INFO: task kworker/u8:4:58 blocked for more than 144 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:4 state:D stack:24472 pid:58 tgid:58 ppid:2 task_flags:0x4208160 flags:0x00080000
Workqueue: events_unbound linkwatch_event
Call Trace:
context_switch kernel/sched/core.c:5387 [inline]
__schedule+0x10e9/0x6820 kernel/sched/core.c:7188
__schedule_loop kernel/sched/core.c:7267 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7282
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7339
__mutex_lock_common kernel/locking/mutex.c:712 [inline]
__mutex_lock+0xced/0x1b10 kernel/locking/mutex.c:806
linkwatch_event+0x51/0xc0 net/core/link_watch.c:313
process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466
kthread+0x370/0x450 kernel/kthread.c:436
ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz.0.116:6835 blocked for more than 144 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.116 state:D stack:27528 pid:6835 tgid:6833 ppid:6248 task_flags:0x400040 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5387 [inline]
__schedule+0x10e9/0x6820 kernel/sched/core.c:7188
__schedule_loop kernel/sched/core.c:7267 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7282
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7339
__mutex_lock_common kernel/locking/mutex.c:712 [inline]
__mutex_lock+0xced/0x1b10 kernel/locking/mutex.c:806
tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
chrdev_open+0x234/0x6a0 fs/char_dev.c:411
do_dentry_open+0x6d8/0x1660 fs/open.c:947
vfs_open+0x82/0x3f0 fs/open.c:1079
do_open fs/namei.c:4699 [inline]
path_openat+0x208c/0x31a0 fs/namei.c:4858
do_file_open+0x20e/0x430 fs/namei.c:4887
do_sys_openat2+0x10d/0x1e0 fs/open.c:1364
do_sys_open fs/open.c:1370 [inline]
__do_sys_openat fs/open.c:1386 [inline]
__se_sys_openat fs/open.c:1381 [inline]
__x64_sys_openat+0x12d/0x210 fs/open.c:1381
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f08d919c819
RSP: 002b:00007f08d9ff2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f08d9415fa0 RCX: 00007f08d919c819
RDX: 0000000000000800 RSI: 0000200000000840 RDI: ffffffffffffff9c
RBP: 00007f08d9232c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f08d9416038 R14: 00007f08d9415fa0 R15: 00007ffdec8105f8
Showing all locks held in the system:
1 lock held by kthreadd/2:
3 locks held by kworker/0:0/9:
3 locks held by kworker/0:1/10:
3 locks held by kworker/u8:0/12:
3 locks held by kworker/u8:1/13:
1 lock held by kworker/R-mm_pe/14:
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2775 [inline]
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb7b/0x14a0 kernel/workqueue.c:3637
5 locks held by kworker/1:1/29:
1 lock held by khungtaskd/31:
#0: ffffffff8e7e5260 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#0: ffffffff8e7e5260 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
#0: ffffffff8e7e5260 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
3 locks held by kworker/u8:2/36:
3 locks held by kworker/u8:3/48:
3 locks held by kworker/u8:4/58:
#0: ffff88813fe34140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
#1: ffffc900015f7d08 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
#2: ffffffff906323a0 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 net/core/link_watch.c:313
3 locks held by kworker/u8:5/129:
3 locks held by kworker/u8:6/147:
2 locks held by kworker/0:2/807:
8 locks held by kworker/u8:7/1040:
3 locks held by kworker/u8:8/1172:
3 locks held by kworker/1:2/1223:
3 locks held by kworker/R-ipv6_/3200:
#0: ffff88803326a940 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
#1: ffffc9001039fc70 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
#2: ffffffff906323a0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#2: ffffffff906323a0 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4746
2 locks held by kworker/R-bat_e/3426:
3 locks held by kworker/u8:9/3494:
1 lock held by klogd/5200:
2 locks held by udevd/5211:
2 locks held by dhcpcd/5505:
2 locks held by dhcpcd/5506:
1 lock held by crond/5583:
2 locks held by getty/5596:
#0: ffff888037f300a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000322b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0 drivers/tty/n_tty.c:2211
1 lock held by syz-executor/5827:
3 locks held by kworker/1:3/5834:
2 locks held by syz-executor/5840:
#0: ffffffff906323a0 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
#0: ffffffff906323a0 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 drivers/net/tun.c:3438
#1: ffffffff8e7f0da8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343
5 locks held by kworker/u9:3/5848:
#0: ffff888069d46140 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
#1: ffffc90004567d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
#2: ffff88805a8b4ea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 net/bluetooth/hci_sync.c:331
#3: ffff88805a8b40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20 net/bluetooth/hci_sync.c:5744
#4: ffffffff908c9a40 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#4: ffffffff908c9a40 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360 net/bluetooth/hci_conn.c:1342
5 locks held by kworker/u9:4/5850:
#0: ffff88807e8bc140 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
#1: ffffc90004587d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
#2: ffff88805844cea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 net/bluetooth/hci_sync.c:331
#3: ffff88805844c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20 net/bluetooth/hci_sync.c:5744
#4: ffffffff908c9a40 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#4: ffffffff908c9a40 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360 net/bluetooth/hci_conn.c:1342
7 locks held by kworker/u9:7/5853:
#0: ffff888075c1c940 ((wq_completion)hci1){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
#1: ffffc900045b7d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
#2: ffff88805db2cea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 net/bluetooth/hci_sync.c:331
#3: ffff88805db2c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20 net/bluetooth/hci_sync.c:5744
#4: ffffffff908c9a40 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#4: ffffffff908c9a40 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360 net/bluetooth/hci_conn.c:1342
#5: ffff888058e7baf8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x95/0x710 net/bluetooth/l2cap_core.c:1777
#6: ffffffff8e7f0da8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 kernel/rcu/tree_exp.h:311
1 lock held by kworker/R-wg-cr/5872:
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2775 [inline]
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb7b/0x14a0 kernel/workqueue.c:3637
4 locks held by kworker/1:4/5897:
#0: ffff88802c7d5940 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
#1: ffffc90004cd7d08 ((work_completion)(&({ do { const void __seg_gs *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
#2: ffff8880325e5380 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x860 drivers/net/wireguard/noise.c:598
#3: ffff88802bdc5c58 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x666/0x860 drivers/net/wireguard/noise.c:643
4 locks held by kworker/0:4/5910:
2 locks held by kworker/0:5/5927:
3 locks held by kworker/0:6/5928:
4 locks held by kworker/1:5/5934:
#0: ffff888032b09140 ((wq_completion)wg-kex-wg2#6){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
#1: ffffc90004e67d08 ((work_completion)(&({ do { const void __seg_gs *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
#2: ffff888034bb1380 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x860 drivers/net/wireguard/noise.c:598
#3: ffff88807f796640 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x5ac/0x860 drivers/net/wireguard/noise.c:632
2 locks held by syz-executor/6228:
1 lock held by kworker/R-wg-cr/6279:
1 lock held by kworker/R-wg-cr/6280:
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2775 [inline]
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb7b/0x14a0 kernel/workqueue.c:3637
1 lock held by kworker/R-wg-cr/6293:
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2717
1 lock held by kworker/R-wg-cr/6297:
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2775 [inline]
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb7b/0x14a0 kernel/workqueue.c:3637
1 lock held by kworker/R-wg-cr/6512:
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2717
1 lock held by kworker/R-wg-cr/6519:
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2775 [inline]
#0: ffffffff8e692800 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb7b/0x14a0 kernel/workqueue.c:3637
3 locks held by kworker/0:7/6721:
#0: ffff88813feadd40 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
#1: ffffc90003247d08 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
#2: ffffffff906323a0 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x91/0x13a0 net/wireless/reg.c:2466
1 lock held by syz.1.113/6825:
#0: ffff88813fe11bb8 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline]
#0: ffff88813fe11bb8 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x1f5/0x470 mm/util.c:579
2 locks held by syz.1.113/6826:
1 lock held by syz.1.113/6829:
3 locks held by syz.1.113/6834:
2 locks held by syz.1.113/6838:
4 locks held by syz.2.115/6830:
1 lock held by syz.0.116/6835:
#0: ffffffff8f502a40 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
#0: ffffffff8f502a40 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
3 locks held by kworker/u8:10/6839:
2 locks held by kworker/u8:11/6840:
3 locks held by kworker/u8:12/6841:
4 locks held by kworker/u8:13/6842:
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x141/0x190 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
watchdog+0xcb1/0x1030 kernel/hung_task.c:561
kthread+0x370/0x450 kernel/kthread.c:436
ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 29 Comm: kworker/1:1 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker
RIP: 0010:deref_stack_reg arch/x86/kernel/unwind_orc.c:422 [inline]
RIP: 0010:unwind_next_frame+0xcfd/0x2090 arch/x86/kernel/unwind_orc.c:614
Code: 3c 02 0f 85 60 f6 ff ff 49 8d 76 f8 ba 08 00 00 00 4d 8d 7d 34 4c 89 ef 48 89 74 24 28 e8 2b f1 ff ff 84 c0 0f 84 4f f6 ff ff <48> 8b 7c 24 28 e8 f9 ea ff ff 48 89 ee 48 8b 4c 24 20 48 ba 00 00
RSP: 0018:ffffc90000a08240 EFLAGS: 00000202
RAX: ffffc90000a09001 RBX: 0000000000000002 RCX: ffffffff918aa204
RDX: ffffc90000a08601 RSI: ffffc90000a08630 RDI: ffffc90000a082c0
RBP: ffffc90000a082f8 R08: ffffffff918aa208 R09: 0000000000000007
R10: 0000000000000200 R11: 0000000000017560 R12: ffffc90000a08300
R13: ffffc90000a082b0 R14: ffffc90000a08638 R15: ffffc90000a082e4
FS: 0000000000000000(0000) GS:ffff8881243e2000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7aee600218 CR3: 00000000331e2000 CR4: 00000000003526f0
Call Trace:
arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
kasan_save_track+0x14/0x30 mm/kasan/common.c:78
unpoison_slab_object mm/kasan/common.c:340 [inline]
__kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:366
kasan_slab_alloc include/linux/kasan.h:253 [inline]
slab_post_alloc_hook mm/slub.c:4569 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
kmem_cache_alloc_noprof+0x241/0x6e0 mm/slub.c:4905
__skb_ext_alloc+0x1a/0x80 net/core/skbuff.c:7045
skb_ext_add+0x40b/0x810 net/core/skbuff.c:7149
nf_bridge_alloc include/net/netfilter/br_netfilter.h:12 [inline]
br_nf_pre_routing_ipv6+0xc7/0x8b0 net/bridge/br_netfilter_ipv6.c:171
br_nf_pre_routing+0x90f/0x1560 net/bridge/br_netfilter_hooks.c:509
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
br_handle_frame+0xcdd/0x1520 net/bridge/br_input.c:442
__netif_receive_skb_core.constprop.0+0x6c5/0x3530 net/core/dev.c:6096
__netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6207
__netif_receive_skb+0x1f/0x120 net/core/dev.c:6322
process_backlog+0x37a/0x1580 net/core/dev.c:6673
__napi_poll.constprop.0+0xaf/0x450 net/core/dev.c:7737
napi_poll net/core/dev.c:7800 [inline]
net_rx_action+0xa40/0xf20 net/core/dev.c:7957
handle_softirqs+0x1ea/0xa00 kernel/softirq.c:622
do_softirq kernel/softirq.c:523 [inline]
do_softirq+0xac/0xe0 kernel/softirq.c:510
__local_bh_enable_ip+0xf8/0x120 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end arch/x86/kernel/fpu/core.c:506 [inline]
kernel_fpu_end+0x64/0x80 arch/x86/kernel/fpu/core.c:499
blake2s_compress+0x78/0xf0 lib/crypto/x86/blake2s.h:42
blake2s_update+0xef/0x320 lib/crypto/blake2s.c:119
hmac.constprop.0+0x33f/0x480 drivers/net/wireguard/noise.c:332
kdf.constprop.0+0x14d/0x280 drivers/net/wireguard/noise.c:367
mix_psk drivers/net/wireguard/noise.c:448 [inline]
wg_noise_handshake_create_response+0x3fb/0x5f0 drivers/net/wireguard/noise.c:707
wg_packet_send_handshake_response+0xe3/0x310 drivers/net/wireguard/send.c:94
wg_receive_handshake_packet+0x7dd/0xc20 drivers/net/wireguard/receive.c:154
wg_packet_handshake_receive_worker+0x15e/0x370 drivers/net/wireguard/receive.c:213
process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466
kthread+0x370/0x450 kernel/kthread.c:436
ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
net_ratelimit: 16333 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:4a:8a:66:4f:bb:2f, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:4a:8a:66:4f:bb:2f, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6829/1:b..l
rcu: (detected by 0, t=10502 jiffies, g=30653, q=2542 ncpus=2)
task:syz.1.113 state:R running task stack:24408 pid:6829 tgid:6825 ppid:6228 task_flags:0x400040 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5387 [inline]
__schedule+0x10e9/0x6820 kernel/sched/core.c:7188
preempt_schedule_notrace+0x5f/0xd0 kernel/sched/core.c:7462
preempt_schedule_notrace_thunk+0x16/0x30 arch/x86/entry/thunk.S:13
rcu_is_watching+0x8e/0xc0 kernel/rcu/tree.c:753
rcu_read_lock include/linux/rcupdate.h:839 [inline]
class_rcu_constructor include/linux/rcupdate.h:1181 [inline]
unwind_next_frame+0x6fa/0x2090 arch/x86/kernel/unwind_orc.c:495
arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
save_stack+0x162/0x1e0 mm/page_owner.c:165
__reset_page_owner+0x84/0x190 mm/page_owner.c:320
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1402 [inline]
__free_frozen_pages+0x747/0x1040 mm/page_alloc.c:2943
__folio_put+0x3b4/0x5f0 mm/swap.c:112
folio_put_refs include/linux/mm.h:2110 [inline]
collapse_file+0x345a/0x3c20 mm/khugepaged.c:2269
collapse_scan_file mm/khugepaged.c:2412 [inline]
collapse_single_pmd+0xeaa/0x3c50 mm/khugepaged.c:2447
madvise_collapse+0x2d6/0x760 mm/khugepaged.c:2869
madvise_vma_behavior+0x10f4/0x2200 mm/madvise.c:1364
madvise_walk_vmas+0x2fe/0xa90 mm/madvise.c:1713
madvise_do_behavior+0x1ea/0x510 mm/madvise.c:1929
do_madvise+0x195/0x240 mm/madvise.c:2022
__do_sys_madvise mm/madvise.c:2031 [inline]
__se_sys_madvise mm/madvise.c:2029 [inline]
__x64_sys_madvise+0xa9/0x110 mm/madvise.c:2029
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe56ab9c819
RSP: 002b:00007fe56b9d3028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007fe56ae16090 RCX: 00007fe56ab9c819
RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000
RBP: 00007fe56ac32c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe56ae16128 R14: 00007fe56ae16090 R15: 00007ffee67ad538
net_ratelimit: 16316 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:4a:8a:66:4f:bb:2f, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)