program: bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x11, 0x80a, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) [ 84.859704][ T5301] Bluetooth: hci0: command tx timeout [ 84.967040][ T1043] ------------[ cut here ]------------ [ 84.970211][ T1043] RTNL: assertion failed at ./include/net/netdev_lock.h (72) [ 84.980490][ T5323] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 84.986375][ T1043] WARNING: CPU: 0 PID: 1043 at ./include/net/netdev_lock.h:72 __linkwatch_sync_dev+0x303/0x350 [ 84.991527][ T1043] Modules linked in: [ 84.993295][ T1043] CPU: 0 UID: 0 PID: 1043 Comm: kworker/u4:8 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 84.998747][ T1043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.003567][ T1043] Workqueue: bond0 bond_mii_monitor [ 85.005566][ T1043] RIP: 0010:__linkwatch_sync_dev+0x303/0x350 [ 85.008149][ T1043] Code: 7c fe ff ff e8 5e 24 69 f8 c6 05 54 db 33 06 01 90 48 c7 c7 80 c0 92 8c 48 c7 c6 30 97 9c 8d ba 48 00 00 00 e8 ce cc 2c f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff [ 85.016902][ T1043] RSP: 0018:ffffc90002627670 EFLAGS: 00010246 [ 85.020065][ T1043] RAX: cc257e3c1e6ce100 RBX: ffff888052c40000 RCX: ffff888032e84880 [ 85.023241][ T1043] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 85.026477][ T1043] RBP: 0000000000000000 R08: ffff88801fc24293 R09: 1ffff11003f84852 [ 85.030704][ T1043] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 1ffff1100a58805d [ 85.034146][ T1043] R13: dffffc0000000000 R14: ffffffff8c1c4988 R15: 0000000000000000 [ 85.037777][ T1043] FS: 0000000000000000(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000 [ 85.042140][ T1043] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.045298][ T1043] CR2: 0000558357d074b0 CR3: 0000000052900000 CR4: 0000000000352ef0 [ 85.048927][ T1043] Call Trace: [ 85.050856][ T1043] [ 85.052230][ T1043] ? ethtool_op_get_link+0xd/0x70 [ 85.054559][ T1043] ethtool_op_get_link+0x15/0x70 [ 85.057150][ T1043] bond_check_dev_link+0x447/0x6c0 [ 85.059044][ T1043] ? __pfx_bond_check_dev_link+0x10/0x10 [ 85.061895][ T1043] ? netdev_lower_get_next_private_rcu+0x9f/0x100 [ 85.064656][ T1043] bond_mii_monitor+0x428/0x2e00 [ 85.066978][ T1043] ? bond_mii_monitor+0x153/0x2e00 [ 85.069621][ T1043] ? __pfx_bond_mii_monitor+0x10/0x10 [ 85.072084][ T1043] ? __lock_acquire+0xab9/0xd20 [ 85.074155][ T1043] ? process_scheduled_works+0x9ef/0x17b0 [ 85.076376][ T1043] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.078630][ T1043] ? process_scheduled_works+0x9ef/0x17b0 [ 85.081192][ T1043] ? process_scheduled_works+0x9ef/0x17b0 [ 85.083934][ T1043] process_scheduled_works+0xade/0x17b0 [ 85.086395][ T1043] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.089237][ T1043] worker_thread+0x8a0/0xda0 [ 85.091675][ T1043] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.094492][ T1043] ? __kthread_parkme+0x7b/0x200 [ 85.096715][ T1043] kthread+0x70e/0x8a0 [ 85.098956][ T1043] ? __pfx_worker_thread+0x10/0x10 [ 85.102251][ T1043] ? __pfx_kthread+0x10/0x10 [ 85.105379][ T1043] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.108363][ T1043] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.110851][ T1043] ? __pfx_kthread+0x10/0x10 [ 85.112952][ T1043] ret_from_fork+0x3fc/0x770 [ 85.115464][ T1043] ? __pfx_ret_from_fork+0x10/0x10 [ 85.118234][ T1043] ? __pfx_kthread+0x10/0x10 [ 85.121256][ T1043] ret_from_fork_asm+0x1a/0x30 [ 85.124152][ T1043] [ 85.126029][ T1043] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.129525][ T1043] CPU: 0 UID: 0 PID: 1043 Comm: kworker/u4:8 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 85.134750][ T1043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.139632][ T1043] Workqueue: bond0 bond_mii_monitor [ 85.142380][ T1043] Call Trace: [ 85.144494][ T1043] [ 85.146027][ T1043] dump_stack_lvl+0x99/0x250 [ 85.148371][ T1043] ? __asan_memcpy+0x40/0x70 [ 85.150612][ T1043] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.153044][ T1043] ? __pfx__printk+0x10/0x10 [ 85.155281][ T1043] panic+0x2db/0x790 [ 85.157206][ T1043] ? __pfx_panic+0x10/0x10 [ 85.159181][ T1043] ? ret_from_fork_asm+0x1a/0x30 [ 85.161711][ T1043] __warn+0x31b/0x4b0 [ 85.163775][ T1043] ? __linkwatch_sync_dev+0x303/0x350 [ 85.166468][ T1043] ? __linkwatch_sync_dev+0x303/0x350 [ 85.169007][ T1043] report_bug+0x2be/0x4f0 [ 85.171226][ T1043] ? __linkwatch_sync_dev+0x303/0x350 [ 85.173771][ T1043] ? __linkwatch_sync_dev+0x303/0x350 [ 85.176520][ T1043] ? __linkwatch_sync_dev+0x305/0x350 [ 85.179407][ T1043] handle_bug+0x84/0x160 [ 85.181578][ T1043] exc_invalid_op+0x1a/0x50 [ 85.183755][ T1043] asm_exc_invalid_op+0x1a/0x20 [ 85.186032][ T1043] RIP: 0010:__linkwatch_sync_dev+0x303/0x350 [ 85.188777][ T1043] Code: 7c fe ff ff e8 5e 24 69 f8 c6 05 54 db 33 06 01 90 48 c7 c7 80 c0 92 8c 48 c7 c6 30 97 9c 8d ba 48 00 00 00 e8 ce cc 2c f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff [ 85.197252][ T1043] RSP: 0018:ffffc90002627670 EFLAGS: 00010246 [ 85.200469][ T1043] RAX: cc257e3c1e6ce100 RBX: ffff888052c40000 RCX: ffff888032e84880 [ 85.204119][ T1043] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 85.207711][ T1043] RBP: 0000000000000000 R08: ffff88801fc24293 R09: 1ffff11003f84852 [ 85.211260][ T1043] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 1ffff1100a58805d [ 85.214661][ T1043] R13: dffffc0000000000 R14: ffffffff8c1c4988 R15: 0000000000000000 [ 85.218273][ T1043] ? ethtool_op_get_link+0xd/0x70 [ 85.220674][ T1043] ethtool_op_get_link+0x15/0x70 [ 85.223037][ T1043] bond_check_dev_link+0x447/0x6c0 [ 85.225525][ T1043] ? __pfx_bond_check_dev_link+0x10/0x10 [ 85.227806][ T1043] ? netdev_lower_get_next_private_rcu+0x9f/0x100 [ 85.230384][ T1043] bond_mii_monitor+0x428/0x2e00 [ 85.232561][ T1043] ? bond_mii_monitor+0x153/0x2e00 [ 85.234816][ T1043] ? __pfx_bond_mii_monitor+0x10/0x10 [ 85.237289][ T1043] ? __lock_acquire+0xab9/0xd20 [ 85.239591][ T1043] ? process_scheduled_works+0x9ef/0x17b0 [ 85.242216][ T1043] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.244643][ T1043] ? process_scheduled_works+0x9ef/0x17b0 [ 85.247344][ T1043] ? process_scheduled_works+0x9ef/0x17b0 [ 85.250134][ T1043] process_scheduled_works+0xade/0x17b0 [ 85.252700][ T1043] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.255420][ T1043] worker_thread+0x8a0/0xda0 [ 85.257583][ T1043] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.260368][ T1043] ? __kthread_parkme+0x7b/0x200 [ 85.262551][ T1043] kthread+0x70e/0x8a0 [ 85.264344][ T1043] ? __pfx_worker_thread+0x10/0x10 [ 85.266634][ T1043] ? __pfx_kthread+0x10/0x10 [ 85.268883][ T1043] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.271411][ T1043] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.273740][ T1043] ? __pfx_kthread+0x10/0x10 [ 85.275672][ T1043] ret_from_fork+0x3fc/0x770 [ 85.277789][ T1043] ? __pfx_ret_from_fork+0x10/0x10 [ 85.280279][ T1043] ? __pfx_kthread+0x10/0x10 [ 85.282356][ T1043] ret_from_fork_asm+0x1a/0x30 [ 85.284454][ T1043] [ 85.286508][ T1043] Kernel Offset: disabled [ 85.289052][ T1043] Rebooting in 86400 seconds..