bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: (detected by 0, t=10502 jiffies, g=121885, q=969 ncpus=2)
rcu: All QSes seen, last rcu_preempt kthread activity 1250 (4295076067-4295074817), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu: rcu_preempt kthread starved for 1250 jiffies! g121885 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:26728 pid:17 ppid:2 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_timeout+0x188/0x2d0 kernel/time/timer.c:2168
rcu_gp_fqs_loop+0x313/0x1590 kernel/rcu/tree.c:1667
rcu_gp_kthread+0x9d/0x3b0 kernel/rcu/tree.c:1866
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 20581 Comm: syz.1.3756 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:task_irq_context kernel/locking/lockdep.c:4608 [inline]
RIP: 0010:__lock_acquire+0x49d/0x7d40 kernel/locking/lockdep.c:5074
Code: 10 49 89 06 65 8b 05 de 52 9a 7e 45 31 f6 85 c0 41 0f 95 c6 45 01 f6 48 8b 44 24 20 4c 8d a0 c4 0a 00 00 4c 89 e0 48 c1 e8 03 <48> 89 84 24 c8 00 00 00 42 0f b6 04 00 84 c0 0f 85 92 64 00 00 31
RSP: 0018:ffffc900001eef80 EFLAGS: 00000807
RAX: 1ffff110030dd8d8 RBX: 0000000000000000 RCX: 1ffff110030dd8f9
RDX: ffff8880186ec7a0 RSI: 0000000000000005 RDI: ffff8880186ec7b0
RBP: ffffc900001ef1c8 R08: dffffc0000000000 R09: 0000000000000001
R10: dffffc0000000000 R11: fffffbfff1d16186 R12: ffff8880186ec6c4
R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000000
FS: 00007f5e6d1996c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc2e68df32 CR3: 0000000075928000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000200000000300 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<IRQ>
lock_acquire+0x19e/0x420 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xb4/0x100 kernel/locking/spinlock.c:162
debug_object_activate+0x6c/0x4f0 lib/debugobjects.c:709
debug_hrtimer_activate kernel/time/hrtimer.c:450 [inline]
debug_activate kernel/time/hrtimer.c:505 [inline]
enqueue_hrtimer+0x30/0x370 kernel/time/hrtimer.c:1108
__run_hrtimer kernel/time/hrtimer.c:1767 [inline]
__hrtimer_run_queues+0x63a/0xc40 kernel/time/hrtimer.c:1814
hrtimer_interrupt+0x3c9/0x9c0 kernel/time/hrtimer.c:1876
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1077 [inline]
__sysvec_apic_timer_interrupt+0xfb/0x3b0 arch/x86/kernel/apic/apic.c:1094
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
sysvec_apic_timer_interrupt+0x51/0xc0 arch/x86/kernel/apic/apic.c:1088
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:__sanitizer_cov_trace_switch+0x89/0x120 kernel/kcov.c:350
Code: 48 85 c0 0f 84 ae 00 00 00 41 57 41 56 41 54 53 48 8b 54 24 20 65 4c 8b 05 b4 8e 7c 7e 45 31 c9 eb 08 49 ff c1 4c 39 c8 74 77 <4e> 8b 54 ce 10 65 44 8b 1d a2 8e 7c 7e 41 81 e3 00 01 ff 00 74 13
RSP: 0018:ffffc900001ef7d0 EFLAGS: 00000246
RAX: 0000000000000002 RBX: dffffc0000000000 RCX: 0000000000000001
RDX: ffffffff8a76ae19 RSI: ffffffff8e7328a0 RDI: 0000000000000000
RBP: ffffffff8acb8b81 R08: ffff8880186ebc00 R09: 0000000000000000
R10: dffffc0000000000 R11: fffff5200003df6a R12: ffffffff8acb8b81
R13: 0000000000000000 R14: 1ffff9200003df17 R15: 0000000000000000
format_decode+0x89/0x1400 lib/vsprintf.c:2536
vsnprintf+0xeb/0x1ba0 lib/vsprintf.c:2775
sprintf+0xe8/0x140 lib/vsprintf.c:3027
print_caller kernel/printk/printk.c:1338 [inline]
info_print_prefix+0x210/0x360 kernel/printk/printk.c:1355
record_print_text+0x177/0x450 kernel/printk/printk.c:1402
printk_get_next_message+0x2ab/0x980 kernel/printk/printk.c:2876
console_emit_next_record kernel/printk/printk.c:2911 [inline]
console_flush_all+0x3a8/0xd20 kernel/printk/printk.c:3000
console_unlock+0xad/0x350 kernel/printk/printk.c:3069
vprintk_emit+0x497/0x610 kernel/printk/printk.c:2341
_printk+0xde/0x130 kernel/printk/printk.c:2366
br_fdb_update+0x5c5/0x630 net/bridge/br_fdb.c:871
br_handle_frame_finish+0x5e5/0x18f0 net/bridge/br_input.c:141
br_nf_hook_thresh+0x3cd/0x4a0 net/bridge/br_netfilter_hooks.c:1184
br_nf_pre_routing_finish_ipv6+0x9dc/0xd00 net/bridge/br_netfilter_ipv6.c:-1
NF_HOOK include/linux/netfilter.h:304 [inline]
br_nf_pre_routing_ipv6+0x349/0x6b0 net/bridge/br_netfilter_ipv6.c:184
nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
br_handle_frame+0x1245/0x14d0 net/bridge/br_input.c:424
__netif_receive_skb_core+0xfab/0x3af0 net/core/dev.c:5528
__netif_receive_skb_one_core net/core/dev.c:5632 [inline]
__netif_receive_skb+0x74/0x290 net/core/dev.c:5748
process_backlog+0x391/0x6f0 net/core/dev.c:6076
__napi_poll+0xc0/0x460 net/core/dev.c:6638
napi_poll net/core/dev.c:6705 [inline]
net_rx_action+0x616/0xc40 net/core/dev.c:6841
handle_softirqs+0x280/0x820 kernel/softirq.c:578
__do_softirq kernel/softirq.c:612 [inline]
invoke_softirq kernel/softirq.c:452 [inline]
__irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661
irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xc0/0x120 kernel/locking/spinlock.c:194
Code: c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 41 c6 04 07 f8 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 5b b9 cc f6 65 8b 05 cc e6 73 75 85 c0 74 3c 48 c7 04 24 0e 36
RSP: 0018:ffffc9000390fa00 EFLAGS: 00000206
RAX: dffffc0000000004 RBX: 0000000000000246 RCX: e5ebcdce06c83800
RDX: dffffc0000000000 RSI: ffffffff8acac9e0 RDI: 0000000000000001
RBP: ffffc9000390fa98 R08: ffffffff8e8b0c2f R09: 1ffffffff1d16185
R10: dffffc0000000000 R11: fffffbfff1d16186 R12: dffffc0000000000
R13: ffffffff8d137300 R14: ffffffff8d137300 R15: 1ffff92000721f40
rcu_report_qs_rsp+0xad/0x1a0 kernel/rcu/tree.c:1891
rcu_report_unblock_qs_rnp kernel/rcu/tree.c:1996 [inline]
rcu_preempt_deferred_qs_irqrestore+0xa1c/0xce0 kernel/rcu/tree_plugin.h:560
rcu_read_unlock_special+0x3d4/0x4d0 kernel/rcu/tree_plugin.h:762
__rcu_read_unlock+0x7c/0xd0 kernel/rcu/tree_plugin.h:426
rcu_read_unlock include/linux/rcupdate.h:818 [inline]
get_mem_cgroup_from_objcg include/linux/memcontrol.h:535 [inline]
memcg_slab_pre_alloc_hook mm/slab.h:500 [inline]
slab_pre_alloc_hook+0x294/0x310 mm/slab.h:719
slab_alloc_node mm/slub.c:3477 [inline]
slab_alloc mm/slub.c:3503 [inline]
__kmem_cache_alloc_lru mm/slub.c:3510 [inline]
kmem_cache_alloc_lru+0x4d/0x2d0 mm/slub.c:3526
alloc_inode_sb include/linux/fs.h:2946 [inline]
sock_alloc_inode+0x28/0xc0 net/socket.c:308
alloc_inode fs/inode.c:261 [inline]
new_inode_pseudo+0x63/0x1d0 fs/inode.c:1049
sock_alloc net/socket.c:634 [inline]
__sock_create+0x12d/0x940 net/socket.c:1534
sock_create net/socket.c:1626 [inline]
__sys_socketpair+0x236/0x550 net/socket.c:1781
__do_sys_socketpair net/socket.c:1830 [inline]
__se_sys_socketpair net/socket.c:1827 [inline]
__x64_sys_socketpair+0x9b/0xb0 net/socket.c:1827
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f5e6c39c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5e6d199028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
RAX: ffffffffffffffda RBX: 00007f5e6c615fa0 RCX: 00007f5e6c39c819
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: 00007f5e6c432c91 R08: 0000000000000000 R09: 0000000000000000
R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5e6c616038 R14: 00007f5e6c615fa0 R15: 00007ffd1c6fa828
</TASK>
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 48 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:4a:01:de:4f:6e:5c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 737 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:4a:01:de:4f:6e:5c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)