bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P20378/1:b..l
rcu: 	(detected by 1, t=10503 jiffies, g=147165, q=4684 ncpus=2)
task:syz.3.3271      state:R  running task     stack:23608 pid:20378 tgid:20372 ppid:19249  task_flags:0x400140 flags:0x00080003
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ef/0x4fb0 kernel/sched/core.c:6867
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7194
 irqentry_exit+0x597/0x620 kernel/entry/common.c:216
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_acquire+0x221/0x330 kernel/locking/lockdep.c:5872
Code: ff ff ff e8 31 7d d9 09 f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 1b 4e 30 11 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 c0 5e dc 09 cc 48 8d 3d e8 ea 32
RSP: 0018:ffffc900046a6b78 EFLAGS: 00000286
RAX: 1c301fda471c6700 RBX: 0000000000000000 RCX: 0000000000000046
RDX: 00000000cd5d9154 RSI: ffffffff8dd39334 RDI: ffffffff8be73880
RBP: ffffffff8174c0e5 R08: ffffffff8174c0e5 R09: ffffffff8e35a360
R10: ffffc900046a6cd8 R11: ffffffff81ae5bd0 R12: 0000000000000002
R13: ffffffff8e35a360 R14: 0000000000000000 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:867 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
 unwind_next_frame+0xc2/0x23c0 arch/x86/kernel/unwind_orc.c:495
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:57
 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:556
 __call_rcu_common kernel/rcu/tree.c:3119 [inline]
 call_rcu+0xee/0x890 kernel/rcu/tree.c:3239
 destroy_inode fs/inode.c:401 [inline]
 evict+0x95b/0xb10 fs/inode.c:861
 __dentry_kill+0x209/0x660 fs/dcache.c:670
 finish_dput+0xc9/0x480 fs/dcache.c:879
 find_next_child+0x1e5/0x250 fs/libfs.c:592
 __simple_recursive_removal+0x10b/0x520 fs/libfs.c:609
 debugfs_remove+0x5b/0x70 fs/debugfs/inode.c:781
 ieee80211_debugfs_remove_netdev+0x52/0xb0 net/mac80211/debugfs_netdev.c:1019
 ieee80211_teardown_sdata+0x5a/0x140 net/mac80211/iface.c:872
 unregister_netdevice_many_notify+0x1d16/0x2370 net/core/dev.c:12417
 unregister_netdevice_many net/core/dev.c:12459 [inline]
 unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12273
 unregister_netdevice include/linux/netdevice.h:3405 [inline]
 _cfg80211_unregister_wdev+0x155/0x570 net/wireless/core.c:1299
 ieee80211_remove_interfaces+0x49c/0x6d0 net/mac80211/iface.c:2432
 ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1680
 mac80211_hwsim_del_radio+0x28a/0x490 drivers/net/wireless/virtual/mac80211_hwsim.c:5916
 remove_user_radios drivers/net/wireless/virtual/mac80211_hwsim.c:6727 [inline]
 mac80211_hwsim_netlink_notify+0xfae/0x1310 drivers/net/wireless/virtual/mac80211_hwsim.c:6741
 notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85
 blocking_notifier_call_chain+0x6a/0x90 kernel/notifier.c:380
 netlink_release+0x123b/0x1ad0 net/netlink/af_netlink.c:761
 __sock_release net/socket.c:662 [inline]
 sock_close+0xc3/0x240 net/socket.c:1455
 __fput+0x44f/0xa70 fs/file_table.c:468
 task_work_run+0x1d9/0x270 kernel/task_work.c:233
 get_signal+0x11eb/0x1330 kernel/signal.c:2807
 arch_do_signal_or_restart+0xbc/0x830 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x86/0x480 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x2b7/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6d5eb9acb9
RSP: 002b:00007f6d5f99b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: 0000000000000018 RBX: 00007f6d5ee16180 RCX: 00007f6d5eb9acb9
RDX: 0000000020000000 RSI: 0000200000000140 RDI: 000000000000000b
RBP: 00007f6d5ec08bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f6d5ee16218 R14: 00007f6d5ee16180 R15: 00007f6d5ef3fa48
 </TASK>
rcu: rcu_preempt kthread starved for 230 jiffies! g147165 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27512 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ef/0x4fb0 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:6964
 schedule_timeout+0x158/0x2c0 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x312/0x1560 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x9d/0x3b0 kernel/rcu/tree.c:2285
 kthread+0x726/0x8b0 kernel/kthread.c:463
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 3408 Comm: kworker/R-bat_e Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
Workqueue: bat_events batadv_dat_purge
RIP: 0010:__lock_is_held kernel/locking/lockdep.c:5598 [inline]
RIP: 0010:lock_is_held_type+0x90/0x150 kernel/locking/lockdep.c:5940
Code: 00 00 00 7e 48 4c 89 eb 48 81 c3 30 0b 00 00 45 31 ff 49 83 ff 31 73 24 48 89 df 4c 89 f6 e8 f7 01 00 00 85 c0 75 2a 49 ff c7 <49> 63 85 28 0b 00 00 48 83 c3 28 49 39 c7 7c d8 eb 11 48 c7 c7 d0
RSP: 0000:ffffc90000007348 EFLAGS: 00000002
RAX: 0000000000000000 RBX: ffff888030ca29d8 RCX: 0000000080000101
RDX: ffff888030ca1e80 RSI: ffffffff8e35a360 RDI: ffff888030ca29d8
RBP: 00000000ffffffff R08: ffffc90000007600 R09: ffffc90000007610
R10: ffffc90000007460 R11: fffff52000000e8e R12: 0000000000000246
R13: ffff888030ca1e80 R14: ffffffff8e35a360 R15: 0000000000000002
FS:  0000000000000000(0000) GS:ffff888125928000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc0511ffe1c CR3: 000000007bd36000 CR4: 00000000003526f0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 000000007a08253c
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __find_rr_leaf+0x353/0x760 net/ipv6/route.c:833
 find_rr_leaf net/ipv6/route.c:889 [inline]
 rt6_select net/ipv6/route.c:933 [inline]
 fib6_table_lookup+0x3b4/0xa80 net/ipv6/route.c:2244
 ip6_pol_route+0x23c/0x11c0 net/ipv6/route.c:2280
 pol_lookup_func include/net/ip6_fib.h:617 [inline]
 fib6_rule_lookup+0x556/0x730 net/ipv6/fib6_rules.c:120
 ip6_route_input_lookup net/ipv6/route.c:2349 [inline]
 ip6_route_input+0x730/0xad0 net/ipv6/route.c:2652
 ip6_rcv_finish+0x141/0x2e0 net/ipv6/ip6_input.c:77
 NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318
 __netif_receive_skb_one_core net/core/dev.c:6152 [inline]
 __netif_receive_skb+0xd3/0x370 net/core/dev.c:6265
 process_backlog+0x54e/0x1340 net/core/dev.c:6617
 __napi_poll+0xae/0x320 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x696/0xe30 net/core/dev.c:7896
 handle_softirqs+0x22a/0x7c0 kernel/softirq.c:622
 do_softirq+0x76/0xd0 kernel/softirq.c:523
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 __batadv_dat_purge net/batman-adv/distributed-arp-table.c:185 [inline]
 batadv_dat_purge+0x2da/0x3c0 net/batman-adv/distributed-arp-table.c:204
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3340
 rescuer_thread+0x850/0xec0 kernel/workqueue.c:3528
 kthread+0x726/0x8b0 kernel/kthread.c:463
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
net_ratelimit: 16281 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:42:19:0b:35:03:29, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:42:19:0b:35:03:29, vlan:0)