syzbot

bridge0: received packet on veth0_to_bridge with own address as source address (addr:96:2b:38:99:8c:b2, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5204/1:b..l P7529/1:b..l P5844/1:b..l
rcu: 	(detected by 1, t=10502 jiffies, g=23245, q=2559 ncpus=2)
task:syz-executor    state:R  running task     stack:23768 pid:5844  tgid:5844  ppid:5841   task_flags:0x400140 flags:0x00080001
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6929
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7256
 irqentry_exit+0x36/0x90 kernel/entry/common.c:211
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:114 [inline]
RIP: 0010:arch_local_irq_save arch/x86/include/asm/irqflags.h:128 [inline]
RIP: 0010:lock_acquire kernel/locking/lockdep.c:5864 [inline]
RIP: 0010:lock_acquire+0x133/0x350 kernel/locking/lockdep.c:5825
Code: 00 65 8b 05 17 95 e3 11 85 c0 0f 85 a2 00 00 00 65 48 8b 05 57 53 e3 11 8b 90 2c 0b 00 00 85 d2 0f 85 8c 00 00 00 9c 8f 04 24 <fa> 48 c7 c7 63 2f aa 8d e8 e0 da b5 09 45 89 e0 89 e9 44 89 ea 65
RSP: 0018:ffffc90003987438 EFLAGS: 00000246
RAX: ffff8880263f8000 RBX: ffffffff8e1c3160 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff816a4611 RDI: fffffbfff1c3862c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 000000000001204e R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xd1/0x20a0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 save_stack+0x160/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x84/0x1a0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1395 [inline]
 __free_frozen_pages+0x7d5/0x10f0 mm/page_alloc.c:2895
 discard_slab mm/slub.c:2758 [inline]
 __put_partials+0x165/0x1c0 mm/slub.c:3223
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4d/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:340
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4191 [inline]
 slab_alloc_node mm/slub.c:4240 [inline]
 kmem_cache_alloc_noprof+0x1cb/0x3b0 mm/slub.c:4247
 anon_vma_alloc mm/rmap.c:94 [inline]
 anon_vma_fork+0xe6/0x620 mm/rmap.c:360
 dup_mmap+0x152d/0x21d0 mm/mmap.c:1797
 dup_mm kernel/fork.c:1486 [inline]
 copy_mm kernel/fork.c:1538 [inline]
 copy_process+0x4099/0x76a0 kernel/fork.c:2180
 kernel_clone+0xfc/0x930 kernel/fork.c:2610
 __do_sys_clone+0xce/0x120 kernel/fork.c:2753
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa7b9185613
RSP: 002b:00007ffe7fc9a178 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa7b9185613
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
R10: 0000555566df77d0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000024 R14: 0000000000030c66 R15: 00007ffe7fc9a310
 </TASK>
task:syz.0.335       state:R  running task     stack:25416 pid:7529  tgid:7529  ppid:5848   task_flags:0x400040 flags:0x00080003
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6929
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7256
 irqentry_exit+0x36/0x90 kernel/entry/common.c:211
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x62/0x350 kernel/locking/lockdep.c:5872
Code: 54 e3 11 83 f8 07 0f 87 bc 02 00 00 89 c0 48 0f a3 05 a2 b7 c8 0e 0f 82 74 02 00 00 8b 35 3a e9 c8 0e 85 f6 0f 85 8d 00 00 00 <48> 8b 44 24 30 65 48 2b 05 f9 53 e3 11 0f 85 c7 02 00 00 48 83 c4
RSP: 0018:ffffc9000544f300 EFLAGS: 00000206
RAX: 0000000000000046 RBX: ffffffff8e1c3160 RCX: 00000000bc7408fd
RDX: 0000000000000000 RSI: ffffffff8d98eefa RDI: ffffffff8bd00240
RBP: 0000000000000002 R08: 096d6541cce6f89c R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xd1/0x20a0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:243 [inline]
 __kasan_slab_free+0x60/0x70 mm/kasan/common.c:275
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2422 [inline]
 slab_free mm/slub.c:4695 [inline]
 kmem_cache_free+0x2d1/0x4d0 mm/slub.c:4797
 free_buffer_head+0x4e/0x110 fs/buffer.c:3041
 try_to_free_buffers+0x1c4/0x2d0 fs/buffer.c:2982
 filemap_release_folio+0x219/0x280 mm/filemap.c:4356
 block_invalidate_folio+0x508/0x600 fs/buffer.c:1674
 folio_invalidate mm/truncate.c:140 [inline]
 truncate_cleanup_folio+0x2f3/0x490 mm/truncate.c:160
 truncate_inode_pages_range+0x24e/0xe50 mm/truncate.c:379
 kill_bdev block/bdev.c:91 [inline]
 blkdev_flush_mapping+0xfb/0x290 block/bdev.c:712
 blkdev_put_whole+0xc4/0xf0 block/bdev.c:719
 bdev_release+0x47e/0x6d0 block/bdev.c:1144
 blkdev_release+0x15/0x20 block/fops.c:702
 __fput+0x3ff/0xb70 fs/file_table.c:468
 task_work_run+0x14d/0x240 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop+0xdd/0x100 kernel/entry/common.c:43
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x419/0x4b0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3f10b8eec9
RSP: 002b:00007ffcd7113758 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f3f10de7da0 RCX: 00007f3f10b8eec9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f3f10de7da0 R08: 000000000003bebc R09: 00000019d7113a4f
R10: 00007f3f10de7cb0 R11: 0000000000000246 R12: 0000000000030025
R13: 00007f3f10de6180 R14: ffffffffffffffff R15: 00007ffcd7113870
 </TASK>
task:klogd           state:R  running task     stack:25512 pid:5204  tgid:5204  ppid:1      task_flags:0x400100 flags:0x00080001
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6929
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7256
 irqentry_exit+0x36/0x90 kernel/entry/common.c:211
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__rcu_read_lock+0xa7/0xf0 kernel/rcu/tree_plugin.h:416
Code: 48 b8 00 00 00 00 00 fc ff df 89 9d 84 04 00 00 65 48 8b 1d 13 7a da 11 48 8d bb 84 04 00 00 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1f 8b 83 84 04 00
RSP: 0018:ffffc90003157468 EFLAGS: 00000a03
RAX: dffffc0000000000 RBX: ffff88807beabc80 RCX: ffffc90003157444
RDX: 0000000000000000 RSI: ffffffff89f20639 RDI: ffff88807beac104
RBP: ffff88807beabc80 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000081d11 R12: ffffffff81a5e390
R13: ffffc900031574f0 R14: 0000000000000000 R15: ffff88807beabc80
 rcu_read_lock include/linux/rcupdate.h:839 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xae/0x20a0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 save_stack+0x160/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x84/0x1a0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1395 [inline]
 __free_frozen_pages+0x7d5/0x10f0 mm/page_alloc.c:2895
 discard_slab mm/slub.c:2758 [inline]
 __put_partials+0x165/0x1c0 mm/slub.c:3223
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4d/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:340
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4191 [inline]
 slab_alloc_node mm/slub.c:4240 [inline]
 __do_kmalloc_node mm/slub.c:4375 [inline]
 __kmalloc_node_track_caller_noprof+0x1d3/0x510 mm/slub.c:4395
 kmalloc_reserve+0xef/0x2c0 net/core/skbuff.c:600
 __alloc_skb+0x166/0x380 net/core/skbuff.c:669
 alloc_skb include/linux/skbuff.h:1336 [inline]
 alloc_skb_with_frags+0xe0/0x860 net/core/skbuff.c:6665
 sock_alloc_send_pskb+0x7f9/0x980 net/core/sock.c:2958
 unix_dgram_sendmsg+0x3e9/0x17e0 net/unix/af_unix.c:2153
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg net/socket.c:729 [inline]
 __sys_sendto+0x4a3/0x520 net/socket.c:2231
 __do_sys_sendto net/socket.c:2238 [inline]
 __se_sys_sendto net/socket.c:2234 [inline]
 __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2234
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4ef1240407
RSP: 002b:00007ffcc98203a0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f4ef10f0c80 RCX: 00007f4ef1240407
RDX: 00000000000000a1 RSI: 00007ffcc98204e0 RDI: 0000000000000003
RBP: 00007ffcc9820910 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000004000 R11: 0000000000000202 R12: 00007ffcc9820928
R13: 00007ffcc98204e0 R14: 0000000000000086 R15: 00007ffcc98204e0
 </TASK>
rcu: rcu_preempt kthread starved for 9283 jiffies! g23245 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27672 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6929
 __schedule_loop kernel/sched/core.c:7011 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7026
 schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1ea/0xaf0 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x26d/0x380 kernel/rcu/tree.c:2285
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x56d/0x730 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: 39 5f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 67 1d 00 fb f4 <e9> bc 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc90000197df8 EFLAGS: 000002c6
RAX: 0000000000877d81 RBX: 0000000000000001 RCX: ffffffff8b4c9f19
RDX: 0000000000000000 RSI: ffffffff8d9b4518 RDI: ffffffff8bd00240
RBP: ffffed1003b55b58 R08: 0000000000000001 R09: ffffed10170e6655
R10: ffff8880b87332ab R11: 0000000000000000 R12: 0000000000000001
R13: ffff88801daadac0 R14: ffffffff905f8390 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888124f7e000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000400 CR3: 000000007565c000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:757
 default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:190 [inline]
 do_idle+0x38d/0x500 kernel/sched/idle.c:330
 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:428
 start_secondary+0x21d/0x2b0 arch/x86/kernel/smpboot.c:315
 common_startup_64+0x13e/0x148
 </TASK>
net_ratelimit: 17875 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)