On Thu, Aug 01, 2024 at 12:09:40AM +0900, Jeongjun Park wrote:

In do_setlink() , do_set_master() is called when dev->flags does not have
the IFF_UP flag set, so 'team->lock' is acquired and dev_open() is called,
which generates the NETDEV_UP event. This causes a deadlock as it tries to
acquire 'team->lock' again.

To solve this, we need to unlock 'team->lock' before calling dev_open()
in team_port_add() and then reacquire the lock when dev_open() returns.
Since the implementation acquires the lock in advance when the team
structure is used inside dev_open(), data races will not occur even if it
is briefly unlocked.


Reported-by: syzbot+b668da2bc4cb9670bf58@syzkaller.appspotmail.com
Fixes: ec4ffd100ffb ("Revert "net: rtnetlink: Enslave device before bringing it up"")

The fixes tag shouldn't be ec4ffd100ffb, as the issue exists before
ec4ffd100ffb. I think it should be

3d249d4ca7d0 ("net: introduce ethernet teaming device")

Jiri, what do you think?

Thanks
Hangbin