syzbot

bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:3d:fa:2c:fc:06, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P6370/1:b..l
rcu: 	(detected by 0, t=10503 jiffies, g=11197, q=530 ncpus=2)
task:syz.2.104       state:R  running task     stack:26480 pid:6370  tgid:6362  ppid:5823   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5328 [inline]
 __schedule+0xe55/0x5740 kernel/sched/core.c:6693
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7015
 irqentry_exit+0x36/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:stack_trace_consume_entry+0x73/0x170 kernel/stacktrace.c:89
Code: 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e ad 00 00 00 31 c0 3b 6b 08 0f 83 81 00 00 00 48 8d 7b 0c 48 b8 00 00 00 00 00 fc ff df <48> 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0
RSP: 0018:ffffc9000bb9f720 EFLAGS: 00000287
RAX: dffffc0000000000 RBX: ffffc9000bb9f800 RCX: 0000000000000000
RDX: 1ffff92001773f01 RSI: ffffffff814fdf3d RDI: ffffc9000bb9f80c
RBP: 0000000000000006 R08: ffffc9000bb9f774 R09: ffffffff90f29a14
R10: ffffc9000bb9f740 R11: 0000000000005876 R12: ffffffff817946d0
R13: ffffc9000bb9f800 R14: 0000000000000000 R15: ffff88802777c880
 arch_stack_walk+0x86/0x100 arch/x86/kernel/stacktrace.c:27
 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122
 save_stack+0x162/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x8d/0x400 mm/page_owner.c:297
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0x661/0x1080 mm/page_alloc.c:2657
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 kcov_put kernel/kcov.c:439 [inline]
 kcov_put+0x2a/0x40 kernel/kcov.c:435
 kcov_close+0xd/0x20 kernel/kcov.c:535
 __fput+0x3f6/0xb60 fs/file_table.c:431
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0xadd/0x2d70 kernel/exit.c:939
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 get_signal+0x25fb/0x2770 kernel/signal.c:2918
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5269f7e759
RSP: 002b:00007f526adff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffe7 RBX: 00007f526a136058 RCX: 00007f5269f7e759
RDX: 0000000000000000 RSI: 000000008004f50c RDI: 0000000000000006
RBP: 00007f5269ff175e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f526a136058 R15: 00007ffddbfb0758
 </TASK>
rcu: rcu_preempt kthread starved for 9688 jiffies! g11197 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27120 pid:17    tgid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5328 [inline]
 __schedule+0xe55/0x5740 kernel/sched/core.c:6693
 __schedule_loop kernel/sched/core.c:6770 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6785
 schedule_timeout+0x136/0x2a0 kernel/time/timer.c:2615
 rcu_gp_fqs_loop+0x1eb/0xb00 kernel/rcu/tree.c:2045
 rcu_gp_kthread+0x271/0x380 kernel/rcu/tree.c:2247
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 966 Comm: kworker/0:2 Not tainted 6.12.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker
RIP: 0010:jhash2 include/linux/jhash.h:136 [inline]
RIP: 0010:hash_stack lib/stackdepot.c:514 [inline]
RIP: 0010:stack_depot_save_flags+0x1c5/0x8f0 lib/stackdepot.c:614
Code: 00 00 65 ff 0d 04 b6 43 7b 0f 84 db 01 00 00 48 85 c9 74 2f 8b 41 18 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc <03> 42 08 03 7a 04 e9 07 ff ff ff 65 ff 0d d1 b5 43 7b 75 05 e8 72
RSP: 0018:ffffc90000007008 EFLAGS: 00000246
RAX: 0000000043982150 RBX: 000000009989c69b RCX: 0000000000000003
RDX: ffffc9000000714c RSI: 0000000087d3c635 RDI: 00000000f5ce8511
RBP: 0000000000000001 R08: ffffffff90eb488a R09: 00000000a442b4d9
R10: ffffc90000006f38 R11: 0000000000000052 R12: 0000000000000820
R13: ffffc90000007068 R14: 000000000000001e R15: 000000000000001e
FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b03d4d2718 CR3: 000000007fc8e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 kasan_save_stack+0x42/0x60 mm/kasan/common.c:48
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:319 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:345
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 skb_clone+0x190/0x3f0 net/core/skbuff.c:2084
 deliver_clone+0x3f/0xa0 net/bridge/br_forward.c:125
 maybe_deliver+0xa7/0x120 net/bridge/br_forward.c:190
 br_flood+0x17e/0x5c0 net/bridge/br_forward.c:236
 br_handle_frame_finish+0xda5/0x1c80 net/bridge/br_input.c:215
 br_nf_hook_thresh+0x303/0x410 net/bridge/br_netfilter_hooks.c:1195
 br_nf_pre_routing_finish_ipv6+0x76a/0xfb0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_nf_pre_routing_ipv6+0x3ce/0x8c0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:533
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x9eb/0x1490 net/bridge/br_input.c:424
 __netif_receive_skb_core.constprop.0+0xa3d/0x4330 net/core/dev.c:5564
 __netif_receive_skb_one_core+0xb1/0x1e0 net/core/dev.c:5668
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5783
 process_backlog+0x443/0x15f0 net/core/dev.c:6115
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6779
 napi_poll net/core/dev.c:6848 [inline]
 net_rx_action+0xa92/0x1010 net/core/dev.c:6970
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 do_softirq kernel/softirq.c:455 [inline]
 do_softirq+0xb2/0xf0 kernel/softirq.c:442
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:382
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 wg_receive_handshake_packet+0x36c/0xbf0 drivers/net/wireguard/receive.c:199
 wg_packet_handshake_receive_worker+0x17f/0x3a0 drivers/net/wireguard/receive.c:213
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
net_ratelimit: 22578 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:3d:fa:2c:fc:06, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:3d:fa:2c:fc:06, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 28113 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:3d:fa:2c:fc:06, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:3d:fa:2c:fc:06, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8a:3d:fa:2c:fc:06, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)