vxcan1: j1939_xtp_rx_rts_session_active: 0xffff88802d34d000: connection exists (00 02). last cmd: 10
skbuff: skb_under_panic: text:ffffffff8a77db2d len:30 put:14 head:ffff8880571370c0 data:ffff8880571370b2 tail:0x10 end:0x180 dev:bridge_slave_1
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:214!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 15787 Comm: kworker/u8:18 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
RIP: 0010:skb_panic+0x157/0x160 net/core/skbuff.c:214
Code: c7 60 16 dc 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 0e 55 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000a08228 EFLAGS: 00010286
RAX: 000000000000008f RBX: dffffc0000000000 RCX: 7451b276e3d06800
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000180 R08: ffffc90000a07f87 R09: 1ffff92000140ff0
R10: dffffc0000000000 R11: fffff52000140ff1 R12: ffff888056630650
R13: ffff8880571370c0 R14: ffff8880571370b2 R15: 0000000000000010
FS: 0000000000000000(0000) GS:ffff888125561000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff19fe4eddd CR3: 000000004a11a000 CR4: 00000000003526f0
Call Trace:
<IRQ>
skb_under_panic net/core/skbuff.c:224 [inline]
skb_push+0xc3/0xe0 net/core/skbuff.c:2674
br_dev_queue_push_xmit+0x2d/0x4a0 net/bridge/br_forward.c:35
NF_HOOK+0x360/0x3f0 include/linux/netfilter.h:318
br_forward_finish+0xd3/0x130 net/bridge/br_forward.c:66
NF_HOOK+0x360/0x3f0 include/linux/netfilter.h:318
__br_forward+0x397/0x540 net/bridge/br_forward.c:115
deliver_clone net/bridge/br_forward.c:131 [inline]
maybe_deliver net/bridge/br_forward.c:191 [inline]
br_flood+0x6ee/0xb80 net/bridge/br_forward.c:238
br_handle_frame_finish+0x14c2/0x1bb0 net/bridge/br_input.c:229
nf_hook_bridge_pre net/bridge/br_input.c:313 [inline]
br_handle_frame+0x80f/0x1510 net/bridge/br_input.c:442
__netif_receive_skb_core+0x98f/0x31a0 net/core/dev.c:6051
__netif_receive_skb_one_core net/core/dev.c:6162 [inline]
__netif_receive_skb net/core/dev.c:6277 [inline]
process_backlog+0x76d/0x1950 net/core/dev.c:6628
__napi_poll+0xae/0x340 net/core/dev.c:7692
napi_poll net/core/dev.c:7755 [inline]
net_rx_action+0x627/0xf70 net/core/dev.c:7912
handle_softirqs+0x22a/0x870 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
sysvec_call_function_single+0xa3/0xc0 arch/x86/kernel/smp.c:266
</IRQ>
<TASK>
asm_sysvec_call_function_single+0x1a/0x20 arch/x86/include/asm/idtentry.h:704
RIP: 0010:do_raw_spin_unlock+0xd/0x210 kernel/locking/spinlock_debug.c:139
Code: ff ff e8 f6 b2 8d 00 e9 5b ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 55 41 57 41 56 41 55 41 54 <53> 48 89 fb 49 bc 00 00 00 00 00 fc ff df 4c 8d 77 04 4c 89 f0 48
RSP: 0018:ffffc900064176d0 EFLAGS: 00000282
RAX: 7451b276e3d06800 RBX: ffff88802a7c8698 RCX: 0000000080000001
RDX: 0000000000000001 RSI: ffffffff8e164b17 RDI: ffff88802a7c8698
RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000c82ed0 R12: dffffc0000000000
R13: 1ffff110054f90db R14: ffff88802a7c86d8 R15: 0000000000000000
__raw_spin_unlock include/linux/spinlock_api_smp.h:168 [inline]
_raw_spin_unlock+0x1e/0x50 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:389 [inline]
lockref_get_not_dead+0x7e/0xc0 lib/lockref.c:160
__legitimize_path fs/namei.c:869 [inline]
legitimize_path fs/namei.c:879 [inline]
try_to_unlazy+0x3cb/0xc50 fs/namei.c:943
complete_walk+0x11f/0x390 fs/namei.c:1059
do_open fs/namei.c:4637 [inline]
path_openat+0x28de/0x3860 fs/namei.c:4830
do_file_open+0x23e/0x4a0 fs/namei.c:4859
do_open_execat+0x12b/0x580 fs/exec.c:781
alloc_bprm+0x28/0x5c0 fs/exec.c:1401
class_bprm_constructor fs/exec.c:1466 [inline]
kernel_execve+0x87/0x930 fs/exec.c:1859
call_usermodehelper_exec_async+0x20f/0x360 kernel/umh.c:109
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:skb_panic+0x157/0x160 net/core/skbuff.c:214
Code: c7 60 16 dc 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 0e 55 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000a08228 EFLAGS: 00010286
RAX: 000000000000008f RBX: dffffc0000000000 RCX: 7451b276e3d06800
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000180 R08: ffffc90000a07f87 R09: 1ffff92000140ff0
R10: dffffc0000000000 R11: fffff52000140ff1 R12: ffff888056630650
R13: ffff8880571370c0 R14: ffff8880571370b2 R15: 0000000000000010
FS: 0000000000000000(0000) GS:ffff888125561000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff19fe4eddd CR3: 000000004a11a000 CR4: 00000000003526f0
----------------
Code disassembly (best guess), 1 bytes skipped:
0: ff ljmp (bad)
1: e8 f6 b2 8d 00 call 0x8db2fc
6: e9 5b ff ff ff jmp 0xffffff66
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop
16: 90 nop
17: 90 nop
18: 90 nop
19: 90 nop
1a: 90 nop
1b: 90 nop
1c: 0f 1f 40 d6 nopl -0x2a(%rax)
20: 55 push %rbp
21: 41 57 push %r15
23: 41 56 push %r14
25: 41 55 push %r13
27: 41 54 push %r12
* 29: 53 push %rbx <-- trapping instruction
2a: 48 89 fb mov %rdi,%rbx
2d: 49 bc 00 00 00 00 00 movabs $0xdffffc0000000000,%r12
34: fc ff df
37: 4c 8d 77 04 lea 0x4(%rdi),%r14
3b: 4c 89 f0 mov %r14,%rax
3e: 48 rex.W