rtmsg_ifinfo_event net/core/rtnetlink.c:4432 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:4422 [inline] rtnetlink_event+0xf3/0x1f0 net/core/rtnetlink.c:7004 notifier_call_chain+0xbc/0x410 kernel/notifier.c:85 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline] call_netdevice_notifiers+0x7c/0xb0 net/core/dev.c:2282 bond_set_dev_addr+0x16b/0x1b0 drivers/net/bonding/bond_main.c:1047 bond_enslave+0x1801/0x60b0 drivers/net/bonding/bond_main.c:2079 do_set_master+0x40f/0x730 net/core/rtnetlink.c:2946 do_setlink.constprop.0+0xbd8/0x4380 net/core/rtnetlink.c:3148 rtnl_changelink net/core/rtnetlink.c:3759 [inline] __rtnl_newlink net/core/rtnetlink.c:3918 [inline] rtnl_newlink+0x1446/0x2000 net/core/rtnetlink.c:4055 ------------[ cut here ]------------ kernel BUG at mm/filemap.c:3442! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 1 UID: 0 PID: 8580 Comm: syz.1.676 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:filemap_fault+0x1847/0x26c0 mm/filemap.c:3442 Code: 00 e9 d2 ec ff ff 48 8b 7c 24 28 e8 63 38 2e 00 e9 79 f3 ff ff e8 49 52 c8 ff 48 c7 c6 20 18 b9 8b 48 89 df e8 0a a0 10 00 90 <0f> 0b e8 32 52 c8 ff 48 c7 c6 20 0e b9 8b 48 89 df e8 f3 9f 10 00 RSP: 0018:ffffc90004b4f828 EFLAGS: 00010246 RAX: 0000000000080000 RBX: ffffea0001567680 RCX: ffffc9000def0000 RDX: 0000000000080000 RSI: ffffffff81f3cdb6 RDI: ffff88802fad8444 RBP: ffffc90004b4fa58 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff90a82a57 R11: 0000000000000001 R12: ffff888148c86ff8 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f1a58c196c0(0000) GS:ffff888124859000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7156dd2f98 CR3: 000000005a7be000 CR4: 0000000000350ef0 Call Trace: __do_fault+0x10d/0x490 mm/memory.c:5169 do_shared_fault mm/memory.c:5654 [inline] do_fault mm/memory.c:5728 [inline] do_pte_missing mm/memory.c:4251 [inline] handle_pte_fault mm/memory.c:6069 [inline] __handle_mm_fault+0x374c/0x5490 mm/memory.c:6212 handle_mm_fault+0x589/0xd10 mm/memory.c:6381 do_user_addr_fault+0x7a6/0x1370 arch/x86/mm/fault.c:1387 handle_page_fault arch/x86/mm/fault.c:1476 [inline] exc_page_fault+0x5c/0xb0 arch/x86/mm/fault.c:1532 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0010:__put_user_4+0xd/0x20 arch/x86/lib/putuser.S:94 Code: 66 89 01 31 c9 0f 01 ca e9 3b 59 92 f5 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 12 59 92 f5 0f 1f 80 00 00 00 00 90 90 90 RSP: 0018:ffffc90004b4fcf0 EFLAGS: 00050202 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000001338 RDX: 0000000000080000 RSI: ffffffff894d25d9 RDI: ffffffff8c1568e0 RBP: 000000000000003a R08: 2e9e6a6b919e55df R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000040000 R13: 0000200000001300 R14: 00000000000002e8 R15: 00000000000002e9 __sys_sendmmsg+0x234/0x420 net/socket.c:2714 __do_sys_sendmmsg net/socket.c:2736 [inline] __se_sys_sendmmsg net/socket.c:2733 [inline] __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2733 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f1a57d8e929 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f1a58c19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007f1a57fb6080 RCX: 00007f1a57d8e929 RDX: 00000000000002e9 RSI: 0000200000000480 RDI: 0000000000000005 RBP: 00007f1a57e10b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f1a57fb6080 R15: 00007ffe69520af8 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:filemap_fault+0x1847/0x26c0 mm/filemap.c:3442 Code: 00 e9 d2 ec ff ff 48 8b 7c 24 28 e8 63 38 2e 00 e9 79 f3 ff ff e8 49 52 c8 ff 48 c7 c6 20 18 b9 8b 48 89 df e8 0a a0 10 00 90 <0f> 0b e8 32 52 c8 ff 48 c7 c6 20 0e b9 8b 48 89 df e8 f3 9f 10 00 RSP: 0018:ffffc90004b4f828 EFLAGS: 00010246 RAX: 0000000000080000 RBX: ffffea0001567680 RCX: ffffc9000def0000 RDX: 0000000000080000 RSI: ffffffff81f3cdb6 RDI: ffff88802fad8444 RBP: ffffc90004b4fa58 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff90a82a57 R11: 0000000000000001 R12: ffff888148c86ff8 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f1a58c196c0(0000) GS:ffff888124859000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055555f4c25c8 CR3: 000000005a7be000 CR4: 0000000000350ef0 ---------------- Code disassembly (best guess): 0: 66 89 01 mov %ax,(%rcx) 3: 31 c9 xor %ecx,%ecx 5: 0f 01 ca clac 8: e9 3b 59 92 f5 jmp 0xf5925948 d: 90 nop e: 90 nop f: 90 nop 10: 90 nop 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop 16: 90 nop 17: 90 nop 18: 90 nop 19: 90 nop 1a: 90 nop 1b: 90 nop 1c: 90 nop 1d: 48 89 cb mov %rcx,%rbx 20: 48 c1 fb 3f sar $0x3f,%rbx 24: 48 09 d9 or %rbx,%rcx 27: 0f 01 cb stac * 2a: 89 01 mov %eax,(%rcx) <-- trapping instruction 2c: 31 c9 xor %ecx,%ecx 2e: 0f 01 ca clac 31: e9 12 59 92 f5 jmp 0xf5925948 36: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 3d: 90 nop 3e: 90 nop 3f: 90 nop