bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state Oops: general protection fault, probably for non-canonical address 0xee515cb8928e4782: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: maybe wild-memory-access in range [0x728b05c494723c10-0x728b05c494723c17] CPU: 1 UID: 0 PID: 7077 Comm: kworker/u8:11 Not tainted 6.11.0-rc6-syzkaller-00075-gad618736883b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: netns cleanup_net RIP: 0010:dev_deactivate_queue+0xa4/0x160 net/sched/sch_generic.c:1284 Code: 00 bc 0f 8d be 04 05 00 00 48 c7 c2 60 bf 0f 8d e8 71 2d c8 f7 48 b8 00 00 00 00 00 fc ff df 49 83 c7 10 4c 89 fb 48 c1 eb 03 <80> 3c 03 00 74 08 4c 89 ff e8 ee d1 52 f8 4d 8b 37 4d 85 f6 74 53 RSP: 0018:ffffc900045c7648 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0e5160b8928e4782 RCX: ffff888056391e00 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffff898d7686 R09: 1ffffffff283c909 R10: dffffc0000000000 R11: fffffbfff283c90a R12: ffffffff8fcd0700 R13: 1ffff9200129cf4f R14: ffffc900094e75c0 R15: 728b05c494723c10 FS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f9f78e5c78 CR3: 000000007cdc2000 CR4: 00000000003506f0 DR0: 0000000000002000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: netdev_for_each_tx_queue include/linux/netdevice.h:2513 [inline] dev_deactivate_many+0xc8/0xb10 net/sched/sch_generic.c:1357 __dev_close_many+0x1a4/0x300 net/core/dev.c:1545 dev_close_many+0x24e/0x4c0 net/core/dev.c:1583 unregister_netdevice_many_notify+0x50b/0x1c40 net/core/dev.c:11327 cleanup_net+0x75d/0xcc0 net/core/net_namespace.c:635 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd10 kernel/workqueue.c:3389 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:dev_deactivate_queue+0xa4/0x160 net/sched/sch_generic.c:1284 Code: 00 bc 0f 8d be 04 05 00 00 48 c7 c2 60 bf 0f 8d e8 71 2d c8 f7 48 b8 00 00 00 00 00 fc ff df 49 83 c7 10 4c 89 fb 48 c1 eb 03 <80> 3c 03 00 74 08 4c 89 ff e8 ee d1 52 f8 4d 8b 37 4d 85 f6 74 53 RSP: 0018:ffffc900045c7648 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0e5160b8928e4782 RCX: ffff888056391e00 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffff898d7686 R09: 1ffffffff283c909 R10: dffffc0000000000 R11: fffffbfff283c90a R12: ffffffff8fcd0700 R13: 1ffff9200129cf4f R14: ffffc900094e75c0 R15: 728b05c494723c10 FS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000563725d1a058 CR3: 000000007cdc2000 CR4: 00000000003506f0 DR0: 0000000000002000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 00 bc 0f 8d be 04 05 add %bh,0x504be8d(%rdi,%rcx,1) 7: 00 00 add %al,(%rax) 9: 48 c7 c2 60 bf 0f 8d mov $0xffffffff8d0fbf60,%rdx 10: e8 71 2d c8 f7 call 0xf7c82d86 15: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 1c: fc ff df 1f: 49 83 c7 10 add $0x10,%r15 23: 4c 89 fb mov %r15,%rbx 26: 48 c1 eb 03 shr $0x3,%rbx * 2a: 80 3c 03 00 cmpb $0x0,(%rbx,%rax,1) <-- trapping instruction 2e: 74 08 je 0x38 30: 4c 89 ff mov %r15,%rdi 33: e8 ee d1 52 f8 call 0xf852d226 38: 4d 8b 37 mov (%r15),%r14 3b: 4d 85 f6 test %r14,%r14 3e: 74 53 je 0x93