syzbot

 sign-in | mailing list | source | docs
🐞 Open [451]
🐞 Fixed [23]
🐞 Invalid [216]
Missing Backports [17]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in br_handle_frame

Status: upstream: reported on 2025/11/21 04:49
Reported-by: syzbot+a0b26fcabafa4609b88c@syzkaller.appspotmail.com
First crash: 150d, last: 4d10h
Similar bugs (15)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in br_handle_frame (5) bridge 1 syz 24 526d 555d 28/29 fixed on 2024/11/12 23:31
linux-4.14 INFO: rcu detected stall in br_handle_frame (3) 1 1 2027d 2027d 0/1 auto-closed as invalid on 2021/01/28 07:46
upstream INFO: rcu detected stall in br_handle_frame 1 C done 341 2408d 2413d 13/29 fixed on 2019/10/09 10:54
upstream INFO: rcu detected stall in br_handle_frame (2) net 1 C done 2 2312d 2308d 15/29 fixed on 2020/02/18 14:31
upstream INFO: rcu detected stall in br_handle_frame (3) bridge 1 1 1737d 1737d 0/29 auto-closed as invalid on 2021/10/15 13:41
linux-4.14 INFO: rcu detected stall in br_handle_frame (2) 1 C done 1 2313d 2313d 1/1 fixed on 2020/01/19 15:05
linux-4.14 INFO: rcu detected stall in br_handle_frame 1 C done 15 2405d 2417d 1/1 fixed on 2019/12/07 19:24
linux-4.19 INFO: rcu detected stall in br_handle_frame (2) 1 C error 31 1172d 2013d 0/1 upstream: reported C repro on 2020/10/14 18:56
linux-4.19 INFO: rcu detected stall in br_handle_frame 1 C done 41 2405d 2417d 1/1 fixed on 2019/12/07 19:18
linux-6.1 INFO: rcu detected stall in br_handle_frame (2) 1 5 9d00h 195d 0/3 upstream: reported on 2025/10/06 18:18
linux-5.15 INFO: rcu detected stall in br_handle_frame 1 C inconclusive 3 151d 801d 0/3 upstream: reported C repro on 2024/02/08 13:52
upstream INFO: rcu detected stall in br_handle_frame (6) bridge 1 C error error 62 30d 96d 0/29 upstream: reported C repro on 2026/01/13 18:06
linux-6.1 INFO: rcu detected stall in br_handle_frame 1 2 601d 683d 0/3 auto-obsoleted due to no activity on 2024/12/04 21:21
upstream INFO: rcu detected stall in br_handle_frame (4) kernel 1 1 1576d 1576d 0/29 closed as invalid on 2022/02/08 10:10
android-5-15 BUG: soft lockup in br_handle_frame 1 2 610d 615d 0/2 auto-obsoleted due to no activity on 2024/11/16 05:31

Sample crash report:
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5760/1:b..l P5127/1:b..l P6243/1:b..l
rcu: 	(detected by 1, t=10503 jiffies, g=10389, q=498 ncpus=2)
task:syz.3.125       state:R  running task     stack:26568 pid:6243  ppid:5770   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x1553/0x45a0 kernel/sched/core.c:6700
 preempt_schedule_common+0x82/0xc0 kernel/sched/core.c:6867
 preempt_schedule+0xc0/0xd0 kernel/sched/core.c:6891
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:45
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3a/0x40 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 zap_pte_range mm/memory.c:1523 [inline]
 zap_pmd_range mm/memory.c:1571 [inline]
 zap_pud_range mm/memory.c:1600 [inline]
 zap_p4d_range mm/memory.c:1621 [inline]
 unmap_page_range+0x2315/0x3000 mm/memory.c:1642
 unmap_vmas+0x286/0x3f0 mm/memory.c:1732
 exit_mmap+0x238/0xb90 mm/mmap.c:3302
 __mmput+0x118/0x3c0 kernel/fork.c:1356
 exit_mm+0x1f2/0x2c0 kernel/exit.c:569
 do_exit+0x8dd/0x2460 kernel/exit.c:870
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024
 get_signal+0x12fc/0x13f0 kernel/signal.c:2902
 arch_do_signal_or_restart+0xc2/0x800 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xa0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fde3399c819
RSP: 002b:00007fde347d60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fde33c15fa8 RCX: 00007fde3399c819
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fde33c15fa8
RBP: 00007fde33c15fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fde33c16038 R14: 00007fff5e491690 R15: 00007fff5e491778
 </TASK>
task:klogd           state:R  running task     stack:23280 pid:5127  ppid:1      flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x1553/0x45a0 kernel/sched/core.c:6700
 preempt_schedule_common+0x82/0xc0 kernel/sched/core.c:6867
 preempt_schedule+0xc0/0xd0 kernel/sched/core.c:6891
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:45
 unwind_next_frame+0x200f/0x2970 arch/x86/kernel/unwind_orc.c:672
 arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xaa/0x100 kernel/stacktrace.c:122
 save_stack+0x125/0x230 mm/page_owner.c:128
 __reset_page_owner+0x4e/0x190 mm/page_owner.c:149
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1181 [inline]
 free_unref_page_prepare+0x7b2/0x8c0 mm/page_alloc.c:2365
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2458
 discard_slab mm/slub.c:2127 [inline]
 __unfreeze_partials+0x1cf/0x210 mm/slub.c:2667
 put_cpu_partial+0x17c/0x250 mm/slub.c:2743
 __slab_free+0x319/0x400 mm/slub.c:3700
 qlink_free mm/kasan/quarantine.c:166 [inline]
 qlist_free_all+0x75/0xd0 mm/kasan/quarantine.c:185
 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:306
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x6e/0x4b0 mm/slab.h:767
 slab_alloc_node mm/slub.c:3495 [inline]
 kmem_cache_alloc_node+0x14c/0x320 mm/slub.c:3540
 __alloc_skb+0x103/0x2c0 net/core/skbuff.c:643
 alloc_skb include/linux/skbuff.h:1316 [inline]
 alloc_skb_with_frags+0xca/0x7b0 net/core/skbuff.c:6334
 sock_alloc_send_pskb+0x883/0x9a0 net/core/sock.c:2821
 unix_dgram_sendmsg+0x5a2/0x16d0 net/unix/af_unix.c:2001
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 __sys_sendto+0x4a9/0x6b0 net/socket.c:2200
 __do_sys_sendto net/socket.c:2212 [inline]
 __se_sys_sendto net/socket.c:2208 [inline]
 __x64_sys_sendto+0xde/0xf0 net/socket.c:2208
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f91faaa9407
RSP: 002b:00007ffe34383120 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f91fa959c80 RCX: 00007f91faaa9407
RDX: 00000000000000a1 RSI: 00007ffe34383260 RDI: 0000000000000003
RBP: 00007ffe34383690 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000004000 R11: 0000000000000202 R12: 00007ffe343836a8
R13: 00007ffe34383260 R14: 0000000000000086 R15: 00007ffe34383260
 </TASK>
task:syz-executor    state:R  running task     stack:24232 pid:5760  ppid:5751   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x1553/0x45a0 kernel/sched/core.c:6700
 preempt_schedule_common+0x82/0xc0 kernel/sched/core.c:6867
 preempt_schedule+0xc0/0xd0 kernel/sched/core.c:6891
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:45
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3a/0x40 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 zap_pte_range mm/memory.c:1523 [inline]
 zap_pmd_range mm/memory.c:1571 [inline]
 zap_pud_range mm/memory.c:1600 [inline]
 zap_p4d_range mm/memory.c:1621 [inline]
 unmap_page_range+0x2315/0x3000 mm/memory.c:1642
 unmap_vmas+0x286/0x3f0 mm/memory.c:1732
 exit_mmap+0x238/0xb90 mm/mmap.c:3302
 __mmput+0x118/0x3c0 kernel/fork.c:1356
 exit_mm+0x1f2/0x2c0 kernel/exit.c:569
 do_exit+0x8dd/0x2460 kernel/exit.c:870
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024
 get_signal+0x12fc/0x13f0 kernel/signal.c:2902
 arch_do_signal_or_restart+0xc2/0x800 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xa0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f757bf57997
RSP: 002b:00007ffc04fc6b20 EFLAGS: 00000202 ORIG_RAX: 000000000000003d
RAX: fffffffffffffe00 RBX: 0000555569325500 RCX: 00007f757bf57997
RDX: 0000000040000000 RSI: 00007ffc04fc6b7c RDI: ffffffffffffffff
RBP: 00007ffc04fc6b7c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
R13: 0000000000000003 R14: 00007ffc04fc6dd8 R15: 0000000000000000
 </TASK>
rcu: rcu_preempt kthread starved for 1795 jiffies! g10389 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:26024 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x1553/0x45a0 kernel/sched/core.c:6700
 schedule+0xbd/0x170 kernel/sched/core.c:6774
 schedule_timeout+0x188/0x2d0 kernel/time/timer.c:2168
 rcu_gp_fqs_loop+0x313/0x1590 kernel/rcu/tree.c:1667
 rcu_gp_kthread+0x9d/0x3b0 kernel/rcu/tree.c:1866
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 6241 Comm: syz.0.124 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:mark_lock+0xa/0x320 kernel/locking/lockdep.c:4639
Code: 8e e8 0a 71 76 00 4c 89 f7 41 89 d9 e9 79 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 <50> 89 d5 49 89 f6 48 89 fb 49 bd 00 00 00 00 00 fc ff df 83 fa 08
RSP: 0018:ffffc90000005bc8 EFLAGS: 00000046
RAX: 00000000000c6001 RBX: 0000000000000007 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff888023e2c7f8 RDI: ffff888023e2bc00
RBP: ffffc90000005e48 R08: dffffc0000000000 R09: 1ffffffff2238aa1
R10: dffffc0000000000 R11: fffffbfff2238aa2 R12: 0000000000000002
R13: ffff888023e2bc00 R14: 0000000000000000 R15: ffff888023e2c818
FS:  00007f963bdf66c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000004 CR3: 000000005c63d000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 mark_usage kernel/locking/lockdep.c:4564 [inline]
 __lock_acquire+0xcc9/0x7d40 kernel/locking/lockdep.c:5091
 lock_acquire+0x19e/0x420 kernel/locking/lockdep.c:5754
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xb4/0x100 kernel/locking/spinlock.c:162
 debug_object_deactivate+0x67/0x390 lib/debugobjects.c:764
 debug_hrtimer_deactivate kernel/time/hrtimer.c:455 [inline]
 __run_hrtimer kernel/time/hrtimer.c:1718 [inline]
 __hrtimer_run_queues+0x2cb/0xc40 kernel/time/hrtimer.c:1814
 hrtimer_interrupt+0x3c9/0x9c0 kernel/time/hrtimer.c:1876
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1077 [inline]
 __sysvec_apic_timer_interrupt+0xfb/0x3b0 arch/x86/kernel/apic/apic.c:1094
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0x51/0xc0 arch/x86/kernel/apic/apic.c:1088
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:seqcount_lockdep_reader_access+0x19a/0x1d0 include/linux/seqlock.h:105
Code: 00 4d 85 e4 75 16 e8 95 c6 0f 00 eb 15 e8 8e c6 0f 00 e8 69 ff 0e 09 4d 85 e4 74 ea e8 7f c6 0f 00 fb 48 c7 04 24 0e 36 e0 45 <4b> c7 04 3e 00 00 00 00 43 c7 44 3e 08 00 00 00 00 65 48 8b 04 25
RSP: 0018:ffffc90000006420 EFLAGS: 00000246
RAX: ffffffff81775b81 RBX: 0000000000000000 RCX: ffff888023e2bc00
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900000064d8 R08: ffffffff911c5537 R09: 1ffffffff2238aa6
R10: dffffc0000000000 R11: fffffbfff2238aa7 R12: 0000000000000200
R13: 1ffff92000000cac R14: 1ffff92000000c84 R15: dffffc0000000000
 ktime_get_with_offset+0x94/0x330 kernel/time/timekeeping.c:889
 ktime_get_real include/linux/timekeeping.h:79 [inline]
 netif_rx_internal+0x344/0x4e0 net/core/dev.c:5153
 __netif_rx+0x78/0xc0 net/core/dev.c:5196
 veth_forward_skb drivers/net/veth.c:325 [inline]
 veth_xmit+0x550/0x9f0 drivers/net/veth.c:378
 __netdev_start_xmit include/linux/netdevice.h:4943 [inline]
 netdev_start_xmit include/linux/netdevice.h:4957 [inline]
 xmit_one net/core/dev.c:3644 [inline]
 dev_hard_start_xmit+0x246/0x740 net/core/dev.c:3660
 __dev_queue_xmit+0x19a3/0x3660 net/core/dev.c:4454
 dev_queue_xmit include/linux/netdevice.h:3113 [inline]
 br_dev_queue_push_xmit+0x6b3/0x870 net/bridge/br_forward.c:53
 NF_HOOK+0x66e/0x700 include/linux/netfilter.h:304
 br_nf_post_routing+0xb41/0xfb0 net/bridge/br_netfilter_hooks.c:977
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:259 [inline]
 NF_HOOK+0x23e/0x3e0 include/linux/netfilter.h:302
 br_forward_finish+0xd3/0x130 net/bridge/br_forward.c:66
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:1184 [inline]
 br_nf_forward_finish+0xa51/0xe80 net/bridge/br_netfilter_hooks.c:684
 NF_HOOK+0x66e/0x700 include/linux/netfilter.h:304
 br_nf_forward_ip+0xcc1/0x1110 net/bridge/br_netfilter_hooks.c:754
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:259 [inline]
 NF_HOOK+0x23e/0x3e0 include/linux/netfilter.h:302
 __br_forward+0x433/0x610 net/bridge/br_forward.c:115
 br_handle_frame_finish+0x13c5/0x18f0 net/bridge/br_input.c:215
 br_nf_hook_thresh+0x3cd/0x4a0 net/bridge/br_netfilter_hooks.c:1184
 br_nf_pre_routing_finish_ipv6+0x9dc/0xd00 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:304 [inline]
 br_nf_pre_routing_ipv6+0x349/0x6b0 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x1245/0x14d0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xfab/0x3af0 net/core/dev.c:5540
 __netif_receive_skb_one_core net/core/dev.c:5644 [inline]
 __netif_receive_skb+0x74/0x290 net/core/dev.c:5760
 process_backlog+0x391/0x6f0 net/core/dev.c:6088
 __napi_poll+0xc0/0x460 net/core/dev.c:6650
 napi_poll net/core/dev.c:6717 [inline]
 net_rx_action+0x616/0xc40 net/core/dev.c:6853
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:finish_task_switch+0x26a/0x8f0 kernel/sched/core.c:5255
Code: 0f 84 33 01 00 00 48 85 db 0f 85 52 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 00 99 32 09 e8 9b 29 30 00 fb 4c 8b 65 c0 <49> 8d bc 24 f8 15 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
RSP: 0018:ffffc9000c6d7718 EFLAGS: 00000286
RAX: 66e2586b4d5fba00 RBX: 0000000000000000 RCX: 66e2586b4d5fba00
RDX: dffffc0000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8e60
RBP: ffffc9000c6d7770 R08: ffffffff911c5537 R09: 1ffffffff2238aa6
R10: dffffc0000000000 R11: fffffbfff2238aa7 R12: ffff888023e2bc00
R13: dffffc0000000000 R14: ffff8880306a1e00 R15: ffff8880b8e3cac8
 context_switch kernel/sched/core.c:5384 [inline]
 __schedule+0x155b/0x45a0 kernel/sched/core.c:6700
 preempt_schedule_irq+0xbf/0x150 kernel/sched/core.c:7010
 irqentry_exit+0x67/0x70 kernel/entry/common.c:438
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:find_vma+0x0/0x1b0 mm/mmap.c:1884
Code: 03 38 c1 0f 8c 23 ff ff ff 48 89 df e8 69 c8 11 00 e9 16 ff ff ff e8 df 90 b9 ff 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <f3> 0f 1e fa 55 48 89 e5 41 57 41 56 41 54 53 48 83 e4 e0 48 83 ec
RSP: 0018:ffffc9000c6d7b08 EFLAGS: 00010202
RAX: ffffffff81cb06dc RBX: ffff8880216a4c00 RCX: ffff888023e2bc00
RDX: 0000000000000003 RSI: 0000000000000004 RDI: ffff8880216a4c00
RBP: 0000000000000000 R08: 000000000000019c R09: 0000000000400000
R10: 0000000000003388 R11: ffffed10042d49a8 R12: ffffc9000c6d7cb8
R13: dffffc0000000000 R14: 0000000000000004 R15: ffffc9000c6d7c38
 lock_mm_and_find_vma+0x5f/0x2f0 mm/memory.c:5443
 do_user_addr_fault+0x36c/0x12c0 arch/x86/mm/fault.c:1343
 handle_page_fault arch/x86/mm/fault.c:1463 [inline]
 exc_page_fault+0x64/0x100 arch/x86/mm/fault.c:1516
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:608
RIP: 0010:__get_user_4+0x11/0x20 arch/x86/lib/getuser.S:81
Code: 48 c1 fa 3f 48 09 d0 0f 01 cb 0f b7 10 31 c0 0f 01 ca c3 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2
RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00050202
RAX: 0000000000000004 RBX: ffffc9000c6d7de0 RCX: 66e2586b4d5fba00
RDX: 0000000000000000 RSI: ffffffff8acadb60 RDI: ffffffff8b1c8e60
RBP: ffffc9000c6d7f10 R08: ffffffff8e8b14ef R09: 1ffffffff1d1629d
R10: dffffc0000000000 R11: fffffbfff1d1629e R12: 0000000000000000
R13: 0000000000000004 R14: ffffc9000c6d7de0 R15: 0000000000000000
 perf_copy_attr+0x45/0x840 kernel/events/core.c:12321
 __do_sys_perf_event_open kernel/events/core.c:12632 [inline]
 __se_sys_perf_event_open+0x11b/0x1c50 kernel/events/core.c:12609
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f963db9c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f963bdf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f963de16090 RCX: 00007f963db9c819
RDX: fffeffffffffffff RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f963dc32c91 R08: 0000000000000003 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007f963de16128 R14: 00007f963de16090 R15: 00007ffe9f55efe8
 </TASK>
net_ratelimit: 3095 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:72:51:a8:5a:21:30, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:4e:0c:7b:a7:68, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:4e:0c:7b:a7:68, vlan:0)
net_ratelimit: 17972 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:4e:0c:7b:a7:68, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:4e:0c:7b:a7:68, vlan:0)

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/15 21:09 linux-6.6.y 8cee53b8eaeb c441f497 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2026/04/11 06:01 linux-6.6.y 80de0a958133 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2026/04/09 13:53 linux-6.6.y 80de0a958133 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2026/04/08 05:35 linux-6.6.y 80de0a958133 2c961e87 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2026/04/05 16:45 linux-6.6.y 08667c1437c0 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2026/04/05 11:28 linux-6.6.y 08667c1437c0 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2026/01/27 18:09 linux-6.6.y cbb31f77b879 9a514c2f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2026/01/18 22:46 linux-6.6.y cbb31f77b879 20d37d28 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2026/01/04 19:22 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2025/12/29 21:27 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2025/12/04 10:48 linux-6.6.y 4791134e4aeb d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2025/12/01 00:32 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2025/11/26 09:45 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
2025/11/21 04:48 linux-6.6.y 0a805b6ea8cd 2cc4c24a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in br_handle_frame
* Struck through repros no longer work on HEAD.