8021q: adding VLAN 0 to HW filter on device bond1
bond0: Enslaving bond1 as an active interface with an up link
============================================
WARNING: possible recursive locking detected
4.14.283-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.3/17713 is trying to acquire lock:
 (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: [<ffffffff83cb0727>] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457

but task is already holding lock:
 (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: [<ffffffff83cb0727>] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&(&bond->stats_lock)->rlock#3/3);
  lock(&(&bond->stats_lock)->rlock#3/3);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by syz-executor.3/17713:
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85c8959d>] rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85c8959d>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317
 #1:  (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: [<ffffffff83cb0727>] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457
 #2:  (rcu_read_lock){....}, at: [<ffffffff83cb070b>] bond_get_nest_level drivers/net/bonding/bond_main.c:3446 [inline]
 #2:  (rcu_read_lock){....}, at: [<ffffffff83cb070b>] bond_get_stats+0x9b/0x440 drivers/net/bonding/bond_main.c:3457

stack backtrace:
CPU: 1 PID: 17713 Comm: syz-executor.3 Not tainted 4.14.283-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_deadlock_bug kernel/locking/lockdep.c:1800 [inline]
 check_deadlock kernel/locking/lockdep.c:1847 [inline]
 validate_chain kernel/locking/lockdep.c:2448 [inline]
 __lock_acquire.cold+0x180/0x97c kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:362
 bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457
 dev_get_stats+0xa5/0x280 net/core/dev.c:8019
 bond_get_stats+0x1da/0x440 drivers/net/bonding/bond_main.c:3463
 dev_get_stats+0xa5/0x280 net/core/dev.c:8019
 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1079
 rtnl_fill_ifinfo+0xe16/0x3050 net/core/rtnetlink.c:1385
 rtmsg_ifinfo_build_skb+0x8e/0x130 net/core/rtnetlink.c:2915
 rtmsg_ifinfo_event net/core/rtnetlink.c:2945 [inline]
 rtmsg_ifinfo_event net/core/rtnetlink.c:2936 [inline]
 rtnetlink_event+0xee/0x1a0 net/core/rtnetlink.c:4366
 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
 call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
 call_netdevice_notifiers net/core/dev.c:1683 [inline]
 netdev_features_change net/core/dev.c:1296 [inline]
 netdev_change_features+0x7e/0xa0 net/core/dev.c:7457
 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3191 [inline]
 bond_netdev_event+0x664/0xbd0 drivers/net/bonding/bond_main.c:3232
 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
 call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
 call_netdevice_notifiers net/core/dev.c:1683 [inline]
 netdev_features_change net/core/dev.c:1296 [inline]
 netdev_change_features+0x7e/0xa0 net/core/dev.c:7457
 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122
 bond_enslave+0x37fb/0x4cf0 drivers/net/bonding/bond_main.c:1757
 do_set_master+0x19e/0x200 net/core/rtnetlink.c:1961
 rtnl_newlink+0x1356/0x1830 net/core/rtnetlink.c:2759
 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4322
 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2454
 netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline]
 netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322
 netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xb5/0x100 net/socket.c:656
 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
 __sys_sendmsg+0xa3/0x120 net/socket.c:2096
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0x27/0x40 net/socket.c:2103
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7ff14a453109
RSP: 002b:00007ff148d65168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007ff14a5661d0 RCX: 00007ff14a453109
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005
RBP: 00007ff14a4ad05d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd130d3a7f R14: 00007ff148d65300 R15: 0000000000022000
syz-executor.3 (17706) used greatest stack depth: 23752 bytes left
bond1: making interface vlan3 the new active one
bond1: Enslaving vlan3 as an active interface with an up link
bond6: making interface vlan4 the new active one
bond6: Enslaving vlan4 as an active interface with an up link
device bridge2 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device bond2
bond0: Enslaving bond2 as an active interface with an up link
device bridge3 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device bond7
bond0: Enslaving bond7 as an active interface with an up link
bond2: making interface vlan4 the new active one
bond2: Enslaving vlan4 as an active interface with an up link
bond7: making interface vlan5 the new active one
bond7: Enslaving vlan5 as an active interface with an up link
device bridge1 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device bond1
bond0: Enslaving bond1 as an active interface with an up link
bond1: making interface vlan3 the new active one
bond1: Enslaving vlan3 as an active interface with an up link
device bridge3 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device bond3
bond0: Enslaving bond3 as an active interface with an up link
bond3: making interface vlan5 the new active one
bond3: Enslaving vlan5 as an active interface with an up link
device bridge4 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device bond8
bond0: Enslaving bond8 as an active interface with an up link
bond8: making interface vlan6 the new active one
bond8: Enslaving vlan6 as an active interface with an up link
device bridge2 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device bond2
bond0: Enslaving bond2 as an active interface with an up link
bond2: making interface vlan4 the new active one
bond2: Enslaving vlan4 as an active interface with an up link
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
device bridge4 entered promiscuous mode
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
8021q: adding VLAN 0 to HW filter on device bond4
bond0: Enslaving bond4 as an active interface with an up link
bond4: making interface vlan6 the new active one
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
bond4: Enslaving vlan6 as an active interface with an up link
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
device bridge3 entered promiscuous mode
bond3: making interface vlan5 the new active one
bond3: Enslaving vlan5 as an active interface with an up link
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device sda1): swap_inode_boot_loader:114: inode #5: comm syz-executor.0: iget: checksum invalid
device bridge5 entered promiscuous mode
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
8021q: adding VLAN 0 to HW filter on device bond5
EXT4-fs error (device sda1): swap_inode_boot_loader:114: inode #5: comm syz-executor.4: iget: checksum invalid
bond0: Enslaving bond5 as an active interface with an up link
EXT4-fs error (device sda1): swap_inode_boot_loader:114: inode #5: comm syz-executor.2: iget: checksum invalid
bond5: making interface vlan7 the new active one
bond5: Enslaving vlan7 as an active interface with an up link
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device sda1): swap_inode_boot_loader:114: inode #5: comm syz-executor.0: iget: checksum invalid
nla_parse: 16717 callbacks suppressed
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.5'.
device bridge6 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device bond6
bond0: Enslaving bond6 as an active interface with an up link
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.5'.
bond6: making interface vlan8 the new active one
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.5'.
bond6: Enslaving vlan8 as an active interface with an up link
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.5'.
blktrace: Concurrent blktraces are not allowed on sg0
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
EXT4-fs error (device sda1): mb_free_blocks:1464: group 5, inode 14684: block 182304:freeing already freed block (bit 18464); block bitmap corrupt.
EXT4-fs error (device sda1): ext4_mb_generate_buddy:754: group 5, block bitmap and bg descriptor inconsistent: 15226 vs 15235 free clusters
EXT4-fs (sda1): pa ffff8880756f0d80: logic 32768, phys. 182272, len 2048
EXT4-fs error (device sda1): ext4_mb_release_inode_pa:3892: group 5, free 2016, pa_free 2007
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
IPVS: ftp: loaded support on port[0] = 21
EXT4-fs error (device loop2): ext4_fill_super:4382: inode #2: comm syz-executor.2: iget: root inode unallocated
EXT4-fs (loop2): get root inode failed
EXT4-fs (loop2): mount failed
print_req_error: 4 callbacks suppressed
print_req_error: I/O error, dev loop2, sector 0
buffer_io_error: 4 callbacks suppressed
Buffer I/O error on dev loop2, logical block 0, async page read
print_req_error: I/O error, dev loop2, sector 6
Buffer I/O error on dev loop2, logical block 3, async page read
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
EXT4-fs error (device sda1): mb_free_blocks:1464: group 7, inode 14674: block 231456:freeing already freed block (bit 2080); block bitmap corrupt.
EXT4-fs error (device sda1): ext4_mb_generate_buddy:754: group 7, block bitmap and bg descriptor inconsistent: 32725 vs 32734 free clusters
EXT4-fs (sda1): pa ffff8880756f0e58: logic 32768, phys. 231424, len 2048
EXT4-fs error (device sda1): ext4_mb_release_inode_pa:3892: group 7, free 2016, pa_free 2007
EXT4-fs error (device loop2): ext4_fill_super:4382: inode #2: comm syz-executor.2: iget: root inode unallocated
EXT4-fs (loop2): get root inode failed
EXT4-fs (loop2): mount failed
EXT4-fs (sda1): pa ffff88807547b158: logic 32768, phys. 296960, len 2048
EXT4-fs (sda1): pa ffff88807547b3e0: logic 32768, phys. 395264, len 2048
EXT4-fs (sda1): pa ffff888097817dc0: logic 32768, phys. 360448, len 2048
EXT4-fs (sda1): pa ffff888097817ce8: logic 32768, phys. 430080, len 2048
EXT4-fs (sda1): pa ffff88807547b590: logic 32768, phys. 466944, len 2048
EXT4-fs error (device loop2): ext4_fill_super:4382: inode #2: comm syz-executor.2: iget: root inode unallocated
EXT4-fs (loop2): get root inode failed
EXT4-fs (loop2): mount failed
EXT4-fs (sda1): pa ffff88807547b818: logic 32768, phys. 137216, len 2048
EXT4-fs (sda1): pa ffff88807547b8f0: logic 32768, phys. 221184, len 2048
EXT4-fs (sda1): pa ffff8880978178b0: logic 32768, phys. 292864, len 2048
EXT4-fs error (device loop2): ext4_fill_super:4382: inode #2: comm syz-executor.2: iget: root inode unallocated
EXT4-fs (loop2): get root inode failed
EXT4-fs (loop2): mount failed
semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
The task syz-executor.0 (18693) triggered the difference, watch for misbehavior.
EXT4-fs error: 30 callbacks suppressed
EXT4-fs error (device sda1): mb_free_blocks:1464: group 2, inode 14660: block 73249:freeing already freed block (bit 7713); block bitmap corrupt.
EXT4-fs error (device sda1): ext4_mb_generate_buddy:754: group 2, block bitmap and bg descriptor inconsistent: 857 vs 866 free clusters
EXT4-fs error (device sda1): ext4_mb_release_inode_pa:3892: group 2, free 479, pa_free 470