program: bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x11, 0x80a, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) [ 68.433171][ T4673] Bluetooth: hci0: command tx timeout [ 68.447889][ T5325] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 68.453295][ T5325] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.460146][ T5325] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.483636][ T5325] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.486775][ T5325] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.490242][ T5325] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.493501][ T5325] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.501320][ T5325] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 68.525877][ T5325] syz.0.0 (5325) used greatest stack depth: 20360 bytes left [ 68.554760][ T1152] ------------[ cut here ]------------ [ 68.557960][ T1152] RTNL: assertion failed at ./include/net/netdev_lock.h (72) [ 68.562405][ T1152] WARNING: CPU: 0 PID: 1152 at ./include/net/netdev_lock.h:72 __linkwatch_sync_dev+0x303/0x350 [ 68.569242][ T1152] Modules linked in: [ 68.571173][ T1152] CPU: 0 UID: 0 PID: 1152 Comm: kworker/u4:12 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 68.577042][ T1152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.581713][ T1152] Workqueue: bond0 bond_mii_monitor [ 68.584213][ T1152] RIP: 0010:__linkwatch_sync_dev+0x303/0x350 [ 68.586974][ T1152] Code: 7c fe ff ff e8 7e 25 69 f8 c6 05 e4 dc 33 06 01 90 48 c7 c7 80 c0 92 8c 48 c7 c6 3b 97 9c 8d ba 48 00 00 00 e8 ee cd 2c f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff [ 68.596082][ T1152] RSP: 0018:ffffc90002797670 EFLAGS: 00010246 [ 68.598744][ T1152] RAX: 268af0bae98dfb00 RBX: ffff888052378000 RCX: ffff8880335c2440 [ 68.602599][ T1152] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 68.606388][ T1152] RBP: 0000000000000000 R08: ffff88801fc24293 R09: 1ffff11003f84852 [ 68.609693][ T1152] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 1ffff1100a46f05d [ 68.613133][ T1152] R13: dffffc0000000000 R14: ffffffff8c1c4a88 R15: 0000000000000000 [ 68.616633][ T1152] FS: 0000000000000000(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000 [ 68.620579][ T1152] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.623796][ T1152] CR2: 00007f165c3d49a0 CR3: 000000000df38000 CR4: 0000000000352ef0 [ 68.627257][ T1152] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.630803][ T1152] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.634564][ T1152] Call Trace: [ 68.636017][ T1152] [ 68.637348][ T1152] ? ethtool_op_get_link+0xd/0x70 [ 68.639556][ T1152] ethtool_op_get_link+0x15/0x70 [ 68.641609][ T1152] bond_check_dev_link+0x447/0x6c0 [ 68.644138][ T1152] ? __pfx_bond_check_dev_link+0x10/0x10 [ 68.646710][ T1152] ? netdev_lower_get_next_private_rcu+0x9f/0x100 [ 68.649429][ T1152] bond_mii_monitor+0x428/0x2e00 [ 68.651471][ T1152] ? psi_task_switch+0x39a/0x6d0 [ 68.653616][ T1152] ? bond_mii_monitor+0x153/0x2e00 [ 68.655655][ T1152] ? __lock_acquire+0xab9/0xd20 [ 68.657653][ T1152] ? __pfx_bond_mii_monitor+0x10/0x10 [ 68.659955][ T1152] ? register_lock_class+0x51/0x320 [ 68.662508][ T1152] ? __lock_acquire+0xab9/0xd20 [ 68.664627][ T1152] ? process_scheduled_works+0x9ef/0x17b0 [ 68.667065][ T1152] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.669391][ T1152] ? process_scheduled_works+0x9ef/0x17b0 [ 68.672497][ T1152] ? process_scheduled_works+0x9ef/0x17b0 [ 68.674984][ T1152] process_scheduled_works+0xae1/0x17b0 [ 68.677446][ T1152] ? __pfx_process_scheduled_works+0x10/0x10 [ 68.679786][ T1152] worker_thread+0x8a0/0xda0 [ 68.681700][ T1152] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 68.684705][ T1152] ? __kthread_parkme+0x7b/0x200 [ 68.686920][ T1152] kthread+0x70e/0x8a0 [ 68.688859][ T1152] ? __pfx_worker_thread+0x10/0x10 [ 68.691065][ T1152] ? __pfx_kthread+0x10/0x10 [ 68.693316][ T1152] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.695552][ T1152] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.697900][ T1152] ? __pfx_kthread+0x10/0x10 [ 68.700026][ T1152] ret_from_fork+0x3fc/0x770 [ 68.702286][ T1152] ? __pfx_ret_from_fork+0x10/0x10 [ 68.704566][ T1152] ? __pfx_kthread+0x10/0x10 [ 68.706719][ T1152] ret_from_fork_asm+0x1a/0x30 [ 68.708855][ T1152] [ 68.710209][ T1152] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 68.713395][ T1152] CPU: 0 UID: 0 PID: 1152 Comm: kworker/u4:12 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 68.718694][ T1152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.723114][ T1152] Workqueue: bond0 bond_mii_monitor [ 68.725437][ T1152] Call Trace: [ 68.726951][ T1152] [ 68.728342][ T1152] dump_stack_lvl+0x99/0x250 [ 68.730475][ T1152] ? __asan_memcpy+0x40/0x70 [ 68.732604][ T1152] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.734867][ T1152] ? __pfx__printk+0x10/0x10 [ 68.736897][ T1152] panic+0x2db/0x790 [ 68.738696][ T1152] ? __pfx_panic+0x10/0x10 [ 68.740642][ T1152] ? ret_from_fork_asm+0x1a/0x30 [ 68.742849][ T1152] __warn+0x31b/0x4b0 [ 68.744674][ T1152] ? __linkwatch_sync_dev+0x303/0x350 [ 68.747123][ T1152] ? __linkwatch_sync_dev+0x303/0x350 [ 68.749556][ T1152] report_bug+0x2be/0x4f0 [ 68.751442][ T1152] ? __linkwatch_sync_dev+0x303/0x350 [ 68.753851][ T1152] ? __linkwatch_sync_dev+0x303/0x350 [ 68.756233][ T1152] ? __linkwatch_sync_dev+0x305/0x350 [ 68.758680][ T1152] handle_bug+0x84/0x160 [ 68.760564][ T1152] exc_invalid_op+0x1a/0x50 [ 68.762619][ T1152] asm_exc_invalid_op+0x1a/0x20 [ 68.764846][ T1152] RIP: 0010:__linkwatch_sync_dev+0x303/0x350 [ 68.767588][ T1152] Code: 7c fe ff ff e8 7e 25 69 f8 c6 05 e4 dc 33 06 01 90 48 c7 c7 80 c0 92 8c 48 c7 c6 3b 97 9c 8d ba 48 00 00 00 e8 ee cd 2c f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff [ 68.775759][ T1152] RSP: 0018:ffffc90002797670 EFLAGS: 00010246 [ 68.778467][ T1152] RAX: 268af0bae98dfb00 RBX: ffff888052378000 RCX: ffff8880335c2440 [ 68.781936][ T1152] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 68.785523][ T1152] RBP: 0000000000000000 R08: ffff88801fc24293 R09: 1ffff11003f84852 [ 68.788980][ T1152] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 1ffff1100a46f05d [ 68.792293][ T1152] R13: dffffc0000000000 R14: ffffffff8c1c4a88 R15: 0000000000000000 [ 68.795988][ T1152] ? ethtool_op_get_link+0xd/0x70 [ 68.798565][ T1152] ethtool_op_get_link+0x15/0x70 [ 68.800864][ T1152] bond_check_dev_link+0x447/0x6c0 [ 68.803114][ T1152] ? __pfx_bond_check_dev_link+0x10/0x10 [ 68.805581][ T1152] ? netdev_lower_get_next_private_rcu+0x9f/0x100 [ 68.808416][ T1152] bond_mii_monitor+0x428/0x2e00 [ 68.810592][ T1152] ? psi_task_switch+0x39a/0x6d0 [ 68.812800][ T1152] ? bond_mii_monitor+0x153/0x2e00 [ 68.815058][ T1152] ? __lock_acquire+0xab9/0xd20 [ 68.817326][ T1152] ? __pfx_bond_mii_monitor+0x10/0x10 [ 68.819751][ T1152] ? register_lock_class+0x51/0x320 [ 68.821932][ T1152] ? __lock_acquire+0xab9/0xd20 [ 68.823955][ T1152] ? process_scheduled_works+0x9ef/0x17b0 [ 68.826424][ T1152] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.828804][ T1152] ? process_scheduled_works+0x9ef/0x17b0 [ 68.831418][ T1152] ? process_scheduled_works+0x9ef/0x17b0 [ 68.834036][ T1152] process_scheduled_works+0xae1/0x17b0 [ 68.836554][ T1152] ? __pfx_process_scheduled_works+0x10/0x10 [ 68.839309][ T1152] worker_thread+0x8a0/0xda0 [ 68.841411][ T1152] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 68.844124][ T1152] ? __kthread_parkme+0x7b/0x200 [ 68.846316][ T1152] kthread+0x70e/0x8a0 [ 68.848112][ T1152] ? __pfx_worker_thread+0x10/0x10 [ 68.850376][ T1152] ? __pfx_kthread+0x10/0x10 [ 68.852486][ T1152] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.854839][ T1152] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.857151][ T1152] ? __pfx_kthread+0x10/0x10 [ 68.859268][ T1152] ret_from_fork+0x3fc/0x770 [ 68.861384][ T1152] ? __pfx_ret_from_fork+0x10/0x10 [ 68.863711][ T1152] ? __pfx_kthread+0x10/0x10 [ 68.865867][ T1152] ret_from_fork_asm+0x1a/0x30 [ 68.868095][ T1152] [ 68.869860][ T1152] Kernel Offset: disabled [ 68.871837][ T1152] Rebooting in 86400 seconds..