syzbot

bridge0: received packet on veth0_to_bridge with own address as source address (addr:2e:be:d3:45:4d:89, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P8427/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=202761, q=1052 ncpus=1)
task:syz.0.6991      state:R  running task     stack:27480 pid:8427  tgid:8418  ppid:22057  task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0xfe4/0x5e10 kernel/sched/core.c:6867
 preempt_schedule_irq+0x50/0x90 kernel/sched/core.c:7194
 irqentry_exit+0x17b/0x670 kernel/entry/common.c:216
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:unwind_next_frame+0x1542/0x1ea0 arch/x86/kernel/unwind_orc.c:680
Code: 80 3c 02 00 0f 84 0e f9 ff ff e8 39 4d b9 00 e9 04 f9 ff ff 48 b8 00 00 00 00 00 fc ff df 48 8b 14 24 48 c1 ea 03 80 3c 02 00 <0f> 85 cf 03 00 00 49 8d 7d 08 49 8b 5d 38 48 b8 00 00 00 00 00 fc
RSP: 0018:ffffc9000b8a7488 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff9154bcb8
RDX: 1ffff92001714eb0 RSI: ffffc9000b8a7518 RDI: ffffc9000b8a7588
RBP: ffffc9000b8a75d8 R08: 0000000000000001 R09: 0000000000000007
R10: 0000000000000200 R11: 000000000000b661 R12: ffffc9000b8a7598
R13: ffffc9000b8a7548 R14: ffffc9000b8a7548 R15: ffffc9000b8a757c
 __unwind_start+0x3d1/0x7f0 arch/x86/kernel/unwind_orc.c:773
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0x73/0xf0 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 save_stack+0x162/0x1e0 mm/page_owner.c:165
 __reset_page_owner+0x84/0x190 mm/page_owner.c:320
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1433 [inline]
 __free_frozen_pages+0x822/0x1130 mm/page_alloc.c:2973
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x47/0xe0 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_noprof+0x2ad/0x780 mm/slub.c:5270
 vm_area_dup+0x27/0x8e0 mm/vma_init.c:123
 dup_mmap+0x6a4/0x1e20 mm/mmap.c:1773
 dup_mm kernel/fork.c:1529 [inline]
 copy_mm kernel/fork.c:1581 [inline]
 copy_process+0x7451/0x7890 kernel/fork.c:2221
 kernel_clone+0xfc/0x930 kernel/fork.c:2651
 __do_sys_clone+0xd9/0x120 kernel/fork.c:2792
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f431619aeb9
RSP: 002b:00007f4317018fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007f4316416270 RCX: 00007f431619aeb9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f4316208c1f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f4316416308 R14: 00007f4316416270 R15: 00007fff4cc803d8
 </TASK>
rcu: rcu_preempt kthread starved for 1153 jiffies! g202761 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27480 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0xfe4/0x5e10 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:6964
 schedule_timeout+0x127/0x280 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1a9/0xb00 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x21e/0x320 kernel/rcu/tree.c:2285
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x754/0xaf0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 26115 Comm: kworker/u11:13 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
Tainted: [U]=USER, [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker
RIP: 0010:br_nf_hook_thresh+0x1af/0x420 net/bridge/br_netfilter_hooks.c:1145
Code: 80 3c 30 00 0f 85 3d 02 00 00 49 8b 2c 24 48 8d 7d 40 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 74 08 3c 03 0f 8e 13 02 00 00 <8b> 5d 40 31 ff 89 de e8 05 86 b5 f7 85 db 78 3f e8 4c 8b b5 f7 31
RSP: 0018:ffffc90000007078 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff888032100000 RCX: ffffffff8a50bec8
RDX: ffff88807680bd00 RSI: ffffffff8a50beed RDI: ffff88807ce55688
RBP: ffff88807ce55648 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000000 R12: ffff8880309c9a28
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000002
FS:  0000000000000000(0000) GS:ffff8881245e3000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000157e000 CR3: 0000000096f70000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 br_nf_forward_finish+0x693/0xb30 net/bridge/br_netfilter_hooks.c:662
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 br_nf_forward_ip.part.0+0x61e/0x820 net/bridge/br_netfilter_hooks.c:716
 br_nf_forward_ip net/bridge/br_netfilter_hooks.c:676 [inline]
 br_nf_forward+0xfe5/0x19f0 net/bridge/br_netfilter_hooks.c:773
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xbf/0x220 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 __br_forward+0x2f6/0x970 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 br_flood+0x37f/0x650 net/bridge/br_forward.c:250
 br_handle_frame_finish+0xf57/0x1f00 net/bridge/br_input.c:229
 br_nf_hook_thresh+0x30d/0x420 net/bridge/br_netfilter_hooks.c:1167
 br_nf_pre_routing_finish_ipv6+0x769/0xfb0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x39c/0x8b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x93b/0x1510 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0xa68/0x1510 net/bridge/br_input.c:442
 __netif_receive_skb_core.constprop.0+0x6d7/0x3460 net/core/dev.c:6039
 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6150
 __netif_receive_skb+0x1f/0x120 net/core/dev.c:6265
 process_backlog+0x37a/0x1580 net/core/dev.c:6617
 __napi_poll.constprop.0+0xaf/0x450 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0xa40/0xf20 net/core/dev.c:7896
 handle_softirqs+0x1ea/0x910 kernel/softirq.c:622
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0xac/0xe0 kernel/softirq.c:510
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x120 kernel/softirq.c:450
 wg_packet_send_handshake_initiation+0x22f/0x360 drivers/net/wireguard/send.c:42
 wg_packet_handshake_send_worker+0x1c/0x30 drivers/net/wireguard/send.c:51
 process_one_work+0x9c2/0x1840 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3421
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x754/0xaf0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
net_ratelimit: 23160 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:2e:be:d3:45:4d:89, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:2e:be:d3:45:4d:89, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 32840 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:2e:be:d3:45:4d:89, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:2e:be:d3:45:4d:89, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:2e:be:d3:45:4d:89, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)