netlink: 32 bytes leftover after parsing attributes in process `syz.2.3349'.
vlan2: left promiscuous mode
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
6.15.0-rc4-syzkaller-00213-g3c44b2d615e6 #0 Not tainted
-----------------------------------------------------
syz.2.3349/14843 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire:
ffff888063544e18 (&bond->stats_lock/1){+.+.}-{3:3}, at: bond_get_stats+0x3c1/0x6c0 drivers/net/bonding/bond_main.c:4573
and this task is already holding:
ffff8880330c4d98 (&br->lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff8880330c4d98 (&br->lock){+.-.}-{3:3}, at: br_port_slave_changelink+0x3d/0x150 net/bridge/br_netlink.c:1212
which would create a new lock dependency:
(&br->lock){+.-.}-{3:3} -> (&bond->stats_lock/1){+.+.}-{3:3}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&br->lock){+.-.}-{3:3}
... which became SOFTIRQ-irq-safe at:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
br_forward_delay_timer_expired+0x4f/0x430 net/bridge/br_stp_timer.c:86
call_timer_fn+0x17b/0x5f0 kernel/time/timer.c:1789
expire_timers kernel/time/timer.c:1840 [inline]
__run_timers kernel/time/timer.c:2414 [inline]
__run_timer_base+0x61a/0x860 kernel/time/timer.c:2426
run_timer_base kernel/time/timer.c:2435 [inline]
run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2445
handle_softirqs+0x283/0x870 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
__sanitizer_cov_trace_const_cmp4+0x0/0x90 kernel/kcov.c:309
__page_table_check_ptes_set+0x15c/0x2f0 mm/page_table_check.c:206
page_table_check_ptes_set include/linux/page_table_check.h:74 [inline]
set_ptes include/linux/pgtable.h:292 [inline]
__copy_present_ptes mm/memory.c:961 [inline]
copy_present_ptes mm/memory.c:1044 [inline]
copy_pte_range mm/memory.c:1167 [inline]
copy_pmd_range+0x427d/0x7000 mm/memory.c:1255
copy_pud_range mm/memory.c:1292 [inline]
copy_p4d_range mm/memory.c:1316 [inline]
copy_page_range+0x95c/0xd40 mm/memory.c:1410
dup_mmap kernel/fork.c:726 [inline]
dup_mm kernel/fork.c:1734 [inline]
copy_mm+0x121c/0x2100 kernel/fork.c:1786
copy_process+0x16d3/0x3b80 kernel/fork.c:2429
kernel_clone+0x21e/0x870 kernel/fork.c:2844
__do_sys_clone kernel/fork.c:2987 [inline]
__se_sys_clone kernel/fork.c:2971 [inline]
__x64_sys_clone+0x18b/0x1e0 kernel/fork.c:2971
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
to a SOFTIRQ-irq-unsafe lock:
(&bond->stats_lock/1){+.+.}-{3:3}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
_raw_spin_lock_nested+0x32/0x50 kernel/locking/spinlock.c:378
bond_get_stats+0x3c1/0x6c0 drivers/net/bonding/bond_main.c:4573
dev_get_stats+0xb1/0xa50 net/core/dev.c:11444
rtnl_fill_stats+0x47/0x8c0 net/core/rtnetlink.c:1474
rtnl_fill_ifinfo+0x1606/0x1e70 net/core/rtnetlink.c:2118
rtmsg_ifinfo_build_skb+0x17d/0x260 net/core/rtnetlink.c:4409
rtmsg_ifinfo_event net/core/rtnetlink.c:4442 [inline]
rtnetlink_event+0x1b7/0x270 net/core/rtnetlink.c:7015
notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2214 [inline]
call_netdevice_notifiers net/core/dev.c:2228 [inline]
netdev_features_change net/core/dev.c:1517 [inline]
netdev_change_features+0x8d/0xd0 net/core/dev.c:10685
bond_compute_features+0x615/0x680 drivers/net/bonding/bond_main.c:1619
bond_enslave+0x21e5/0x3a40 drivers/net/bonding/bond_main.c:2350
do_set_master+0x530/0x6d0 net/core/rtnetlink.c:2946
do_setlink+0xd47/0x40d0 net/core/rtnetlink.c:3159
rtnl_changelink net/core/rtnetlink.c:3769 [inline]
__rtnl_newlink net/core/rtnetlink.c:3928 [inline]
rtnl_newlink+0x160b/0x1c70 net/core/rtnetlink.c:4065
rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6955
netlink_rcv_skb+0x219/0x490 net/netlink/af_netlink.c:2534
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x219/0x270 net/socket.c:727
__sys_sendto+0x3bd/0x520 net/socket.c:2180
__do_sys_sendto net/socket.c:2187 [inline]
__se_sys_sendto net/socket.c:2183 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2183
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&bond->stats_lock/1);
local_irq_disable();
lock(&br->lock);
lock(&bond->stats_lock/1);
<Interrupt>
lock(&br->lock);
*** DEADLOCK ***
3 locks held by syz.2.3349/14843:
#0: ffffffff8f2f4248 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#0: ffffffff8f2f4248 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
#0: ffffffff8f2f4248 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4064
#1: ffff8880330c4d98 (&br->lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#1: ffff8880330c4d98 (&br->lock){+.-.}-{3:3}, at: br_port_slave_changelink+0x3d/0x150 net/bridge/br_netlink.c:1212
#2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: bond_get_stats+0xc5/0x6c0 drivers/net/bonding/bond_main.c:4568
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&br->lock){+.-.}-{3:3} {
HARDIRQ-ON-W at:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x36/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
br_add_if+0xabe/0xec0 net/bridge/br_if.c:682
do_set_master+0x530/0x6d0 net/core/rtnetlink.c:2946
do_setlink+0xd47/0x40d0 net/core/rtnetlink.c:3159
rtnl_changelink net/core/rtnetlink.c:3769 [inline]
__rtnl_newlink net/core/rtnetlink.c:3928 [inline]
rtnl_newlink+0x160b/0x1c70 net/core/rtnetlink.c:4065
rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6955
netlink_rcv_skb+0x219/0x490 net/netlink/af_netlink.c:2534
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x219/0x270 net/socket.c:727
__sys_sendto+0x3bd/0x520 net/socket.c:2180
__do_sys_sendto net/socket.c:2187 [inline]
__se_sys_sendto net/socket.c:2183 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2183
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
IN-SOFTIRQ-W at:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
br_forward_delay_timer_expired+0x4f/0x430 net/bridge/br_stp_timer.c:86
call_timer_fn+0x17b/0x5f0 kernel/time/timer.c:1789
expire_timers kernel/time/timer.c:1840 [inline]
__run_timers kernel/time/timer.c:2414 [inline]
__run_timer_base+0x61a/0x860 kernel/time/timer.c:2426
run_timer_base kernel/time/timer.c:2435 [inline]
run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2445
handle_softirqs+0x283/0x870 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
__sanitizer_cov_trace_const_cmp4+0x0/0x90 kernel/kcov.c:309
__page_table_check_ptes_set+0x15c/0x2f0 mm/page_table_check.c:206
page_table_check_ptes_set include/linux/page_table_check.h:74 [inline]
set_ptes include/linux/pgtable.h:292 [inline]
__copy_present_ptes mm/memory.c:961 [inline]
copy_present_ptes mm/memory.c:1044 [inline]
copy_pte_range mm/memory.c:1167 [inline]
copy_pmd_range+0x427d/0x7000 mm/memory.c:1255
copy_pud_range mm/memory.c:1292 [inline]
copy_p4d_range mm/memory.c:1316 [inline]
copy_page_range+0x95c/0xd40 mm/memory.c:1410
dup_mmap kernel/fork.c:726 [inline]
dup_mm kernel/fork.c:1734 [inline]
copy_mm+0x121c/0x2100 kernel/fork.c:1786
copy_process+0x16d3/0x3b80 kernel/fork.c:2429
kernel_clone+0x21e/0x870 kernel/fork.c:2844
__do_sys_clone kernel/fork.c:2987 [inline]
__se_sys_clone kernel/fork.c:2971 [inline]
__x64_sys_clone+0x18b/0x1e0 kernel/fork.c:2971
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL USE at:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x36/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
br_add_if+0xabe/0xec0 net/bridge/br_if.c:682
do_set_master+0x530/0x6d0 net/core/rtnetlink.c:2946
do_setlink+0xd47/0x40d0 net/core/rtnetlink.c:3159
rtnl_changelink net/core/rtnetlink.c:3769 [inline]
__rtnl_newlink net/core/rtnetlink.c:3928 [inline]
rtnl_newlink+0x160b/0x1c70 net/core/rtnetlink.c:4065
rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6955
netlink_rcv_skb+0x219/0x490 net/netlink/af_netlink.c:2534
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x219/0x270 net/socket.c:727
__sys_sendto+0x3bd/0x520 net/socket.c:2180
__do_sys_sendto net/socket.c:2187 [inline]
__se_sys_sendto net/socket.c:2183 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2183
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff99d50b80>] br_dev_setup.__key+0x0/0x20
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (&bond->stats_lock/1){+.+.}-{3:3} {
HARDIRQ-ON-W at:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
_raw_spin_lock_nested+0x32/0x50 kernel/locking/spinlock.c:378
bond_get_stats+0x3c1/0x6c0 drivers/net/bonding/bond_main.c:4573
dev_get_stats+0xb1/0xa50 net/core/dev.c:11444
rtnl_fill_stats+0x47/0x8c0 net/core/rtnetlink.c:1474
rtnl_fill_ifinfo+0x1606/0x1e70 net/core/rtnetlink.c:2118
rtmsg_ifinfo_build_skb+0x17d/0x260 net/core/rtnetlink.c:4409
rtmsg_ifinfo_event net/core/rtnetlink.c:4442 [inline]
rtnetlink_event+0x1b7/0x270 net/core/rtnetlink.c:7015
notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2214 [inline]
call_netdevice_notifiers net/core/dev.c:2228 [inline]
netdev_features_change net/core/dev.c:1517 [inline]
netdev_change_features+0x8d/0xd0 net/core/dev.c:10685
bond_compute_features+0x615/0x680 drivers/net/bonding/bond_main.c:1619
bond_enslave+0x21e5/0x3a40 drivers/net/bonding/bond_main.c:2350
do_set_master+0x530/0x6d0 net/core/rtnetlink.c:2946
do_setlink+0xd47/0x40d0 net/core/rtnetlink.c:3159
rtnl_changelink net/core/rtnetlink.c:3769 [inline]
__rtnl_newlink net/core/rtnetlink.c:3928 [inline]
rtnl_newlink+0x160b/0x1c70 net/core/rtnetlink.c:4065
rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6955
netlink_rcv_skb+0x219/0x490 net/netlink/af_netlink.c:2534
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x219/0x270 net/socket.c:727
__sys_sendto+0x3bd/0x520 net/socket.c:2180
__do_sys_sendto net/socket.c:2187 [inline]
__se_sys_sendto net/socket.c:2183 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2183
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
SOFTIRQ-ON-W at:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
_raw_spin_lock_nested+0x32/0x50 kernel/locking/spinlock.c:378
bond_get_stats+0x3c1/0x6c0 drivers/net/bonding/bond_main.c:4573
dev_get_stats+0xb1/0xa50 net/core/dev.c:11444
rtnl_fill_stats+0x47/0x8c0 net/core/rtnetlink.c:1474
rtnl_fill_ifinfo+0x1606/0x1e70 net/core/rtnetlink.c:2118
rtmsg_ifinfo_build_skb+0x17d/0x260 net/core/rtnetlink.c:4409
rtmsg_ifinfo_event net/core/rtnetlink.c:4442 [inline]
rtnetlink_event+0x1b7/0x270 net/core/rtnetlink.c:7015
notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2214 [inline]
call_netdevice_notifiers net/core/dev.c:2228 [inline]
netdev_features_change net/core/dev.c:1517 [inline]
netdev_change_features+0x8d/0xd0 net/core/dev.c:10685
bond_compute_features+0x615/0x680 drivers/net/bonding/bond_main.c:1619
bond_enslave+0x21e5/0x3a40 drivers/net/bonding/bond_main.c:2350
do_set_master+0x530/0x6d0 net/core/rtnetlink.c:2946
do_setlink+0xd47/0x40d0 net/core/rtnetlink.c:3159
rtnl_changelink net/core/rtnetlink.c:3769 [inline]
__rtnl_newlink net/core/rtnetlink.c:3928 [inline]
rtnl_newlink+0x160b/0x1c70 net/core/rtnetlink.c:4065
rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6955
netlink_rcv_skb+0x219/0x490 net/netlink/af_netlink.c:2534
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x219/0x270 net/socket.c:727
__sys_sendto+0x3bd/0x520 net/socket.c:2180
__do_sys_sendto net/socket.c:2187 [inline]
__se_sys_sendto net/socket.c:2183 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2183
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL USE at:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
_raw_spin_lock_nested+0x32/0x50 kernel/locking/spinlock.c:378
bond_get_stats+0x3c1/0x6c0 drivers/net/bonding/bond_main.c:4573
dev_get_stats+0xb1/0xa50 net/core/dev.c:11444
rtnl_fill_stats+0x47/0x8c0 net/core/rtnetlink.c:1474
rtnl_fill_ifinfo+0x1606/0x1e70 net/core/rtnetlink.c:2118
rtmsg_ifinfo_build_skb+0x17d/0x260 net/core/rtnetlink.c:4409
rtmsg_ifinfo_event net/core/rtnetlink.c:4442 [inline]
rtnetlink_event+0x1b7/0x270 net/core/rtnetlink.c:7015
notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2214 [inline]
call_netdevice_notifiers net/core/dev.c:2228 [inline]
netdev_features_change net/core/dev.c:1517 [inline]
netdev_change_features+0x8d/0xd0 net/core/dev.c:10685
bond_compute_features+0x615/0x680 drivers/net/bonding/bond_main.c:1619
bond_enslave+0x21e5/0x3a40 drivers/net/bonding/bond_main.c:2350
do_set_master+0x530/0x6d0 net/core/rtnetlink.c:2946
do_setlink+0xd47/0x40d0 net/core/rtnetlink.c:3159
rtnl_changelink net/core/rtnetlink.c:3769 [inline]
__rtnl_newlink net/core/rtnetlink.c:3928 [inline]
rtnl_newlink+0x160b/0x1c70 net/core/rtnetlink.c:4065
rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6955
netlink_rcv_skb+0x219/0x490 net/netlink/af_netlink.c:2534
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x219/0x270 net/socket.c:727
__sys_sendto+0x3bd/0x520 net/socket.c:2180
__do_sys_sendto net/socket.c:2187 [inline]
__se_sys_sendto net/socket.c:2183 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2183
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff99b69021>] bond_init.__key+0x1/0x20
... acquired at:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
_raw_spin_lock_nested+0x32/0x50 kernel/locking/spinlock.c:378
bond_get_stats+0x3c1/0x6c0 drivers/net/bonding/bond_main.c:4573
dev_get_stats+0xb1/0xa50 net/core/dev.c:11444
rtnl_fill_stats+0x47/0x8c0 net/core/rtnetlink.c:1474
rtnl_fill_ifinfo+0x1606/0x1e70 net/core/rtnetlink.c:2118
rtmsg_ifinfo_build_skb+0x17d/0x260 net/core/rtnetlink.c:4409
rtmsg_ifinfo_event net/core/rtnetlink.c:4442 [inline]
rtmsg_ifinfo+0x8c/0x1a0 net/core/rtnetlink.c:4451
__dev_notify_flags+0xf4/0x2e0 net/core/dev.c:9389
__dev_set_promiscuity+0x152/0x590 net/core/dev.c:9192
netif_set_promiscuity+0x50/0xe0 net/core/dev.c:9201
dev_set_promiscuity+0x126/0x260 net/core/dev_api.c:286
dev_change_rx_flags net/core/dev.c:9145 [inline]
__dev_set_promiscuity+0x3f5/0x590 net/core/dev.c:9189
netif_set_promiscuity+0x50/0xe0 net/core/dev.c:9201
dev_set_promiscuity+0x126/0x260 net/core/dev_api.c:286
br_port_clear_promisc net/bridge/br_if.c:135 [inline]
br_manage_promisc+0x4db/0x560 net/bridge/br_if.c:172
nbp_update_port_count net/bridge/br_if.c:242 [inline]
br_port_flags_change+0x160/0x1f0 net/bridge/br_if.c:761
br_setport+0xc3c/0x1670 net/bridge/br_netlink.c:1000
br_port_slave_changelink+0x12f/0x150 net/bridge/br_netlink.c:1213
rtnl_changelink net/core/rtnetlink.c:3762 [inline]
__rtnl_newlink net/core/rtnetlink.c:3928 [inline]
rtnl_newlink+0x19e2/0x1c70 net/core/rtnetlink.c:4065
rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6955
netlink_rcv_skb+0x219/0x490 net/netlink/af_netlink.c:2534
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x219/0x270 net/socket.c:727
____sys_sendmsg+0x505/0x830 net/socket.c:2566
___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620
__sys_sendmsg net/socket.c:2652 [inline]
__do_sys_sendmsg net/socket.c:2657 [inline]
__se_sys_sendmsg net/socket.c:2655 [inline]
__x64_sys_sendmsg+0x19b/0x260 net/socket.c:2655
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
stack backtrace:
CPU: 1 UID: 0 PID: 14843 Comm: syz.2.3349 Not tainted 6.15.0-rc4-syzkaller-00213-g3c44b2d615e6 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
print_bad_irq_dependency kernel/locking/lockdep.c:2652 [inline]
check_irq_usage kernel/locking/lockdep.c:2893 [inline]
check_prev_add kernel/locking/lockdep.c:3170 [inline]
check_prevs_add kernel/locking/lockdep.c:3285 [inline]
validate_chain+0x1f05/0x2140 kernel/locking/lockdep.c:3909
__lock_acquire+0xaac/0xd20 kernel/locking/lockdep.c:5235
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
_raw_spin_lock_nested+0x32/0x50 kernel/locking/spinlock.c:378
bond_get_stats+0x3c1/0x6c0 drivers/net/bonding/bond_main.c:4573
dev_get_stats+0xb1/0xa50 net/core/dev.c:11444
rtnl_fill_stats+0x47/0x8c0 net/core/rtnetlink.c:1474
rtnl_fill_ifinfo+0x1606/0x1e70 net/core/rtnetlink.c:2118
rtmsg_ifinfo_build_skb+0x17d/0x260 net/core/rtnetlink.c:4409
rtmsg_ifinfo_event net/core/rtnetlink.c:4442 [inline]
rtmsg_ifinfo+0x8c/0x1a0 net/core/rtnetlink.c:4451
__dev_notify_flags+0xf4/0x2e0 net/core/dev.c:9389
__dev_set_promiscuity+0x152/0x590 net/core/dev.c:9192
netif_set_promiscuity+0x50/0xe0 net/core/dev.c:9201
dev_set_promiscuity+0x126/0x260 net/core/dev_api.c:286
dev_change_rx_flags net/core/dev.c:9145 [inline]
__dev_set_promiscuity+0x3f5/0x590 net/core/dev.c:9189
netif_set_promiscuity+0x50/0xe0 net/core/dev.c:9201
dev_set_promiscuity+0x126/0x260 net/core/dev_api.c:286
br_port_clear_promisc net/bridge/br_if.c:135 [inline]
br_manage_promisc+0x4db/0x560 net/bridge/br_if.c:172
nbp_update_port_count net/bridge/br_if.c:242 [inline]
br_port_flags_change+0x160/0x1f0 net/bridge/br_if.c:761
br_setport+0xc3c/0x1670 net/bridge/br_netlink.c:1000
br_port_slave_changelink+0x12f/0x150 net/bridge/br_netlink.c:1213
rtnl_changelink net/core/rtnetlink.c:3762 [inline]
__rtnl_newlink net/core/rtnetlink.c:3928 [inline]
rtnl_newlink+0x19e2/0x1c70 net/core/rtnetlink.c:4065
rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6955
netlink_rcv_skb+0x219/0x490 net/netlink/af_netlink.c:2534
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x219/0x270 net/socket.c:727
____sys_sendmsg+0x505/0x830 net/socket.c:2566
___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620
__sys_sendmsg net/socket.c:2652 [inline]
__do_sys_sendmsg net/socket.c:2657 [inline]
__se_sys_sendmsg net/socket.c:2655 [inline]
__x64_sys_sendmsg+0x19b/0x260 net/socket.c:2655
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff707b8e969
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff708a9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007ff707db5fa0 RCX: 00007ff707b8e969
RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
RBP: 00007ff707c10ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff707db5fa0 R15: 00007ffc10563c18
</TASK>