ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P25448/1:b..l
rcu: 	(detected by 0, t=10503 jiffies, g=141753, q=1883 ncpus=2)
task:syz.1.9231      state:R  running task     stack:28088 pid:25448 tgid:25448 ppid:25439  task_flags:0x40004c flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1295/0x67a0 kernel/sched/core.c:7189
 preempt_schedule_irq+0x50/0x90 kernel/sched/core.c:7513
 irqentry_exit_to_kernel_mode_preempt include/linux/irq-entry-common.h:468 [inline]
 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
 irqentry_exit+0x205/0x970 kernel/entry/common.c:164
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_acquire+0x5e/0x370 kernel/locking/lockdep.c:5872
Code: 05 fb 03 25 12 83 f8 07 0f 87 d9 02 00 00 48 0f a3 05 06 8d f2 0e 0f 82 a4 02 00 00 8b 35 8e c0 f2 0e 85 f6 0f 85 bf 00 00 00 <48> 8b 44 24 30 65 48 2b 05 9d 03 25 12 0f 85 ed 02 00 00 48 83 c4
RSP: 0018:ffffc900079cf500 EFLAGS: 00000206
RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8deea91c RDI: ffffffff8c1c4780
RBP: ffffffff8e7e5560 R08: 00000000866429ea R09: 0000000000000007
R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 rcu_read_lock include/linux/rcupdate.h:838 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1181 [inline]
 unwind_next_frame+0xd1/0x2090 arch/x86/kernel/unwind_orc.c:495
 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2689 [inline]
 slab_free mm/slub.c:6251 [inline]
 kmem_cache_free+0x127/0x6c0 mm/slub.c:6378
 anon_vma_chain_free mm/rmap.c:147 [inline]
 unlink_anon_vmas+0x4c1/0x8e0 mm/rmap.c:539
 free_pgtables+0x2e7/0xd80 mm/memory.c:414
 exit_mmap+0x44c/0xa10 mm/mmap.c:1312
 __mmput+0x12a/0x410 kernel/fork.c:1178
 mmput+0x67/0x80 kernel/fork.c:1201
 exit_mm kernel/exit.c:582 [inline]
 do_exit+0x8b2/0x2af0 kernel/exit.c:964
 __do_sys_exit kernel/exit.c:1086 [inline]
 __se_sys_exit kernel/exit.c:1084 [inline]
 __x64_sys_exit+0x42/0x50 kernel/exit.c:1084
 x64_sys_call+0x152e/0x1530 arch/x86/include/generated/asm/syscalls_64.h:61
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x115/0x870 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8a0d39ce59
RSP: 002b:00007f8a0b5f5fd8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 00007f8a0d616180 RCX: 00007f8a0d39ce59
RDX: 00007f8a0b5f69c8 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f8a0d432d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8a0d616218 R14: 00007f8a0d616180 R15: 00007fffcb8e7228
 </TASK>
rcu: rcu_preempt kthread starved for 879 jiffies! g141753 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28216 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1295/0x67a0 kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7283
 schedule_timeout+0x127/0x280 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1a9/0x900 kernel/rcu/tree.c:2095
 rcu_gp_kthread+0x179/0x230 kernel/rcu/tree.c:2297
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 3229 Comm: kworker/R-bat_e Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: bat_events batadv_dat_purge
RIP: 0010:cpu_max_bits_warn include/linux/cpumask.h:138 [inline]
RIP: 0010:cpumask_check include/linux/cpumask.h:145 [inline]
RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:649 [inline]
RIP: 0010:cpu_online include/linux/cpumask.h:1231 [inline]
RIP: 0010:trace_lock_acquire include/trace/events/lock.h:24 [inline]
RIP: 0010:lock_acquire+0x39/0x370 kernel/locking/lockdep.c:5831
Code: c5 41 54 41 89 cc 55 48 89 fd 53 89 d3 48 83 ec 38 65 4c 8b 3d e0 03 25 12 4c 89 7c 24 30 4d 89 cf 66 90 65 8b 05 fb 03 25 12 <83> f8 07 0f 87 d9 02 00 00 48 0f a3 05 06 8d f2 0e 0f 82 a4 02 00
RSP: 0018:ffffc90000a07a30 EFLAGS: 00000286
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e7e5560
RBP: ffffffff8e7e5560 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000200 R11: 0000000000093592 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888124487000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7033be7458 CR3: 000000002b4c5000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 rcu_read_lock include/linux/rcupdate.h:838 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1181 [inline]
 unwind_next_frame+0xd1/0x2090 arch/x86/kernel/unwind_orc.c:495
 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2689 [inline]
 slab_free mm/slub.c:6251 [inline]
 kmem_cache_free+0x127/0x6c0 mm/slub.c:6378
 __skb_ext_put+0x102/0x2f0 net/core/skbuff.c:7269
 skb_ext_reset include/linux/skbuff.h:5118 [inline]
 skb_ext_reset include/linux/skbuff.h:5115 [inline]
 skb_release_head_state+0x2c8/0x400 net/core/skbuff.c:1181
 skb_release_all net/core/skbuff.c:1187 [inline]
 __kfree_skb net/core/skbuff.c:1203 [inline]
 sk_skb_reason_drop+0xc4/0x1b0 net/core/skbuff.c:1241
 kfree_skb_reason include/linux/skbuff.h:1324 [inline]
 kfree_skb include/linux/skbuff.h:1333 [inline]
 ip6_mc_input+0x832/0xf50 net/ipv6/ip6_input.c:638
 dst_input include/net/dst.h:480 [inline]
 ip6_rcv_finish+0x294/0x300 net/ipv6/ip6_input.c:119
 ip_sabotage_in+0x21e/0x290 net/bridge/br_netfilter_hooks.c:988
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xbf/0x220 net/netfilter/core.c:619
 nf_hook.constprop.0+0x2a6/0x750 include/linux/netfilter.h:273
 NF_HOOK include/linux/netfilter.h:316 [inline]
 ipv6_rcv+0xa4/0x3d0 net/ipv6/ip6_input.c:351
 __netif_receive_skb_one_core+0x12d/0x1e0 net/core/dev.c:6202
 __netif_receive_skb+0x1f/0x120 net/core/dev.c:6315
 netif_receive_skb_internal net/core/dev.c:6401 [inline]
 netif_receive_skb+0x13b/0x7f0 net/core/dev.c:6460
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 br_pass_frame_up+0x346/0x490 net/bridge/br_input.c:70
 br_handle_frame_finish+0xa74/0x1f60 net/bridge/br_input.c:235
 br_nf_hook_thresh+0x30d/0x420 net/bridge/br_netfilter_hooks.c:1165
 br_nf_pre_routing_finish_ipv6+0x659/0xdd0 net/bridge/br_netfilter_ipv6.c:153
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x39c/0x8b0 net/bridge/br_netfilter_ipv6.c:183
 br_nf_pre_routing+0x90f/0x1560 net/bridge/br_netfilter_hooks.c:513
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0xcdd/0x1520 net/bridge/br_input.c:442
 __netif_receive_skb_core.constprop.0+0x6c5/0x3530 net/core/dev.c:6089
 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6200
 __netif_receive_skb+0x1f/0x120 net/core/dev.c:6315
 process_backlog+0x37a/0x1580 net/core/dev.c:6666
 __napi_poll.constprop.0+0xaf/0x450 net/core/dev.c:7733
 napi_poll net/core/dev.c:7796 [inline]
 net_rx_action+0xa40/0xf20 net/core/dev.c:7953
 handle_softirqs+0x1ea/0xa00 kernel/softirq.c:622
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0xac/0xe0 kernel/softirq.c:510
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x120 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 __batadv_dat_purge.part.0+0x294/0x3c0 net/batman-adv/distributed-arp-table.c:185
 __batadv_dat_purge net/batman-adv/distributed-arp-table.c:166 [inline]
 batadv_dat_purge+0x4b/0xa0 net/batman-adv/distributed-arp-table.c:204
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3314
 process_scheduled_works kernel/workqueue.c:3397 [inline]
 rescuer_thread+0x905/0x14a0 kernel/workqueue.c:3621
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
net_ratelimit: 26651 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:fa:a1:b2:6b:a8:5e, vlan:0)
ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!
bridge0: received packet on veth0_to_bridge with own address as source address (addr:fa:a1:b2:6b:a8:5e, vlan:0)
ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!
bridge0: received packet on veth0_to_bridge with own address as source address (addr:fa:a1:b2:6b:a8:5e, vlan:0)
ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!
bridge0: received packet on veth0_to_bridge with own address as source address (addr:fa:a1:b2:6b:a8:5e, vlan:0)
ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!
bridge0: received packet on veth0_to_bridge with own address as source address (addr:fa:a1:b2:6b:a8:5e, vlan:0)
ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!
net_ratelimit: 30611 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:fa:a1:b2:6b:a8:5e, vlan:0)
ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!
bridge0: received packet on veth0_to_bridge with own address as source address (addr:fa:a1:b2:6b:a8:5e, vlan:0)
ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!
bridge0: received packet on veth0_to_bridge with own address as source address (addr:fa:a1:b2:6b:a8:5e, vlan:0)
ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!
bridge0: received packet on veth0_to_bridge with own address as source address (addr:fa:a1:b2:6b:a8:5e, vlan:0)
ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!
bridge0: received packet on veth0_to_bridge with own address as source address (addr:fa:a1:b2:6b:a8:5e, vlan:0)
ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!