rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P10919 P10056/2:b..l
rcu: 	(detected by 1, t=10503 jiffies, g=47205, q=345 ncpus=2)
task:kworker/1:2     state:R  running task     stack:24648 pid:10056 ppid:2      flags:0x00004000
Workqueue: mld mld_ifc_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x1553/0x45a0 kernel/sched/core.c:6700
 preempt_schedule_common+0x82/0xc0 kernel/sched/core.c:6867
 preempt_schedule+0xc0/0xd0 kernel/sched/core.c:6891
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:45
 __local_bh_enable_ip+0x14b/0x1c0 kernel/softirq.c:413
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:856 [inline]
 __dev_queue_xmit+0x124f/0x36b0 net/core/dev.c:4478
 dev_queue_xmit include/linux/netdevice.h:3113 [inline]
 neigh_hh_output include/net/neighbour.h:527 [inline]
 neigh_output include/net/neighbour.h:541 [inline]
 ip6_finish_output2+0xe06/0x1630 net/ipv6/ip6_output.c:141
 dst_output include/net/dst.h:467 [inline]
 NF_HOOK+0x167/0x4a0 include/linux/netfilter.h:304
 mld_sendpack+0x7f5/0xd50 net/ipv6/mcast.c:1823
 mld_send_cr net/ipv6/mcast.c:2124 [inline]
 mld_ifc_work+0x835/0xb40 net/ipv6/mcast.c:2654
 process_one_work kernel/workqueue.c:2634 [inline]
 process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2711
 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
task:syz.4.1406      state:R  running task     stack:21128 pid:10919 ppid:8964   flags:0x00004006
Call Trace:
 <TASK>
 </TASK>
rcu: rcu_preempt kthread starved for 258 jiffies! g47205 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:26792 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x1553/0x45a0 kernel/sched/core.c:6700
 schedule+0xbd/0x170 kernel/sched/core.c:6774
 schedule_timeout+0x188/0x2d0 kernel/time/timer.c:2168
 rcu_gp_fqs_loop+0x313/0x1590 kernel/rcu/tree.c:1667
 rcu_gp_kthread+0x9d/0x3b0 kernel/rcu/tree.c:1866
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 10919 Comm: syz.4.1406 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:27 [inline]
RIP: 0010:static_key_false include/linux/jump_label.h:207 [inline]
RIP: 0010:native_write_msr arch/x86/include/asm/msr.h:147 [inline]
RIP: 0010:wrmsr arch/x86/include/asm/msr.h:254 [inline]
RIP: 0010:native_apic_msr_write+0x39/0x50 arch/x86/include/asm/apic.h:196
Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 c3 89 f6 31 d2 e9 3b 20 23 03 66 2e 0f 1f 84 00 00 00 00 00
RSP: 0018:ffffc90000006640 EFLAGS: 00000046
RAX: 0000000000000079 RBX: ffff8880b8e28280 RCX: 0000000000000838
RDX: 0000000000000000 RSI: 0000000000000079 RDI: 0000000000000838
RBP: 0000000000000000 R08: ffffffff8e8a5f2f R09: 1ffffffff1d14be5
R10: dffffc0000000000 R11: fffffbfff1d14be6 R12: dffffc0000000000
R13: 0000000010000a10 R14: 0000000000000079 R15: 0000000000000020
FS:  00007f5e928206c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdb4c1d4ff8 CR3: 000000004b3a3000 CR4: 00000000003506f0
DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 apic_write arch/x86/include/asm/apic.h:404 [inline]
 lapic_next_event+0x11/0x20 arch/x86/kernel/apic/apic.c:448
 clockevents_program_event+0x1c0/0x310 kernel/time/clockevents.c:334
 hrtimer_interrupt+0x5a1/0x9c0 kernel/time/hrtimer.c:1889
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1077 [inline]
 __sysvec_apic_timer_interrupt+0xfb/0x3b0 arch/x86/kernel/apic/apic.c:1094
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0x51/0xc0 arch/x86/kernel/apic/apic.c:1088
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:check_region_inline mm/kasan/generic.c:172 [inline]
RIP: 0010:kasan_check_range+0x1d/0x290 mm/kasan/generic.c:187
Code: ea ff ff ff c3 cc cc cc cc cc cc cc cc 66 0f 1f 00 b0 01 48 85 f6 0f 84 b4 01 00 00 55 41 57 41 56 41 55 41 54 53 4c 8d 04 37 <49> 39 f8 0f 82 13 02 00 00 49 89 f9 49 c1 e9 2f 41 81 f9 ff ff 01
RSP: 0018:ffffc900000068a8 EFLAGS: 00000206
RAX: ffffffff8a732501 RBX: 0000000000000018 RCX: ffffffff8a732584
RDX: 0000000000000001 RSI: 0000000000000018 RDI: ffffc90000006960
RBP: 0000000000000000 R08: ffffc90000006978 R09: 0000000000000000
R10: ffffc90000006a40 R11: fffff52000000d49 R12: dffffc0000000000
R13: 1ffff92000000d28 R14: ffffc90000006960 R15: ffffc90000006a40
 __asan_memset+0x22/0x40 mm/kasan/shadow.c:84
 snprintf+0xb4/0x140 lib/vsprintf.c:2954
 print_caller kernel/printk/printk.c:1336 [inline]
 info_print_prefix+0x1fe/0x360 kernel/printk/printk.c:1355
 record_print_text+0x177/0x450 kernel/printk/printk.c:1402
 printk_get_next_message+0x2ab/0x980 kernel/printk/printk.c:2876
 console_emit_next_record kernel/printk/printk.c:2911 [inline]
 console_flush_all+0x3a8/0xd20 kernel/printk/printk.c:3000
 console_unlock+0xad/0x350 kernel/printk/printk.c:3069
 vprintk_emit+0x497/0x610 kernel/printk/printk.c:2341
 _printk+0xde/0x130 kernel/printk/printk.c:2366
 br_fdb_update+0x5c5/0x630 net/bridge/br_fdb.c:867
 br_handle_frame_finish+0x5fc/0x19b0 net/bridge/br_input.c:141
 br_nf_hook_thresh+0x3cd/0x4a0 net/bridge/br_netfilter_hooks.c:1184
 br_nf_pre_routing_finish_ipv6+0x9dc/0xd00 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:304 [inline]
 br_nf_pre_routing_ipv6+0x349/0x6b0 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x96b/0x14e0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xfab/0x3af0 net/core/dev.c:5532
 __netif_receive_skb_one_core net/core/dev.c:5636 [inline]
 __netif_receive_skb+0x74/0x290 net/core/dev.c:5752
 process_backlog+0x396/0x700 net/core/dev.c:6080
 __napi_poll+0xc0/0x460 net/core/dev.c:6642
 napi_poll net/core/dev.c:6709 [inline]
 net_rx_action+0x616/0xc50 net/core/dev.c:6846
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:finish_task_switch+0x272/0x8f0 kernel/sched/core.c:5255
Code: db 0f 85 52 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 60 bf 2e 09 e8 0b 21 30 00 fb 4c 8b 65 c0 49 8d bc 24 f8 15 00 00 <48> 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 d6 02 00 00 41 80
RSP: 0018:ffffc9000faf63d8 EFLAGS: 00000286
RAX: bbef4a9b478eb500 RBX: 0000000000000000 RCX: bbef4a9b478eb500
RDX: dffffc0000000000 RSI: ffffffff8acabd00 RDI: ffff88802a706ff8
RBP: ffffc9000faf6430 R08: ffffffff911a450f R09: 1ffffffff22348a1
R10: dffffc0000000000 R11: fffffbfff22348a2 R12: ffff88802a705a00
R13: dffffc0000000000 R14: ffff888018fbda00 R15: ffff8880b8e3cac8
 context_switch kernel/sched/core.c:5384 [inline]
 __schedule+0x155b/0x45a0 kernel/sched/core.c:6700
 preempt_schedule_irq+0xbf/0x150 kernel/sched/core.c:7010
 irqentry_exit+0x67/0x70 kernel/entry/common.c:438
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:104 [inline]
RIP: 0010:__local_bh_enable_ip+0x142/0x1c0 kernel/softirq.c:413
Code: 8a e8 c2 2b 30 09 65 66 8b 05 ea 70 b1 7e 66 85 c0 75 54 bf 01 00 00 00 e8 cb 1a 0a 00 e8 c6 1d 3b 00 fb 65 8b 05 b6 70 b1 7e <85> c0 75 05 e8 35 58 ae ff 48 c7 04 24 0e 36 e0 45 4b c7 04 37 00
RSP: 0018:ffffc9000faf67c0 EFLAGS: 00000282
RAX: 0000000000000000 RBX: 0000000000000201 RCX: bbef4a9b478eb500
RDX: dffffc0000000000 RSI: ffffffff8acabd00 RDI: ffffffff8b1c74a0
RBP: ffffc9000faf6850 R08: ffffffff911a450f R09: 1ffffffff22348a1
R10: dffffc0000000000 R11: fffffbfff22348a2 R12: ffffffff893df95d
R13: ffffc9000faf68e0 R14: dffffc0000000000 R15: 1ffff92001f5ecf8
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 __fib6_clean_all+0x2ad/0x3e0 net/ipv6/ip6_fib.c:2284
 rt6_sync_up+0x12e/0x170 net/ipv6/route.c:4837
 addrconf_notify+0xd68/0x1010 net/ipv6/addrconf.c:3718
 notifier_call_chain+0x197/0x380 kernel/notifier.c:93
 netdev_state_change+0xe4/0x170 net/core/dev.c:1434
 do_setlink+0x84a/0x4130 net/core/rtnetlink.c:3147
 __rtnl_newlink net/core/rtnetlink.c:3703 [inline]
 rtnl_newlink+0x17da/0x20a0 net/core/rtnetlink.c:3750
 rtnetlink_rcv_msg+0x869/0xfa0 net/core/rtnetlink.c:6472
 netlink_rcv_skb+0x241/0x4d0 net/netlink/af_netlink.c:2545
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x5ba/0x960 net/socket.c:2594
 ___sys_sendmsg+0x2a6/0x360 net/socket.c:2648
 __sys_sendmsg net/socket.c:2677 [inline]
 __do_sys_sendmsg net/socket.c:2686 [inline]
 __se_sys_sendmsg+0x1c2/0x2b0 net/socket.c:2684
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f5e9199acb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5e92820028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f5e91c15fa0 RCX: 00007f5e9199acb9
RDX: 0000000000000000 RSI: 0000200000000180 RDI: 000000000000000c
RBP: 00007f5e91a08bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5e91c16038 R14: 00007f5e91c15fa0 R15: 00007ffe94bcfef8
 </TASK>
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:28:3e:e8:d7:f9, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:28:3e:e8:d7:f9, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:28:3e:e8:d7:f9, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:28:3e:e8:d7:f9, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:28:3e:e8:d7:f9, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 1838 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:28:3e:e8:d7:f9, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:28:3e:e8:d7:f9, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:28:3e:e8:d7:f9, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:28:3e:e8:d7:f9, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:d6:28:3e:e8:d7:f9, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)