[syzbot] [net?] possible deadlock in br_forward_delay_timer_expired
From: syzbot
Date: Sun Aug 13 2023 - 04:07:11 EST
Hello,
syzbot found the following issue on:
HEAD commit: d14eea09edf4 net: core: remove unnecessary frame_sz check ..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=15321525a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=fa5bd4cd5ab6259d
dashboard link: https://syzkaller.appspot.com/bug?extid=9e1986cb61510a8ada32
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/dd4e64d718cc/disk-d14eea09.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0d81468167b0/vmlinux-d14eea09.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5a59df207999/bzImage-d14eea09.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9e1986cb61510a8ada32@xxxxxxxxxxxxxxxxxxxxxxxxx
bond0: left promiscuous mode
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
6.5.0-rc4-syzkaller-00186-gd14eea09edf4 #0 Not tainted
-----------------------------------------------------
syz-executor.5/29194 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire:
ffff888028b2cd18 (&bond->stats_lock/1){+.+.}-{2:2}, at: bond_get_stats+0x118/0x560 drivers/net/bonding/bond_main.c:4427
and this task is already holding:
ffff88802d3b0c98 (&br->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff88802d3b0c98 (&br->lock){+.-.}-{2:2}, at: br_port_slave_changelink net/bridge/br_netlink.c:1199 [inline]
ffff88802d3b0c98 (&br->lock){+.-.}-{2:2}, at: br_port_slave_changelink+0x3e/0x190 net/bridge/br_netlink.c:1187
which would create a new lock dependency:
(&br->lock){+.-.}-{2:2} -> (&bond->stats_lock/1){+.+.}-{2:2}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&br->lock){+.-.}-{2:2}
... which became SOFTIRQ-irq-safe at:
lock_acquire kernel/locking/lockdep.c:5761 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
br_forward_delay_timer_expired+0x4f/0x560 net/bridge/br_stp_timer.c:86
call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700
expire_timers kernel/time/timer.c:1751 [inline]
__run_timers+0x764/0xb10 kernel/time/timer.c:2022
run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035
__do_softirq+0x218/0x965 kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu kernel/softirq.c:632 [inline]
irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1109
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
lock_acquire+0x1ef/0x510 kernel/locking/lockdep.c:5729
rcu_lock_acquire include/linux/rcupdate.h:303 [inline]
rcu_read_lock include/linux/rcupdate.h:749 [inline]
is_bpf_text_address+0x38/0x1a0 kernel/bpf/core.c:719
kernel_text_address kernel/extable.c:125 [inline]
kernel_text_address+0x85/0xf0 kernel/extable.c:94
__kernel_text_address+0xd/0x30 kernel/extable.c:79
unwind_get_return_address+0x55/0xa0 arch/x86/kernel/unwind_orc.c:369
arch_stack_walk+0x9d/0xf0 arch/x86/kernel/stacktrace.c:26
stack_trace_save+0x96/0xd0 kernel/stacktrace.c:122
kasan_save_stack+0x33/0x50 mm/kasan/common.c:45
__kasan_record_aux_stack+0xbc/0xd0 mm/kasan/generic.c:492
task_work_add+0x88/0x2a0 kernel/task_work.c:48
fput fs/file_table.c:440 [inline]
fput+0xed/0x1a0 fs/file_table.c:433
filp_close+0x130/0x1b0 fs/open.c:1523
close_fd+0x76/0xa0 fs/file.c:665
__do_sys_close fs/open.c:1536 [inline]
__se_sys_close fs/open.c:1534 [inline]
__x64_sys_close+0x31/0x90 fs/open.c:1534
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
to a SOFTIRQ-irq-unsafe lock:
(&bond->stats_lock/1){+.+.}-{2:2}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire kernel/locking/lockdep.c:5761 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726
_raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x118/0x560 drivers/net/bonding/bond_main.c:4427
dev_get_stats+0xb5/0x470 net/core/dev.c:10424
rtnl_fill_stats+0x48/0xa80 net/core/rtnetlink.c:1261
rtnl_fill_ifinfo+0x18b5/0x47b0 net/core/rtnetlink.c:1868
rtmsg_ifinfo_build_skb+0x14d/0x270 net/core/rtnetlink.c:4024
rtmsg_ifinfo_event net/core/rtnetlink.c:4058 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:4048 [inline]
rtnetlink_event+0xef/0x1f0 net/core/rtnetlink.c:6479
notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
call_netdevice_notifiers_info+0xb9/0x130 net/core/dev.c:1962
call_netdevice_notifiers_extack net/core/dev.c:2000 [inline]
call_netdevice_notifiers net/core/dev.c:2014 [inline]
netdev_features_change net/core/dev.c:1325 [inline]
netdev_change_features+0x82/0xb0 net/core/dev.c:9805
bond_compute_features+0x4ec/0x810 drivers/net/bonding/bond_main.c:1496
bond_enslave+0x3116/0x5d00 drivers/net/bonding/bond_main.c:2219
do_set_master+0x1bc/0x220 net/core/rtnetlink.c:2661
do_setlink+0xa07/0x3fa0 net/core/rtnetlink.c:2860
__rtnl_newlink+0xc04/0x18c0 net/core/rtnetlink.c:3655
rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3702
rtnetlink_rcv_msg+0x439/0xd30 net/core/rtnetlink.c:6428
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2549
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x539/0x800 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x93c/0xe30 net/netlink/af_netlink.c:1914
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg+0xd9/0x180 net/socket.c:748
__sys_sendto+0x255/0x340 net/socket.c:2134
__do_sys_sendto net/socket.c:2146 [inline]
__se_sys_sendto net/socket.c:2142 [inline]
__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2142
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&bond->stats_lock/1);
local_irq_disable();
lock(&br->lock);
lock(&bond->stats_lock/1);
<Interrupt>
lock(&br->lock);
*** DEADLOCK ***
3 locks held by syz-executor.5/29194:
#0: ffffffff8e3dfca8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3dfca8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e2/0xd30 net/core/rtnetlink.c:6425
#1: ffff88802d3b0c98 (&br->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#1: ffff88802d3b0c98 (&br->lock){+.-.}-{2:2}, at: br_port_slave_changelink net/bridge/br_netlink.c:1199 [inline]
#1: ffff88802d3b0c98 (&br->lock){+.-.}-{2:2}, at: br_port_slave_changelink+0x3e/0x190 net/bridge/br_netlink.c:1187
#2: ffffffff8c9a6580 (rcu_read_lock){....}-{1:2}, at: bond_get_stats+0x4/0x560 drivers/net/bonding/bond_main.c:4414
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&br->lock){+.-.}-{2:2} {
HARDIRQ-ON-W at:
lock_acquire kernel/locking/lockdep.c:5761 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
br_add_if+0x1039/0x1bb0 net/bridge/br_if.c:682
do_set_master+0x1bc/0x220 net/core/rtnetlink.c:2661
do_setlink+0xa07/0x3fa0 net/core/rtnetlink.c:2860
__rtnl_newlink+0xc04/0x18c0 net/core/rtnetlink.c:3655
rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3702
rtnetlink_rcv_msg+0x439/0xd30 net/core/rtnetlink.c:6428
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2549
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x539/0x800 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x93c/0xe30 net/netlink/af_netlink.c:1914
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg+0xd9/0x180 net/socket.c:748
__sys_sendto+0x255/0x340 net/socket.c:2134
__do_sys_sendto net/socket.c:2146 [inline]
__se_sys_sendto net/socket.c:2142 [inline]
__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2142
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
IN-SOFTIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5761 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
br_forward_delay_timer_expired+0x4f/0x560 net/bridge/br_stp_timer.c:86
call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700
expire_timers kernel/time/timer.c:1751 [inline]
__run_timers+0x764/0xb10 kernel/time/timer.c:2022
run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035
__do_softirq+0x218/0x965 kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu kernel/softirq.c:632 [inline]
irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1109
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
lock_acquire+0x1ef/0x510 kernel/locking/lockdep.c:5729
rcu_lock_acquire include/linux/rcupdate.h:303 [inline]
rcu_read_lock include/linux/rcupdate.h:749 [inline]
is_bpf_text_address+0x38/0x1a0 kernel/bpf/core.c:719
kernel_text_address kernel/extable.c:125 [inline]
kernel_text_address+0x85/0xf0 kernel/extable.c:94
__kernel_text_address+0xd/0x30 kernel/extable.c:79
unwind_get_return_address+0x55/0xa0 arch/x86/kernel/unwind_orc.c:369
arch_stack_walk+0x9d/0xf0 arch/x86/kernel/stacktrace.c:26
stack_trace_save+0x96/0xd0 kernel/stacktrace.c:122
kasan_save_stack+0x33/0x50 mm/kasan/common.c:45
__kasan_record_aux_stack+0xbc/0xd0 mm/kasan/generic.c:492
task_work_add+0x88/0x2a0 kernel/task_work.c:48
fput fs/file_table.c:440 [inline]
fput+0xed/0x1a0 fs/file_table.c:433
filp_close+0x130/0x1b0 fs/open.c:1523
close_fd+0x76/0xa0 fs/file.c:665
__do_sys_close fs/open.c:1536 [inline]
__se_sys_close fs/open.c:1534 [inline]
__x64_sys_close+0x31/0x90 fs/open.c:1534
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5761 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
br_add_if+0x1039/0x1bb0 net/bridge/br_if.c:682
do_set_master+0x1bc/0x220 net/core/rtnetlink.c:2661
do_setlink+0xa07/0x3fa0 net/core/rtnetlink.c:2860
__rtnl_newlink+0xc04/0x18c0 net/core/rtnetlink.c:3655
rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3702
rtnetlink_rcv_msg+0x439/0xd30 net/core/rtnetlink.c:6428
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2549
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x539/0x800 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x93c/0xe30 net/netlink/af_netlink.c:1914
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg+0xd9/0x180 net/socket.c:748
__sys_sendto+0x255/0x340 net/socket.c:2134
__do_sys_sendto net/socket.c:2146 [inline]
__se_sys_sendto net/socket.c:2142 [inline]
__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2142
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
}
... key at: [<ffffffff924eb040>] __key.5+0x0/0x40
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (&bond->stats_lock/1){+.+.}-{2:2} {
HARDIRQ-ON-W at:
lock_acquire kernel/locking/lockdep.c:5761 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726
_raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x118/0x560 drivers/net/bonding/bond_main.c:4427
dev_get_stats+0xb5/0x470 net/core/dev.c:10424
rtnl_fill_stats+0x48/0xa80 net/core/rtnetlink.c:1261
rtnl_fill_ifinfo+0x18b5/0x47b0 net/core/rtnetlink.c:1868
rtmsg_ifinfo_build_skb+0x14d/0x270 net/core/rtnetlink.c:4024
rtmsg_ifinfo_event net/core/rtnetlink.c:4058 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:4048 [inline]
rtnetlink_event+0xef/0x1f0 net/core/rtnetlink.c:6479
notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
call_netdevice_notifiers_info+0xb9/0x130 net/core/dev.c:1962
call_netdevice_notifiers_extack net/core/dev.c:2000 [inline]
call_netdevice_notifiers net/core/dev.c:2014 [inline]
netdev_features_change net/core/dev.c:1325 [inline]
netdev_change_features+0x82/0xb0 net/core/dev.c:9805
bond_compute_features+0x4ec/0x810 drivers/net/bonding/bond_main.c:1496
bond_enslave+0x3116/0x5d00 drivers/net/bonding/bond_main.c:2219
do_set_master+0x1bc/0x220 net/core/rtnetlink.c:2661
do_setlink+0xa07/0x3fa0 net/core/rtnetlink.c:2860
__rtnl_newlink+0xc04/0x18c0 net/core/rtnetlink.c:3655
rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3702
rtnetlink_rcv_msg+0x439/0xd30 net/core/rtnetlink.c:6428
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2549
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x539/0x800 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x93c/0xe30 net/netlink/af_netlink.c:1914
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg+0xd9/0x180 net/socket.c:748
__sys_sendto+0x255/0x340 net/socket.c:2134
__do_sys_sendto net/socket.c:2146 [inline]
__se_sys_sendto net/socket.c:2142 [inline]
__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2142
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
SOFTIRQ-ON-W at:
lock_acquire kernel/locking/lockdep.c:5761 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726
_raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x118/0x560 drivers/net/bonding/bond_main.c:4427
dev_get_stats+0xb5/0x470 net/core/dev.c:10424
rtnl_fill_stats+0x48/0xa80 net/core/rtnetlink.c:1261
rtnl_fill_ifinfo+0x18b5/0x47b0 net/core/rtnetlink.c:1868
rtmsg_ifinfo_build_skb+0x14d/0x270 net/core/rtnetlink.c:4024
rtmsg_ifinfo_event net/core/rtnetlink.c:4058 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:4048 [inline]
rtnetlink_event+0xef/0x1f0 net/core/rtnetlink.c:6479
notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
call_netdevice_notifiers_info+0xb9/0x130 net/core/dev.c:1962
call_netdevice_notifiers_extack net/core/dev.c:2000 [inline]
call_netdevice_notifiers net/core/dev.c:2014 [inline]
netdev_features_change net/core/dev.c:1325 [inline]
netdev_change_features+0x82/0xb0 net/core/dev.c:9805
bond_compute_features+0x4ec/0x810 drivers/net/bonding/bond_main.c:1496
bond_enslave+0x3116/0x5d00 drivers/net/bonding/bond_main.c:2219
do_set_master+0x1bc/0x220 net/core/rtnetlink.c:2661
do_setlink+0xa07/0x3fa0 net/core/rtnetlink.c:2860
__rtnl_newlink+0xc04/0x18c0 net/core/rtnetlink.c:3655
rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3702
rtnetlink_rcv_msg+0x439/0xd30 net/core/rtnetlink.c:6428
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2549
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x539/0x800 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x93c/0xe30 net/netlink/af_netlink.c:1914
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg+0xd9/0x180 net/socket.c:748
__sys_sendto+0x255/0x340 net/socket.c:2134
__do_sys_sendto net/socket.c:2146 [inline]
__se_sys_sendto net/socket.c:2142 [inline]
__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2142
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5761 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726
_raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x118/0x560 drivers/net/bonding/bond_main.c:4427
dev_get_stats+0xb5/0x470 net/core/dev.c:10424
rtnl_fill_stats+0x48/0xa80 net/core/rtnetlink.c:1261
rtnl_fill_ifinfo+0x18b5/0x47b0 net/core/rtnetlink.c:1868
rtmsg_ifinfo_build_skb+0x14d/0x270 net/core/rtnetlink.c:4024
rtmsg_ifinfo_event net/core/rtnetlink.c:4058 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:4048 [inline]
rtnetlink_event+0xef/0x1f0 net/core/rtnetlink.c:6479
notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
call_netdevice_notifiers_info+0xb9/0x130 net/core/dev.c:1962
call_netdevice_notifiers_extack net/core/dev.c:2000 [inline]
call_netdevice_notifiers net/core/dev.c:2014 [inline]
netdev_features_change net/core/dev.c:1325 [inline]
netdev_change_features+0x82/0xb0 net/core/dev.c:9805
bond_compute_features+0x4ec/0x810 drivers/net/bonding/bond_main.c:1496
bond_enslave+0x3116/0x5d00 drivers/net/bonding/bond_main.c:2219
do_set_master+0x1bc/0x220 net/core/rtnetlink.c:2661
do_setlink+0xa07/0x3fa0 net/core/rtnetlink.c:2860
__rtnl_newlink+0xc04/0x18c0 net/core/rtnetlink.c:3655
rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3702
rtnetlink_rcv_msg+0x439/0xd30 net/core/rtnetlink.c:6428
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2549
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x539/0x800 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x93c/0xe30 net/netlink/af_netlink.c:1914
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg+0xd9/0x180 net/socket.c:748
__sys_sendto+0x255/0x340 net/socket.c:2134
__do_sys_sendto net/socket.c:2146 [inline]
__se_sys_sendto net/socket.c:2142 [inline]
__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2142
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
}
... key at: [<ffffffff92432741>] __key.8+0x1/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5761 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726
_raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x118/0x560 drivers/net/bonding/bond_main.c:4427
dev_get_stats+0xb5/0x470 net/core/dev.c:10424
rtnl_fill_stats+0x48/0xa80 net/core/rtnetlink.c:1261
rtnl_fill_ifinfo+0x18b5/0x47b0 net/core/rtnetlink.c:1868
rtmsg_ifinfo_build_skb+0x14d/0x270 net/core/rtnetlink.c:4024
rtmsg_ifinfo_event net/core/rtnetlink.c:4058 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:4048 [inline]
rtmsg_ifinfo+0x9f/0x1a0 net/core/rtnetlink.c:4067
__dev_notify_flags+0x24a/0x2e0 net/core/dev.c:8565
__dev_set_promiscuity+0x269/0x580 net/core/dev.c:8339
dev_set_promiscuity+0x52/0x150 net/core/dev.c:8359
br_port_clear_promisc net/bridge/br_if.c:135 [inline]
br_manage_promisc+0x3f2/0x510 net/bridge/br_if.c:172
nbp_update_port_count net/bridge/br_if.c:242 [inline]
br_port_flags_change+0x185/0x1e0 net/bridge/br_if.c:761
br_setport+0xb7e/0x16f0 net/bridge/br_netlink.c:993
br_port_slave_changelink net/bridge/br_netlink.c:1200 [inline]
br_port_slave_changelink+0xdd/0x190 net/bridge/br_netlink.c:1187
__rtnl_newlink+0xbc6/0x18c0 net/core/rtnetlink.c:3648
rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3702
rtnetlink_rcv_msg+0x439/0xd30 net/core/rtnetlink.c:6428
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2549
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x539/0x800 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x93c/0xe30 net/netlink/af_netlink.c:1914
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg+0xd9/0x180 net/socket.c:748
____sys_sendmsg+0x6ac/0x940 net/socket.c:2494
___sys_sendmsg+0x135/0x1d0 net/socket.c:2548
__sys_sendmsg+0x117/0x1e0 net/socket.c:2577
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
stack backtrace:
CPU: 0 PID: 29194 Comm: syz-executor.5 Not tainted 6.5.0-rc4-syzkaller-00186-gd14eea09edf4 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
print_bad_irq_dependency kernel/locking/lockdep.c:2634 [inline]
check_irq_usage+0x10b8/0x1c70 kernel/locking/lockdep.c:2873
check_prev_add kernel/locking/lockdep.c:3146 [inline]
check_prevs_add kernel/locking/lockdep.c:3261 [inline]
validate_chain kernel/locking/lockdep.c:3876 [inline]
__lock_acquire+0x2e53/0x5de0 kernel/locking/lockdep.c:5144
lock_acquire kernel/locking/lockdep.c:5761 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726
_raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
bond_get_stats+0x118/0x560 drivers/net/bonding/bond_main.c:4427
dev_get_stats+0xb5/0x470 net/core/dev.c:10424
rtnl_fill_stats+0x48/0xa80 net/core/rtnetlink.c:1261
rtnl_fill_ifinfo+0x18b5/0x47b0 net/core/rtnetlink.c:1868
rtmsg_ifinfo_build_skb+0x14d/0x270 net/core/rtnetlink.c:4024
rtmsg_ifinfo_event net/core/rtnetlink.c:4058 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:4048 [inline]
rtmsg_ifinfo+0x9f/0x1a0 net/core/rtnetlink.c:4067
__dev_notify_flags+0x24a/0x2e0 net/core/dev.c:8565
__dev_set_promiscuity+0x269/0x580 net/core/dev.c:8339
dev_set_promiscuity+0x52/0x150 net/core/dev.c:8359
br_port_clear_promisc net/bridge/br_if.c:135 [inline]
br_manage_promisc+0x3f2/0x510 net/bridge/br_if.c:172
nbp_update_port_count net/bridge/br_if.c:242 [inline]
br_port_flags_change+0x185/0x1e0 net/bridge/br_if.c:761
br_setport+0xb7e/0x16f0 net/bridge/br_netlink.c:993
br_port_slave_changelink net/bridge/br_netlink.c:1200 [inline]
br_port_slave_changelink+0xdd/0x190 net/bridge/br_netlink.c:1187
__rtnl_newlink+0xbc6/0x18c0 net/core/rtnetlink.c:3648
rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3702
rtnetlink_rcv_msg+0x439/0xd30 net/core/rtnetlink.c:6428
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2549
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x539/0x800 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x93c/0xe30 net/netlink/af_netlink.c:1914
sock_sendmsg_nosec net/socket.c:725 [inline]
sock_sendmsg+0xd9/0x180 net/socket.c:748
____sys_sendmsg+0x6ac/0x940 net/socket.c:2494
___sys_sendmsg+0x135/0x1d0 net/socket.c:2548
__sys_sendmsg+0x117/0x1e0 net/socket.c:2577
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f8f9aa7cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8f9b7360c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f8f9ab9bf80 RCX: 00007f8f9aa7cae9
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 000000000000000b
RBP: 00007f8f9aac847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f8f9ab9bf80 R15: 00007fff1934f968
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup