bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P6333/1:b..l
rcu: 	(detected by 1, t=10503 jiffies, g=9337, q=4789 ncpus=2)
task:syz.0.86        state:R  running task     stack:24360 pid:6333  tgid:6329  ppid:5824   task_flags:0x400040 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5397 [inline]
 __schedule+0x116a/0x5dd0 kernel/sched/core.c:6786
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7109
 irqentry_exit+0x36/0x90 kernel/entry/common.c:307
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x62/0x350 kernel/locking/lockdep.c:5875
Code: d6 39 12 83 f8 07 0f 87 bc 02 00 00 89 c0 48 0f a3 05 32 c7 10 0f 0f 82 74 02 00 00 8b 35 1a f9 10 0f 85 f6 0f 85 8d 00 00 00 <48> 8b 44 24 30 65 48 2b 05 c9 d5 39 12 0f 85 c7 02 00 00 48 83 c4
RSP: 0018:ffffc9000b9f6e40 EFLAGS: 00000206
RAX: 0000000000000046 RBX: ffffffff8e5c4e00 RCX: 00000000c6badf55
RDX: 0000000000000000 RSI: ffffffff8de10c2d RDI: ffffffff8c15bf60
RBP: 0000000000000002 R08: 2a5b08a701f0e2aa R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xd1/0x20a0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_record_aux_stack+0xa7/0xc0 mm/kasan/generic.c:548
 __call_rcu_common.constprop.0+0xa5/0xa10 kernel/rcu/tree.c:3094
 destroy_inode+0x12c/0x1b0 fs/inode.c:401
 evict+0x5b4/0x920 fs/inode.c:834
 iput_final fs/inode.c:1897 [inline]
 iput fs/inode.c:1923 [inline]
 iput+0x521/0x880 fs/inode.c:1909
 dentry_unlink_inode+0x29c/0x480 fs/dcache.c:466
 __dentry_kill+0x1d0/0x600 fs/dcache.c:669
 shrink_kill fs/dcache.c:1114 [inline]
 shrink_dentry_list+0x140/0x5d0 fs/dcache.c:1141
 prune_dcache_sb+0xea/0x150 fs/dcache.c:1222
 super_cache_scan+0x326/0x550 fs/super.c:222
 do_shrink_slab+0x42b/0x1180 mm/shrinker.c:437
 shrink_slab+0x32a/0x12b0 mm/shrinker.c:664
 drop_slab_node mm/vmscan.c:442 [inline]
 drop_slab+0x14f/0x2d0 mm/vmscan.c:460
 drop_caches_sysctl_handler fs/drop_caches.c:68 [inline]
 drop_caches_sysctl_handler+0x171/0x190 fs/drop_caches.c:51
 proc_sys_call_handler+0x440/0x570 fs/proc/proc_sysctl.c:600
 iter_file_splice_write+0x91f/0x1150 fs/splice.c:738
 do_splice_from fs/splice.c:935 [inline]
 direct_splice_actor+0x192/0x6c0 fs/splice.c:1158
 splice_direct_to_actor+0x345/0xa30 fs/splice.c:1102
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0x174/0x240 fs/splice.c:1227
 do_sendfile+0xb06/0xe50 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1425 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x154/0x220 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7febef58e9a9
RSP: 002b:00007febf0427038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007febef7b6240 RCX: 00007febef58e9a9
RDX: 0000200000002080 RSI: 0000000000000007 RDI: 0000000000000008
RBP: 00007febef610d69 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000021c R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007febef7b6240 R15: 00007ffe0a9c4a88
 </TASK>
rcu: rcu_preempt kthread starved for 1893 jiffies! g9337 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28232 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5397 [inline]
 __schedule+0x116a/0x5dd0 kernel/sched/core.c:6786
 __schedule_loop kernel/sched/core.c:6864 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6879
 schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1ea/0xb00 kernel/rcu/tree.c:2054
 rcu_gp_kthread+0x270/0x380 kernel/rcu/tree.c:2256
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 1298 Comm: aoe_tx0 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:check_preemption_disabled+0x24/0xe0 lib/smp_processor_id.c:56
Code: 90 90 90 90 90 90 41 54 55 53 48 83 ec 08 65 8b 1d 05 4c 45 08 65 8b 05 fa 4b 45 08 a9 ff ff ff 7f 74 0f 48 83 c4 08 89 d8 5b <5d> 41 5c e9 14 df 02 00 9c 58 f6 c4 02 74 ea 48 89 fd 65 48 8b 05
RSP: 0018:ffffc90000006da8 EFLAGS: 00000096
RAX: 0000000000000000 RBX: ffffffff8e5c4e00 RCX: ffffc90000006dcc
RDX: 0000000000000001 RSI: ffffffff8de10c2d RDI: ffffffff8c15bf60
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000006358e R12: ffffffff816aeac4
R13: 0000000000000206 R14: ffff888029630000 R15: 0000000000000002
FS:  0000000000000000(0000) GS:ffff8881246f9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000319030 CR3: 0000000053ca9000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 lockdep_recursion_finish kernel/locking/lockdep.c:473 [inline]
 lock_release+0x153/0x2f0 kernel/locking/lockdep.c:5894
 rcu_lock_release include/linux/rcupdate.h:341 [inline]
 rcu_read_unlock include/linux/rcupdate.h:871 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0x3f9/0x20a0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:319 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:345
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4148 [inline]
 slab_alloc_node mm/slub.c:4197 [inline]
 kmem_cache_alloc_node_noprof+0x1d5/0x3b0 mm/slub.c:4249
 __alloc_skb+0x2b2/0x380 net/core/skbuff.c:660
 alloc_skb include/linux/skbuff.h:1336 [inline]
 nlmsg_new include/net/netlink.h:1041 [inline]
 fdb_notify+0xa4/0x1a0 net/bridge/br_fdb.c:188
 br_fdb_update+0x323/0x7c0 net/bridge/br_fdb.c:934
 br_handle_frame_finish+0xdc0/0x1ca0 net/bridge/br_input.c:144
 br_nf_hook_thresh+0x307/0x410 net/bridge/br_netfilter_hooks.c:1170
 br_nf_pre_routing_finish_ipv6+0x76a/0xfb0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:317 [inline]
 br_nf_pre_routing_ipv6+0x3cd/0x8c0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:283 [inline]
 br_handle_frame+0xad5/0x14b0 net/bridge/br_input.c:434
 __netif_receive_skb_core.constprop.0+0xa23/0x4a00 net/core/dev.c:5863
 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:5975
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6090
 process_backlog+0x442/0x15e0 net/core/dev.c:6442
 __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0xa9f/0xfe0 net/core/dev.c:7605
 handle_softirqs+0x219/0x8e0 kernel/softirq.c:579
 do_softirq kernel/softirq.c:480 [inline]
 do_softirq+0xb2/0xf0 kernel/softirq.c:467
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:407
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:910 [inline]
 __dev_queue_xmit+0x8ab/0x43e0 net/core/dev.c:4740
 dev_queue_xmit include/linux/netdevice.h:3355 [inline]
 tx+0xcc/0x190 drivers/block/aoe/aoenet.c:62
 kthread+0x1e4/0x3e0 drivers/block/aoe/aoecmd.c:1241
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
net_ratelimit: 21791 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:96:e8:a9:12:a4:89, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:96:e8:a9:12:a4:89, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:96:e8:a9:12:a4:89, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:96:e8:a9:12:a4:89, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:96:e8:a9:12:a4:89, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)