86.146244][ T5332] [ 86.146244][ T5332] the existing dependency chain (in reverse order) is: [ 86.150257][ T5332] [ 86.150257][ T5332] -> #2 (nr_neigh_list_lock){+...}-{3:3}: [ 86.153624][ T5332] lock_acquire+0x120/0x360 [ 86.155895][ T5332] _raw_spin_lock_bh+0x36/0x50 [ 86.158212][ T5332] nr_rt_ioctl+0x390/0xd50 [ 86.160420][ T5332] sock_do_ioctl+0xdc/0x300 [ 86.162628][ T5332] sock_ioctl+0x576/0x790 [ 86.164762][ T5332] __se_sys_ioctl+0xfc/0x170 [ 86.166934][ T5332] do_syscall_64+0xfa/0xfa0 [ 86.169053][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.171911][ T5332] [ 86.171911][ T5332] -> #1 (&nr_node->node_lock){+...}-{3:3}: [ 86.175518][ T5332] lock_acquire+0x120/0x360 [ 86.177784][ T5332] _raw_spin_lock_bh+0x36/0x50 [ 86.180173][ T5332] nr_rt_ioctl+0x193/0xd50 [ 86.182973][ T5332] sock_do_ioctl+0xdc/0x300 [ 86.185734][ T5332] sock_ioctl+0x576/0x790 [ 86.187820][ T5332] __se_sys_ioctl+0xfc/0x170 [ 86.189911][ T5332] do_syscall_64+0xfa/0xfa0 [ 86.192003][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.194711][ T5332] [ 86.194711][ T5332] -> #0 (nr_node_list_lock){+...}-{3:3}: [ 86.197743][ T5332] validate_chain+0xb9b/0x2140 [ 86.199892][ T5332] __lock_acquire+0xab9/0xd20 [ 86.201986][ T5332] lock_acquire+0x120/0x360 [ 86.203857][ T5332] _raw_spin_lock_bh+0x36/0x50 [ 86.205787][ T5332] nr_rt_device_down+0xa9/0x720 [ 86.207815][ T5332] nr_device_event+0x137/0x150 [ 86.209766][ T5332] notifier_call_chain+0x1b6/0x3e0 [ 86.211630][ T5332] __dev_notify_flags+0x18d/0x2e0 [ 86.213816][ T5332] netif_change_flags+0xe8/0x1a0 [ 86.216177][ T5332] dev_change_flags+0x130/0x260 [ 86.218607][ T5332] dev_ioctl+0x7b4/0x1150 [ 86.220819][ T5332] sock_do_ioctl+0x22c/0x300 [ 86.223019][ T5332] sock_ioctl+0x576/0x790 [ 86.224879][ T5332] __se_sys_ioctl+0xfc/0x170 [ 86.227003][ T5332] do_syscall_64+0xfa/0xfa0 [ 86.229150][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.231899][ T5332] [ 86.231899][ T5332] other info that might help us debug this: [ 86.231899][ T5332] [ 86.236104][ T5332] Chain exists of: [ 86.236104][ T5332] nr_node_list_lock --> &nr_node->node_lock --> nr_neigh_list_lock [ 86.236104][ T5332] [ 86.241859][ T5332] Possible unsafe locking scenario: [ 86.241859][ T5332] [ 86.244962][ T5332] CPU0 CPU1 [ 86.247346][ T5332] ---- ---- [ 86.249560][ T5332] lock(nr_neigh_list_lock); [ 86.251679][ T5332] lock(&nr_node->node_lock); [ 86.254900][ T5332] lock(nr_neigh_list_lock); [ 86.257774][ T5332] lock(nr_node_list_lock); [ 86.259631][ T5332] [ 86.259631][ T5332] *** DEADLOCK *** [ 86.259631][ T5332] [ 86.262888][ T5332] 2 locks held by syz.0.0/5332: [ 86.264836][ T5332] #0: ffffffff8f2cddc8 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x7a4/0x1150 [ 86.268401][ T5332] #1: ffffffff8f428b18 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_device_down+0x28/0x720 [ 86.272755][ T5332] [ 86.272755][ T5332] stack backtrace: [ 86.275490][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.275506][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.275513][ T5332] Call Trace: [ 86.275521][ T5332] [ 86.275527][ T5332] dump_stack_lvl+0x189/0x250 [ 86.275549][ T5332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.275564][ T5332] ? __pfx__printk+0x10/0x10 [ 86.275576][ T5332] ? print_lock_name+0xde/0x100 [ 86.275587][ T5332] print_circular_bug+0x2ee/0x310 [ 86.275602][ T5332] check_noncircular+0x134/0x160 [ 86.275616][ T5332] validate_chain+0xb9b/0x2140 [ 86.275633][ T5332] __lock_acquire+0xab9/0xd20 [ 86.275646][ T5332] ? nr_rt_device_down+0xa9/0x720 [ 86.275658][ T5332] lock_acquire+0x120/0x360 [ 86.275667][ T5332] ? nr_rt_device_down+0xa9/0x720 [ 86.275682][ T5332] ? nr_rt_device_down+0xa9/0x720 [ 86.275693][ T5332] _raw_spin_lock_bh+0x36/0x50 [ 86.275706][ T5332] ? nr_rt_device_down+0xa9/0x720 [ 86.275716][ T5332] nr_rt_device_down+0xa9/0x720 [ 86.275728][ T5332] ? do_raw_spin_unlock+0x4d/0x240 [ 86.275743][ T5332] nr_device_event+0x137/0x150 [ 86.275753][ T5332] notifier_call_chain+0x1b6/0x3e0 [ 86.275767][ T5332] __dev_notify_flags+0x18d/0x2e0 [ 86.275784][ T5332] ? __pfx___dev_notify_flags+0x10/0x10 [ 86.275797][ T5332] ? __dev_change_flags+0x4cc/0x6d0 [ 86.275813][ T5332] ? __pfx___dev_change_flags+0x10/0x10 [ 86.275828][ T5332] ? full_name_hash+0x92/0xe0 [ 86.275840][ T5332] netif_change_flags+0xe8/0x1a0 [ 86.275855][ T5332] dev_change_flags+0x130/0x260 [ 86.275872][ T5332] dev_ioctl+0x7b4/0x1150 [ 86.275888][ T5332] sock_do_ioctl+0x22c/0x300 [ 86.275905][ T5332] ? __pfx_sock_do_ioctl+0x10/0x10 [ 86.275920][ T5332] sock_ioctl+0x576/0x790 [ 86.275931][ T5332] ? __pfx_sock_ioctl+0x10/0x10 [ 86.275944][ T5332] ? __fget_files+0x3a0/0x420 [ 86.275957][ T5332] ? __fget_files+0x2a/0x420 [ 86.275973][ T5332] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.275983][ T5332] ? __pfx_sock_ioctl+0x10/0x10 [ 86.275993][ T5332] __se_sys_ioctl+0xfc/0x170 [ 86.276007][ T5332] do_syscall_64+0xfa/0xfa0 [ 86.276021][ T5332] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.276033][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.276046][ T5332] ? clear_bhb_loop+0x60/0xb0 [ 86.276057][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.276067][ T5332] RIP: 0033:0x7fa1b7d8f749 [ 86.276079][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.276090][ T5332] RSP: 002b:00007fa1b41f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.276103][ T5332] RAX: ffffffffffffffda RBX: 00007fa1b7fe5fa0 RCX: 00007fa1b7d8f749 [ 86.276111][ T5332] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000008 [ 86.276118][ T5332] RBP: 00007fa1b7e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.276126][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.276132][ T5332] R13: 00007fa1b7fe6038 R14: 00007fa1b7fe5fa0 R15: 00007ffec4710bd8 [ 86.276145][ T5332]