bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P6176/1:b..l P5197/1:b..l P5872/1:b..l P6353/1:b..l P5190/1:b..l P5859/1:b..l P5862/1:b..l P6418/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=13253, q=360 ncpus=2)
task:syz-executor    state:R  running task     stack:23624 pid:6418  tgid:6418  ppid:5847   task_flags:0x400000 flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 preempt_schedule_notrace+0x103/0x140 kernel/sched/core.c:7040
 preempt_schedule_notrace_thunk+0x16/0x30 arch/x86/entry/thunk.S:13
 rcu_is_watching+0x7e/0xb0 kernel/rcu/tree.c:737
 rcu_read_unlock include/linux/rcupdate.h:869 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0x1a5b/0x23b0 arch/x86/kernel/unwind_orc.c:680
 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 save_stack+0xfc/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x76/0x1e0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 __free_frozen_pages+0xde8/0x10a0 mm/page_alloc.c:2725
 discard_slab mm/slub.c:2730 [inline]
 __put_partials+0x160/0x1c0 mm/slub.c:3199
 put_cpu_partial+0x17e/0x250 mm/slub.c:3274
 __slab_free+0x294/0x390 mm/slub.c:4526
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4161 [inline]
 slab_alloc_node mm/slub.c:4210 [inline]
 __do_kmalloc_node mm/slub.c:4340 [inline]
 __kmalloc_noprof+0x238/0x4d0 mm/slub.c:4353
 kmalloc_noprof include/linux/slab.h:909 [inline]
 tomoyo_realpath_from_path+0xcf/0x5e0 security/tomoyo/realpath.c:251
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x245/0x790 security/tomoyo/file.c:723
 security_file_ioctl+0xc6/0x2a0 security/security.c:2913
 __do_sys_ioctl fs/ioctl.c:900 [inline]
 __se_sys_ioctl+0x46/0x160 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4c2738e56b
RSP: 002b:00007ffc6ca29610 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000080000 RCX: 00007f4c2738e56b
RDX: 0000000000080000 RSI: ffffffff80086301 RDI: 00000000000000db
RBP: 00007f4c275b62d8 R08: 00000000000000da R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
task:syz-executor    state:R  running task     stack:20520 pid:5862  tgid:5862  ppid:5857   task_flags:0x400140 flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 preempt_schedule_notrace+0x103/0x140 kernel/sched/core.c:7040
 preempt_schedule_notrace_thunk+0x16/0x30 arch/x86/entry/thunk.S:13
 rcu_is_watching+0x7e/0xb0 kernel/rcu/tree.c:737
 rcu_read_lock include/linux/rcupdate.h:842 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xe7/0x23b0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 save_stack+0xfc/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x76/0x1e0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 __free_frozen_pages+0xde8/0x10a0 mm/page_alloc.c:2725
 discard_slab mm/slub.c:2730 [inline]
 __put_partials+0x160/0x1c0 mm/slub.c:3199
 put_cpu_partial+0x17e/0x250 mm/slub.c:3274
 __slab_free+0x294/0x390 mm/slub.c:4526
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4161 [inline]
 slab_alloc_node mm/slub.c:4210 [inline]
 __kmalloc_cache_node_noprof+0x1f4/0x3c0 mm/slub.c:4380
 kmalloc_node_noprof include/linux/slab.h:928 [inline]
 __get_vm_area_node+0x132/0x2d0 mm/vmalloc.c:3127
 __vmalloc_node_range_noprof+0x349/0x1390 mm/vmalloc.c:3804
 __vmalloc_node_noprof mm/vmalloc.c:3907 [inline]
 vzalloc_noprof+0x79/0x90 mm/vmalloc.c:3980
 alloc_counters+0xd9/0x770 net/ipv4/netfilter/ip_tables.c:799
 copy_entries_to_user net/ipv4/netfilter/ip_tables.c:821 [inline]
 get_entries net/ipv4/netfilter/ip_tables.c:1022 [inline]
 do_ipt_get_ctl+0xc47/0x1650 net/ipv4/netfilter/ip_tables.c:1668
 nf_getsockopt+0x29b/0x2c0 net/netfilter/nf_sockopt.c:116
 ip_getsockopt+0x226/0x2e0 net/ipv4/ip_sockglue.c:1777
 tcp_getsockopt+0x171/0x1d0 net/ipv4/tcp.c:4727
 do_sock_getsockopt+0x393/0x740 net/socket.c:2357
 __sys_getsockopt net/socket.c:2386 [inline]
 __do_sys_getsockopt net/socket.c:2393 [inline]
 __se_sys_getsockopt net/socket.c:2390 [inline]
 __x64_sys_getsockopt+0x233/0x310 net/socket.c:2390
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3e4b7906aa
RSP: 002b:00007ffd699af0c8 EFLAGS: 00000216 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 00007ffd699af150 RCX: 00007f3e4b7906aa
RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000003 R08: 00007ffd699af0ec R09: 00007ffd699af507
R10: 00007ffd699af150 R11: 0000000000000216 R12: 00007f3e4b980e40
R13: 00007ffd699af0ec R14: 0000000000000000 R15: 00007f3e4b983000
 </TASK>
task:syz-executor    state:R  running task     stack:20152 pid:5859  tgid:5859  ppid:5853   task_flags:0x400140 flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 preempt_schedule_notrace+0x103/0x140 kernel/sched/core.c:7040
 preempt_schedule_notrace_thunk+0x16/0x30 arch/x86/entry/thunk.S:13
 rcu_is_watching+0x7e/0xb0 kernel/rcu/tree.c:737
 rcu_read_unlock include/linux/rcupdate.h:869 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0x1a5b/0x23b0 arch/x86/kernel/unwind_orc.c:680
 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 save_stack+0xfc/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x76/0x1e0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 __free_frozen_pages+0xde8/0x10a0 mm/page_alloc.c:2725
 discard_slab mm/slub.c:2730 [inline]
 __put_partials+0x160/0x1c0 mm/slub.c:3199
 put_cpu_partial+0x17e/0x250 mm/slub.c:3274
 __slab_free+0x294/0x390 mm/slub.c:4526
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4161 [inline]
 slab_alloc_node mm/slub.c:4210 [inline]
 __do_kmalloc_node mm/slub.c:4340 [inline]
 __kmalloc_noprof+0x238/0x4d0 mm/slub.c:4353
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kmalloc_array_noprof include/linux/slab.h:948 [inline]
 security_inode_init_security+0x12e/0x490 security/security.c:1829
 shmem_mknod+0x1ff/0x3d0 mm/shmem.c:3848
 shmem_mkdir+0x33/0x70 mm/shmem.c:3907
 vfs_mkdir+0x2fb/0x500 fs/namei.c:4359
 do_mkdirat+0x273/0x3f0 fs/namei.c:4392
 __do_sys_mkdirat fs/namei.c:4409 [inline]
 __se_sys_mkdirat fs/namei.c:4407 [inline]
 __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4407
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f652038d1d7
RSP: 002b:00007ffe10e8ad38 EFLAGS: 00000202 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007ffe10e8ad90 RCX: 00007f652038d1d7
RDX: 00000000000001ff RSI: 00007ffe10e8ad90 RDI: 00000000ffffff9c
RBP: 00007ffe10e8ad7c R08: 0000000000000004 R09: 00007ffe10e8aad6
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000016
R13: 0000000000000063 R14: 0000000000035786 R15: 00007ffe10e8add0
 </TASK>
task:syslogd         state:R  running task     stack:23624 pid:5190  tgid:5190  ppid:1      task_flags:0x400000 flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 preempt_schedule_irq+0xfe/0x1c0 kernel/sched/core.c:7090
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:218 [inline]
RIP: 0010:unwind_next_frame+0x25b/0x23b0 arch/x86/kernel/unwind_orc.c:494
Code: 91 48 89 d8 48 c1 e8 03 42 0f b6 04 28 84 c0 4d 89 ef 0f 85 44 1b 00 00 44 8b 2b 89 e8 ff c0 48 8d 1c 85 a4 cb 92 91 48 89 d8 <48> c1 e8 03 42 0f b6 04 38 84 c0 0f 85 3e 1b 00 00 44 8b 03 41 ff
RSP: 0018:ffffc9000f70f688 EFLAGS: 00000202
RAX: ffffffff919753fc RBX: ffffffff919753fc RCX: 00000000000b33b4
RDX: 0000000000000000 RSI: ffffffff8ca1b6a0 RDI: ffffffff8ca1b660
RBP: 0000000000012215 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff822215e3
R13: 000000000003558c R14: 00000000000b33b4 R15: dffffc0000000000
 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 save_stack+0xfc/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x76/0x1e0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 __free_frozen_pages+0xde8/0x10a0 mm/page_alloc.c:2725
 discard_slab mm/slub.c:2730 [inline]
 __put_partials+0x160/0x1c0 mm/slub.c:3199
 put_cpu_partial+0x17e/0x250 mm/slub.c:3274
 __slab_free+0x294/0x390 mm/slub.c:4526
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4161 [inline]
 slab_alloc_node mm/slub.c:4210 [inline]
 kmem_cache_alloc_noprof+0x1e1/0x390 mm/slub.c:4217
 getname_flags+0xb7/0x530 fs/namei.c:146
 getname include/linux/fs.h:2852 [inline]
 do_sys_openat2+0xbf/0x1d0 fs/open.c:1423
 do_sys_open fs/open.c:1444 [inline]
 __do_sys_openat fs/open.c:1460 [inline]
 __se_sys_openat fs/open.c:1455 [inline]
 __x64_sys_openat+0x249/0x2a0 fs/open.c:1455
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7b8df7c9a4
RSP: 002b:00007fffb9ed86b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000563d917dc910 RCX: 00007f7b8df7c9a4
RDX: 0000000000000d41 RSI: 00007f7b8e11b443 RDI: 00000000ffffff9c
RBP: 00007f7b8e11b443 R08: 0000000000000001 R09: 0000000000000000
R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000d41
R13: 00000000680a6a52 R14: 0000000000000004 R15: 0000563d917dca60
 </TASK>
task:syz.2.109       state:R  running task     stack:23960 pid:6353  tgid:6352  ppid:5866   task_flags:0x40054c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 preempt_schedule_irq+0xfe/0x1c0 kernel/sched/core.c:7090
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x167/0x2f0 arch/x86/include/asm/irqflags.h:-1
Code: c7 44 24 10 00 00 00 00 9c 8f 44 24 10 f7 44 24 10 00 02 00 00 0f 85 fd 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 65 48 8b 45 00 <48> 3b 44 24 38 0f 85 72 01 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e
RSP: 0018:ffffc900044873e8 EFLAGS: 00000206
RAX: a748392d96d9b100 RBX: ffffffff8ed3df20 RCX: a748392d96d9b100
RDX: 0000000000000001 RSI: ffffffff8e4db4fd RDI: ffffffff8ca1b6c0
RBP: ffffffff93686020 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000002 R14: 0000000000000246 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xd5/0x23b0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 save_stack+0xfc/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x76/0x1e0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 __free_frozen_pages+0xde8/0x10a0 mm/page_alloc.c:2725
 vfree+0x1c3/0x360 mm/vmalloc.c:3383
 kcov_put kernel/kcov.c:439 [inline]
 kcov_close+0x28/0x50 kernel/kcov.c:535
 __fput+0x3eb/0x9f0 fs/file_table.c:465
 task_work_run+0x253/0x310 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xa11/0x27f0 kernel/exit.c:953
 do_group_exit+0x207/0x2c0 kernel/exit.c:1102
 get_signal+0x1696/0x1730 kernel/signal.c:3034
 arch_do_signal_or_restart+0x98/0x810 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x210 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc30838e969
RSP: 002b:00007fc3091dffe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
RAX: fffffffffffffff4 RBX: 00007fc3085b5fa0 RCX: 00007fc30838e969
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000
RBP: 00007fc308410ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc3085b5fa0 R15: 00007ffc25adce38
 </TASK>
task:syz-executor    state:R  running task     stack:20520 pid:5872  tgid:5872  ppid:1      task_flags:0x40054c flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 preempt_schedule_common+0x84/0xd0 kernel/sched/core.c:6947
 preempt_schedule+0xe4/0xf0 kernel/sched/core.c:6971
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3e/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 zap_pte_range mm/memory.c:1761 [inline]
 zap_pmd_range mm/memory.c:1823 [inline]
 zap_pud_range mm/memory.c:1852 [inline]
 zap_p4d_range mm/memory.c:1873 [inline]
 unmap_page_range+0x39c5/0x44d0 mm/memory.c:1894
 unmap_vmas+0x3ce/0x5f0 mm/memory.c:1984
 exit_mmap+0x2bc/0xde0 mm/mmap.c:1284
 __mmput+0x115/0x420 kernel/fork.c:1379
 exit_mm+0x221/0x310 kernel/exit.c:589
 do_exit+0x994/0x27f0 kernel/exit.c:940
 do_group_exit+0x207/0x2c0 kernel/exit.c:1102
 get_signal+0x1696/0x1730 kernel/signal.c:3034
 arch_do_signal_or_restart+0x98/0x810 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x210 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f68bb9c1225
RSP: 002b:00007ffcee38adb0 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: 0000000000000000 RBX: 0000000000000047 RCX: 00007f68bb9c1225
RDX: 00007ffcee38adf0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffcee38ae5c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000019
R13: 000000000000004b R14: 0000000000031df3 R15: 00007ffcee38aeb0
 </TASK>
task:klogd           state:R  running task     stack:23624 pid:5197  tgid:5197  ppid:1      task_flags:0x400100 flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 preempt_schedule_irq+0xfe/0x1c0 kernel/sched/core.c:7090
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:unwind_next_frame+0x545/0x23b0 arch/x86/kernel/unwind_orc.c:512
Code: 04 28 84 c0 0f 85 1d 17 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 28 84 c0 4c 8b b4 24 80 00 00 00 0f 85 21 17 00 00 41 0f b7 1f <c1> eb 0b 80 e3 01 48 8b 44 24 20 42 0f b6 04 28 84 c0 0f 85 24 17
RSP: 0018:ffffc9000f6ff0a8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000215 RCX: ffffffff90c9d2e4
RDX: ffffffff916cfcc6 RSI: ffffffff8ca1b6a0 RDI: ffffffff8ca1b660
RBP: ffffffff916cfccc R08: 0000000000000002 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000f6ff180
R13: dffffc0000000000 R14: ffffc9000f6ff1b8 R15: ffffffff916cfcd0
 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 save_stack+0xfc/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x76/0x1e0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 __free_frozen_pages+0xde8/0x10a0 mm/page_alloc.c:2725
 discard_slab mm/slub.c:2730 [inline]
 __put_partials+0x160/0x1c0 mm/slub.c:3199
 put_cpu_partial+0x17e/0x250 mm/slub.c:3274
 __slab_free+0x294/0x390 mm/slub.c:4526
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4161 [inline]
 slab_alloc_node mm/slub.c:4210 [inline]
 __do_kmalloc_node mm/slub.c:4340 [inline]
 __kmalloc_node_track_caller_noprof+0x23a/0x4d0 mm/slub.c:4360
 kmalloc_reserve+0x111/0x2a0 net/core/skbuff.c:599
 __alloc_skb+0x1f2/0x480 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1340 [inline]
 alloc_skb_with_frags+0xc3/0x830 net/core/skbuff.c:6639
 sock_alloc_send_pskb+0x91c/0xa70 net/core/sock.c:2954
 unix_dgram_sendmsg+0x6d4/0x1ea0 net/unix/af_unix.c:2007
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x223/0x270 net/socket.c:727
 __sys_sendto+0x365/0x4c0 net/socket.c:2180
 __do_sys_sendto net/socket.c:2187 [inline]
 __se_sys_sendto net/socket.c:2183 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2183
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f086ba5f9b5
RSP: 002b:00007ffdf1219108 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f086ba5f9b5
RDX: 00000000000000a1 RSI: 00005576b9c1c3e0 RDI: 0000000000000003
RBP: 00005576b9c15910 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000013
R13: 00007f086bbed212 R14: 00007ffdf1219208 R15: 0000000000000000
 </TASK>
task:kworker/u8:13   state:R  running task     stack:18872 pid:6176  tgid:6176  ppid:2      task_flags:0x24248060 flags:0x00004000
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 preempt_schedule_irq+0xfe/0x1c0 kernel/sched/core.c:7090
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:trace_lock_release include/trace/events/lock.h:69 [inline]
RIP: 0010:lock_release+0x50/0x3e0 kernel/locking/lockdep.c:5877
Code: 24 28 0f 1f 44 00 00 65 8b 05 d0 e7 c9 11 83 f8 08 0f 83 93 02 00 00 89 c0 48 0f a3 05 f9 6f c1 0e 73 16 e8 52 b5 09 00 84 c0 <75> 0d f6 05 5d 56 ab 0e 01 0f 84 b1 02 00 00 83 3d ca 9e c1 0e 00
RSP: 0018:ffffc90004d6de00 EFLAGS: 00000202
RAX: 0000000000000001 RBX: ffffffff93686020 RCX: ffff88807ea51e00
RDX: dffffc0000000000 RSI: ffffffff8ca1b6a0 RDI: ffffffff8ca1b660
RBP: ffffffff816d9bc8 R08: ffffc90004d6e1f0 R09: ffffc90004d6df90
R10: dffffc0000000000 R11: fffff520009adbf4 R12: ffffc90004d6df50
R13: dffffc0000000000 R14: ffffc90004d6e200 R15: ffffffff8ed3df20
 rcu_lock_release include/linux/rcupdate.h:341 [inline]
 rcu_read_unlock include/linux/rcupdate.h:871 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0x1a9f/0x23b0 arch/x86/kernel/unwind_orc.c:680
 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 save_stack+0xfc/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x76/0x1e0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 __free_frozen_pages+0xde8/0x10a0 mm/page_alloc.c:2725
 discard_slab mm/slub.c:2730 [inline]
 __put_partials+0x160/0x1c0 mm/slub.c:3199
 put_cpu_partial+0x17e/0x250 mm/slub.c:3274
 __slab_free+0x294/0x390 mm/slub.c:4526
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4161 [inline]
 slab_alloc_node mm/slub.c:4210 [inline]
 kmem_cache_alloc_noprof+0x1e1/0x390 mm/slub.c:4217
 ext4_mb_new_blocks+0x667/0x4e10 fs/ext4/mballoc.c:6195
 ext4_ext_map_blocks+0x1c09/0x7d80 fs/ext4/extents.c:4379
 ext4_map_create_blocks fs/ext4/inode.c:520 [inline]
 ext4_map_blocks+0x91b/0x1920 fs/ext4/inode.c:706
 mpage_map_one_extent fs/ext4/inode.c:2224 [inline]
 mpage_map_and_submit_extent fs/ext4/inode.c:2277 [inline]
 ext4_do_writepages+0x221d/0x3e50 fs/ext4/inode.c:2739
 ext4_writepages+0x26f/0x450 fs/ext4/inode.c:2829
 do_writepages+0x366/0x890 mm/page-writeback.c:2656
 __writeback_single_inode+0x14f/0x10d0 fs/fs-writeback.c:1680
 writeback_sb_inodes+0x822/0x1360 fs/fs-writeback.c:1976
 __writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:2047
 wb_writeback+0x429/0xb90 fs/fs-writeback.c:2158
 wb_check_old_data_flush fs/fs-writeback.c:2262 [inline]
 wb_do_writeback fs/fs-writeback.c:2315 [inline]
 wb_workfn+0xbbc/0x10b0 fs/fs-writeback.c:2343
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xac5/0x18e0 kernel/workqueue.c:3319
 worker_thread+0x870/0xd50 kernel/workqueue.c:3400
 kthread+0x7b9/0x940 kernel/kthread.c:464
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: rcu_preempt kthread starved for 2822 jiffies! g13253 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:26376 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 schedule_timeout+0x15b/0x2b0 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x2e1/0x1340 kernel/rcu/tree.c:2046
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2248
 kthread+0x7b9/0x940 kernel/kthread.c:464
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:81
Code: 7e 9f e0 f4 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 53 6e 18 00 f3 0f 1e fa fb f4 <e9> 53 9f e0 f4 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000197dc0 EFLAGS: 00000286
RAX: 989d8ae3c2943900 RBX: ffffffff8197272e RCX: ffffffff8c2fc89c
RDX: 0000000000000001 RSI: ffffffff8e649830 RDI: ffffffff8ca1b6c0
RBP: ffffc90000197f20 R08: ffff8880b8732b5b R09: 1ffff110170e656b
R10: dffffc0000000000 R11: ffffed10170e656c R12: 1ffff92000032fd2
R13: 1ffff11003ad9b40 R14: 0000000000000001 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88812509a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcb8edfbec8 CR3: 000000002fba2000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:748
 default_idle_call+0x74/0xb0 kernel/sched/idle.c:117
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x22e/0x5d0 kernel/sched/idle.c:325
 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:423
 start_secondary+0xfe/0x100 arch/x86/kernel/smpboot.c:315
 common_startup_64+0x13e/0x147
 </TASK>
net_ratelimit: 15516 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:22:7b:45:88:89:b8, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:22:7b:45:88:89:b8, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 15549 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:22:7b:45:88:89:b8, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:22:7b:45:88:89:b8, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 3400 Comm: kworker/R-bat_e Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: bat_events batadv_tt_purge
RIP: 0010:unwind_next_frame+0x1aae/0x23b0 arch/x86/kernel/unwind_orc.c:680
Code: 48 c7 c2 e0 22 48 8c e8 40 e0 30 00 48 c7 c7 20 df d3 8e 4c 89 fe e8 81 c2 30 00 e8 1c 45 3b 00 89 e8 48 81 c4 a0 00 00 00 5b <41> 5c 41 5d 41 5e 41 5f 5d e9 3f 8b a2 ff 4d 89 f5 4c 89 f5 4c 89
RSP: 0018:ffffc90000a072f0 EFLAGS: 00000286
RAX: 0000000000000001 RBX: ffffc90000a07320 RCX: 0000000000000005
RDX: dffffc0000000000 RSI: ffffffff8e4db4fd RDI: ffffffff8ca1b6c0
RBP: dffffc0000000001 R08: ffffc90000a07fa8 R09: ffffc90000a07370
R10: dffffc0000000000 R11: fffff52000140e70 R12: ffffc90000a07330
R13: dffffc0000000000 R14: ffffc90000a07fb8 R15: ffffffff816d9bc8
FS:  0000000000000000(0000) GS:ffff88812509a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcb8edfbec8 CR3: 000000006c37e000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2398 [inline]
 slab_free mm/slub.c:4656 [inline]
 kmem_cache_free+0x197/0x410 mm/slub.c:4758
 br_nf_dev_queue_xmit+0x4cb/0x2560 net/bridge/br_netfilter_hooks.c:-1
 NF_HOOK+0x6c1/0x780 include/linux/netfilter.h:314
 br_nf_post_routing+0xa28/0xe80 net/bridge/br_netfilter_hooks.c:969
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_slow+0xca/0x220 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:269 [inline]
 NF_HOOK+0x2ac/0x460 include/linux/netfilter.h:312
 br_forward_finish+0xd8/0x130 net/bridge/br_forward.c:66
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline]
 br_nf_forward_finish+0xb50/0xfb0 net/bridge/br_netfilter_hooks.c:665
 NF_HOOK+0x6c1/0x780 include/linux/netfilter.h:314
 br_nf_forward_ip+0x61e/0x7b0 net/bridge/br_netfilter_hooks.c:719
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_slow+0xca/0x220 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:269 [inline]
 NF_HOOK+0x2ac/0x460 include/linux/netfilter.h:312
 __br_forward+0x46a/0x640 net/bridge/br_forward.c:115
 br_handle_frame_finish+0x185b/0x1f60 net/bridge/br_input.c:220
 br_nf_hook_thresh+0x484/0x5a0 net/bridge/br_netfilter_hooks.c:1170
 br_nf_pre_routing_finish_ipv6+0xaa3/0xdd0 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_nf_pre_routing_ipv6+0x397/0x790 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:282 [inline]
 br_handle_frame+0x9fc/0x1530 net/bridge/br_input.c:433
 __netif_receive_skb_core+0x155c/0x4bb0 net/core/dev.c:5773
 __netif_receive_skb_one_core net/core/dev.c:5885 [inline]
 __netif_receive_skb+0x130/0x670 net/core/dev.c:6000
 process_backlog+0x664/0x15c0 net/core/dev.c:6352
 __napi_poll+0xcd/0x480 net/core/dev.c:7324
 napi_poll net/core/dev.c:7388 [inline]
 net_rx_action+0x89d/0x1240 net/core/dev.c:7510
 handle_softirqs+0x2d8/0x9b0 kernel/softirq.c:579
 do_softirq+0x11f/0x1e0 kernel/softirq.c:480
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x1be/0x200 kernel/softirq.c:407
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_tt_local_purge+0x2a0/0x340 net/batman-adv/translation-table.c:1315
 batadv_tt_purge+0x35/0xa40 net/batman-adv/translation-table.c:3509
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xac5/0x18e0 kernel/workqueue.c:3319
 rescuer_thread+0x662/0x1020 kernel/workqueue.c:3496
 kthread+0x7b9/0x940 kernel/kthread.c:464
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>