WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
5.19.0-rc1-syzkaller-00336-g997952851843 #0 Not tainted
-----------------------------------------------------
syz-executor.2/5068 [HC0[0]:SC0[4]:HE1:SE0] is trying to acquire:
ffff8880799c4d18 (&bond->stats_lock/1){+.+.}-{2:2}, at: bond_get_stats+0x466/0x770 drivers/net/bonding/bond_main.c:4286
and this task is already holding:
ffff88804a9d4280 (&macsec_netdev_addr_lock_key#2/2){+...}-{2:2}, at: netif_addr_lock_bh include/linux/netdevice.h:4409 [inline]
ffff88804a9d4280 (&macsec_netdev_addr_lock_key#2/2){+...}-{2:2}, at: dev_uc_add+0x56/0x100 net/core/dev_addr_lists.c:688
which would create a new lock dependency:
(&macsec_netdev_addr_lock_key#2/2){+...}-{2:2} -> (&bond->stats_lock/1){+.+.}-{2:2}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&br->hash_lock){+.-.}-{2:2}
... which became SOFTIRQ-irq-safe at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
br_fdb_update+0x3cb/0x660 net/bridge/br_fdb.c:892
br_handle_frame_finish+0x653/0x1810 net/bridge/br_input.c:121
br_nf_hook_thresh+0x3ee/0x500 net/bridge/br_netfilter_hooks.c:1024
br_nf_pre_routing_finish_ipv6+0x94a/0xbd0
NF_HOOK include/linux/netfilter.h:307 [inline]
br_nf_pre_routing_ipv6+0x294/0x340 net/bridge/br_netfilter_ipv6.c:236
nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:255 [inline]
br_handle_frame+0x8c5/0x10e0 net/bridge/br_input.c:399
__netif_receive_skb_core+0x1448/0x3c00 net/core/dev.c:5372
__netif_receive_skb_one_core net/core/dev.c:5476 [inline]
__netif_receive_skb+0x11a/0x500 net/core/dev.c:5592
process_backlog+0x4f8/0x8b0 net/core/dev.c:5920
__napi_poll+0xbe/0x4b0 net/core/dev.c:6486
napi_poll net/core/dev.c:6553 [inline]
net_rx_action+0x76c/0x10b0 net/core/dev.c:6664
__do_softirq+0x382/0x793 kernel/softirq.c:571
run_ksoftirqd+0xc1/0x120 kernel/softirq.c:934
smpboot_thread_fn+0x533/0x9d0 kernel/smpboot.c:164
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
to a SOFTIRQ-irq-unsafe lock:
(&bond->stats_lock/1){+.+.}-{2:2}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x466/0x770 drivers/net/bonding/bond_main.c:4286
dev_get_stats+0xa4/0x450 net/core/dev.c:10424
rtnl_fill_stats+0x47/0x870 net/core/rtnetlink.c:1242
rtnl_fill_ifinfo+0x17a2/0x1f50 net/core/rtnetlink.c:1819
rtmsg_ifinfo_build_skb+0xdc/0x180 net/core/rtnetlink.c:3908
rtmsg_ifinfo_event net/core/rtnetlink.c:3940 [inline]
rtnetlink_event+0xea/0x1b0 net/core/rtnetlink.c:6140
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0xe7/0x170 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1943 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1981 [inline]
call_netdevice_notifiers net/core/dev.c:1995 [inline]
netdev_features_change net/core/dev.c:1313 [inline]
netdev_change_features+0x13a/0x1b0 net/core/dev.c:9799
bond_compute_features+0x68e/0x6f0 drivers/net/bonding/bond_main.c:1474
bond_enslave+0x257b/0x3f20 drivers/net/bonding/bond_main.c:2154
do_set_master net/core/rtnetlink.c:2577 [inline]
do_setlink+0xf49/0x3f00 net/core/rtnetlink.c:2787
__rtnl_newlink net/core/rtnetlink.c:3546 [inline]
rtnl_newlink+0x183e/0x2060 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x7c9/0xea0 net/core/rtnetlink.c:6089
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2501
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
__sys_sendto+0x439/0x5c0 net/socket.c:2119
__do_sys_sendto net/socket.c:2131 [inline]
__se_sys_sendto net/socket.c:2127 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2127
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
other info that might help us debug this:
Chain exists of:
&br->hash_lock --> &macsec_netdev_addr_lock_key#2/2 --> &bond->stats_lock/1
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&bond->stats_lock/1);
local_irq_disable();
lock(&br->hash_lock);
lock(&macsec_netdev_addr_lock_key#2/2);
<Interrupt>
lock(&br->hash_lock);
*** DEADLOCK ***
4 locks held by syz-executor.2/5068:
#0: ffffffff8dbbe928 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
#0: ffffffff8dbbe928 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x772/0xea0 net/core/rtnetlink.c:6086
#1: ffff88802343ccd8 (&br->hash_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:354 [inline]
#1: ffff88802343ccd8 (&br->hash_lock){+.-.}-{2:2}, at: br_fdb_add_local+0x25/0x50 net/bridge/br_fdb.c:833
#2: ffff88804a9d4280 (&macsec_netdev_addr_lock_key#2/2){+...}-{2:2}, at: netif_addr_lock_bh include/linux/netdevice.h:4409 [inline]
#2: ffff88804a9d4280 (&macsec_netdev_addr_lock_key#2/2){+...}-{2:2}, at: dev_uc_add+0x56/0x100 net/core/dev_addr_lists.c:688
#3: ffffffff8cb1ebe0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:268
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&br->hash_lock){+.-.}-{2:2} {
HARDIRQ-ON-W at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:354 [inline]
br_fdb_add_local+0x25/0x50 net/bridge/br_fdb.c:833
__vlan_add+0x553/0x24d0 net/bridge/br_vlan.c:334
br_vlan_add+0x444/0x980 net/bridge/br_vlan.c:801
br_vlan_bridge_event+0x139/0x750 net/bridge/br_vlan.c:1728
br_device_event+0x163/0x940 net/bridge/br.c:40
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0xe7/0x170 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1943 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1981 [inline]
call_netdevice_notifiers+0x14e/0x1d0 net/core/dev.c:1995
register_netdevice+0x158f/0x19a0 net/core/dev.c:10078
br_dev_newlink+0x24/0x110 net/bridge/br_netlink.c:1494
rtnl_newlink_create net/core/rtnetlink.c:3363 [inline]
__rtnl_newlink net/core/rtnetlink.c:3580 [inline]
rtnl_newlink+0x14ed/0x2060 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x7c9/0xea0 net/core/rtnetlink.c:6089
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2501
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
__sys_sendto+0x439/0x5c0 net/socket.c:2119
__do_sys_sendto net/socket.c:2131 [inline]
__se_sys_sendto net/socket.c:2127 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2127
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
IN-SOFTIRQ-W at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
br_fdb_update+0x3cb/0x660 net/bridge/br_fdb.c:892
br_handle_frame_finish+0x653/0x1810 net/bridge/br_input.c:121
br_nf_hook_thresh+0x3ee/0x500 net/bridge/br_netfilter_hooks.c:1024
br_nf_pre_routing_finish_ipv6+0x94a/0xbd0
NF_HOOK include/linux/netfilter.h:307 [inline]
br_nf_pre_routing_ipv6+0x294/0x340 net/bridge/br_netfilter_ipv6.c:236
nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:255 [inline]
br_handle_frame+0x8c5/0x10e0 net/bridge/br_input.c:399
__netif_receive_skb_core+0x1448/0x3c00 net/core/dev.c:5372
__netif_receive_skb_one_core net/core/dev.c:5476 [inline]
__netif_receive_skb+0x11a/0x500 net/core/dev.c:5592
process_backlog+0x4f8/0x8b0 net/core/dev.c:5920
__napi_poll+0xbe/0x4b0 net/core/dev.c:6486
napi_poll net/core/dev.c:6553 [inline]
net_rx_action+0x76c/0x10b0 net/core/dev.c:6664
__do_softirq+0x382/0x793 kernel/softirq.c:571
run_ksoftirqd+0xc1/0x120 kernel/softirq.c:934
smpboot_thread_fn+0x533/0x9d0 kernel/smpboot.c:164
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
INITIAL USE at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:354 [inline]
br_fdb_add_local+0x25/0x50 net/bridge/br_fdb.c:833
__vlan_add+0x553/0x24d0 net/bridge/br_vlan.c:334
br_vlan_add+0x444/0x980 net/bridge/br_vlan.c:801
br_vlan_bridge_event+0x139/0x750 net/bridge/br_vlan.c:1728
br_device_event+0x163/0x940 net/bridge/br.c:40
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0xe7/0x170 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1943 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1981 [inline]
call_netdevice_notifiers+0x14e/0x1d0 net/core/dev.c:1995
register_netdevice+0x158f/0x19a0 net/core/dev.c:10078
br_dev_newlink+0x24/0x110 net/bridge/br_netlink.c:1494
rtnl_newlink_create net/core/rtnetlink.c:3363 [inline]
__rtnl_newlink net/core/rtnetlink.c:3580 [inline]
rtnl_newlink+0x14ed/0x2060 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x7c9/0xea0 net/core/rtnetlink.c:6089
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2501
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
__sys_sendto+0x439/0x5c0 net/socket.c:2119
__do_sys_sendto net/socket.c:2131 [inline]
__se_sys_sendto net/socket.c:2127 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2127
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
}
... key at: [<ffffffff9199a740>] br_dev_setup.__key.3+0x0/0x20
-> (&macsec_netdev_addr_lock_key#2/2){+...}-{2:2} {
HARDIRQ-ON-W at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:378
netif_addr_lock_bh include/linux/netdevice.h:4409 [inline]
dev_set_rx_mode+0x57/0x2d0 net/core/dev.c:8457
__dev_change_flags+0x193/0x6d0 net/core/dev.c:8518
rtnl_configure_link net/core/rtnetlink.c:3189 [inline]
rtnl_newlink_create net/core/rtnetlink.c:3371 [inline]
__rtnl_newlink net/core/rtnetlink.c:3580 [inline]
rtnl_newlink+0x19b0/0x2060 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x7c9/0xea0 net/core/rtnetlink.c:6089
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2501
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x597/0x8e0 net/socket.c:2492
___sys_sendmsg net/socket.c:2546 [inline]
__sys_sendmsg+0x284/0x370 net/socket.c:2575
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
INITIAL USE at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:378
netif_addr_lock_bh include/linux/netdevice.h:4409 [inline]
dev_set_rx_mode+0x57/0x2d0 net/core/dev.c:8457
__dev_change_flags+0x193/0x6d0 net/core/dev.c:8518
rtnl_configure_link net/core/rtnetlink.c:3189 [inline]
rtnl_newlink_create net/core/rtnetlink.c:3371 [inline]
__rtnl_newlink net/core/rtnetlink.c:3580 [inline]
rtnl_newlink+0x19b0/0x2060 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x7c9/0xea0 net/core/rtnetlink.c:6089
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2501
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x597/0x8e0 net/socket.c:2492
___sys_sendmsg net/socket.c:2546 [inline]
__sys_sendmsg+0x284/0x370 net/socket.c:2575
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
}
... key at: [<ffffffff918ea902>] macsec_netdev_addr_lock_key+0x2/0x20
... acquired at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:378
netif_addr_lock_bh include/linux/netdevice.h:4409 [inline]
dev_uc_add+0x56/0x100 net/core/dev_addr_lists.c:688
fdb_add_hw_addr+0xd4/0x240 net/bridge/br_fdb.c:283
fdb_add_local+0x144/0x240 net/bridge/br_fdb.c:433
br_fdb_add_local+0x36/0x50 net/bridge/br_fdb.c:834
br_add_if+0xb51/0x1020 net/bridge/br_if.c:674
do_set_master net/core/rtnetlink.c:2577 [inline]
rtnl_newlink_create net/core/rtnetlink.c:3380 [inline]
__rtnl_newlink net/core/rtnetlink.c:3580 [inline]
rtnl_newlink+0x1d72/0x2060 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x7c9/0xea0 net/core/rtnetlink.c:6089
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2501
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x597/0x8e0 net/socket.c:2492
___sys_sendmsg net/socket.c:2546 [inline]
__sys_sendmsg+0x284/0x370 net/socket.c:2575
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (&bond->stats_lock/1){+.+.}-{2:2} {
HARDIRQ-ON-W at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x466/0x770 drivers/net/bonding/bond_main.c:4286
dev_get_stats+0xa4/0x450 net/core/dev.c:10424
rtnl_fill_stats+0x47/0x870 net/core/rtnetlink.c:1242
rtnl_fill_ifinfo+0x17a2/0x1f50 net/core/rtnetlink.c:1819
rtmsg_ifinfo_build_skb+0xdc/0x180 net/core/rtnetlink.c:3908
rtmsg_ifinfo_event net/core/rtnetlink.c:3940 [inline]
rtnetlink_event+0xea/0x1b0 net/core/rtnetlink.c:6140
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0xe7/0x170 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1943 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1981 [inline]
call_netdevice_notifiers net/core/dev.c:1995 [inline]
netdev_features_change net/core/dev.c:1313 [inline]
netdev_change_features+0x13a/0x1b0 net/core/dev.c:9799
bond_compute_features+0x68e/0x6f0 drivers/net/bonding/bond_main.c:1474
bond_enslave+0x257b/0x3f20 drivers/net/bonding/bond_main.c:2154
do_set_master net/core/rtnetlink.c:2577 [inline]
do_setlink+0xf49/0x3f00 net/core/rtnetlink.c:2787
__rtnl_newlink net/core/rtnetlink.c:3546 [inline]
rtnl_newlink+0x183e/0x2060 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x7c9/0xea0 net/core/rtnetlink.c:6089
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2501
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
__sys_sendto+0x439/0x5c0 net/socket.c:2119
__do_sys_sendto net/socket.c:2131 [inline]
__se_sys_sendto net/socket.c:2127 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2127
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
SOFTIRQ-ON-W at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x466/0x770 drivers/net/bonding/bond_main.c:4286
dev_get_stats+0xa4/0x450 net/core/dev.c:10424
rtnl_fill_stats+0x47/0x870 net/core/rtnetlink.c:1242
rtnl_fill_ifinfo+0x17a2/0x1f50 net/core/rtnetlink.c:1819
rtmsg_ifinfo_build_skb+0xdc/0x180 net/core/rtnetlink.c:3908
rtmsg_ifinfo_event net/core/rtnetlink.c:3940 [inline]
rtnetlink_event+0xea/0x1b0 net/core/rtnetlink.c:6140
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0xe7/0x170 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1943 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1981 [inline]
call_netdevice_notifiers net/core/dev.c:1995 [inline]
netdev_features_change net/core/dev.c:1313 [inline]
netdev_change_features+0x13a/0x1b0 net/core/dev.c:9799
bond_compute_features+0x68e/0x6f0 drivers/net/bonding/bond_main.c:1474
bond_enslave+0x257b/0x3f20 drivers/net/bonding/bond_main.c:2154
do_set_master net/core/rtnetlink.c:2577 [inline]
do_setlink+0xf49/0x3f00 net/core/rtnetlink.c:2787
__rtnl_newlink net/core/rtnetlink.c:3546 [inline]
rtnl_newlink+0x183e/0x2060 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x7c9/0xea0 net/core/rtnetlink.c:6089
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2501
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
__sys_sendto+0x439/0x5c0 net/socket.c:2119
__do_sys_sendto net/socket.c:2131 [inline]
__se_sys_sendto net/socket.c:2127 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2127
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
INITIAL USE at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x466/0x770 drivers/net/bonding/bond_main.c:4286
dev_get_stats+0xa4/0x450 net/core/dev.c:10424
rtnl_fill_stats+0x47/0x870 net/core/rtnetlink.c:1242
rtnl_fill_ifinfo+0x17a2/0x1f50 net/core/rtnetlink.c:1819
rtmsg_ifinfo_build_skb+0xdc/0x180 net/core/rtnetlink.c:3908
rtmsg_ifinfo_event net/core/rtnetlink.c:3940 [inline]
rtnetlink_event+0xea/0x1b0 net/core/rtnetlink.c:6140
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0xe7/0x170 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1943 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1981 [inline]
call_netdevice_notifiers net/core/dev.c:1995 [inline]
netdev_features_change net/core/dev.c:1313 [inline]
netdev_change_features+0x13a/0x1b0 net/core/dev.c:9799
bond_compute_features+0x68e/0x6f0 drivers/net/bonding/bond_main.c:1474
bond_enslave+0x257b/0x3f20 drivers/net/bonding/bond_main.c:2154
do_set_master net/core/rtnetlink.c:2577 [inline]
do_setlink+0xf49/0x3f00 net/core/rtnetlink.c:2787
__rtnl_newlink net/core/rtnetlink.c:3546 [inline]
rtnl_newlink+0x183e/0x2060 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x7c9/0xea0 net/core/rtnetlink.c:6089
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2501
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
__sys_sendto+0x439/0x5c0 net/socket.c:2119
__do_sys_sendto net/socket.c:2131 [inline]
__se_sys_sendto net/socket.c:2127 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2127
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
}
... key at: [<ffffffff918ea0a1>] bond_init.__key+0x1/0x20
... acquired at:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x466/0x770 drivers/net/bonding/bond_main.c:4286
dev_get_stats+0xa4/0x450 net/core/dev.c:10424
rtnl_fill_stats+0x47/0x870 net/core/rtnetlink.c:1242
rtnl_fill_ifinfo+0x17a2/0x1f50 net/core/rtnetlink.c:1819
rtmsg_ifinfo_build_skb+0xdc/0x180 net/core/rtnetlink.c:3908
rtmsg_ifinfo_event net/core/rtnetlink.c:3940 [inline]
rtmsg_ifinfo+0x70/0x110 net/core/rtnetlink.c:3949
__dev_notify_flags+0xe8/0x5f0 net/core/dev.c:8565
__dev_set_promiscuity+0x18f/0x5d0 net/core/dev.c:8342
dev_set_promiscuity+0x4c/0xd0 net/core/dev.c:8362
dev_change_rx_flags net/core/dev.c:8296 [inline]
__dev_set_promiscuity+0x414/0x5d0 net/core/dev.c:8339
__dev_set_rx_mode+0x197/0x280
dev_uc_add+0xb8/0x100 net/core/dev_addr_lists.c:692
fdb_add_hw_addr+0xd4/0x240 net/bridge/br_fdb.c:283
fdb_add_local+0x144/0x240 net/bridge/br_fdb.c:433
br_fdb_add_local+0x36/0x50 net/bridge/br_fdb.c:834
br_add_if+0xb51/0x1020 net/bridge/br_if.c:674
do_set_master net/core/rtnetlink.c:2577 [inline]
rtnl_newlink_create net/core/rtnetlink.c:3380 [inline]
__rtnl_newlink net/core/rtnetlink.c:3580 [inline]
rtnl_newlink+0x1d72/0x2060 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x7c9/0xea0 net/core/rtnetlink.c:6089
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2501
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x597/0x8e0 net/socket.c:2492
___sys_sendmsg net/socket.c:2546 [inline]
__sys_sendmsg+0x284/0x370 net/socket.c:2575
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
stack backtrace:
CPU: 1 PID: 5068 Comm: syz-executor.2 Not tainted 5.19.0-rc1-syzkaller-00336-g997952851843 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
print_bad_irq_dependency kernel/locking/lockdep.c:2609 [inline]
check_irq_usage kernel/locking/lockdep.c:2848 [inline]
check_prev_add kernel/locking/lockdep.c:3099 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain+0x571e/0x65c0 kernel/locking/lockdep.c:3829
__lock_acquire+0x129a/0x1f80 kernel/locking/lockdep.c:5053
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x466/0x770 drivers/net/bonding/bond_main.c:4286
dev_get_stats+0xa4/0x450 net/core/dev.c:10424
rtnl_fill_stats+0x47/0x870 net/core/rtnetlink.c:1242
rtnl_fill_ifinfo+0x17a2/0x1f50 net/core/rtnetlink.c:1819
rtmsg_ifinfo_build_skb+0xdc/0x180 net/core/rtnetlink.c:3908
rtmsg_ifinfo_event net/core/rtnetlink.c:3940 [inline]
rtmsg_ifinfo+0x70/0x110 net/core/rtnetlink.c:3949
__dev_notify_flags+0xe8/0x5f0 net/core/dev.c:8565
__dev_set_promiscuity+0x18f/0x5d0 net/core/dev.c:8342
dev_set_promiscuity+0x4c/0xd0 net/core/dev.c:8362
dev_change_rx_flags net/core/dev.c:8296 [inline]
__dev_set_promiscuity+0x414/0x5d0 net/core/dev.c:8339
__dev_set_rx_mode+0x197/0x280
dev_uc_add+0xb8/0x100 net/core/dev_addr_lists.c:692
fdb_add_hw_addr+0xd4/0x240 net/bridge/br_fdb.c:283
fdb_add_local+0x144/0x240 net/bridge/br_fdb.c:433
br_fdb_add_local+0x36/0x50 net/bridge/br_fdb.c:834
br_add_if+0xb51/0x1020 net/bridge/br_if.c:674
do_set_master net/core/rtnetlink.c:2577 [inline]
rtnl_newlink_create net/core/rtnetlink.c:3380 [inline]
__rtnl_newlink net/core/rtnetlink.c:3580 [inline]
rtnl_newlink+0x1d72/0x2060 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x7c9/0xea0 net/core/rtnetlink.c:6089
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2501
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x597/0x8e0 net/socket.c:2492
___sys_sendmsg net/socket.c:2546 [inline]
__sys_sendmsg+0x284/0x370 net/socket.c:2575
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7fd053a89109
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd054b4c168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fd053b9bf60 RCX: 00007fd053a89109
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 00007fd053ae30ad R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe79b7a69f R14: 00007fd054b4c300 R15: 0000000000022000
</TASK>