bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:06:94:17:ab:27, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P8195
rcu: 	(detected by 0, t=10502 jiffies, g=23861, q=292 ncpus=2)
task:syz.0.647       state:R  running task     stack:23464 pid:8195  ppid:5779   flags:0x00004006
Call Trace:
 <IRQ>
 sched_show_task+0x49b/0x5c0 kernel/sched/core.c:9179
 rcu_print_detail_task_stall_rnp kernel/rcu/tree_stall.h:261 [inline]
 print_other_cpu_stall+0xff9/0x1380 kernel/rcu/tree_stall.h:637
 check_cpu_stall kernel/rcu/tree_stall.h:809 [inline]
 rcu_pending kernel/rcu/tree.c:3950 [inline]
 rcu_sched_clock_irq+0x88e/0x1230 kernel/rcu/tree.c:2295
 update_process_times+0x147/0x1b0 kernel/time/timer.c:2072
 tick_sched_handle kernel/time/tick-sched.c:254 [inline]
 tick_sched_timer+0x3a2/0x580 kernel/time/tick-sched.c:1492
 __run_hrtimer kernel/time/hrtimer.c:1750 [inline]
 __hrtimer_run_queues+0x4e1/0xc40 kernel/time/hrtimer.c:1814
 hrtimer_interrupt+0x3c9/0x9c0 kernel/time/hrtimer.c:1876
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1077 [inline]
 __sysvec_apic_timer_interrupt+0xfb/0x3b0 arch/x86/kernel/apic/apic.c:1094
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0x51/0xc0 arch/x86/kernel/apic/apic.c:1088
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:ifname_compare_aligned include/linux/netfilter/x_tables.h:412 [inline]
RIP: 0010:ip6_packet_match net/ipv6/netfilter/ip6_tables.c:65 [inline]
RIP: 0010:ip6t_do_table+0x64c/0x1510 net/ipv6/netfilter/ip6_tables.c:306
Code: b6 d8 31 ff 89 de e8 83 e8 34 f8 84 db 0f 94 c0 44 30 f8 0f 84 2d 03 00 00 48 8b 4c 24 68 48 89 c8 48 c1 e8 03 42 80 3c 28 00 <74> 0f 48 8b 7c 24 68 e8 a8 1c 8d f8 48 8b 4c 24 68 49 8d 5e 40 4c
RSP: 0018:ffffc90000007460 EFLAGS: 00000246
RAX: 1ffff1100496a800 RBX: 0000000000000000 RCX: ffff888024b54000
RDX: ffff8880295a9e00 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90000007660 R08: ffffc900000075cf R09: 0000000000000000
R10: ffffc900000075b0 R11: fffff52000000eba R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888026940840 R15: ffff888026940800
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:259 [inline]
 NF_HOOK include/linux/netfilter.h:302 [inline]
 br_nf_pre_routing_ipv6+0x563/0x6b0 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x1245/0x14d0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xfab/0x3af0 net/core/dev.c:5528
 __netif_receive_skb_one_core net/core/dev.c:5632 [inline]
 __netif_receive_skb+0x74/0x290 net/core/dev.c:5748
 process_backlog+0x391/0x6f0 net/core/dev.c:6076
 __napi_poll+0xc0/0x460 net/core/dev.c:6638
 napi_poll net/core/dev.c:6705 [inline]
 net_rx_action+0x616/0xc40 net/core/dev.c:6841
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:jhash2 include/linux/jhash.h:128 [inline]
RIP: 0010:htab_map_hash+0xb3/0x330 kernel/bpf/hashtab.c:622
Code: 49 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 b8 00 00 00 44 03 63 f8 49 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 <84> c0 0f 85 c1 00 00 00 03 6b fc 41 29 ef 89 e8 c1 c0 04 44 31 f8
RSP: 0018:ffffc9000b64fb48 EFLAGS: 00000a06
RAX: 0000000000000000 RBX: ffff888051b05804 RCX: 0000000000080000
RDX: dffffc0000000000 RSI: 000000000007ffff RDI: ffff888051b05800
RBP: 000000009549ea50 R08: 0000000000000001 R09: 1ffffffff22388a0
R10: dffffc0000000000 R11: fffffbfff22388a1 R12: 000000005ded518d
R13: 000000000003e5ff R14: ffff888051b057f8 R15: 00000000ec85e61e
 __htab_percpu_map_update_elem+0x15e/0x720 kernel/bpf/hashtab.c:1312
 bpf_percpu_hash_update+0x137/0x200 kernel/bpf/hashtab.c:2425
 bpf_map_update_value+0x3c3/0x720 kernel/bpf/syscall.c:177
 map_update_elem+0x57b/0x700 kernel/bpf/syscall.c:1567
 __sys_bpf+0x6b5/0x890 kernel/bpf/syscall.c:5465
 __do_sys_bpf kernel/bpf/syscall.c:5581 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5579 [inline]
 __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5579
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0d1179c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0d12673028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0d11a15fa0 RCX: 00007f0d1179c819
RDX: 0000000000000020 RSI: 0000200000000b40 RDI: 0000000000000002
RBP: 00007f0d11832c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0d11a16038 R14: 00007f0d11a15fa0 R15: 00007ffc7b78f0f8
 </TASK>
rcu: rcu_preempt kthread starved for 904 jiffies! g23861 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27592 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x1553/0x45a0 kernel/sched/core.c:6700
 schedule+0xbd/0x170 kernel/sched/core.c:6774
 schedule_timeout+0x188/0x2d0 kernel/time/timer.c:2168
 rcu_gp_fqs_loop+0x313/0x1590 kernel/rcu/tree.c:1667
 rcu_gp_kthread+0x9d/0x3b0 kernel/rcu/tree.c:1866
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 8210 Comm: syz.3.651 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:check_kcov_mode kernel/kcov.c:182 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:245 [inline]
RIP: 0010:__sanitizer_cov_trace_cmp8+0x27/0x80 kernel/kcov.c:293
Code: 0f 1f 00 f3 0f 1e fa 48 8b 04 24 65 48 8b 0d d0 91 7c 7e 65 8b 15 d1 91 7c 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 57 <83> b9 1c 16 00 00 00 74 4e 8b 91 f8 15 00 00 83 fa 03 75 43 48 8b
RSP: 0018:ffffc900001ef750 EFLAGS: 00000246
RAX: ffffffff813b3986 RBX: ffffffff81000000 RCX: ffff8880279dbc00
RDX: 0000000000000100 RSI: ffffffff81000000 RDI: ffffffff81dec8bc
RBP: ffffc900001ef878 R08: ffffc900001ef8f0 R09: 0000000000000005
R10: 0000000000000004 R11: 0000000000000100 R12: ffffc900001ef828
R13: dffffc0000000000 R14: ffffc900001ef85d R15: ffffffff81dec8bc
FS:  00007fe73b6e16c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056225ba49a38 CR3: 0000000023ba6000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 orc_find arch/x86/kernel/unwind_orc.c:206 [inline]
 unwind_next_frame+0x1c6/0x2970 arch/x86/kernel/unwind_orc.c:494
 arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xaa/0x100 kernel/stacktrace.c:122
 save_stack+0x125/0x230 mm/page_owner.c:128
 __set_page_owner+0x1d/0x60 mm/page_owner.c:192
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1c1/0x200 mm/page_alloc.c:1581
 prep_new_page mm/page_alloc.c:1588 [inline]
 get_page_from_freelist+0x1951/0x19e0 mm/page_alloc.c:3220
 __alloc_pages+0x1f0/0x460 mm/page_alloc.c:4500
 alloc_slab_page+0x5d/0x160 mm/slub.c:1881
 allocate_slab mm/slub.c:2028 [inline]
 new_slab+0x87/0x2d0 mm/slub.c:2081
 ___slab_alloc+0xc5d/0x12f0 mm/slub.c:3253
 __slab_alloc mm/slub.c:3339 [inline]
 __slab_alloc_node mm/slub.c:3392 [inline]
 slab_alloc_node mm/slub.c:3485 [inline]
 slab_alloc mm/slub.c:3503 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3510 [inline]
 kmem_cache_alloc+0x1b3/0x2d0 mm/slub.c:3519
 skb_ext_maybe_cow net/core/skbuff.c:6664 [inline]
 skb_ext_add+0x1b3/0x8e0 net/core/skbuff.c:6738
 nf_bridge_unshare net/bridge/br_netfilter_hooks.c:165 [inline]
 br_nf_forward_ip+0xc6/0x1110 net/bridge/br_netfilter_hooks.c:709
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:259 [inline]
 NF_HOOK+0x23e/0x3e0 include/linux/netfilter.h:302
 __br_forward+0x433/0x610 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0xb5/0x150 net/bridge/br_forward.c:191
 br_flood+0x31b/0x670 net/bridge/br_forward.c:237
 br_handle_frame_finish+0x13c5/0x18f0 net/bridge/br_input.c:215
 br_nf_hook_thresh+0x3cd/0x4a0 net/bridge/br_netfilter_hooks.c:1184
 br_nf_pre_routing_finish_ipv6+0x9dc/0xd00 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:304 [inline]
 br_nf_pre_routing_ipv6+0x349/0x6b0 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x1245/0x14d0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xfab/0x3af0 net/core/dev.c:5528
 __netif_receive_skb_one_core net/core/dev.c:5632 [inline]
 __netif_receive_skb+0x74/0x290 net/core/dev.c:5748
 process_backlog+0x391/0x6f0 net/core/dev.c:6076
 __napi_poll+0xc0/0x460 net/core/dev.c:6638
 napi_poll net/core/dev.c:6705 [inline]
 net_rx_action+0x616/0xc40 net/core/dev.c:6841
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xc0/0x120 kernel/locking/spinlock.c:194
Code: c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 41 c6 04 07 f8 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 5b b9 cc f6 65 8b 05 cc e6 73 75 85 c0 74 3c 48 c7 04 24 0e 36
RSP: 0018:ffffc9000b73f9c0 EFLAGS: 00000206
RAX: dffffc0000000004 RBX: 0000000000000a02 RCX: c71b68b3b3801d00
RDX: dffffc0000000000 RSI: ffffffff8acac9e0 RDI: 0000000000000001
RBP: ffffc9000b73fa48 R08: ffffffff8e8b0c2f R09: 1ffffffff1d16185
R10: dffffc0000000000 R11: fffffbfff1d16186 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffff88807b82d340 R15: 1ffff920016e7f38
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 fill_tgid_exit kernel/taskstats.c:292 [inline]
 taskstats_exit+0x21d/0x9e0 kernel/taskstats.c:627
 do_exit+0x8d0/0x2460 kernel/exit.c:859
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024
 get_signal+0x12fc/0x13f0 kernel/signal.c:2902
 arch_do_signal_or_restart+0xc2/0x800 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xa0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fe73a79c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe73b6e1028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: 0000000000000008 RBX: 00007fe73aa16090 RCX: 00007fe73a79c819
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000480
RBP: 00007fe73a832c91 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe73aa16128 R14: 00007fe73aa16090 R15: 00007ffe2387b718
 </TASK>
net_ratelimit: 6747 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:06:94:17:ab:27, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:a6:d1:a4:be:40:ad, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:06:94:17:ab:27, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:a6:d1:a4:be:40:ad, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:06:94:17:ab:27, vlan:0)
net_ratelimit: 13253 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:06:94:17:ab:27, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:a6:d1:a4:be:40:ad, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:06:94:17:ab:27, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:a6:d1:a4:be:40:ad, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:06:94:17:ab:27, vlan:0)