bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P9887/1:b..l P5730/1:b..l P5626/1:b..l
rcu: (detected by 0, t=10503 jiffies, g=33937, q=431 ncpus=2)
task:syz-executor state:R running task stack:22264 pid:5626 tgid:5626 ppid:5621 task_flags:0x400140 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5388 [inline]
__schedule+0x1821/0x5740 kernel/sched/core.c:7189
preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7513
irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
irqentry_exit+0x14f/0x760 kernel/entry/common.c:164
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_release+0x2d7/0x3c0 kernel/locking/lockdep.c:5893
Code: ec 97 11 00 00 00 00 eb b5 e8 55 5c 07 0a f7 c3 00 02 00 00 74 b9 65 48 8b 05 45 a7 97 11 48 3b 44 24 28 75 44 fb 48 83 c4 30 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 48 8d 3d 62 4d 92
RSP: 0018:ffffc9000429f420 EFLAGS: 00000282
RAX: 3ab9a9c044edaf00 RBX: 0000000000000202 RCX: 0000000000000046
RDX: 0000000000000002 RSI: ffffffff8e22040c RDI: ffffffff8c28b660
RBP: ffff88807a240be0 R08: ffffc9000429f650 R09: 0000000000000000
R10: ffffc9000429f578 R11: fffff52000853eb1 R12: 0000000000000002
R13: 0000000000000002 R14: ffffffff8e95cca0 R15: ffff88807a240000
rcu_lock_release include/linux/rcupdate.h:310 [inline]
rcu_read_unlock include/linux/rcupdate.h:869 [inline]
class_rcu_destructor include/linux/rcupdate.h:1181 [inline]
unwind_next_frame+0x1bba/0x2550 arch/x86/kernel/unwind_orc.c:709
arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
save_stack+0x122/0x230 mm/page_owner.c:165
__reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1402 [inline]
__free_frozen_pages+0xbc7/0xd30 mm/page_alloc.c:2943
__slab_free+0x274/0x2c0 mm/slub.c:5612
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x99/0x100 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
__kasan_kmalloc+0x22/0xb0 mm/kasan/common.c:406
kasan_kmalloc include/linux/kasan.h:263 [inline]
__do_kmalloc_node mm/slub.c:5295 [inline]
__kmalloc_noprof+0x35c/0x760 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
tomoyo_encode2 security/tomoyo/realpath.c:45 [inline]
tomoyo_encode+0x28b/0x550 security/tomoyo/realpath.c:80
tomoyo_realpath_from_path+0x58d/0x5d0 security/tomoyo/realpath.c:283
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_perm+0x283/0x560 security/tomoyo/file.c:827
security_inode_getattr+0x12b/0x310 security/security.c:1895
vfs_getattr fs/stat.c:259 [inline]
vfs_fstat fs/stat.c:281 [inline]
__do_sys_newfstat fs/stat.c:551 [inline]
__se_sys_newfstat fs/stat.c:546 [inline]
__x64_sys_newfstat+0x13b/0x270 fs/stat.c:546
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7f57f9b467
RSP: 002b:00007ffc37612148 EFLAGS: 00000206 ORIG_RAX: 0000000000000005
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f57f9b467
RDX: 0000000000000000 RSI: 00007ffc37612150 RDI: 0000000000000003
RBP: 00007ffc3761333c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffc37613350
R13: 00007f7f580321ca R14: 000000000003384b R15: 00007ffc37613390
task:kworker/0:3 state:R running task stack:25816 pid:5730 tgid:5730 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: events_power_efficient gc_worker
Call Trace:
context_switch kernel/sched/core.c:5388 [inline]
__schedule+0x1821/0x5740 kernel/sched/core.c:7189
preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7513
irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
irqentry_exit+0x14f/0x760 kernel/entry/common.c:164
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_release+0x2d7/0x3c0 kernel/locking/lockdep.c:5893
Code: ec 97 11 00 00 00 00 eb b5 e8 55 5c 07 0a f7 c3 00 02 00 00 74 b9 65 48 8b 05 45 a7 97 11 48 3b 44 24 28 75 44 fb 48 83 c4 30 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 48 8d 3d 62 4d 92
RSP: 0018:ffffc900045ff948 EFLAGS: 00000286
RAX: bdc366259f989300 RBX: 0000000000000202 RCX: 0000000000000046
RDX: 0000000000000002 RSI: ffffffff8e22040c RDI: ffffffff8c28b660
RBP: ffff88801eb76820 R08: ffffffff9030d4f7 R09: 1ffffffff2061a9e
R10: dffffc0000000000 R11: fffffbfff2061a9f R12: 0000000000000002
R13: 0000000000000002 R14: ffffffff8e95cca0 R15: ffff88801eb75c40
rcu_lock_release include/linux/rcupdate.h:310 [inline]
rcu_read_unlock include/linux/rcupdate.h:869 [inline]
gc_worker+0xb4c/0x1290 net/netfilter/nf_conntrack_core.c:1614
process_one_work kernel/workqueue.c:3314 [inline]
process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3397
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3478
kthread+0x389/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
task:sed state:R running task stack:24296 pid:9887 tgid:9887 ppid:9884 task_flags:0x400000 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5388 [inline]
__schedule+0x1821/0x5740 kernel/sched/core.c:7189
preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7513
irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
irqentry_exit+0x14f/0x760 kernel/entry/common.c:164
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__asan_memset+0x8/0x50 mm/kasan/shadow.c:83
Code: 00 e9 5c e5 ff ff 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 41 56 53 <48> 89 d3 89 f5 49 89 fe 48 8b 4c 24 18 48 89 d6 ba 01 00 00 00 e8
RSP: 0018:ffffc9001afaeff8 EFLAGS: 00000246
RAX: 1ffff920035f5e24 RBX: ffffc9001afaf138 RCX: 1ffff920035f5e01
RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffffc9001afaf138
RBP: dffffc0000000000 R08: 0000000000000004 R09: ffffffff8e95cca0
R10: ffffc9001afaf138 R11: ffffffff81b0f020 R12: ffffc9001afaf220
R13: 1ffff920035f5e1f R14: ffffc9001afaf0e8 R15: ffffc9001afaf130
unwind_next_frame+0xf33/0x2550 arch/x86/kernel/unwind_orc.c:621
arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
save_stack+0x122/0x230 mm/page_owner.c:165
__reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1402 [inline]
__free_frozen_pages+0xbc7/0xd30 mm/page_alloc.c:2943
__slab_free+0x274/0x2c0 mm/slub.c:5612
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x99/0x100 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:350
kasan_slab_alloc include/linux/kasan.h:253 [inline]
slab_post_alloc_hook mm/slub.c:4569 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
kmem_cache_alloc_noprof+0x2bc/0x650 mm/slub.c:4905
vm_area_alloc+0x24/0x140 mm/vma_init.c:32
__mmap_new_vma mm/vma.c:2547 [inline]
__mmap_region mm/vma.c:2771 [inline]
mmap_region+0x11c6/0x22a0 mm/vma.c:2857
do_mmap+0xc39/0x10c0 mm/mmap.c:560
vm_mmap_pgoff+0x2c9/0x4f0 mm/util.c:581
ksys_mmap_pgoff+0x51e/0x760 mm/mmap.c:606
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6ec2c99242
RSP: 002b:00007ffd4d83b6c8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f6ec2907000 RCX: 00007f6ec2c99242
RDX: 0000000000000005 RSI: 0000000000037000 RDI: 00007f6ec2907000
RBP: 0000000000000812 R08: 0000000000000003 R09: 0000000000003000
R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffd4d83b718
R13: 00007f6ec29706b0 R14: 00007ffd4d83bb00 R15: 00000fffa9b076dc
rcu: rcu_preempt kthread starved for 8902 jiffies! g33937 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:26784 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5388 [inline]
__schedule+0x1821/0x5740 kernel/sched/core.c:7189
__schedule_loop kernel/sched/core.c:7268 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7283
schedule_timeout+0x158/0x2c0 kernel/time/sleep_timeout.c:99
rcu_gp_fqs_loop+0x312/0x11d0 kernel/rcu/tree.c:2095
rcu_gp_kthread+0x9e/0x2b0 kernel/rcu/tree.c:2297
kthread+0x389/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 8899 Comm: kworker/R-bond1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: bond1 bond_alb_monitor
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:114 [inline]
RIP: 0010:arch_local_irq_save arch/x86/include/asm/irqflags.h:128 [inline]
RIP: 0010:lock_is_held_type+0x4d/0x150 kernel/locking/lockdep.c:5936
Code: 39 8e 90 07 85 c0 0f 85 d5 00 00 00 65 4c 8b 2d 81 48 90 07 41 83 bd 8c 0b 00 00 00 0f 85 bf 00 00 00 89 f5 49 89 fe 9c 41 5c 48 c7 c7 dc 6a fc 8d e8 e6 19 00 00 65 ff 05 ff 8d 90 07 41 83
RSP: 0018:ffffc90000a077b0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00000000ffffffff RCX: ffff888036768000
RDX: 0000000000000100 RSI: 00000000ffffffff RDI: ffffffff8fdd13c0
RBP: 00000000ffffffff R08: ffffc90000a07b20 R09: ffffc90000a07b30
R10: ffffc90000a07980 R11: fffff52000140f32 R12: 0000000000000246
R13: ffff888036768000 R14: ffffffff8fdd13c0 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff888125387000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561cee079a38 CR3: 00000000343ca000 CR4: 00000000003526f0
Call Trace:
lock_is_held include/linux/lockdep.h:249 [inline]
lockdep_rtnl_is_held+0x1b/0x40 net/core/rtnetlink.c:182
__in6_dev_get include/net/addrconf.h:348 [inline]
ip6_ignore_linkdown+0x4f/0x140 include/net/addrconf.h:449
find_match+0x9c/0xb40 net/ipv6/route.c:780
__find_rr_leaf+0x248/0x760 net/ipv6/route.c:868
find_rr_leaf net/ipv6/route.c:889 [inline]
rt6_select net/ipv6/route.c:933 [inline]
fib6_table_lookup+0x3b4/0xa80 net/ipv6/route.c:2251
ip6_pol_route+0x228/0x13d0 net/ipv6/route.c:2287
pol_lookup_func include/net/ip6_fib.h:667 [inline]
fib6_rule_lookup+0x556/0x730 net/ipv6/fib6_rules.c:123
ip6_route_input_lookup net/ipv6/route.c:2356 [inline]
ip6_route_input+0x730/0xad0 net/ipv6/route.c:2659
ip6_rcv_finish+0x141/0x280 net/ipv6/ip6_input.c:117
ip_sabotage_in+0x1e1/0x270 net/bridge/br_netfilter_hooks.c:988
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook include/linux/netfilter.h:273 [inline]
NF_HOOK+0x21f/0x3c0 include/linux/netfilter.h:316
__netif_receive_skb_one_core net/core/dev.c:6202 [inline]
__netif_receive_skb net/core/dev.c:6315 [inline]
netif_receive_skb_internal net/core/dev.c:6401 [inline]
netif_receive_skb+0x278/0xbf0 net/core/dev.c:6460
NF_HOOK+0xa4/0x3a0 include/linux/netfilter.h:318
br_handle_frame_finish+0x1541/0x1c80 net/bridge/br_input.c:-1
br_nf_hook_thresh+0x3dd/0x4c0 net/bridge/br_netfilter_hooks.c:-1
br_nf_pre_routing_finish_ipv6+0x91f/0xc30 net/bridge/br_netfilter_ipv6.c:-1
NF_HOOK include/linux/netfilter.h:318 [inline]
br_nf_pre_routing_ipv6+0x374/0x6f0 net/bridge/br_netfilter_ipv6.c:183
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
br_handle_frame+0x1277/0x1510 net/bridge/br_input.c:442
__netif_receive_skb_core+0x98f/0x3170 net/core/dev.c:6089
__netif_receive_skb_one_core net/core/dev.c:6200 [inline]
__netif_receive_skb net/core/dev.c:6315 [inline]
process_backlog+0x76d/0x1950 net/core/dev.c:6666
__napi_poll+0xae/0x340 net/core/dev.c:7733
napi_poll net/core/dev.c:7796 [inline]
net_rx_action+0x627/0xf70 net/core/dev.c:7953
handle_softirqs+0x22a/0x840 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xca/0x220 kernel/softirq.c:735
irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:188 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:206
Code: 90 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 9a f5 f5 f5 48 89 df e8 a2 6a f6 f5 e8 cd 01 22 f6 fb bf 01 00 00 00 72 e9 e7 f5 65 8b 05 9b 9f 8d 07 85 c0 74 07 5b e9 01 48 00 00
RSP: 0018:ffffc90010667a90 EFLAGS: 00000206
RAX: 00000000003cd29f RBX: ffff88801aea3000 RCX: 0000000080000001
RDX: 0000000000000000 RSI: ffffffff8dface83 RDI: 0000000000000001
RBP: ffffc90010667cb8 R08: ffffffff9030d4f7 R09: 1ffffffff2061a9e
R10: dffffc0000000000 R11: fffffbfff2061a9f R12: 0000000002000000
R13: ffff888079b192f8 R14: dffffc0000000000 R15: ffff88801d7c8818
process_one_work kernel/workqueue.c:3283 [inline]
process_scheduled_works+0x953/0x1860 kernel/workqueue.c:3397
rescuer_thread+0x827/0x1130 kernel/workqueue.c:3621
kthread+0x389/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
net_ratelimit: 13190 callbacks suppressed
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:82:ef:c0:b2:81:7f, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:82:ef:c0:b2:81:7f, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:82:ef:c0:b2:81:7f, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
net_ratelimit: 15668 callbacks suppressed
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:82:ef:c0:b2:81:7f, vlan:0)
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:82:ef:c0:b2:81:7f, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:82:ef:c0:b2:81:7f, vlan:0)
bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)