rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P28681/1:b..l P5737/1:b..l P2/1:b..l P4976/1:b..l P31448/1:b..l P2652/1:b..l
rcu: 	(detected by 1, t=10504 jiffies, g=249453, q=1607 ncpus=2)
task:syz-executor    state:R  running task     stack:28480 pid:2652  tgid:2652  ppid:29438  task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x17d9/0x56c0 kernel/sched/core.c:7228
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7552
 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
 irqentry_exit+0x14f/0x8f0 kernel/entry/common.c:167
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
RIP: 0010:on_stack arch/x86/include/asm/stacktrace.h:58 [inline]
RIP: 0010:stack_access_ok arch/x86/kernel/unwind_orc.c:409 [inline]
RIP: 0010:deref_stack_reg arch/x86/kernel/unwind_orc.c:419 [inline]
RIP: 0010:unwind_next_frame+0xba9/0x2550 arch/x86/kernel/unwind_orc.c:614
Code: ff df 48 8b 4c 24 10 0f b6 04 01 84 c0 0f 85 3b 14 00 00 41 83 3e 00 0f 95 c0 49 39 d7 0f 96 c1 20 c1 49 39 d5 0f 97 c0 20 c8 <3c> 01 75 18 48 8d 42 08 4c 39 f8 0f 97 c1 4c 39 e8 0f 96 c0 84 c1
RSP: 0018:ffffc90006a77748 EFLAGS: 00000202
RAX: 0000000000000001 RBX: 1ffff92000d4ef0a RCX: 1ffff92000d4ef01
RDX: ffffc90006a778d8 RSI: 0000000000000002 RDI: ffffc90006a77858
RBP: 1ffffffff21896c3 R08: ffffc90006a778e0 R09: 0000000000000000
R10: ffffc90006a77898 R11: fffff52000d4ef15 R12: 1ffff92000d4ef0b
R13: ffffc90006a78000 R14: ffffc90006a77848 R15: ffffc90006a70000
 __unwind_start+0x514/0x660 arch/x86/kernel/unwind_orc.c:787
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0xe3/0x150 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 save_stack+0x122/0x230 mm/page_owner.c:165
 __reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1397 [inline]
 __free_frozen_pages+0xc0d/0xd20 mm/page_alloc.c:2938
 __slab_free+0x274/0x2c0 mm/slub.c:5672
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x99/0x100 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x22/0xb0 mm/kasan/common.c:406
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __do_kmalloc_node mm/slub.c:5334 [inline]
 __kmalloc_node_track_caller_noprof+0x4d7/0x7b0 mm/slub.c:5438
 kmemdup_noprof+0x2b/0x70 mm/util.c:138
 kmemdup_noprof include/linux/fortify-string.h:763 [inline]
 shmem_symlink+0x19f/0x460 mm/shmem.c:4108
 vfs_symlink+0x18b/0x330 fs/namei.c:5656
 filename_symlinkat+0x1cd/0x410 fs/namei.c:5681
 __do_sys_symlinkat fs/namei.c:5701 [inline]
 __se_sys_symlinkat+0x4e/0x2b0 fs/namei.c:5696
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc382d9bf17
RSP: 002b:00007ffcf1d19ba8 EFLAGS: 00000202 ORIG_RAX: 000000000000010a
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc382d9bf17
RDX: 00007fc382e33e28 RSI: 00000000ffffff9c RDI: 00007ffcf1d19c40
RBP: 00007ffcf1d19bec R08: 0000000000000001 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000145
R13: 00000000000927c0 R14: 00000000001e47e2 R15: 00007ffcf1d19c40
 </TASK>
task:syz-executor    state:R  running task     stack:22920 pid:31448 tgid:31448 ppid:31433  task_flags:0x400140 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x17d9/0x56c0 kernel/sched/core.c:7228
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7552
 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
 irqentry_exit+0x14f/0x8f0 kernel/entry/common.c:167
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
RIP: 0010:on_stack arch/x86/include/asm/stacktrace.h:56 [inline]
RIP: 0010:stack_access_ok arch/x86/kernel/unwind_orc.c:409 [inline]
RIP: 0010:deref_stack_reg arch/x86/kernel/unwind_orc.c:419 [inline]
RIP: 0010:unwind_next_frame+0xb64/0x2550 arch/x86/kernel/unwind_orc.c:614
Code: 00 74 09 e8 ee 9d ba 00 4c 8b 04 24 4d 8b 7e 08 49 8d 7e 10 49 89 fc 49 c1 ec 03 48 b8 00 00 00 00 00 fc ff df 41 80 3c 04 00 <74> 09 e8 c5 9d ba 00 4c 8b 04 24 49 8d 50 f8 4d 8b 6e 10 48 b8 00
RSP: 0018:ffffc9000447f460 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 1ffff9200088fea2 RCX: ffffffff90544528
RDX: ffffffff90d5103c RSI: 0000000000000002 RDI: ffffc9000447f518
RBP: 1ffffffff21aa207 R08: ffffc9000447fa20 R09: 0000000000000000
R10: ffffc9000447f558 R11: ffffffff81b10630 R12: 1ffff9200088fea3
R13: ffffffff90d51038 R14: ffffc9000447f508 R15: ffffc90004478000
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 save_stack+0x122/0x230 mm/page_owner.c:165
 __reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1397 [inline]
 __free_frozen_pages+0xc0d/0xd20 mm/page_alloc.c:2938
 __slab_free+0x274/0x2c0 mm/slub.c:5672
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x99/0x100 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4610 [inline]
 slab_alloc_node mm/slub.c:4939 [inline]
 kmem_cache_alloc_noprof+0x2b8/0x650 mm/slub.c:4946
 lsm_file_alloc security/security.c:171 [inline]
 security_file_alloc+0x34/0x310 security/security.c:2406
 init_file+0x90/0x2b0 fs/file_table.c:184
 alloc_empty_file+0x74/0x1d0 fs/file_table.c:266
 path_openat+0x8f/0x3830 fs/namei.c:4845
 do_file_open+0x23e/0x4a0 fs/namei.c:4888
 do_sys_openat2+0x115/0x200 fs/open.c:1395
 do_sys_open fs/open.c:1401 [inline]
 __do_sys_openat fs/open.c:1417 [inline]
 __se_sys_openat fs/open.c:1412 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1412
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7dd339c17c
RSP: 002b:00007ffd225c7190 EFLAGS: 00000206 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f7dd34322ca RCX: 00007f7dd339c17c
RDX: 0000000000090800 RSI: 00007ffd225c8340 RDI: 00000000ffffff9c
RBP: 00007ffd225c832c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffd225c8340
R13: 00007f7dd34322ca R14: 00000000001e4839 R15: 00007ffd225c8380
 </TASK>
task:klogd           state:R  running task     stack:24504 pid:4976  tgid:4976  ppid:1      task_flags:0x400100 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x17d9/0x56c0 kernel/sched/core.c:7228
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7552
 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
 irqentry_exit+0x14f/0x8f0 kernel/entry/common.c:167
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
RIP: 0010:unwind_next_frame+0x497/0x2550 arch/x86/kernel/unwind_orc.c:520
Code: 20 84 c0 0f 85 b4 19 00 00 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 bf 19 00 00 0f b6 43 01 83 e0 07 0f 84 7c 16 00 00 <83> f8 01 4c 8b 6c 24 50 49 bc 00 00 00 00 00 fc ff df 4c 8b 7c 24
RSP: 0018:ffffc9000251f340 EFLAGS: 00000202
RAX: 0000000000000002 RBX: ffffffff914b4a94 RCX: ffffffff90a316b8
RDX: ffffffff914b4a90 RSI: ffffffff914b4a84 RDI: ffffffff8c2910c0
RBP: ffffffff896fa3f5 R08: 0000000000000003 R09: 0000000000000000
R10: ffffc9000251f438 R11: ffffffff81b10630 R12: dffffc0000000000
R13: ffffffff914b4a95 R14: ffffc9000251f3e8 R15: ffffffff90a316b8
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 save_stack+0x122/0x230 mm/page_owner.c:165
 __reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1397 [inline]
 __free_frozen_pages+0xc0d/0xd20 mm/page_alloc.c:2938
 __slab_free+0x274/0x2c0 mm/slub.c:5672
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x99/0x100 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x22/0xb0 mm/kasan/common.c:406
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __do_kmalloc_node mm/slub.c:5334 [inline]
 __kmalloc_node_track_caller_noprof+0x4d7/0x7b0 mm/slub.c:5438
 kmalloc_reserve net/core/skbuff.c:637 [inline]
 __alloc_skb+0x2bd/0x7a0 net/core/skbuff.c:715
 alloc_skb include/linux/skbuff.h:1386 [inline]
 alloc_skb_with_frags+0xc6/0x760 net/core/skbuff.c:6769
 sock_alloc_send_pskb+0x878/0x990 net/core/sock.c:3010
 unix_dgram_sendmsg+0x4da/0x17b0 net/unix/af_unix.c:2136
 sock_sendmsg_nosec net/socket.c:775 [inline]
 __sock_sendmsg net/socket.c:790 [inline]
 __sys_sendto+0x626/0x6c0 net/socket.c:2252
 __do_sys_sendto net/socket.c:2259 [inline]
 __se_sys_sendto net/socket.c:2255 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2255
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0bfb685407
RSP: 002b:00007ffc8bbd8330 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f0bfb535c80 RCX: 00007f0bfb685407
RDX: 00000000000000a0 RSI: 00007ffc8bbd8470 RDI: 0000000000000003
RBP: 00007ffc8bbd88a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000004000 R11: 0000000000000202 R12: 00007ffc8bbd88b8
R13: 00007ffc8bbd8470 R14: 0000000000000085 R15: 00007ffc8bbd8470
 </TASK>
task:kthreadd        state:R  running task     stack:26504 pid:2     tgid:2     ppid:0      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x17d9/0x56c0 kernel/sched/core.c:7228
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7552
 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
 irqentry_exit+0x14f/0x8f0 kernel/entry/common.c:167
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:231 [inline]
RIP: 0010:unwind_next_frame+0x243/0x2550 arch/x86/kernel/unwind_orc.c:510
Code: 0f b6 04 18 84 c0 0f 85 66 1d 00 00 45 8b 04 24 41 ff c0 4a 8d 04 6d 00 00 00 00 4c 01 e8 48 8d 34 45 98 a7 bc 90 4b 8d 04 40 <48> 8d 04 45 98 a7 bc 90 48 3d e6 a3 71 91 0f 97 c0 48 81 fe e6 a3
RSP: 0018:ffffc90000077300 EFLAGS: 00000202
RAX: 000000000004cbbd RBX: dffffc0000000000 RCX: 0000000080000000
RDX: 00000000000aabb9 RSI: ffffffff90c63ee8 RDI: ffffffff8c2910c0
RBP: ffffffff81859c6e R08: 000000000001993f R09: 0000000000000000
R10: ffffc900000773f8 R11: ffffffff81b10630 R12: ffffffff9173ba5c
R13: 0000000000019938 R14: ffffc900000773a8 R15: 000000000000859c
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 save_stack+0x122/0x230 mm/page_owner.c:165
 __reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1397 [inline]
 __free_frozen_pages+0xc0d/0xd20 mm/page_alloc.c:2938
 __slab_free+0x274/0x2c0 mm/slub.c:5672
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x99/0x100 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4610 [inline]
 slab_alloc_node mm/slub.c:4939 [inline]
 __do_kmalloc_node mm/slub.c:5333 [inline]
 __kmalloc_noprof+0x312/0x750 mm/slub.c:5347
 _kmalloc_noprof include/linux/slab.h:973 [inline]
 _kzalloc_noprof include/linux/slab.h:1286 [inline]
 lsm_blob_alloc security/security.c:218 [inline]
 lsm_cred_alloc security/security.c:235 [inline]
 security_prepare_creds+0x52/0x360 security/security.c:2866
 prepare_creds+0x57d/0x820 kernel/cred.c:215
 copy_creds+0x109/0x9f0 kernel/cred.c:286
 copy_process+0xd10/0x42e0 kernel/fork.c:2147
 kernel_clone+0x2d7/0x940 kernel/fork.c:2745
 kernel_thread+0x13f/0x1b0 kernel/fork.c:2806
 create_kthread kernel/kthread.c:459 [inline]
 kthreadd+0x4ec/0x6e0 kernel/kthread.c:817
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
task:kworker/u8:0    state:R  running task     stack:22648 pid:5737  tgid:5737  ppid:2      task_flags:0x4208160 flags:0x00080000
Workqueue: krds_cp_wq#22/0 rds_connect_worker
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x17d9/0x56c0 kernel/sched/core.c:7228
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7552
 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
 irqentry_exit+0x14f/0x8f0 kernel/entry/common.c:167
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
RIP: 0010:unwind_next_frame+0xd04/0x2550 arch/x86/kernel/unwind_orc.c:-1
Code: 38 4c 8b 6c 24 18 74 08 48 89 df e8 36 9d ba 00 48 8b 04 24 48 89 03 ba 10 00 00 00 49 8d 5e 50 48 89 df 31 f6 e8 fc 9e ba 00 <48> 8b 54 24 08 e9 c7 04 00 00 48 89 5c 24 48 49 8d 7e 08 48 89 fb
RSP: 0018:ffffc90004d57240 EFLAGS: 00000246
RAX: ffffc90004d57338 RBX: ffffc90004d57338 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90004d57348
RBP: 1ffffffff218e2c0 R08: ffffc90004d57347 R09: 0000000000000000
R10: ffffc90004d57338 R11: fffff520009aae69 R12: dffffc0000000000
R13: ffffffff90c715fe R14: ffffc90004d572e8 R15: ffffc90004d57330
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 save_stack+0x122/0x230 mm/page_owner.c:165
 __reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1397 [inline]
 __free_frozen_pages+0xc0d/0xd20 mm/page_alloc.c:2938
 __slab_free+0x274/0x2c0 mm/slub.c:5672
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x99/0x100 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x22/0xb0 mm/kasan/common.c:406
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __do_kmalloc_node mm/slub.c:5334 [inline]
 __kmalloc_noprof+0x358/0x750 mm/slub.c:5347
 _kmalloc_noprof include/linux/slab.h:973 [inline]
 _kzalloc_noprof include/linux/slab.h:1286 [inline]
 lsm_blob_alloc security/security.c:218 [inline]
 lsm_sock_alloc security/security.c:4478 [inline]
 security_sk_alloc+0x52/0x360 security/security.c:4494
 sk_prot_alloc+0x101/0x210 net/core/sock.c:2255
 sk_alloc+0x3a/0x390 net/core/sock.c:2308
 inet_create+0x7a9/0xff0 net/ipv4/af_inet.c:333
 __sock_create+0x4b3/0x9d0 net/socket.c:1651
 rds_tcp_conn_path_connect+0x2d8/0x920 net/rds/tcp_connect.c:-1
 rds_connect_worker+0x1d8/0x290 net/rds/threads.c:176
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xa8e/0x14e0 kernel/workqueue.c:3397
 worker_thread+0xa47/0xfb0 kernel/workqueue.c:3478
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
task:kworker/u8:3    state:R  running task     stack:22648 pid:28681 tgid:28681 ppid:2      task_flags:0x4208160 flags:0x00080000
Workqueue: krds_cp_wq#8/0 rds_connect_worker
Call Trace:
 <TASK>
 </TASK>
rcu: rcu_preempt kthread starved for 8677 jiffies! g249453 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27880 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x17d9/0x56c0 kernel/sched/core.c:7228
 __schedule_loop kernel/sched/core.c:7307 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7322
 schedule_timeout+0x152/0x2c0 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x30c/0x11f0 kernel/rcu/tree.c:2123
 rcu_gp_kthread+0x9e/0x2b0 kernel/rcu/tree.c:2325
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 3195 Comm: kworker/R-ipv6_ Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:kernel_text_address+0x0/0xe0 kernel/extable.c:95
Code: c1 48 81 fb 90 9b b4 91 0f 92 c2 20 ca 08 c2 0f b6 c2 5b e9 02 63 1b 0a cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <0f> 1f 40 d6 55 41 56 53 48 81 ff 00 00 00 81 0f 93 c0 48 81 ff d0
RSP: 0018:ffffc90000006b10 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffffff8a78bbb4 RCX: 0000000080000102
RDX: ffffc90000006b01 RSI: ffffffff8c291100 RDI: ffffffff8a78bbb4
RBP: ffffc90000006bd0 R08: ffffc90000007330 R09: 0000000000000000
R10: ffffc90000006b98 R11: fffff52000000d75 R12: ffff88803290be00
R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000000d72
FS:  0000000000000000(0000) GS:ffff88812527c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555814484e8 CR3: 000000007dc38000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __kernel_text_address+0xd/0x30 kernel/extable.c:79
 unwind_get_return_address+0x4d/0x90 arch/x86/kernel/unwind_orc.c:385
 arch_stack_walk+0xfb/0x150 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2700 [inline]
 slab_free mm/slub.c:6310 [inline]
 kmem_cache_free+0x182/0x650 mm/slub.c:6437
 skb_ext_reset include/linux/skbuff.h:5119 [inline]
 skb_release_head_state+0x270/0x360 net/core/skbuff.c:1183
 skb_release_all net/core/skbuff.c:1189 [inline]
 __kfree_skb+0x24/0x210 net/core/skbuff.c:1205
 kfree_skb_reason include/linux/skbuff.h:1325 [inline]
 kfree_skb include/linux/skbuff.h:1334 [inline]
 ip6_mc_input+0x909/0xbc0 net/ipv6/ip6_input.c:638
 ip_sabotage_in+0x1e1/0x270 net/bridge/br_netfilter_hooks.c:988
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK+0x21f/0x3c0 include/linux/netfilter.h:316
 __netif_receive_skb_one_core net/core/dev.c:6206 [inline]
 __netif_receive_skb net/core/dev.c:6319 [inline]
 netif_receive_skb_internal net/core/dev.c:6405 [inline]
 netif_receive_skb+0x278/0xbf0 net/core/dev.c:6464
 NF_HOOK+0xa4/0x3a0 include/linux/netfilter.h:318
 br_handle_frame_finish+0x1192/0x1990 net/bridge/br_input.c:-1
 br_nf_hook_thresh+0x3dd/0x4c0 net/bridge/br_netfilter_hooks.c:-1
 br_nf_pre_routing_finish_ipv6+0x90c/0xc40 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x382/0x6f0 net/bridge/br_netfilter_ipv6.c:183
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x127f/0x1510 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x989/0x30b0 net/core/dev.c:6093
 __netif_receive_skb_one_core net/core/dev.c:6204 [inline]
 __netif_receive_skb net/core/dev.c:6319 [inline]
 process_backlog+0x706/0x1860 net/core/dev.c:6670
 __napi_poll+0xaa/0x330 net/core/dev.c:7729
 napi_poll net/core/dev.c:7792 [inline]
 net_rx_action+0x61d/0xf50 net/core/dev.c:7949
 handle_softirqs+0x225/0x840 kernel/softirq.c:622
 do_softirq+0x76/0xd0 kernel/softirq.c:523
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:914 [inline]
 __dev_queue_xmit+0x1ed7/0x37f0 net/core/dev.c:4907
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip6_output+0x337/0x540 net/ipv6/ip6_output.c:246
 dst_output include/net/dst.h:471 [inline]
 NF_HOOK+0x177/0x4f0 include/linux/netfilter.h:318
 mld_sendpack+0x890/0xe10 net/ipv6/mcast.c:1853
 ipv6_mc_dad_complete+0x87/0x540 net/ipv6/mcast.c:2279
 addrconf_dad_completed+0x8af/0xe60 net/ipv6/addrconf.c:4369
 addrconf_dad_work+0xcf8/0x15c0 net/ipv6/addrconf.c:-1
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xa8e/0x14e0 kernel/workqueue.c:3397
 rescuer_thread+0x7b6/0x10b0 kernel/workqueue.c:3621
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
net_ratelimit: 60681 callbacks suppressed
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:36:37:ba:1f:91:49, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:36:37:ba:1f:91:49, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:36:37:ba:1f:91:49, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:36:37:ba:1f:91:49, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)