syzbot

bridge0: received packet on 
 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P11607/1:b..l P5813/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=65257, q=907 ncpus=2)
task:syz-executor    state:R  running task     stack:24096 pid:5813  tgid:5813  ppid:5806   task_flags:0x40050c flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0x1585/0x5340 kernel/sched/core.c:6907
 preempt_schedule_common+0x82/0xd0 kernel/sched/core.c:7091
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:169 [inline]
 _raw_spin_unlock+0x3f/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:389 [inline]
 zap_pte_range mm/memory.c:1946 [inline]
 zap_pmd_range mm/memory.c:2008 [inline]
 zap_pud_range mm/memory.c:2036 [inline]
 zap_p4d_range mm/memory.c:2057 [inline]
 unmap_page_range+0x3b71/0x48f0 mm/memory.c:2078
 unmap_single_vma mm/memory.c:2120 [inline]
 unmap_vmas+0x3c0/0x5c0 mm/memory.c:2162
 exit_mmap+0x261/0xdb0 mm/mmap.c:1277
 __mmput+0x118/0x430 kernel/fork.c:1174
 exit_mm+0x168/0x220 kernel/exit.c:581
 do_exit+0x62e/0x2310 kernel/exit.c:959
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1112
 get_signal+0x1284/0x1330 kernel/signal.c:3034
 arch_do_signal_or_restart+0xbc/0x830 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop+0x86/0x480 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
 do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fad0df5c84e
RSP: 002b:00007fff9e34bb78 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
RAX: fffffffffffffe00 RBX: 0000555587d57500 RCX: 00007fad0df5c84e
RDX: 0000000040000000 RSI: 00007fff9e34bbec RDI: ffffffffffffffff
RBP: 00007fff9e34bbec R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
R13: 0000000000000003 R14: 00007fff9e34be48 R15: 0000000000000000
 </TASK>
task:dhcpcd-run-hook state:R  running task     stack:23520 pid:11607 tgid:11607 ppid:5488   task_flags:0x400000 flags:0x00080800
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0x1585/0x5340 kernel/sched/core.c:6907
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7234
 irqentry_exit+0x599/0x620 kernel/entry/common.c:239
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_acquire+0x20b/0x2e0 kernel/locking/lockdep.c:5872
Code: e9 30 ff ff ff e8 a5 5e 0a 0a f7 c3 00 02 00 00 0f 84 38 ff ff ff 65 48 8b 05 21 9c 79 11 48 3b 44 24 30 75 33 fb 48 83 c4 38 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 06 45 0d 0a cc 48 8d 3d 1e 2c 73
RSP: 0018:ffffc9000e3175f8 EFLAGS: 00000282
RAX: 45deb84e9675bd00 RBX: 0000000000000246 RCX: 0000000000000046
RDX: 00000000a1697acb RSI: ffffffff8e15c4cf RDI: ffffffff8c279800
RBP: 0000000000000000 R08: ffffffff81767a45 R09: ffffffff8e7603e0
R10: ffffc9000e317768 R11: fffff52001c62ef9 R12: 0000000000000002
R13: ffffffff8e7603e0 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 rcu_read_lock include/linux/rcupdate.h:850 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1193 [inline]
 unwind_next_frame+0xc2/0x23c0 arch/x86/kernel/unwind_orc.c:495
 __unwind_start+0x5b8/0x760 arch/x86/kernel/unwind_orc.c:773
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0xe3/0x150 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 save_stack+0x122/0x230 mm/page_owner.c:165
 __reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1432 [inline]
 __free_frozen_pages+0xc00/0xd90 mm/page_alloc.c:2977
 __slab_free+0x263/0x2b0 mm/slub.c:5490
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x97/0x100 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4459 [inline]
 slab_alloc_node mm/slub.c:4788 [inline]
 kmem_cache_alloc_noprof+0x2bc/0x650 mm/slub.c:4795
 alloc_empty_file+0x55/0x1d0 fs/file_table.c:237
 alloc_file fs/file_table.c:355 [inline]
 alloc_file_pseudo+0x155/0x240 fs/file_table.c:384
 create_pipe_files+0x32a/0x7e0 fs/pipe.c:944
 __do_pipe_flags+0x46/0x1f0 fs/pipe.c:990
 do_pipe2+0xaa/0x190 fs/pipe.c:1038
 __do_sys_pipe2 fs/pipe.c:1056 [inline]
 __se_sys_pipe2 fs/pipe.c:1054 [inline]
 __x64_sys_pipe2+0x5a/0x70 fs/pipe.c:1054
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f55820f1ec9
RSP: 002b:00007ffce8587488 EFLAGS: 00000246 ORIG_RAX: 0000000000000125
RAX: ffffffffffffffda RBX: 0000556ab1e15b88 RCX: 00007f55820f1ec9
RDX: 0000556ab1e07c30 RSI: 0000000000000000 RDI: 00007ffce85874f0
RBP: 0000556ab1e07c30 R08: 0000000000000000 R09: 0000000000000040
R10: 0000000000000060 R11: 0000000000000246 R12: 0000000000000084
R13: 0000556ab1e07c30 R14: 0000000000000024 R15: 0000000000000000
 </TASK>
rcu: rcu_preempt kthread starved for 3510 jiffies! g65257 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28128 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0x1585/0x5340 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7004
 schedule_timeout+0x158/0x2c0 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x312/0x11d0 kernel/rcu/tree.c:2095
 rcu_gp_kthread+0x9e/0x2b0 kernel/rcu/tree.c:2297
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 5824 Comm: kworker/u9:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: krxrpcd rxrpc_peer_keepalive_worker
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210
Code: 89 fb e8 23 00 00 00 48 8b 3d d4 c7 54 0c 48 89 de 5b e9 93 58 5e 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0d f8 87 55 11 65 8b 15 19 88 55
RSP: 0018:ffffc90000a07810 EFLAGS: 00000202
RAX: ffffffff8a544191 RBX: ffff888057731000 RCX: 0000000000000100
RDX: ffff88807c368000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffc90000a07b40 R09: ffffc90000a07b50
R10: ffffc90000a079a0 R11: fffff52000140f36 R12: 0000000000000003
R13: ffff88802d7ee4c8 R14: dffffc0000000000 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff88812556f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f91e473eccc CR3: 000000007c690000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __in6_dev_get include/net/addrconf.h:347 [inline]
 ip6_ignore_linkdown+0x7a/0x140 include/net/addrconf.h:448
 find_match+0x9c/0xb40 net/ipv6/route.c:780
 __find_rr_leaf+0x248/0x760 net/ipv6/route.c:868
 find_rr_leaf net/ipv6/route.c:889 [inline]
 rt6_select net/ipv6/route.c:933 [inline]
 fib6_table_lookup+0x3b4/0xa80 net/ipv6/route.c:2246
 ip6_pol_route+0x228/0x13d0 net/ipv6/route.c:2282
 pol_lookup_func include/net/ip6_fib.h:617 [inline]
 fib6_rule_lookup+0x556/0x730 net/ipv6/fib6_rules.c:120
 ip6_route_input_lookup net/ipv6/route.c:2351 [inline]
 ip6_route_input+0x730/0xad0 net/ipv6/route.c:2654
 ip6_rcv_finish+0x141/0x2e0 net/ipv6/ip6_input.c:77
 ip_sabotage_in+0x1e1/0x270 net/bridge/br_netfilter_hooks.c:990
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK+0x21f/0x3c0 include/linux/netfilter.h:316
 __netif_receive_skb_one_core net/core/dev.c:6149 [inline]
 __netif_receive_skb net/core/dev.c:6262 [inline]
 netif_receive_skb_internal net/core/dev.c:6348 [inline]
 netif_receive_skb+0x278/0xc50 net/core/dev.c:6407
 NF_HOOK+0xa4/0x3a0 include/linux/netfilter.h:319
 br_handle_frame_finish+0x14b2/0x1b40 net/bridge/br_input.c:-1
 br_nf_hook_thresh+0x3dd/0x4c0 net/bridge/br_netfilter_hooks.c:-1
 br_nf_pre_routing_finish_ipv6+0xa3a/0xd70 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x374/0x6f0 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x1277/0x1510 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x98f/0x31a0 net/core/dev.c:6036
 __netif_receive_skb_one_core net/core/dev.c:6147 [inline]
 __netif_receive_skb net/core/dev.c:6262 [inline]
 process_backlog+0x76d/0x1950 net/core/dev.c:6614
 __napi_poll+0xae/0x340 net/core/dev.c:7678
 napi_poll net/core/dev.c:7741 [inline]
 net_rx_action+0x627/0xf70 net/core/dev.c:7893
 handle_softirqs+0x22a/0x870 kernel/softirq.c:622
 do_softirq+0x76/0xd0 kernel/softirq.c:523
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:395 [inline]
 rxrpc_peer_keepalive_worker+0x462/0xe60 net/rxrpc/peer_event.c:352
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0xb02/0x1830 kernel/workqueue.c:3358
 worker_thread+0xa50/0xfc0 kernel/workqueue.c:3439
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
net_ratelimit: 14293 callbacks suppressed
bridge0: received packet on 
 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:e6:9a:14:29:a2:93, vlan:0)
bridge0: received packet on 
 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:e6:9a:14:29:a2:93, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:e6:9a:14:29:a2:93, vlan:0)
bridge0: received packet on 
 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:e6:9a:14:29:a2:93, vlan:0)
bridge0: received packet on 
 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:e6:9a:14:29:a2:93, vlan:0)
net_ratelimit: 21095 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:e6:9a:14:29:a2:93, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:e6:9a:14:29:a2:93, vlan:0)
bridge0: received packet on 
 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:e6:9a:14:29:a2:93, vlan:0)
bridge0: received packet on 
 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:e6:9a:14:29:a2:93, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:e6:9a:14:29:a2:93, vlan:0)
bridge0: received packet on 
 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)