syzbot

bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	(detected by 1, t=10502 jiffies, g=11813, q=621 ncpus=2)
rcu: All QSes seen, last rcu_preempt kthread activity 10209 (4294961981-4294951772), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu: rcu_preempt kthread starved for 10209 jiffies! g11813 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:26888 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_timeout+0x160/0x280 kernel/time/timer.c:2167
 rcu_gp_fqs_loop+0x302/0x1560 kernel/rcu/tree.c:1667
 rcu_gp_kthread+0x99/0x380 kernel/rcu/tree.c:1866
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 6316 Comm: syz.3.132 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:__lock_acquire+0x120c/0x7c80 kernel/locking/lockdep.c:5133
Code: b6 04 00 84 c0 0f 85 28 5e 00 00 83 3d ac e4 83 15 00 0f 84 3e 08 00 00 31 db 48 83 c3 40 48 89 d8 48 c1 e8 03 42 80 3c 00 00 <74> 12 48 89 df e8 ea da 75 00 49 b8 00 00 00 00 00 fc ff df 48 83
RSP: 0018:ffffc900000060a0 EFLAGS: 00000046
RAX: 1ffffffff20e2af6 RBX: ffffffff907157b0 RCX: ffffffff81670e5d
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff90da8508
RBP: ffffc900000062e8 R08: dffffc0000000000 R09: 1ffffffff21b50a1
R10: dffffc0000000000 R11: fffffbfff21b50a2 R12: 00000000798a1fc9
R13: ffff88802c940000 R14: 00000000a8163414 R15: ffff88802c940ba0
FS:  00007f7827bf66c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f20e2585f98 CR3: 000000001f7a6000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
 debug_objects_fill_pool+0x92/0x6b0 lib/debugobjects.c:615
 debug_object_activate+0x36/0x4b0 lib/debugobjects.c:705
 debug_hrtimer_activate kernel/time/hrtimer.c:450 [inline]
 debug_activate kernel/time/hrtimer.c:505 [inline]
 enqueue_hrtimer+0x30/0x370 kernel/time/hrtimer.c:1108
 __run_hrtimer kernel/time/hrtimer.c:1767 [inline]
 __hrtimer_run_queues+0x637/0xc40 kernel/time/hrtimer.c:1814
 hrtimer_interrupt+0x3c9/0x9c0 kernel/time/hrtimer.c:1876
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1077 [inline]
 __sysvec_apic_timer_interrupt+0xfb/0x3b0 arch/x86/kernel/apic/apic.c:1094
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0x51/0xc0 arch/x86/kernel/apic/apic.c:1088
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:unwind_next_frame+0x642/0x2970 arch/x86/kernel/unwind_orc.c:505
Code: 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 d0 1c 00 00 4c 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 dc 1c 00 00 45 0f b6 76 01 <41> 83 e6 07 4c 89 f7 48 c7 c6 00 e7 b9 8c e8 bb ea 4a 00 4d 85 f6
RSP: 0018:ffffc900000069b8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffffff8ed9529a RCX: ffff88802c940000
RDX: 0000000000000100 RSI: ffffffff81dcc6eb RDI: ffffffff81dcc6d9
RBP: ffffc90000006ad8 R08: ffffc90000006b50 R09: 0000000000000021
R10: 0000000000000004 R11: 0000000000000100 R12: ffffc90000006a88
R13: dffffc0000000000 R14: 0000000000000002 R15: ffffffff8ed9529f
 arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:52
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:328
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767
 slab_alloc_node mm/slub.c:3495 [inline]
 slab_alloc mm/slub.c:3503 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3510 [inline]
 kmem_cache_alloc+0x11e/0x2e0 mm/slub.c:3519
 skb_ext_maybe_cow net/core/skbuff.c:6658 [inline]
 skb_ext_add+0x1b3/0x8e0 net/core/skbuff.c:6732
 nf_bridge_unshare net/bridge/br_netfilter_hooks.c:165 [inline]
 br_nf_forward_ip+0xc6/0x1110 net/bridge/br_netfilter_hooks.c:709
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:259 [inline]
 NF_HOOK+0x213/0x3d0 include/linux/netfilter.h:302
 __br_forward+0x41f/0x600 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0xb5/0x150 net/bridge/br_forward.c:190
 br_flood+0x31b/0x680 net/bridge/br_forward.c:236
 br_handle_frame_finish+0x144f/0x1920 net/bridge/br_input.c:215
 br_nf_hook_thresh+0x3b6/0x480 net/bridge/br_netfilter_hooks.c:1184
 br_nf_pre_routing_finish_ipv6+0x9e3/0xd90 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:304 [inline]
 br_nf_pre_routing_ipv6+0x34d/0x680 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x96b/0x1480 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xf6b/0x3ac0 net/core/dev.c:5502
 __netif_receive_skb_one_core net/core/dev.c:5606 [inline]
 __netif_receive_skb+0x74/0x290 net/core/dev.c:5722
 process_backlog+0x380/0x6e0 net/core/dev.c:6050
 __napi_poll+0xc0/0x460 net/core/dev.c:6612
 napi_poll net/core/dev.c:6679 [inline]
 net_rx_action+0x5ea/0xbf0 net/core/dev.c:6815
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:finish_task_switch+0x26a/0x920 kernel/sched/core.c:5254
Code: 0f 84 37 01 00 00 48 85 db 0f 85 56 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 70 25 1c 09 e8 1b a3 2f 00 fb 4c 8b 65 c0 <49> 8d bc 24 f8 15 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
RSP: 0018:ffffc9000c067778 EFLAGS: 00000286
RAX: 86db51ccd5b37b00 RBX: 0000000000000000 RCX: 86db51ccd5b37b00
RDX: dffffc0000000000 RSI: ffffffff8aaabce0 RDI: ffffffff8afc6b00
RBP: ffffc9000c0677d0 R08: ffffffff90da852f R09: 1ffffffff21b50a5
R10: dffffc0000000000 R11: fffffbfff21b50a6 R12: ffff88802c940000
R13: dffffc0000000000 R14: ffff88807a399e00 R15: ffff8880b8e3ccc8
 context_switch kernel/sched/core.c:5383 [inline]
 __schedule+0x14da/0x44d0 kernel/sched/core.c:6699
 preempt_schedule_irq+0xb5/0x140 kernel/sched/core.c:7009
 irqentry_exit+0x67/0x70 kernel/entry/common.c:438
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:qlink_to_object mm/kasan/quarantine.c:138 [inline]
RIP: 0010:qlink_free mm/kasan/quarantine.c:143 [inline]
RIP: 0010:qlist_free_all+0x47/0xe0 mm/kasan/quarantine.c:185
Code: bd 00 00 00 00 00 fc ff df 49 89 ef 4d 89 f4 4d 85 f6 75 0b 4c 89 ff e8 d7 04 00 00 49 89 c4 49 8b 2f 49 63 84 24 c0 00 00 00 <49> 29 c7 4c 89 e7 4c 89 fe e8 ab e8 ff ff 66 90 4c 89 f8 48 c1 e8
RSP: 0018:ffffc9000c067b48 EFLAGS: 00000282
RAX: 0000000000000000 RBX: ffffc9000c067b80 RCX: ffffea000068e340
RDX: ffffea0000000000 RSI: 0000000000001da0 RDI: 0000000000001da1
RBP: ffff88805c9b5f00 R08: 0000000000000001 R09: 0000000000000000
R10: ffff88805c955480 R11: fffffbfff21b50a6 R12: ffff888017841780
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88801a38dc00
 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292
 __kasan_kmalloc_large+0x1c/0xa0 mm/kasan/common.c:394
 kasan_kmalloc_large include/linux/kasan.h:208 [inline]
 __kmalloc_large_node+0x13d/0x1e0 mm/slab_common.c:1155
 __do_kmalloc_node mm/slab_common.c:995 [inline]
 __kmalloc_node+0x10f/0x230 mm/slab_common.c:1014
 kmalloc_node include/linux/slab.h:620 [inline]
 __bpf_map_area_alloc kernel/bpf/syscall.c:303 [inline]
 bpf_map_area_alloc+0x5e/0x110 kernel/bpf/syscall.c:316
 htab_map_alloc+0x3aa/0xe50 kernel/bpf/hashtab.c:529
 map_create+0x877/0x12f0 kernel/bpf/syscall.c:1247
 __sys_bpf+0x5f0/0x800 kernel/bpf/syscall.c:5455
 __do_sys_bpf kernel/bpf/syscall.c:5577 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5575 [inline]
 __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5575
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f782998f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7827bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f7829be5fa0 RCX: 00007f782998f749
RDX: 0000000000000048 RSI: 00002000000007c0 RDI: 0000000000000000
RBP: 00007f7829a13f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f7829be6038 R14: 00007f7829be5fa0 R15: 00007ffeb6661be8
 </TASK>
net_ratelimit: 2572 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
net_ratelimit: 10490 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0e:3b:d6:60:64:af, vlan:0)