8021q: adding VLAN 0 to HW filter on device bond5 bond0: Enslaving bond5 as an active interface with an up link device bridge5 entered promiscuous mode device bridge5 left promiscuous mode ============================================ WARNING: possible recursive locking detected 4.14.289-syzkaller #0 Not tainted -------------------------------------------- syz-executor.1/12039 is trying to acquire lock: (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3459 but task is already holding lock: (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3459 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&bond->stats_lock)->rlock#3/3); lock(&(&bond->stats_lock)->rlock#3/3); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by syz-executor.1/12039: #0: (rtnl_mutex){+.+.}, at: [] rtnl_lock net/core/rtnetlink.c:72 [inline] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317 #1: (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3459 #2: (rcu_read_lock){....}, at: [] bond_get_nest_level drivers/net/bonding/bond_main.c:3448 [inline] #2: (rcu_read_lock){....}, at: [] bond_get_stats+0x9b/0x440 drivers/net/bonding/bond_main.c:3459 stack backtrace: CPU: 0 PID: 12039 Comm: syz-executor.1 Not tainted 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_deadlock_bug kernel/locking/lockdep.c:1800 [inline] check_deadlock kernel/locking/lockdep.c:1847 [inline] validate_chain kernel/locking/lockdep.c:2448 [inline] __lock_acquire.cold+0x180/0x97c kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:362 bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3459 dev_get_stats+0xa5/0x280 net/core/dev.c:8019 bond_get_stats+0x1da/0x440 drivers/net/bonding/bond_main.c:3465 dev_get_stats+0xa5/0x280 net/core/dev.c:8019 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1079 rtnl_fill_ifinfo+0xe16/0x3050 net/core/rtnetlink.c:1385 rtmsg_ifinfo_build_skb+0x8e/0x130 net/core/rtnetlink.c:2915 rtmsg_ifinfo_event net/core/rtnetlink.c:2945 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:2936 [inline] rtnetlink_event+0xee/0x1a0 net/core/rtnetlink.c:4366 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1667 [inline] call_netdevice_notifiers net/core/dev.c:1683 [inline] netdev_features_change net/core/dev.c:1296 [inline] netdev_change_features+0x7e/0xa0 net/core/dev.c:7457 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3193 [inline] bond_netdev_event+0x664/0xbd0 drivers/net/bonding/bond_main.c:3234 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1667 [inline] call_netdevice_notifiers net/core/dev.c:1683 [inline] netdev_features_change net/core/dev.c:1296 [inline] netdev_change_features+0x7e/0xa0 net/core/dev.c:7457 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122 bond_enslave+0x37fb/0x4cf0 drivers/net/bonding/bond_main.c:1757 do_set_master+0x19e/0x200 net/core/rtnetlink.c:1961 rtnl_newlink+0x1356/0x1830 net/core/rtnetlink.c:2759 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4322 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2454 netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322 netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7effa15c1209 RSP: 002b:00007eff9fed3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007effa16d41d0 RCX: 00007effa15c1209 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 RBP: 00007effa161b161 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc8cd7788f R14: 00007eff9fed3300 R15: 0000000000022000 bond5: making interface vlan6 the new active one device bridge5 entered promiscuous mode bond5: Enslaving vlan6 as an active interface with an up link syz-executor.1 (12039) used greatest stack depth: 23792 bytes left netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 8021q: adding VLAN 0 to HW filter on device bond6 bond0: Enslaving bond6 as an active interface with an up link SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 device bridge6 entered promiscuous mode *** Host State *** RIP = 0xffffffff81160e2e RSP = 0xffff88805b9179b8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 device bridge6 left promiscuous mode FSBase=00007fddb10f1700 GSBase=ffff8880ba400000 TRBase=fffffe0000003000 GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 bond6: making interface vlan7 the new active one CR0=0000000080050033 CR3=00000000b1858000 CR4=00000000003426f0 Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff87401690 device bridge6 entered promiscuous mode EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** bond6: Enslaving vlan7 as an active interface with an up link PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea 8021q: adding VLAN 0 to HW filter on device bond3 EntryControls=0000d1ff ExitControls=002fefff bond0: Enslaving bond3 as an active interface with an up link ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 device bridge4 entered promiscuous mode VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 device bridge4 left promiscuous mode IDTVectoring: info=00000000 errcode=00000000 bond3: making interface vlan4 the new active one TSC Offset = 0xffffff9597232e7c device bridge4 entered promiscuous mode EPT pointer = 0x00000000aa32a01e bond3: Enslaving vlan4 as an active interface with an up link Virtual processor ID = 0x0001 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 8021q: adding VLAN 0 to HW filter on device bond7 bond0: Enslaving bond7 as an active interface with an up link device bridge7 entered promiscuous mode device bridge7 left promiscuous mode bond7: making interface vlan8 the new active one device bridge7 entered promiscuous mode bond7: Enslaving vlan8 as an active interface with an up link device batadv_slave_0 entered promiscuous mode device batadv_slave_0 left promiscuous mode audit: type=1800 audit(1658835960.919:44): pid=12347 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=13907 res=0 gfs2: statfs_quantum mount option requires a non-negative numeric argument gfs2: can't parse mount arguments audit: type=1800 audit(1658835961.739:45): pid=12391 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=13907 res=0 gfs2: statfs_quantum mount option requires a non-negative numeric argument gfs2: can't parse mount arguments audit: type=1800 audit(1658835961.789:46): pid=12394 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=14291 res=0 audit: type=1800 audit(1658835961.809:47): pid=12395 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14292 res=0 audit: type=1800 audit(1658835963.009:48): pid=12420 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=14296 res=0 audit: type=1800 audit(1658835963.019:49): pid=12422 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14299 res=0 audit: type=1800 audit(1658835963.999:50): pid=12423 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=14294 res=0 gfs2: statfs_quantum mount option requires a non-negative numeric argument gfs2: can't parse mount arguments audit: type=1800 audit(1658835963.999:51): pid=12435 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=14301 res=0 audit: type=1800 audit(1658835964.899:52): pid=12456 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14281 res=0 audit: type=1800 audit(1658835965.059:53): pid=12459 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=14304 res=0 gfs2: statfs_quantum mount option requires a non-negative numeric argument gfs2: can't parse mount arguments vivid-001: disconnect vivid-001: reconnect netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. vivid-001: disconnect vivid-001: reconnect netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. vivid-001: disconnect netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. kauditd_printk_skb: 7 callbacks suppressed audit: type=1800 audit(1658835965.929:61): pid=12535 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="sda1" ino=14310 res=0 vivid-001: reconnect netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1800 audit(1658835966.099:62): pid=12539 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14311 res=0 overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: unrecognized mount option "xino=auto" or missing value overlayfs: fs on './file0' does not support file handles, falling back to index=off. vivid-001: disconnect vivid-001: reconnect EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 9pnet: Insufficient options for proto=fd EXT4-fs error (device loop5): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs error (device loop5): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters overlayfs: fs on 'file0' does not support file handles, falling back to index=off. syz-executor.5 (12577) used greatest stack depth: 23632 bytes left overlayfs: unrecognized mount option "xino=auto" or missing value overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: unrecognized mount option "xino=auto" or missing value overlayfs: fs on './file0' does not support file handles, falling back to index=off. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready overlayfs: fs on './file0' does not support file handles, falling back to index=off. 9pnet: Insufficient options for proto=fd IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue 9pnet: Insufficient options for proto=fd overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: unrecognized mount option "xino=auto" or missing value overlayfs: unrecognized mount option "xino=auto" or missing value overlayfs: fs on './file0' does not support file handles, falling back to index=off. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on 'file0' does not support file handles, falling back to index=off. 9pnet: Insufficient options for proto=fd overlayfs: unrecognized mount option "xino=auto" or missing value overlayfs: fs on './file0' does not support file handles, falling back to index=off. 9pnet: Insufficient options for proto=fd IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue