syzbot

bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:82:e4:66:85:c5, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P8792/1:b..l
rcu: 	(detected by 1, t=10502 jiffies, g=28137, q=1058 ncpus=1)
task:syz.3.645       state:R  running task     stack:25544 pid:8792  tgid:8789  ppid:5830   task_flags:0x400940 flags:0x00080001
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6929
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7256
 irqentry_exit+0x36/0x90 kernel/entry/common.c:211
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_release+0x183/0x2f0 kernel/locking/lockdep.c:5893
Code: 0f c1 05 38 24 09 12 83 f8 01 0f 85 1d 01 00 00 9c 58 f6 c4 02 0f 85 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 4d e2 08 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41
RSP: 0018:ffffc90003906c00 EFLAGS: 00000206
RAX: b746235f4fff0e00 RBX: ffffffff8e3c45e0 RCX: ffffc90003906c0c
RDX: 0000000000000001 RSI: ffffffff8da03905 RDI: ffffffff8bf078c0
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff822fc23c
R13: 0000000000000206 R14: ffff88802761bc80 R15: 0000000000000002
 rcu_lock_release include/linux/rcupdate.h:341 [inline]
 rcu_read_unlock include/linux/rcupdate.h:897 [inline]
 __page_table_check_zero+0x341/0x5d0 mm/page_table_check.c:145
 page_table_check_free include/linux/page_table_check.h:43 [inline]
 free_pages_prepare mm/page_alloc.c:1395 [inline]
 free_unref_folios+0xa4f/0x1610 mm/page_alloc.c:2958
 shrink_folio_list+0x35c7/0x4800 mm/vmscan.c:1569
 reclaim_folio_list+0xda/0x5d0 mm/vmscan.c:2233
 reclaim_pages+0x3ec/0x570 mm/vmscan.c:2270
 madvise_cold_or_pageout_pte_range+0x14d1/0x20d0 mm/madvise.c:446
 walk_pmd_range mm/pagewalk.c:130 [inline]
 walk_pud_range mm/pagewalk.c:224 [inline]
 walk_p4d_range mm/pagewalk.c:262 [inline]
 walk_pgd_range+0xc05/0x1f50 mm/pagewalk.c:303
 __walk_page_range+0x163/0x820 mm/pagewalk.c:410
 walk_page_range_vma+0x2c7/0xa20 mm/pagewalk.c:717
 madvise_pageout_page_range mm/madvise.c:624 [inline]
 madvise_pageout+0x257/0x540 mm/madvise.c:649
 madvise_vma_behavior+0xb14/0x2d50 mm/madvise.c:1352
 madvise_walk_vmas+0x31f/0x9c0 mm/madvise.c:1669
 madvise_do_behavior+0x1e2/0x530 mm/madvise.c:1885
 do_madvise+0x176/0x240 mm/madvise.c:1978
 __do_sys_madvise mm/madvise.c:1987 [inline]
 __se_sys_madvise mm/madvise.c:1985 [inline]
 __x64_sys_madvise+0xa9/0x110 mm/madvise.c:1985
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8c2738f749
RSP: 002b:00007f8c28268038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007f8c275e6090 RCX: 00007f8c2738f749
RDX: 0000000000000015 RSI: 00000000002003f0 RDI: 0000000000000000
RBP: 00007f8c27413f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8c275e6128 R14: 00007f8c275e6090 R15: 00007ffeb3117068
 </TASK>
rcu: rcu_preempt kthread starved for 292 jiffies! g28137 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28136 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6929
 __schedule_loop kernel/sched/core.c:7011 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7026
 schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1ea/0xaf0 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x26d/0x380 kernel/rcu/tree.c:2285
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 3409 Comm: kworker/R-bat_e Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: bat_events batadv_tt_purge
RIP: 0010:console_flush_all+0x9a2/0xc60 kernel/printk/printk.c:3200
Code: 00 e8 a2 2f 29 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 50 2a 21 00 48 85 db 0f 85 55 01 00 00 e8 d2 2e 21 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 e7 db 88
RSP: 0018:ffffc90000a08038 EFLAGS: 00000246
RAX: ffffffff8f060e38 RBX: 0000000000000000 RCX: ffffffff819b28a0
RDX: ffff888030b3bc80 RSI: ffffffff819b28ae RDI: 0000000000000007
RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8f060e38
R13: ffffffff8f060de0 R14: ffffc90000a080c8 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888124b0d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb8461156c0 CR3: 00000000312a4000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __console_flush_and_unlock kernel/printk/printk.c:3258 [inline]
 console_unlock+0xd8/0x210 kernel/printk/printk.c:3298
 vprintk_emit+0x3d7/0x680 kernel/printk/printk.c:2423
 _printk+0xc7/0x100 kernel/printk/printk.c:2448
 br_fdb_update+0x4ad/0x7c0 net/bridge/br_fdb.c:999
 br_handle_frame_finish+0xdf1/0x1f00 net/bridge/br_input.c:144
 br_nf_hook_thresh+0x307/0x410 net/bridge/br_netfilter_hooks.c:1167
 br_nf_pre_routing_finish_ipv6+0x76a/0xfc0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x3cd/0x8c0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0xb28/0x14e0 net/bridge/br_input.c:442
 __netif_receive_skb_core.constprop.0+0xa25/0x4bd0 net/core/dev.c:5966
 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6077
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6192
 process_backlog+0x439/0x15e0 net/core/dev.c:6544
 __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7594
 napi_poll net/core/dev.c:7657 [inline]
 net_rx_action+0x97f/0xef0 net/core/dev.c:7784
 handle_softirqs+0x219/0x8e0 kernel/softirq.c:622
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0xb2/0xf0 kernel/softirq.c:510
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_tt_global_purge net/batman-adv/translation-table.c:2250 [inline]
 batadv_tt_purge+0x25f/0xb80 net/batman-adv/translation-table.c:3510
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
 process_scheduled_works kernel/workqueue.c:3346 [inline]
 rescuer_thread+0x620/0xea0 kernel/workqueue.c:3523
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
net_ratelimit: 5331 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:82:e4:66:85:c5, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:82:e4:66:85:c5, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 6331 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:82:e4:66:85:c5, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:82:e4:66:85:c5, vlan:0)