syzbot

INFO: task kworker/u8:2:46 blocked for more than 122 seconds.
      Not tainted 6.12.30-syzkaller-ga76eb2b67bde #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:2    state:I stack:0     pid:46    tgid:46    ppid:2      flags:0x00004000
Workqueue:  0x0 (events_unbound)
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5947 [inline]
 __schedule+0x132b/0x1e00 kernel/sched/core.c:7775
 __schedule_loop kernel/sched/core.c:7856 [inline]
 schedule+0xc6/0x240 kernel/sched/core.c:7871
 worker_thread+0xf6b/0x1250 kernel/workqueue.c:3415
 kthread+0x2c7/0x370 kernel/kthread.c:389
 ret_from_fork+0x64/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 37 Comm: khungtaskd Not tainted 6.12.30-syzkaller-ga76eb2b67bde #0 8824182ce8c593946fea7a5d8bf7bacf32ac00e2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 __dump_stack+0x21/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x10c/0x190 lib/dump_stack.c:120
 dump_stack+0x19/0x20 lib/dump_stack.c:129
 nmi_cpu_backtrace+0x2bf/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x142/0x2c0 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:41
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:229 [inline]
 watchdog+0xd8f/0xed0 kernel/hung_task.c:385
 kthread+0x2c7/0x370 kernel/kthread.c:389
 ret_from_fork+0x64/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 17 Comm: ksoftirqd/0 Not tainted 6.12.30-syzkaller-ga76eb2b67bde #0 8824182ce8c593946fea7a5d8bf7bacf32ac00e2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:kasan_save_track+0x0/0x80 mm/kasan/common.c:65
Code: 00 89 07 89 77 04 5d e9 ce 9f ac 03 cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 55 48 89 e5 41 57 41 56 53 48 83 e4 f0 48 81 ec 10 02
RSP: 0018:ffffc90000117410 EFLAGS: 00000246
RAX: ffff88815a0d2600 RBX: 0000000000000820 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000820 RDI: ffff88815a0d2600
RBP: ffffc90000117428 R08: ffff88815a0d2500 R09: 0000000000000000
R10: ffff88815a0d2600 R11: 0000000000000100 R12: 0000000000000001
R13: 0000000000000100 R14: ffff88815a0d2600 R15: ffff888106266780
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fae56162440 CR3: 0000000155b60000 CR4: 00000000003526b0
DR0: 00000000ffffe000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 unpoison_slab_object mm/kasan/common.c:319 [inline]
 __kasan_slab_alloc+0x73/0x90 mm/kasan/common.c:345
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4164 [inline]
 slab_alloc_node mm/slub.c:4213 [inline]
 kmem_cache_alloc_noprof+0x131/0x3a0 mm/slub.c:4222
 skb_clone+0x229/0x460 net/core/skbuff.c:2094
 deliver_clone net/bridge/br_forward.c:125 [inline]
 maybe_deliver net/bridge/br_forward.c:190 [inline]
 br_flood+0x4ed/0x730 net/bridge/br_forward.c:236
 br_handle_frame_finish+0x12bb/0x1720 net/bridge/br_input.c:215
 nf_hook_bridge_pre net/bridge/br_input.c:301 [inline]
 br_handle_frame+0x5a6/0xba0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xf4b/0x3940 net/core/dev.c:5651
 __netif_receive_skb_one_core net/core/dev.c:5755 [inline]
 __netif_receive_skb net/core/dev.c:5870 [inline]
 process_backlog+0x3e5/0xae0 net/core/dev.c:6202
 __napi_poll+0xd3/0x610 net/core/dev.c:6853
 napi_poll net/core/dev.c:6922 [inline]
 net_rx_action+0x584/0xce0 net/core/dev.c:7044
 handle_softirqs+0x1ae/0x630 kernel/softirq.c:603
 run_ksoftirqd+0x20/0x30 kernel/softirq.c:981
 smpboot_thread_fn+0x490/0x8c0 kernel/smpboot.c:164
 kthread+0x2c7/0x370 kernel/kthread.c:389
 ret_from_fork+0x64/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
net_ratelimit: 111228 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:4e:b9:2b:1a:22:db, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:4e:b9:2b:1a:22:db, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:4e:b9:2b:1a:22:db, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 135244 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:4e:b9:2b:1a:22:db, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:4e:b9:2b:1a:22:db, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:4e:b9:2b:1a:22:db, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)