============================================
WARNING: possible recursive locking detected
4.14.231-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.1/14732 is trying to acquire lock:
 (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: [<ffffffff83ca5157>] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457

but task is already holding lock:
 (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: [<ffffffff83ca5157>] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
       ----
  lock(&(&bond->stats_lock)->rlock#2/2);
  lock(&(&bond->stats_lock)->rlock#2/2);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by syz-executor.1/14732:
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85c7627d>] rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85c7627d>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4311
 #1:  (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: [<ffffffff83ca5157>] bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457
 #2:  (rcu_read_lock){....}, at: [<ffffffff83ca513b>] bond_get_nest_level drivers/net/bonding/bond_main.c:3446 [inline]
 #2:  (rcu_read_lock){....}, at: [<ffffffff83ca513b>] bond_get_stats+0x9b/0x440 drivers/net/bonding/bond_main.c:3457

stack backtrace:
CPU: 0 PID: 14732 Comm: syz-executor.1 Not tainted 4.14.231-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_deadlock_bug kernel/locking/lockdep.c:1800 [inline]
 check_deadlock kernel/locking/lockdep.c:1847 [inline]
 validate_chain kernel/locking/lockdep.c:2448 [inline]
 __lock_acquire.cold+0x180/0x97c kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:362
 bond_get_stats+0xb7/0x440 drivers/net/bonding/bond_main.c:3457
 dev_get_stats+0xa5/0x280 net/core/dev.c:8011
 bond_get_stats+0x1da/0x440 drivers/net/bonding/bond_main.c:3463
 dev_get_stats+0xa5/0x280 net/core/dev.c:8011
 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1079
 rtnl_fill_ifinfo+0xe16/0x3050 net/core/rtnetlink.c:1385
 rtmsg_ifinfo_build_skb+0x8e/0x130 net/core/rtnetlink.c:2913
 rtmsg_ifinfo_event net/core/rtnetlink.c:2943 [inline]
 rtmsg_ifinfo_event net/core/rtnetlink.c:2934 [inline]
 rtnetlink_event+0xee/0x1a0 net/core/rtnetlink.c:4360
 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
 call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
 call_netdevice_notifiers net/core/dev.c:1683 [inline]
 netdev_features_change net/core/dev.c:1296 [inline]
 netdev_change_features+0x7e/0xa0 net/core/dev.c:7449
 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3191 [inline]
 bond_netdev_event+0x664/0xbd0 drivers/net/bonding/bond_main.c:3232
 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
 call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
 call_netdevice_notifiers net/core/dev.c:1683 [inline]
 netdev_features_change net/core/dev.c:1296 [inline]
 netdev_change_features+0x7e/0xa0 net/core/dev.c:7449
 bond_compute_features+0x444/0x860 drivers/net/bonding/bond_main.c:1122
 bond_enslave+0x37e2/0x4cc0 drivers/net/bonding/bond_main.c:1757
 do_set_master+0x19e/0x200 net/core/rtnetlink.c:1961
 rtnl_newlink+0x136f/0x1860 net/core/rtnetlink.c:2757
 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4316
 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433
 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
 netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313
 netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xb5/0x100 net/socket.c:656
 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
 __sys_sendmsg+0xa3/0x120 net/socket.c:2096
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0x27/0x40 net/socket.c:2103
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x4665f9
RSP: 002b:00007f5cdc554188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000006
RBP: 00000000004bfbb9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffd5269f4df R14: 00007f5cdc554300 R15: 0000000000022000
bond1: Enslaving bridge2 as an active interface with a down link
F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
syz-executor.1 (14732) used greatest stack depth: 23480 bytes left
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
bond2: making interface bridge3 the new active one
bond2: Enslaving bridge3 as an active interface with an up link
8021q: adding VLAN 0 to HW filter on device bond2
bond0: Enslaving bond2 as an active interface with an up link
bond2: link status definitely down for interface bridge3, disabling it
bond2: now running without any active interface!
print_req_error: 215 callbacks suppressed
print_req_error: I/O error, dev loop7, sector 0
print_req_error: I/O error, dev loop7, sector 0
buffer_io_error: 208 callbacks suppressed
Buffer I/O error on dev loop7, logical block 0, async page read
f2fs_msg: 7 callbacks suppressed
F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
bond3: making interface bridge4 the new active one
F2FS-fs (loop5): invalid crc value
bond3: Enslaving bridge4 as an active interface with an up link
8021q: adding VLAN 0 to HW filter on device bond3
bond0: Enslaving bond3 as an active interface with an up link
bond3: link status definitely down for interface bridge4, disabling it
bond3: now running without any active interface!
F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b
binder: 15016:15024 unknown command 0
audit: type=1800 audit(1619341062.125:53): pid=15023 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14539 res=0
binder: 15016:15024 ioctl c0306201 200012c0 returned -22
binder: 15016:15065 unknown command 0
binder: 15016:15065 ioctl c0306201 200012c0 returned -22
bond4: making interface bridge5 the new active one
bond4: Enslaving bridge5 as an active interface with an up link
audit: type=1800 audit(1619341062.345:54): pid=15084 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14540 res=0
8021q: adding VLAN 0 to HW filter on device bond4
input: syz0 as /devices/virtual/input/input12
bond0: Enslaving bond4 as an active interface with an up link
bond4: link status definitely down for interface bridge5, disabling it
bond4: now running without any active interface!
audit: type=1800 audit(1619341062.605:55): pid=15116 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14540 res=0
audit: type=1800 audit(1619341062.855:56): pid=15140 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14542 res=0
input: syz0 as /devices/virtual/input/input13
sctp: [Deprecated]: syz-executor.4 (pid 15181) Use of int in max_burst socket option deprecated.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor.4 (pid 15181) Use of int in max_burst socket option deprecated.
Use struct sctp_assoc_value instead
new mount options do not match the existing superblock, will be ignored
input: syz0 as /devices/virtual/input/input14
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
new mount options do not match the existing superblock, will be ignored
uinput: write device info first
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop4): __ext4_new_inode:930: comm syz-executor.4: reserved inode found cleared - inode=1
EXT4-fs error (device loop4): __ext4_new_inode:930: comm syz-executor.4: reserved inode found cleared - inode=1
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
new mount options do not match the existing superblock, will be ignored
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
new mount options do not match the existing superblock, will be ignored
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop4): __ext4_new_inode:930: comm syz-executor.4: reserved inode found cleared - inode=1
EXT4-fs error (device loop4): __ext4_new_inode:930: comm syz-executor.4: reserved inode found cleared - inode=1