bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:a1:0f:e0:e8:d8, vlan:0)
=============================
[ BUG: Invalid wait context ]
syzkaller #0 Not tainted
-----------------------------
kworker/u8:6/153 is trying to lock:
ffff8880597b92e0 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9b0 arch/x86/kvm/xen.c:1819
other info that might help us debug this:
context-{2:2}
7 locks held by kworker/u8:6/153:
 #0: ffff8880325fd148 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff8880325fd148 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc90002f7fc40 ((work_completion)(&(&bat_priv->dat.work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc90002f7fc40 ((work_completion)(&(&bat_priv->dat.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: local_lock_acquire include/linux/local_lock_internal.h:46 [inline]
 #2: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x3eb/0x1950 net/core/dev.c:6624
 #3: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #3: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #3: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: netif_receive_skb_internal net/core/dev.c:6350 [inline]
 #3: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: netif_receive_skb+0x102/0xc50 net/core/dev.c:6422
 #4: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #4: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #4: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: nf_hook include/linux/netfilter.h:242 [inline]
 #4: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: NF_HOOK+0x9e/0x3c0 include/linux/netfilter.h:316
 #5: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #5: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #5: ffffffff8e75e3e0 (rcu_read_lock){....}-{1:3}, at: ip6_pol_route+0x160/0x13d0 net/ipv6/route.c:2281
 #6: ffff8880597b9840 (&kvm->srcu){.?.?}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:187 [inline]
 #6: ffff8880597b9840 (&kvm->srcu){.?.?}-{0:0}, at: srcu_read_lock include/linux/srcu.h:294 [inline]
 #6: ffff8880597b9840 (&kvm->srcu){.?.?}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9b0 arch/x86/kvm/xen.c:1817
stack backtrace:
CPU: 0 UID: 0 PID: 153 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: bat_events batadv_dat_purge
Call Trace:
 <IRQ>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4830 [inline]
 check_wait_context kernel/locking/lockdep.c:4902 [inline]
 __lock_acquire+0xec1/0x2cf0 kernel/locking/lockdep.c:5187
 lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
 _raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
 kvm_xen_set_evtchn_fast+0x1fb/0x9b0 arch/x86/kvm/xen.c:1819
 xen_timer_callback+0x109/0x220 arch/x86/kvm/xen.c:140
 __run_hrtimer kernel/time/hrtimer.c:1785 [inline]
 __hrtimer_run_queues+0x4e7/0xcc0 kernel/time/hrtimer.c:1849
 hrtimer_interrupt+0x42b/0x1010 kernel/time/hrtimer.c:1911
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x102/0x460 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_is_held_type+0x106/0x150 kernel/locking/lockdep.c:5945
Code: 18 00 00 b8 ff ff ff ff 65 0f c1 05 04 30 6e 07 83 f8 01 75 25 9c 58 a9 00 02 00 00 75 39 41 f7 c4 00 02 00 00 74 01 fb 89 d8 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 cb e2 02 00 cc 90 0f 0b 90 48 c7
RSP: 0000:ffffc90000006888 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000080000101
RDX: ffff888020711e80 RSI: ffffffff8e1655da RDI: ffffffff8c27b380
RBP: 00000000ffffffff R08: ffffc90000006b40 R09: ffffc90000006b50
R10: ffffc900000069a0 R11: fffff52000000d36 R12: 0000000000000246
R13: ffff888020711e80 R14: ffffffff8e75e3e0 R15: 0000000000000002
 __find_rr_leaf+0x353/0x760 net/ipv6/route.c:833
 find_rr_leaf net/ipv6/route.c:889 [inline]
 rt6_select net/ipv6/route.c:933 [inline]
 fib6_table_lookup+0x3b4/0xa80 net/ipv6/route.c:2247
 ip6_pol_route+0x228/0x13d0 net/ipv6/route.c:2283
 pol_lookup_func include/net/ip6_fib.h:617 [inline]
 fib6_rule_lookup+0x556/0x730 net/ipv6/fib6_rules.c:120
 ip6_route_input_lookup net/ipv6/route.c:2352 [inline]
 ip6_route_input+0x730/0xad0 net/ipv6/route.c:2655
 ip6_rcv_finish+0x141/0x280 net/ipv6/ip6_input.c:77
 ip_sabotage_in+0x1e1/0x270 net/bridge/br_netfilter_hooks.c:990
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK+0x21f/0x3c0 include/linux/netfilter.h:316
 __netif_receive_skb_one_core net/core/dev.c:6164 [inline]
 __netif_receive_skb net/core/dev.c:6277 [inline]
 netif_receive_skb_internal net/core/dev.c:6363 [inline]
 netif_receive_skb+0x278/0xc50 net/core/dev.c:6422
 NF_HOOK+0xa4/0x3a0 include/linux/netfilter.h:318
 br_handle_frame_finish+0x14c3/0x1b70 net/bridge/br_input.c:-1
 br_nf_hook_thresh+0x3dd/0x4c0 net/bridge/br_netfilter_hooks.c:-1
 br_nf_pre_routing_finish_ipv6+0xa3a/0xd70 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x374/0x6f0 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x1277/0x1510 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x98f/0x31a0 net/core/dev.c:6051
 __netif_receive_skb_one_core net/core/dev.c:6162 [inline]
 __netif_receive_skb net/core/dev.c:6277 [inline]
 process_backlog+0x76d/0x1950 net/core/dev.c:6628
 __napi_poll+0xae/0x340 net/core/dev.c:7692
 napi_poll net/core/dev.c:7755 [inline]
 net_rx_action+0x627/0xf70 net/core/dev.c:7912
 handle_softirqs+0x22a/0x870 kernel/softirq.c:622
 do_softirq+0x76/0xd0 kernel/softirq.c:523
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:395 [inline]
 __batadv_dat_purge net/batman-adv/distributed-arp-table.c:185 [inline]
 batadv_dat_purge+0x2da/0x3c0 net/batman-adv/distributed-arp-table.c:204
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0xb02/0x1830 kernel/workqueue.c:3358
 worker_thread+0xa50/0xfc0 kernel/workqueue.c:3439
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:a1:0f:e0:e8:d8, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:a1:0f:e0:e8:d8, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:a1:0f:e0:e8:d8, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:a1:0f:e0:e8:d8, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:a1:0f:e0:e8:d8, vlan:0)
net_ratelimit: 47427 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:a1:0f:e0:e8:d8, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:a1:0f:e0:e8:d8, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:a1:0f:e0:e8:d8, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:a1:0f:e0:e8:d8, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ea:a1:0f:e0:e8:d8, vlan:0)
----------------
Code disassembly (best guess):
   0:	18 00                	sbb    %al,(%rax)
   2:	00 b8 ff ff ff ff    	add    %bh,-0x1(%rax)
   8:	65 0f c1 05 04 30 6e 	xadd   %eax,%gs:0x76e3004(%rip)        # 0x76e3014
   f:	07
  10:	83 f8 01             	cmp    $0x1,%eax
  13:	75 25                	jne    0x3a
  15:	9c                   	pushf
  16:	58                   	pop    %rax
  17:	a9 00 02 00 00       	test   $0x200,%eax
  1c:	75 39                	jne    0x57
  1e:	41 f7 c4 00 02 00 00 	test   $0x200,%r12d
  25:	74 01                	je     0x28
  27:	fb                   	sti
  28:	89 d8                	mov    %ebx,%eax
* 2a:	5b                   	pop    %rbx <-- trapping instruction
  2b:	41 5c                	pop    %r12
  2d:	41 5d                	pop    %r13
  2f:	41 5e                	pop    %r14
  31:	41 5f                	pop    %r15
  33:	5d                   	pop    %rbp
  34:	e9 cb e2 02 00       	jmp    0x2e304
  39:	cc                   	int3
  3a:	90                   	nop
  3b:	0f 0b                	ud2
  3d:	90                   	nop
  3e:	48                   	rex.W
  3f:	c7                   	.byte 0xc7