bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:6a:2e:f6:a9:c3:02, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P6157/1:b..l
rcu: 	(detected by 1, t=10503 jiffies, g=10653, q=2190 ncpus=2)
task:syz.0.54        state:R  running task     stack:26760 pid:6157  tgid:6151  ppid:5844   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0xfee/0x60e0 kernel/sched/core.c:6907
 preempt_schedule_irq+0x50/0x90 kernel/sched/core.c:7234
 irqentry_exit+0x17b/0x670 kernel/entry/common.c:239
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_acquire+0x5e/0x380 kernel/locking/lockdep.c:5872
Code: 05 3b 22 28 12 83 f8 07 0f 87 f0 00 00 00 48 0f a3 05 06 71 f4 0e 0f 82 c2 02 00 00 8b 35 1e a4 f4 0e 85 f6 0f 85 dd 00 00 00 <48> 8b 44 24 30 65 48 2b 05 dd 21 28 12 0f 85 02 03 00 00 48 83 c4
RSP: 0018:ffffc90004bdf6f8 EFLAGS: 00000206
RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8de46ec7 RDI: ffffffff8c1adfa0
RBP: ffffffff8e7e94a0 R08: 00000000b34c138e R09: 0000000000000007
R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 rcu_read_lock include/linux/rcupdate.h:850 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1193 [inline]
 unwind_next_frame+0xd1/0x1ea0 arch/x86/kernel/unwind_orc.c:495
 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 unpoison_slab_object mm/kasan/common.c:340 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:366
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4459 [inline]
 kmem_cache_alloc_bulk_noprof+0x39b/0x950 mm/slub.c:7204
 __io_alloc_req_refill+0x9e/0x330 io_uring/io_uring.c:965
 io_alloc_req io_uring/io_uring.h:508 [inline]
 io_submit_sqes.cold+0x264/0x2cb io_uring/io_uring.c:2032
 __do_sys_io_uring_enter+0x9c0/0x1a20 io_uring/io_uring.c:2603
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa73299bf79
RSP: 002b:00007fa733845028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
RAX: ffffffffffffffda RBX: 00007fa732c16180 RCX: 00007fa73299bf79
RDX: 00000000000004c1 RSI: 0000000000000627 RDI: 0000000000000006
RBP: 00007fa732a327e0 R08: 0000000000000000 R09: 0000000000000030
R10: 0000000000000043 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa732c16218 R14: 00007fa732c16180 R15: 00007ffd5e062e08
 </TASK>
rcu: rcu_preempt kthread starved for 6559 jiffies! g10653 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28680 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0xfee/0x60e0 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7004
 schedule_timeout+0x127/0x280 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1a9/0x900 kernel/rcu/tree.c:2095
 rcu_gp_kthread+0x179/0x230 kernel/rcu/tree.c:2297
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:lock_is_held_type+0xf9/0x140 kernel/locking/lockdep.c:5945
Code: 65 0f c1 15 91 e8 7e 08 83 fa 01 8b 44 24 04 75 2d 9c 5a 80 e6 02 75 47 41 f7 c5 00 02 00 00 74 01 fb 48 83 c4 08 5b 5d 41 5c <41> 5d 41 5e 41 5f e9 7c 2c 03 00 c3 cc cc cc cc 31 c0 eb ad 90 0f
RSP: 0018:ffffc90000006bf8 EFLAGS: 00000292
RAX: 0000000000000001 RBX: 00000000000a88ac RCX: 0000000000000001
RDX: 0000000000000046 RSI: ffffffff8de46ec7 RDI: ffffffff8c1adfa0
RBP: ffff88801d780000 R08: 0000000000000006 R09: 0000000000001000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004
R13: 0000000000000246 R14: ffffffff8e4980d8 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888124352000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f67598f00e2 CR3: 000000002d54c000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 lookup_page_ext+0x6e/0x100 mm/page_ext.c:258
 page_ext_iter_begin include/linux/page_ext.h:133 [inline]
 __page_table_check_zero+0xe1/0x410 mm/page_table_check.c:139
 page_table_check_alloc include/linux/page_table_check.h:38 [inline]
 post_alloc_hook+0x140/0x170 mm/page_alloc.c:1889
 prep_new_page mm/page_alloc.c:1896 [inline]
 get_page_from_freelist+0x111d/0x3140 mm/page_alloc.c:3961
 __alloc_frozen_pages_noprof+0x27c/0x2ba0 mm/page_alloc.c:5249
 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2485
 alloc_slab_page mm/slub.c:3236 [inline]
 allocate_slab mm/slub.c:3411 [inline]
 new_slab+0x44a/0x6e0 mm/slub.c:3469
 ___slab_alloc+0x31b/0x8d0 mm/slub.c:4334
 __slab_alloc_node mm/slub.c:4400 [inline]
 slab_alloc_node mm/slub.c:4776 [inline]
 kmem_cache_alloc_node_noprof+0x349/0x6f0 mm/slub.c:4840
 kmalloc_reserve+0x148/0x350 net/core/skbuff.c:613
 __alloc_skb+0x185/0x710 net/core/skbuff.c:713
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nlmsg_new include/net/netlink.h:1055 [inline]
 fdb_notify+0xa2/0x190 net/bridge/br_fdb.c:188
 br_fdb_update+0x324/0x720 net/bridge/br_fdb.c:1040
 br_handle_frame_finish+0xc75/0x1f00 net/bridge/br_input.c:144
 br_nf_hook_thresh+0x30d/0x420 net/bridge/br_netfilter_hooks.c:1167
 br_nf_pre_routing_finish_ipv6+0x769/0xfb0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x39c/0x8b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x93b/0x1510 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0xcdd/0x1520 net/bridge/br_input.c:442
 __netif_receive_skb_core.constprop.0+0x6c5/0x3550 net/core/dev.c:6036
 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6147
 __netif_receive_skb+0x1f/0x120 net/core/dev.c:6262
 process_backlog+0x37a/0x1580 net/core/dev.c:6614
 __napi_poll.constprop.0+0xaf/0x450 net/core/dev.c:7678
 napi_poll net/core/dev.c:7741 [inline]
 net_rx_action+0xa40/0xf20 net/core/dev.c:7893
 handle_softirqs+0x1eb/0x9e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xef/0x150 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:63
Code: a8 83 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 3c 1d 00 fb f4 <e9> bc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffffff8e407e00 EFLAGS: 00000246
RAX: 0000000000eb331d RBX: ffffffff8e4975c0 RCX: ffffffff8b8e4c75
RDX: 0000000000000000 RSI: ffffffff8de6ce9d RDI: ffffffff8c1adfa0
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1017086795
R10: ffff8880b8433cab R11: 0000000000000000 R12: fffffbfff1c92eb8
R13: 0000000000000000 R14: ffffffff90d92f10 R15: 0000000000000000
 arch_safe_halt arch/x86/include/asm/paravirt.h:73 [inline]
 default_idle+0x9/0x10 arch/x86/kernel/process.c:767
 default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:191 [inline]
 do_idle+0x35b/0x4b0 kernel/sched/idle.c:332
 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430
 rest_init+0x251/0x260 init/main.c:760
 start_kernel+0x47f/0x480 init/main.c:1210
 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
 x86_64_start_kernel+0x12b/0x130 arch/x86/kernel/head64.c:291
 common_startup_64+0x13e/0x148
 </TASK>
net_ratelimit: 17499 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:6a:2e:f6:a9:c3:02, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:6a:2e:f6:a9:c3:02, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 25159 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:6a:2e:f6:a9:c3:02, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:6a:2e:f6:a9:c3:02, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:6a:2e:f6:a9:c3:02, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)