============================================ WARNING: possible recursive locking detected 4.14.231-syzkaller #0 Not tainted -------------------------------------------- syz-executor.1/14732 is trying to acquire lock: (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 but task is already holding lock: (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 other info that might help us debug this: Possible unsafe locking scenario: CPU0 overlayfs: fs on 'file0' does not support file handles, falling back to index=off. ---- lock(&(&bond->stats_lock)->rlock#2/2); lock(&(&bond->stats_lock)->rlock#2/2); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by syz-executor.1/14732: #0: (rtnl_mutex){+.+.}, at: [] rtnl_lock net/core/rtnetlink.c:72 [inline] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4311 #1: (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 #2: (rcu_read_lock){....}, at: [] bond_get_nest_level drivers/net/bonding/bond_main.c:3446 [inline] #2: (rcu_read_lock){....}, at: [] bond_get_stats+0x9b/0x440 drivers/net/bonding/bond_main.c:3457 stack backtrace: CPU: 0 PID: 14732 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_deadlock_bug kernel/locking/lockdep.c:1800 [inline] check_deadlock kernel/locking/lockdep.c:1847 [inline] validate_chain kernel/locking/lockdep.c:2448 [inline] __lock_acquire.cold+0x180/0x97c kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:362 bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 dev_get_stats+0xa5/0x280 net/core/dev.c:8011 bond_get_stats+0x1da/0x440 drivers/net/bonding/bond_main.c:3463 dev_get_stats+0xa5/0x280 net/core/dev.c:8011 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1079 rtnl_fill_ifinfo+0xe16/0x3050 net/core/rtnetlink.c:1385 rtmsg_ifinfo_build_skb+0x8e/0x130 net/core/rtnetlink.c:2913 rtmsg_ifinfo_event net/core/rtnetlink.c:2943 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:2934 [inline] rtnetlink_event+0xee/0x1a0 net/core/rtnetlink.c:4360 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1667 [inline] call_netdevice_notifiers net/core/dev.c:1683 [inline] netdev_features_change net/core/dev.c:1296 [inline] netdev_change_features+0x7e/0xa0 net/core/dev.c:7449 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3191 [inline] bond_netdev_event+0x664/0xbd0 drivers/net/bonding/bond_main.c:3232 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1667 [inline] call_netdevice_notifiers net/core/dev.c:1683 [inline] netdev_features_change net/core/dev.c:1296 [inline] netdev_change_features+0x7e/0xa0 net/core/dev.c:7449 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122 bond_enslave+0x37e2/0x4cc0 drivers/net/bonding/bond_main.c:1757 do_set_master+0x19e/0x200 net/core/rtnetlink.c:1961 rtnl_newlink+0x136f/0x1860 net/core/rtnetlink.c:2757 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4316 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313 netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x4665f9 RSP: 002b:00007f5cdc554188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000006 RBP: 00000000004bfbb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffd5269f4df R14: 00007f5cdc554300 R15: 0000000000022000 bond1: Enslaving bridge2 as an active interface with a down link F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock syz-executor.1 (14732) used greatest stack depth: 23480 bytes left overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. bond2: making interface bridge3 the new active one bond2: Enslaving bridge3 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond2 bond0: Enslaving bond2 as an active interface with an up link bond2: link status definitely down for interface bridge3, disabling it bond2: now running without any active interface! print_req_error: 215 callbacks suppressed print_req_error: I/O error, dev loop7, sector 0 print_req_error: I/O error, dev loop7, sector 0 buffer_io_error: 208 callbacks suppressed Buffer I/O error on dev loop7, logical block 0, async page read f2fs_msg: 7 callbacks suppressed F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock bond3: making interface bridge4 the new active one F2FS-fs (loop5): invalid crc value bond3: Enslaving bridge4 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond3 bond0: Enslaving bond3 as an active interface with an up link bond3: link status definitely down for interface bridge4, disabling it bond3: now running without any active interface! F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b binder: 15016:15024 unknown command 0 audit: type=1800 audit(1619341062.125:53): pid=15023 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14539 res=0 binder: 15016:15024 ioctl c0306201 200012c0 returned -22 binder: 15016:15065 unknown command 0 binder: 15016:15065 ioctl c0306201 200012c0 returned -22 bond4: making interface bridge5 the new active one bond4: Enslaving bridge5 as an active interface with an up link audit: type=1800 audit(1619341062.345:54): pid=15084 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14540 res=0 8021q: adding VLAN 0 to HW filter on device bond4 input: syz0 as /devices/virtual/input/input12 bond0: Enslaving bond4 as an active interface with an up link bond4: link status definitely down for interface bridge5, disabling it bond4: now running without any active interface! audit: type=1800 audit(1619341062.605:55): pid=15116 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14540 res=0 audit: type=1800 audit(1619341062.855:56): pid=15140 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14542 res=0 input: syz0 as /devices/virtual/input/input13 sctp: [Deprecated]: syz-executor.4 (pid 15181) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor.4 (pid 15181) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead new mount options do not match the existing superblock, will be ignored input: syz0 as /devices/virtual/input/input14 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue new mount options do not match the existing superblock, will be ignored uinput: write device info first new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs error (device loop4): __ext4_new_inode:930: comm syz-executor.4: reserved inode found cleared - inode=1 EXT4-fs error (device loop4): __ext4_new_inode:930: comm syz-executor.4: reserved inode found cleared - inode=1 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue new mount options do not match the existing superblock, will be ignored EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue new mount options do not match the existing superblock, will be ignored EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs error (device loop4): __ext4_new_inode:930: comm syz-executor.4: reserved inode found cleared - inode=1 EXT4-fs error (device loop4): __ext4_new_inode:930: comm syz-executor.4: reserved inode found cleared - inode=1