syzbot

bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P11448/1:b..l
rcu: 	(detected by 0, t=10503 jiffies, g=44157, q=1404 ncpus=2)
task:syz.9.1270      state:R  running task     stack:26368 pid:11448 tgid:11443 ppid:9770   task_flags:0x40044c flags:0x00080003
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0xfee/0x60e0 kernel/sched/core.c:6907
 preempt_schedule_irq+0x50/0x90 kernel/sched/core.c:7234
 irqentry_exit+0x17b/0x670 kernel/entry/common.c:239
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:114 [inline]
RIP: 0010:arch_local_irq_save arch/x86/include/asm/irqflags.h:128 [inline]
RIP: 0010:lock_acquire kernel/locking/lockdep.c:5864 [inline]
RIP: 0010:lock_acquire+0x17f/0x380 kernel/locking/lockdep.c:5825
Code: 00 65 8b 05 2b e7 28 12 85 c0 0f 85 ae 00 00 00 65 48 8b 05 ab 9f 28 12 8b 90 14 0b 00 00 85 d2 0f 85 98 00 00 00 9c 8f 04 24 <fa> 48 c7 c7 b9 1f f6 8d e8 84 64 aa 09 45 89 e8 44 89 e1 89 da 65
RSP: 0018:ffffc90004dcf5f0 EFLAGS: 00000246
RAX: ffff88802fc32480 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff81b7faf1 RDI: fffffbfff1cfd27c
RBP: ffffffff8e7e93e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000200 R11: 000000000001635f R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 rcu_read_lock include/linux/rcupdate.h:850 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1193 [inline]
 unwind_next_frame+0xd1/0x1ea0 arch/x86/kernel/unwind_orc.c:495
 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 save_stack+0x162/0x1e0 mm/page_owner.c:165
 __reset_page_owner+0x84/0x190 mm/page_owner.c:320
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1432 [inline]
 __free_frozen_pages+0x7ca/0x10a0 mm/page_alloc.c:2977
 vfree.part.0+0x12b/0x9d0 mm/vmalloc.c:3479
 vfree+0x55/0x80 mm/vmalloc.c:3456
 kcov_put kernel/kcov.c:442 [inline]
 kcov_put kernel/kcov.c:438 [inline]
 kcov_close+0x34/0x60 kernel/kcov.c:543
 __fput+0x3ff/0xb40 fs/file_table.c:469
 task_work_run+0x150/0x240 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x829/0x2aa0 kernel/exit.c:971
 do_group_exit+0xd5/0x2a0 kernel/exit.c:1112
 get_signal+0x1ec7/0x21e0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x91/0x7a0 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop+0x86/0x4a0 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
 do_syscall_64+0x67c/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f70af19c629
RSP: 002b:00007f70aff71028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: 0000000000010106 RBX: 00007f70af416090 RCX: 00007f70af19c629
RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006
RBP: 00007f70af232b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f70af416128 R14: 00007f70af416090 R15: 00007ffce3c17b28
 </TASK>
rcu: rcu_preempt kthread starved for 8684 jiffies! g44157 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:29176 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0xfee/0x60e0 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7004
 schedule_timeout+0x127/0x280 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1a9/0x900 kernel/rcu/tree.c:2095
 rcu_gp_kthread+0x179/0x230 kernel/rcu/tree.c:2297
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:its_return_thunk+0x0/0x10 arch/x86/lib/retpoline.S:417
Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <c3> cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 e9 2b cf e3 f5 cc
RSP: 0018:ffffc900000073b0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff8880582e5800 RCX: ffffffff8a398af6
RDX: ffffffff8e4975c0 RSI: ffffffff8a398b04 RDI: ffffffff8e4975c0
RBP: ffff8880582e5864 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: ffff8880582e58df R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88812434a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffcb314efe8 CR3: 000000004eb24000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 find_match net/ipv6/route.c:780 [inline]
 __find_rr_leaf+0x144/0x1070 net/ipv6/route.c:868
 find_rr_leaf net/ipv6/route.c:889 [inline]
 rt6_select net/ipv6/route.c:933 [inline]
 fib6_table_lookup+0x50f/0xa10 net/ipv6/route.c:2246
 ip6_pol_route+0x1cc/0x1230 net/ipv6/route.c:2282
 pol_lookup_func include/net/ip6_fib.h:617 [inline]
 __fib6_rule_action net/ipv6/fib6_rules.c:237 [inline]
 fib6_rule_action+0x762/0x910 net/ipv6/fib6_rules.c:275
 fib_rules_lookup+0x418/0x1080 net/core/fib_rules.c:339
 fib6_rule_lookup+0x18b/0x720 net/ipv6/fib6_rules.c:112
 ip6_route_input_lookup net/ipv6/route.c:2351 [inline]
 ip6_route_input+0x662/0xc50 net/ipv6/route.c:2654
 ip6_rcv_finish_core.isra.0+0x1a9/0x5a0 net/ipv6/ip6_input.c:66
 ip6_rcv_finish net/ipv6/ip6_input.c:77 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ipv6_rcv+0x1e8/0x610 net/ipv6/ip6_input.c:311
 __netif_receive_skb_one_core+0x12d/0x1e0 net/core/dev.c:6149
 __netif_receive_skb+0x1f/0x120 net/core/dev.c:6262
 process_backlog+0x37a/0x1580 net/core/dev.c:6614
 __napi_poll.constprop.0+0xaf/0x450 net/core/dev.c:7678
 napi_poll net/core/dev.c:7741 [inline]
 net_rx_action+0xa40/0xf20 net/core/dev.c:7893
 handle_softirqs+0x1eb/0x9e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xef/0x150 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:63
Code: 18 83 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 6c 1c 00 fb f4 <e9> bc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffffff8e407e00 EFLAGS: 00000246
RAX: 000000000323b92d RBX: ffffffff8e4975c0 RCX: ffffffff8b8f1c75
RDX: 0000000000000000 RSI: ffffffff8de707eb RDI: ffffffff8c1aeba0
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1017086795
R10: ffff8880b8433cab R11: 0000000000000000 R12: fffffbfff1c92eb8
R13: 0000000000000000 R14: ffffffff90d95c10 R15: 0000000000000000
 arch_safe_halt arch/x86/include/asm/paravirt.h:73 [inline]
 default_idle+0x9/0x10 arch/x86/kernel/process.c:767
 default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:191 [inline]
 do_idle+0x35b/0x4b0 kernel/sched/idle.c:332
 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430
 rest_init+0x251/0x260 init/main.c:760
 start_kernel+0x47f/0x480 init/main.c:1210
 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
 x86_64_start_kernel+0x12b/0x130 arch/x86/kernel/head64.c:291
 common_startup_64+0x13e/0x148
 </TASK>
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)