bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:a9:e6:8c:c8:b0, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P8448/1:b..l
rcu: (detected by 1, t=10503 jiffies, g=23861, q=2334 ncpus=2)
task:syz.0.636 state:R running task stack:28408 pid:8448 tgid:8438 ppid:5815 task_flags:0x400040 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x116a/0x5de0 kernel/sched/core.c:6785
preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7108
irqentry_exit+0x36/0x90 kernel/entry/common.c:307
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:unwind_next_frame+0x50c/0x20a0 arch/x86/kernel/unwind_orc.c:505
Code: e8 19 f1 ff ff 48 89 c1 48 85 c0 0f 84 05 fe ff ff 48 b8 00 00 00 00 00 fc ff df 4c 8d 79 05 4c 89 fa 48 c1 ea 03 0f b6 04 02 <4c> 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 32 14 00 00 0f b6 41 05
RSP: 0018:ffffc9000532f778 EFLAGS: 00000a07
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff9173d0b8
RDX: 1ffffffff22e7a17 RSI: 0000000000000000 RDI: ffffffff90ddc4f8
RBP: ffffc9000532f830 R08: ffffffff9173d0be R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000038cc1 R12: ffffc9000532f838
R13: ffffc9000532f7e8 R14: ffffc9000532f81d R15: ffffffff9173d0bd
arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
__kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
kasan_kmalloc include/linux/kasan.h:260 [inline]
__do_kmalloc_node mm/slub.c:4328 [inline]
__kmalloc_noprof+0x223/0x510 mm/slub.c:4340
kmalloc_noprof include/linux/slab.h:909 [inline]
tomoyo_realpath_from_path+0xc2/0x6e0 security/tomoyo/realpath.c:251
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_number_perm+0x245/0x580 security/tomoyo/file.c:723
security_file_ioctl+0x9b/0x240 security/security.c:2913
__do_sys_ioctl fs/ioctl.c:901 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0xb7/0x210 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa0a518e52b
RSP: 002b:00007fa0a6048f10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007fa0a518e52b
RDX: 00007fa0a6048fd0 RSI: 0000000040085503 RDI: 000000000000000b
RBP: 00007fa0a6049fe0 R08: 0000000000000080 R09: 00007fa0a6048fd8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
R13: 0000000800000000 R14: 000000000000000a R15: 00007fa0a521ba88
rcu: rcu_preempt kthread starved for 7013 jiffies! g23861 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:27784 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x116a/0x5de0 kernel/sched/core.c:6785
__schedule_loop kernel/sched/core.c:6863 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:6878
schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
rcu_gp_fqs_loop+0x1ea/0xb00 kernel/rcu/tree.c:2054
rcu_gp_kthread+0x270/0x380 kernel/rcu/tree.c:2256
kthread+0x3c5/0x780 kernel/kthread.c:464
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:23 [inline]
RIP: 0010:raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline]
RIP: 0010:rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline]
RIP: 0010:rcu_is_watching+0x6d/0xc0 kernel/rcu/tree.c:745
Code: 48 03 1c ed a0 1d f2 8d 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 0f b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 <84> d2 75 24 8b 03 c1 e8 02 83 e0 01 65 ff 0d c0 01 2b 12 74 07 5b
RSP: 0018:ffffc90000a07928 EFLAGS: 00000206
RAX: 0000000000000003 RBX: ffff8880b8533228 RCX: 0000000000000002
RDX: 0000000000000000 RSI: ffffffff8c156fe0 RDI: ffffffff8df21da8
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000005cb0 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88812485a000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000075518000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
trace_lock_acquire include/trace/events/lock.h:24 [inline]
lock_acquire+0x2cd/0x350 kernel/locking/lockdep.c:5834
rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
rcu_read_lock_bh include/linux/rcupdate.h:894 [inline]
__dev_queue_xmit+0x29b/0x43e0 net/core/dev.c:4638
dev_queue_xmit include/linux/netdevice.h:3355 [inline]
br_dev_queue_push_xmit+0x272/0x8a0 net/bridge/br_forward.c:53
br_nf_dev_queue_xmit+0x6f3/0x2cb0 net/bridge/br_netfilter_hooks.c:923
NF_HOOK include/linux/netfilter.h:317 [inline]
NF_HOOK include/linux/netfilter.h:311 [inline]
br_nf_post_routing+0x8e7/0x1190 net/bridge/br_netfilter_hooks.c:969
nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
nf_hook_slow+0xbb/0x200 net/netfilter/core.c:623
nf_hook+0x45e/0x780 include/linux/netfilter.h:272
NF_HOOK include/linux/netfilter.h:315 [inline]
br_forward_finish+0xcd/0x130 net/bridge/br_forward.c:66
br_nf_hook_thresh+0x307/0x410 net/bridge/br_netfilter_hooks.c:1170
br_nf_forward_finish+0x66a/0xba0 net/bridge/br_netfilter_hooks.c:665
NF_HOOK include/linux/netfilter.h:317 [inline]
NF_HOOK include/linux/netfilter.h:311 [inline]
br_nf_forward_ip.part.0+0x609/0x810 net/bridge/br_netfilter_hooks.c:719
br_nf_forward_ip net/bridge/br_netfilter_hooks.c:679 [inline]
br_nf_forward+0xf0f/0x1be0 net/bridge/br_netfilter_hooks.c:776
nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
nf_hook_slow+0xbb/0x200 net/netfilter/core.c:623
nf_hook+0x45e/0x780 include/linux/netfilter.h:272
NF_HOOK include/linux/netfilter.h:315 [inline]
__br_forward+0x1be/0x5b0 net/bridge/br_forward.c:115
deliver_clone net/bridge/br_forward.c:131 [inline]
maybe_deliver+0xf1/0x180 net/bridge/br_forward.c:190
br_flood+0x17c/0x650 net/bridge/br_forward.c:237
br_handle_frame_finish+0xf2d/0x1ca0 net/bridge/br_input.c:221
br_nf_hook_thresh+0x307/0x410 net/bridge/br_netfilter_hooks.c:1170
br_nf_pre_routing_finish_ipv6+0x76a/0xfb0 net/bridge/br_netfilter_ipv6.c:154
NF_HOOK include/linux/netfilter.h:317 [inline]
br_nf_pre_routing_ipv6+0x3cd/0x8c0 net/bridge/br_netfilter_ipv6.c:184
br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:508
nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:283 [inline]
br_handle_frame+0xad5/0x14b0 net/bridge/br_input.c:434
__netif_receive_skb_core.constprop.0+0xa23/0x4a00 net/core/dev.c:5863
__netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:5975
__netif_receive_skb+0x1d/0x160 net/core/dev.c:6090
process_backlog+0x442/0x15e0 net/core/dev.c:6442
__napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:7414
napi_poll net/core/dev.c:7478 [inline]
net_rx_action+0xa9f/0xfe0 net/core/dev.c:7605
handle_softirqs+0x219/0x8e0 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1050
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: 1b 73 02 e9 03 fb 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 f0 2a 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc90000197df8 EFLAGS: 000002c6
RAX: 000000000228269b RBX: 0000000000000001 RCX: ffffffff8b7f1c99
RDX: 0000000000000000 RSI: ffffffff8de14d4b RDI: ffffffff8c157060
RBP: ffffed1003cd6488 R08: 0000000000000001 R09: ffffed10170a6645
R10: ffff8880b853322b R11: 0000000000000001 R12: 0000000000000001
R13: ffff88801e6b2440 R14: ffffffff90a7ff50 R15: 0000000000000000
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:743
default_idle_call+0x6d/0xb0 kernel/sched/idle.c:117
cpuidle_idle_call kernel/sched/idle.c:185 [inline]
do_idle+0x391/0x510 kernel/sched/idle.c:325
cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:423
start_secondary+0x21d/0x2b0 arch/x86/kernel/smpboot.c:315
common_startup_64+0x13e/0x148
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:a9:e6:8c:c8:b0, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:a9:e6:8c:c8:b0, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:a9:e6:8c:c8:b0, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:a9:e6:8c:c8:b0, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:a9:e6:8c:c8:b0, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:a9:e6:8c:c8:b0, vlan:0)