bridge_slave_1: left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
bridge_slave_0: left allmulticast mode
bridge_slave_0: left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
Oops: general protection fault, probably for non-canonical address 0xe0a665e0b8ed70a2: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: maybe wild-memory-access in range [0x05334f05c76b8510-0x05334f05c76b8517]
CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:1 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Workqueue: netns cleanup_net
RIP: 0010:dev_deactivate_queue+0xa4/0x160 net/sched/sch_generic.c:1290
Code: 40 bd 10 8d be 0a 05 00 00 48 c7 c2 60 c0 10 8d e8 e1 0e bc f7 48 b8 00 00 00 00 00 fc ff df 49 83 c7 10 4c 89 fb 48 c1 eb 03 <80> 3c 03 00 74 08 4c 89 ff e8 ce 00 4a f8 4d 8b 37 4d 85 f6 74 53
RSP: 0018:ffffc90000117688 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 00a669e0b8ed70a2 RCX: ffff88801cebda00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff8999bf36 R09: 1ffffffff2859b01
R10: dffffc0000000000 R11: fffffbfff2859b02 R12: ffffffff8fd18880
R13: 1ffff92000973f4f R14: ffffc90004b9f5c0 R15: 05334f05c76b8510
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055624d5d7a18 CR3: 0000000085eca000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
netdev_for_each_tx_queue include/linux/netdevice.h:2504 [inline]
dev_deactivate_many+0xc8/0xb10 net/sched/sch_generic.c:1363
__dev_close_many+0x1a4/0x300 net/core/dev.c:1547
dev_close_many+0x24e/0x4c0 net/core/dev.c:1585
unregister_netdevice_many_notify+0x530/0x1da0 net/core/dev.c:11381
cleanup_net+0x75d/0xcc0 net/core/net_namespace.c:621
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:dev_deactivate_queue+0xa4/0x160 net/sched/sch_generic.c:1290
Code: 40 bd 10 8d be 0a 05 00 00 48 c7 c2 60 c0 10 8d e8 e1 0e bc f7 48 b8 00 00 00 00 00 fc ff df 49 83 c7 10 4c 89 fb 48 c1 eb 03 <80> 3c 03 00 74 08 4c 89 ff e8 ce 00 4a f8 4d 8b 37 4d 85 f6 74 53
RSP: 0018:ffffc90000117688 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 00a669e0b8ed70a2 RCX: ffff88801cebda00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff8999bf36 R09: 1ffffffff2859b01
R10: dffffc0000000000 R11: fffffbfff2859b02 R12: ffffffff8fd18880
R13: 1ffff92000973f4f R14: ffffc90004b9f5c0 R15: 05334f05c76b8510
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb940a67d60 CR3: 000000000e734000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 3 bytes skipped:
0: 8d be 0a 05 00 00 lea 0x50a(%rsi),%edi
6: 48 c7 c2 60 c0 10 8d mov $0xffffffff8d10c060,%rdx
d: e8 e1 0e bc f7 call 0xf7bc0ef3
12: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
19: fc ff df
1c: 49 83 c7 10 add $0x10,%r15
20: 4c 89 fb mov %r15,%rbx
23: 48 c1 eb 03 shr $0x3,%rbx
* 27: 80 3c 03 00 cmpb $0x0,(%rbx,%rax,1) <-- trapping instruction
2b: 74 08 je 0x35
2d: 4c 89 ff mov %r15,%rdi
30: e8 ce 00 4a f8 call 0xf84a0103
35: 4d 8b 37 mov (%r15),%r14
38: 4d 85 f6 test %r14,%r14
3b: 74 53 je 0x90