bond6: Enslaving bridge8 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond1 ====================================================== WARNING: possible circular locking dependency detected 4.14.232-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.1/15811 is trying to acquire lock: (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 but task is already holding lock: (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&(&bond->stats_lock)->rlock#3/3){+.+.}: _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:362 bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 UDF-fs: warning (device loop2): udf_load_vrs: No anchor found dev_get_stats+0xa5/0x280 net/core/dev.c:8011 bond_get_stats+0x1da/0x440 drivers/net/bonding/bond_main.c:3463 dev_get_stats+0xa5/0x280 net/core/dev.c:8011 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1079 rtnl_fill_ifinfo+0xe16/0x3050 net/core/rtnetlink.c:1385 rtmsg_ifinfo_build_skb+0x8e/0x130 net/core/rtnetlink.c:2913 rtmsg_ifinfo_event net/core/rtnetlink.c:2943 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:2934 [inline] rtnetlink_event+0xee/0x1a0 net/core/rtnetlink.c:4360 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1667 [inline] call_netdevice_notifiers net/core/dev.c:1683 [inline] netdev_features_change net/core/dev.c:1296 [inline] netdev_change_features+0x7e/0xa0 net/core/dev.c:7449 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122 UDF-fs: Scanning with blocksize 512 failed bond_slave_netdev_event drivers/net/bonding/bond_main.c:3191 [inline] bond_netdev_event+0x664/0xbd0 drivers/net/bonding/bond_main.c:3232 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1667 [inline] call_netdevice_notifiers net/core/dev.c:1683 [inline] netdev_features_change net/core/dev.c:1296 [inline] netdev_change_features+0x7e/0xa0 net/core/dev.c:7449 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122 bond_enslave+0x37e2/0x4cc0 drivers/net/bonding/bond_main.c:1757 do_set_master+0x19e/0x200 net/core/rtnetlink.c:1961 rtnl_newlink+0x136f/0x1860 net/core/rtnetlink.c:2757 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4316 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313 netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (&(&bond->stats_lock)->rlock#2/2){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:362 bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 dev_get_stats+0xa5/0x280 net/core/dev.c:8011 bond_get_stats+0x1da/0x440 drivers/net/bonding/bond_main.c:3463 dev_get_stats+0xa5/0x280 net/core/dev.c:8011 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1079 rtnl_fill_ifinfo+0xe16/0x3050 net/core/rtnetlink.c:1385 rtmsg_ifinfo_build_skb+0x8e/0x130 net/core/rtnetlink.c:2913 rtmsg_ifinfo_event net/core/rtnetlink.c:2943 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:2934 [inline] rtnetlink_event+0xee/0x1a0 net/core/rtnetlink.c:4360 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1667 [inline] call_netdevice_notifiers net/core/dev.c:1683 [inline] netdev_features_change net/core/dev.c:1296 [inline] netdev_change_features+0x7e/0xa0 net/core/dev.c:7449 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122 bond_enslave+0x37e2/0x4cc0 drivers/net/bonding/bond_main.c:1757 do_set_master+0x19e/0x200 net/core/rtnetlink.c:1961 do_setlink+0x8b8/0x2bf0 net/core/rtnetlink.c:2098 rtnl_newlink+0x128a/0x1860 net/core/rtnetlink.c:2660 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4316 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313 netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&bond->stats_lock)->rlock#3/3); lock(&(&bond->stats_lock)->rlock#2/2); lock(&(&bond->stats_lock)->rlock#3/3); lock(&(&bond->stats_lock)->rlock#2/2); *** DEADLOCK *** 3 locks held by syz-executor.1/15811: #0: (rtnl_mutex){+.+.}, at: [] rtnl_lock net/core/rtnetlink.c:72 [inline] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4311 #1: (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 #2: (rcu_read_lock){....}, at: [] bond_get_nest_level drivers/net/bonding/bond_main.c:3446 [inline] #2: (rcu_read_lock){....}, at: [] bond_get_stats+0x9b/0x440 drivers/net/bonding/bond_main.c:3457 stack backtrace: CPU: 0 PID: 15811 Comm: syz-executor.1 Not tainted 4.14.232-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:362 bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 dev_get_stats+0xa5/0x280 net/core/dev.c:8011 bond_get_stats+0x1da/0x440 drivers/net/bonding/bond_main.c:3463 dev_get_stats+0xa5/0x280 net/core/dev.c:8011 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1079 rtnl_fill_ifinfo+0xe16/0x3050 net/core/rtnetlink.c:1385 rtmsg_ifinfo_build_skb+0x8e/0x130 net/core/rtnetlink.c:2913 rtmsg_ifinfo_event net/core/rtnetlink.c:2943 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:2934 [inline] rtnetlink_event+0xee/0x1a0 net/core/rtnetlink.c:4360 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1667 [inline] call_netdevice_notifiers net/core/dev.c:1683 [inline] netdev_features_change net/core/dev.c:1296 [inline] netdev_change_features+0x7e/0xa0 net/core/dev.c:7449 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122 bond_enslave+0x37e2/0x4cc0 drivers/net/bonding/bond_main.c:1757 do_set_master+0x19e/0x200 net/core/rtnetlink.c:1961 do_setlink+0x8b8/0x2bf0 net/core/rtnetlink.c:2098 rtnl_newlink+0x128a/0x1860 net/core/rtnetlink.c:2660 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4316 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313 netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x4665f9 RSP: 002b:00007fabcf2ae188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 00000000004665f9 RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000007 RBP: 00000000004bfce1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 R13: 00007ffe09338bdf R14: 00007fabcf2ae300 R15: 0000000000022000 UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 UDF-fs: warning (device loop2): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 1024 failed UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 UDF-fs: warning (device loop2): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop2): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed bond0: Enslaving bond1 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond6 bond0: Enslaving bond6 as an active interface with an up link syz-executor.1 (15811) used greatest stack depth: 23656 bytes left bond1: link status definitely down for interface bridge1, disabling it bond1: now running without any active interface! UDF-fs: warning (device loop2): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 512 failed UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 bond7: making interface bridge9 the new active one UDF-fs: warning (device loop2): udf_load_vrs: No anchor found bond7: Enslaving bridge9 as an active interface with an up link UDF-fs: Scanning with blocksize 1024 failed bond2: making interface bridge2 the new active one UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 bond2: Enslaving bridge2 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond2 UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 bond0: Enslaving bond2 as an active interface with an up link UDF-fs: warning (device loop2): udf_load_vrs: No anchor found netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop2): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready UDF-fs: warning (device loop2): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 512 failed UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 8021q: adding VLAN 0 to HW filter on device bond7 bond0: Enslaving bond7 as an active interface with an up link UDF-fs: warning (device loop2): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 1024 failed UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 UDF-fs: warning (device loop2): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop2): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed bond3: making interface bridge3 the new active one bond3: Enslaving bridge3 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond3 bond0: Enslaving bond3 as an active interface with an up link netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready bond8: making interface bridge10 the new active one bond8: Enslaving bridge10 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond8 bond0: Enslaving bond8 as an active interface with an up link netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. UDF-fs: warning (device loop2): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 512 failed IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 UDF-fs: warning (device loop2): udf_load_vrs: No anchor found IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready UDF-fs: Scanning with blocksize 1024 failed UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 UDF-fs: warning (device loop2): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop2): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPVS: length: 147 != 8 IPVS: length: 147 != 8 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPVS: length: 147 != 8 IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready bond3: link status definitely down for interface bridge3, disabling it bond3: now running without any active interface! bond2: link status definitely down for interface bridge2, disabling it bond2: now running without any active interface! IPVS: length: 147 != 8 device vxlan0 entered promiscuous mode IPVS: length: 147 != 8 bond8: link status definitely down for interface bridge10, disabling it bond8: now running without any active interface! device vxlan0 entered promiscuous mode bond6: link status definitely down for interface bridge8, disabling it bond6: now running without any active interface! bond7: link status definitely down for interface bridge9, disabling it bond7: now running without any active interface! device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode device vxlan1 entered promiscuous mode device vxlan0 entered promiscuous mode device vxlan1 entered promiscuous mode BTRFS: device fsid f90cac8b-044b-4fa8-8bee-4b8d3da88dc2 devid 1 transid 7 /dev/loop5 device vxlan0 entered promiscuous mode device vxlan1 entered promiscuous mode BTRFS info (device loop5): disabling disk space caching BTRFS info (device loop5): force zlib compression device vlan5 entered promiscuous mode device gretap0 entered promiscuous mode BTRFS info (device loop5): has skinny extents device gretap0 left promiscuous mode device vlan5 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode device vlan5 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode BTRFS info (device loop5): disabling disk space caching BTRFS info (device loop5): force zlib compression BTRFS info (device loop5): has skinny extents device vxlan0 entered promiscuous mode device vlan5 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode BTRFS info (device loop5): disabling disk space caching BTRFS info (device loop5): force zlib compression BTRFS info (device loop5): has skinny extents device vlan5 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode BTRFS info (device loop5): disabling disk space caching BTRFS info (device loop5): force zlib compression BTRFS info (device loop5): has skinny extents