bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 2(bridge_slave_1) entered forwarding state IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 IP: [] nla_get_u16 include/net/netlink.h:1012 [inline] IP: [] dsmark_init+0x46/0x170 net/sched/sch_dsmark.c:361 PGD b405c067 PUD b5617067 PMD 0 Oops: 0000 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 5702 Comm: syz-executor.3 Not tainted 4.1.0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8800b544c310 ti: ffff8800b35cc000 task.ti: ffff8800b35cc000 RIP: 0010:[] [] nla_get_u16 include/net/netlink.h:1012 [inline] RIP: 0010:[] [] dsmark_init+0x46/0x170 net/sched/sch_dsmark.c:361 RSP: 0018:ffff8800b35cf9c8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8800b3bbb600 RCX: 0000000000000002 RDX: 0000000000000000 RSI: 0000000000000005 RDI: ffff8800b3bbba34 RBP: ffff8800b35cfa18 R08: ffffffff82a5b4b0 R09: ffff8800b35cf9c8 R10: 0000000000000000 R11: 0000000000000001 R12: ffff8800b7a54000 R13: 00000000fffffff4 R14: ffffffff83421c60 R15: ffff8800b35cfad0 FS: 00007fcecafd8700(0000) GS:ffff88012c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000004 CR3: 0000000128a1b000 CR4: 00000000001407e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 0000000000000000 0000000000000000 ffff8800b3bbba34 0000000000000000 0000000000000000 0000000000000000 ffff8800b3bbb600 ffff8800b7a54000 00000000fffffff4 ffffffff83421c60 ffff8800b35cfa88 ffffffff82130759 Call Trace: [] qdisc_create+0xc9/0x4d0 net/sched/sch_api.c:949 [] tc_modify_qdisc+0x18e/0x660 net/sched/sch_api.c:1301 [] rtnetlink_rcv_msg+0x83/0x230 net/core/rtnetlink.c:3250 [] netlink_rcv_skb+0xa9/0xd0 net/netlink/af_netlink.c:2843 [] rtnetlink_rcv+0x29/0x40 net/core/rtnetlink.c:3256 [] netlink_unicast_kernel net/netlink/af_netlink.c:1763 [inline] [] netlink_unicast+0x1ca/0x2e0 net/netlink/af_netlink.c:1789 [] netlink_sendmsg+0x310/0x3d0 net/netlink/af_netlink.c:2353 [] sock_sendmsg_nosec net/socket.c:613 [inline] [] sock_sendmsg+0x35/0x40 net/socket.c:623 [] ___sys_sendmsg+0x2c3/0x2d0 net/socket.c:1955 [] __sys_sendmsg+0x3d/0x80 net/socket.c:1989 [] SYSC_sendmsg net/socket.c:2000 [inline] [] SyS_sendmsg+0xd/0x20 net/socket.c:1996 [] system_call_fastpath+0x16/0x7a Code: 55 41 54 53 48 89 fb 48 8d 7d b0 48 83 ec 30 0f b7 0e be 05 00 00 00 83 e9 04 e8 c6 85 7c ff 85 c0 0f 88 bc 00 00 00 48 8b 45 b8 <0f> b7 78 04 f3 40 0f b8 c7 83 f8 01 41 89 fc 0f 85 e5 00 00 00 RIP [] nla_get_u16 include/net/netlink.h:1012 [inline] RIP [] dsmark_init+0x46/0x170 net/sched/sch_dsmark.c:361 RSP CR2: 0000000000000004 ---[ end trace 31859ac8c26cdced ]---