8021q: adding VLAN 0 to HW filter on device bond1 bond0: Enslaving bond1 as an active interface with an up link device bridge1 entered promiscuous mode ============================================ WARNING: possible recursive locking detected 4.14.232-syzkaller #0 Not tainted -------------------------------------------- syz-executor.4/31619 is trying to acquire lock: (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 but task is already holding lock: (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&bond->stats_lock)->rlock#3/3); lock(&(&bond->stats_lock)->rlock#3/3); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by syz-executor.4/31619: #0: (rtnl_mutex){+.+.}, at: [] rtnl_lock net/core/rtnetlink.c:72 [inline] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4311 #1: (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: [] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 #2: (rcu_read_lock){....}, at: [] bond_get_nest_level drivers/net/bonding/bond_main.c:3446 [inline] #2: (rcu_read_lock){....}, at: [] bond_get_stats+0x9b/0x440 drivers/net/bonding/bond_main.c:3457 stack backtrace: CPU: 1 PID: 31619 Comm: syz-executor.4 Not tainted 4.14.232-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_deadlock_bug kernel/locking/lockdep.c:1800 [inline] check_deadlock kernel/locking/lockdep.c:1847 [inline] validate_chain kernel/locking/lockdep.c:2448 [inline] __lock_acquire.cold+0x180/0x97c kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:362 bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457 dev_get_stats+0xa5/0x280 net/core/dev.c:8011 bond_get_stats+0x1da/0x440 drivers/net/bonding/bond_main.c:3463 dev_get_stats+0xa5/0x280 net/core/dev.c:8011 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1079 rtnl_fill_ifinfo+0xe16/0x3050 net/core/rtnetlink.c:1385 rtmsg_ifinfo_build_skb+0x8e/0x130 net/core/rtnetlink.c:2913 rtmsg_ifinfo_event net/core/rtnetlink.c:2943 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:2934 [inline] rtnetlink_event+0xee/0x1a0 net/core/rtnetlink.c:4360 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1667 [inline] call_netdevice_notifiers net/core/dev.c:1683 [inline] netdev_features_change net/core/dev.c:1296 [inline] netdev_change_features+0x7e/0xa0 net/core/dev.c:7449 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3191 [inline] bond_netdev_event+0x664/0xbd0 drivers/net/bonding/bond_main.c:3232 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1667 [inline] call_netdevice_notifiers net/core/dev.c:1683 [inline] netdev_features_change net/core/dev.c:1296 [inline] netdev_change_features+0x7e/0xa0 net/core/dev.c:7449 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122 bond_enslave+0x37e2/0x4cc0 drivers/net/bonding/bond_main.c:1757 do_set_master+0x19e/0x200 net/core/rtnetlink.c:1961 rtnl_newlink+0x136f/0x1860 net/core/rtnetlink.c:2757 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4316 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313 netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x4665d9 RSP: 002b:00007f98d7338188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c158 R13: 00007ffec394f13f R14: 00007f98d7338300 R15: 0000000000022000 bond1: Enslaving vlan2 as an active interface with an up link netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 8021q: adding VLAN 0 to HW filter on device bond7 bond0: Enslaving bond7 as an active interface with an up link device bridge4 entered promiscuous mode bond7: Enslaving vlan4 as an active interface with an up link PM: Marking nosave pages: [mem 0x00000000-0x00000fff] PM: Marking nosave pages: [mem 0x0009f000-0x000fffff] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. PM: Marking nosave pages: [mem 0xbfffd000-0xffffffff] PM: Basic memory bitmaps created PM: Basic memory bitmaps freed PM: Marking nosave pages: [mem 0x00000000-0x00000fff] PM: Marking nosave pages: [mem 0x0009f000-0x000fffff] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. PM: Marking nosave pages: [mem 0xbfffd000-0xffffffff] PM: Basic memory bitmaps created PM: Basic memory bitmaps freed PM: Marking nosave pages: [mem 0x00000000-0x00000fff] PM: Marking nosave pages: [mem 0x0009f000-0x000fffff] PM: Marking nosave pages: [mem 0xbfffd000-0xffffffff] PM: Basic memory bitmaps created 8021q: adding VLAN 0 to HW filter on device bond6 bond0: Enslaving bond6 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond2 bond0: Enslaving bond2 as an active interface with an up link device bridge2 entered promiscuous mode bond6: Enslaving vlan3 as an active interface with an up link device bridge2 entered promiscuous mode PM: Basic memory bitmaps freed bond2: Enslaving vlan3 as an active interface with an up link netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. PM: Marking nosave pages: [mem 0x00000000-0x00000fff] PM: Marking nosave pages: [mem 0x0009f000-0x000fffff] PM: Marking nosave pages: [mem 0xbfffd000-0xffffffff] PM: Basic memory bitmaps created PM: Basic memory bitmaps freed bond8: Enslaving vlan5 as an active interface with an up link netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. PM: Marking nosave pages: [mem 0x00000000-0x00000fff] PM: Marking nosave pages: [mem 0x0009f000-0x000fffff] PM: Marking nosave pages: [mem 0xbfffd000-0xffffffff] PM: Basic memory bitmaps created PM: Basic memory bitmaps freed 8021q: adding VLAN 0 to HW filter on device bond3 bond0: Enslaving bond3 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond7 bond0: Enslaving bond7 as an active interface with an up link device bridge3 entered promiscuous mode bond3: Enslaving vlan4 as an active interface with an up link device bridge3 entered promiscuous mode bond7: Enslaving vlan4 as an active interface with an up link device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state bond0: team0 is up - this may be due to an out of date ifenslave bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered forwarding state device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state bond0: team0 is up - this may be due to an out of date ifenslave bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered forwarding state device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state bond0: team0 is up - this may be due to an out of date ifenslave bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered forwarding state bond0: team0 is up - this may be due to an out of date ifenslave bridge0: port 1(team0) entered blocking state bridge0: port 1(team0) entered disabled state device team0 entered promiscuous mode sp0: Synchronizing with TNC device team0 left promiscuous mode bridge0: port 1(team0) entered disabled state bond0: team0 is up - this may be due to an out of date ifenslave device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state bond0: team0 is up - this may be due to an out of date ifenslave bridge0: port 1(team0) entered blocking state sp0: Synchronizing with TNC bridge0: port 1(team0) entered disabled state device team0 entered promiscuous mode bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered forwarding state device team0 left promiscuous mode bridge0: port 1(team0) entered disabled state bond0: team0 is up - this may be due to an out of date ifenslave device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state overlayfs: filesystem on './bus' not supported as upperdir bond0: team0 is up - this may be due to an out of date ifenslave bridge0: port 1(team0) entered blocking state bridge0: port 1(team0) entered disabled state device team0 entered promiscuous mode bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered forwarding state sp0: Synchronizing with TNC sp0: Synchronizing with TNC mmap: syz-executor.5 (32239) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. EXT4-fs error (device loop1): ext4_orphan_get:1266: comm syz-executor.1: bad orphan inode 69 EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1620917344.803:189): pid=32248 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir534864146/syzkaller.3vFIJD/676/bus" dev="sda1" ino=14196 res=1 audit: type=1804 audit(1620917344.913:190): pid=32251 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir534864146/syzkaller.3vFIJD/676/bus" dev="sda1" ino=14196 res=1 EXT4-fs error (device loop1): ext4_orphan_get:1266: comm syz-executor.1: bad orphan inode 69 EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs error (device loop1): ext4_orphan_get:1266: comm syz-executor.1: bad orphan inode 69 EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1620917345.653:191): pid=32306 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir534864146/syzkaller.3vFIJD/676/bus" dev="sda1" ino=14196 res=1 audit: type=1804 audit(1620917345.783:192): pid=32303 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir534864146/syzkaller.3vFIJD/676/bus" dev="sda1" ino=14196 res=1 audit: type=1804 audit(1620917345.803:193): pid=32309 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir534864146/syzkaller.3vFIJD/676/bus" dev="sda1" ino=14196 res=1 EXT4-fs error (device loop1): ext4_orphan_get:1266: comm syz-executor.1: bad orphan inode 69 audit: type=1804 audit(1620917345.803:194): pid=32311 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir534864146/syzkaller.3vFIJD/676/bus" dev="sda1" ino=14196 res=1 EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1620917345.903:195): pid=32320 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir534864146/syzkaller.3vFIJD/677/bus" dev="sda1" ino=14042 res=1 audit: type=1804 audit(1620917346.033:196): pid=32333 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir534864146/syzkaller.3vFIJD/677/bus" dev="sda1" ino=14042 res=1 syz-executor.3 (32372): /proc/32371/oom_adj is deprecated, please use /proc/32371/oom_score_adj instead. audit: type=1804 audit(1620917346.973:197): pid=32388 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir534864146/syzkaller.3vFIJD/678/bus" dev="sda1" ino=14081 res=1 audit: type=1804 audit(1620917347.073:198): pid=32393 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir534864146/syzkaller.3vFIJD/678/bus" dev="sda1" ino=14081 res=1 syz-executor.3 (32372): drop_caches: 2 syz-executor.3 (32448): drop_caches: 2 syz-executor.3 (32472): drop_caches: 2 syz-executor.3 (32489): drop_caches: 2 syz-executor.0 (32499): drop_caches: 2 syz-executor.0 (32512): drop_caches: 2 F2FS-fs (loop5): Found nat_bits in checkpoint