syzbot

bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P11655/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=235329, q=1169 ncpus=1)
task:syz.9.5419      state:R  running task     stack:26760 pid:11655 tgid:11644 ppid:23681  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1139/0x6150 kernel/sched/core.c:6863
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7190
 irqentry_exit+0x1d8/0x8c0 kernel/entry/common.c:216
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_release+0x183/0x2d0 kernel/locking/lockdep.c:5893
Code: 0f c1 05 d8 f9 18 12 83 f8 01 0f 85 03 01 00 00 9c 58 f6 c4 02 0f 85 ee 00 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 6d b2 18 12 0f 85 32 01 00 00 48 83 c4 18 5b 41 5c 41
RSP: 0018:ffffc9000b867340 EFLAGS: 00000206
RAX: 90c54ea2c1669300 RBX: ffffffff8e3c94a0 RCX: ffffc9000b86734c
RDX: 0000000000000001 RSI: ffffffff8daa413a RDI: ffffffff8bf2b500
RBP: 00007f7b5718f700 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffff888043bd66b0 R12: ffffffff81ceea6a
R13: 0000000000000206 R14: ffff888043bd5b80 R15: 0000000000000002
 rcu_lock_release include/linux/rcupdate.h:341 [inline]
 rcu_read_unlock include/linux/rcupdate.h:897 [inline]
 is_bpf_text_address+0x8f/0x1a0 kernel/bpf/core.c:746
 kernel_text_address kernel/extable.c:125 [inline]
 kernel_text_address+0x8d/0x100 kernel/extable.c:94
 __kernel_text_address+0xd/0x40 kernel/extable.c:79
 unwind_get_return_address+0x59/0xa0 arch/x86/kernel/unwind_orc.c:369
 arch_stack_walk+0xa6/0x100 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:56
 kasan_save_track+0x14/0x30 mm/kasan/common.c:77
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:252 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:284
 kasan_slab_free include/linux/kasan.h:234 [inline]
 slab_free_hook mm/slub.c:2540 [inline]
 slab_free mm/slub.c:6668 [inline]
 kfree+0x2f8/0x6e0 mm/slub.c:6876
 mt_destroy_walk+0xbcc/0xf60 lib/maple_tree.c:5028
 mte_destroy_walk lib/maple_tree.c:5049 [inline]
 mte_destroy_walk lib/maple_tree.c:5040 [inline]
 __mt_destroy+0x310/0x3e0 lib/maple_tree.c:6446
 exit_mmap+0x611/0xb60 mm/mmap.c:1312
 __mmput+0x12a/0x410 kernel/fork.c:1173
 mmput+0x62/0x70 kernel/fork.c:1196
 copy_process+0x2b8d/0x7430 kernel/fork.c:2501
 kernel_clone+0xfc/0x910 kernel/fork.c:2651
 __do_sys_clone+0xce/0x120 kernel/fork.c:2792
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7b5718f7c9
RSP: 002b:00007f7b57f93fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007f7b573e6180 RCX: 00007f7b5718f7c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f7b57213f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f7b573e6218 R14: 00007f7b573e6180 R15: 00007ffcdcdc62b8
 </TASK>
rcu: rcu_preempt kthread starved for 266 jiffies! g235329 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28520 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1139/0x6150 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6960
 schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1ea/0xaf0 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x26d/0x380 kernel/rcu/tree.c:2285
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 6458 Comm: kworker/u8:18 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
Tainted: [U]=USER, [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
RIP: 0010:lock_is_held_type+0x107/0x150 kernel/locking/lockdep.c:5945
Code: 00 00 b8 ff ff ff ff 65 0f c1 05 5c 20 3d 08 83 f8 01 75 2d 9c 58 f6 c4 02 75 43 48 f7 04 24 00 02 00 00 74 01 fb 48 83 c4 08 <44> 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f e9 87 2c 03 00 45 31 ed eb
RSP: 0018:ffffc900000068a0 EFLAGS: 00000296
RAX: 0000000000000046 RBX: ffff888030a6c948 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8daa413a RDI: ffffffff8bf2b500
RBP: ffffffff90144f68 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: ffff888030a6c830 R12: ffff888030a6bd00
R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000008
FS:  0000000000000000(0000) GS:ffff8881248fd000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556b4ae5c8 CR3: 00000000307b6000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 lock_is_held include/linux/lockdep.h:249 [inline]
 lockdep_rtnl_is_held+0x1b/0x40 net/core/rtnetlink.c:182
 __in6_dev_get include/net/addrconf.h:347 [inline]
 ip6_ignore_linkdown include/net/addrconf.h:448 [inline]
 find_match+0x34b/0x15d0 net/ipv6/route.c:780
 __find_rr_leaf+0x140/0xe00 net/ipv6/route.c:868
 find_rr_leaf net/ipv6/route.c:889 [inline]
 rt6_select net/ipv6/route.c:933 [inline]
 fib6_table_lookup+0x57c/0xa30 net/ipv6/route.c:2233
 ip6_pol_route+0x1cc/0x1230 net/ipv6/route.c:2269
 pol_lookup_func include/net/ip6_fib.h:617 [inline]
 fib6_rule_lookup+0x536/0x720 net/ipv6/fib6_rules.c:120
 ip6_route_input_lookup net/ipv6/route.c:2338 [inline]
 ip6_route_input+0x662/0xc70 net/ipv6/route.c:2641
 ip6_rcv_finish_core.constprop.0+0x1a0/0x5d0 net/ipv6/ip6_input.c:66
 ip6_rcv_finish+0x130/0x580 net/ipv6/ip6_input.c:77
 ip_sabotage_in+0x21e/0x290 net/bridge/br_netfilter_hooks.c:990
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xbe/0x200 net/netfilter/core.c:623
 nf_hook.constprop.0+0x424/0x750 include/linux/netfilter.h:273
 NF_HOOK include/linux/netfilter.h:316 [inline]
 ipv6_rcv+0xa4/0x650 net/ipv6/ip6_input.c:311
 __netif_receive_skb_one_core+0x12d/0x1e0 net/core/dev.c:6137
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6250
 netif_receive_skb_internal net/core/dev.c:6336 [inline]
 netif_receive_skb+0x137/0x760 net/core/dev.c:6395
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 br_pass_frame_up+0x346/0x490 net/bridge/br_input.c:70
 br_handle_frame_finish+0x10e8/0x1f00 net/bridge/br_input.c:235
 br_nf_hook_thresh+0x307/0x410 net/bridge/br_netfilter_hooks.c:1167
 br_nf_pre_routing_finish_ipv6+0x76a/0xfc0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x3cd/0x8c0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0xb28/0x14e0 net/bridge/br_input.c:442
 __netif_receive_skb_core.constprop.0+0x6b3/0x35b0 net/core/dev.c:6024
 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6135
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6250
 process_backlog+0x4a2/0x1650 net/core/dev.c:6602
 __napi_poll.constprop.0+0xb3/0x540 net/core/dev.c:7666
 napi_poll net/core/dev.c:7729 [inline]
 net_rx_action+0x9f9/0xfa0 net/core/dev.c:7881
 handle_softirqs+0x219/0x950 kernel/softirq.c:622
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0xb2/0xf0 kernel/softirq.c:510
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x381/0x410 net/core/skbuff.c:674
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
 nsim_dev_trap_report_work+0x2b1/0xcf0 drivers/net/netdevsim/dev.c:921
 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
net_ratelimit: 6530 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:1e:12:40:8c:27:21, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:1e:12:40:8c:27:21, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 9300 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:1e:12:40:8c:27:21, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:1e:12:40:8c:27:21, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:1e:12:40:8c:27:21, vlan:0)