INFO: task syz.3.510:8540 blocked for more than 143 seconds.
Tainted: G L syzkaller #0
Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.510 state:D stack:25368 pid:8540 tgid:8539 ppid:5837 task_flags:0x40054c flags:0x00080003
Call Trace:
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1139/0x6150 kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:6960
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7017
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776
tun_detach drivers/net/tun.c:634 [inline]
tun_chr_close+0x38/0x230 drivers/net/tun.c:3436
__fput+0x402/0xb70 fs/file_table.c:468
task_work_run+0x150/0x240 kernel/task_work.c:233
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x87f/0x2bd0 kernel/exit.c:971
do_group_exit+0xd3/0x2a0 kernel/exit.c:1112
get_signal+0x2671/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f991498f7c9
RSP: 002b:00007f99157970e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f9914be5fa8 RCX: 00007f991498f7c9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9914be5fa8
RBP: 00007f9914be5fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9914be6038 R14: 00007fff477cfe60 R15: 00007fff477cff48
Showing all locks held in the system:
4 locks held by kworker/0:1/10:
4 locks held by kworker/1:0/24:
#0: ffff88813ff56948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc900001e7c90 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x91/0x1190 net/wireless/reg.c:2453
#3: ffff88801ff70788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6363 [inline]
#3: ffff88801ff70788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_leave_invalid_chans net/wireless/reg.c:2441 [inline]
#3: ffff88801ff70788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x11b/0x1190 net/wireless/reg.c:2456
1 lock held by khungtaskd/31:
#0: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
3 locks held by kworker/1:2/91:
#0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc9000267fc90 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_lock net/openvswitch/datapath.c:108 [inline]
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_dp_masks_rebalance+0x24/0xf0 net/openvswitch/datapath.c:2561
2 locks held by getty/5592:
#0: ffff888035c880a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x1510 drivers/tty/n_tty.c:2211
4 locks held by syz-executor/5818:
#0: ffff888076484808 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x117/0x580 mm/mmap_lock.c:259
#1: ffff88814d93c518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x174/0x380 mm/memory.c:3528
#2: ffff888077538f20 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1092 [inline]
#2: ffff888077538f20 (mapping.invalidate_lock#2){++++}-{4:4}, at: ext4_page_mkwrite+0x353/0x1880 fs/ext4/inode.c:6670
#3: ffff888077538c10 (&ei->i_data_sem){++++}-{4:4}, at: ext4_da_map_blocks fs/ext4/inode.c:1961 [inline]
#3: ffff888077538c10 (&ei->i_data_sem){++++}-{4:4}, at: ext4_da_get_block_prep+0x6ad/0x1230 fs/ext4/inode.c:2027
3 locks held by kworker/1:4/5891:
#0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc900043cfc90 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_lock net/openvswitch/datapath.c:108 [inline]
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_dp_masks_rebalance+0x24/0xf0 net/openvswitch/datapath.c:2561
3 locks held by kworker/0:5/5904:
#0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc9000494fc90 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_lock net/openvswitch/datapath.c:108 [inline]
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_dp_masks_rebalance+0x24/0xf0 net/openvswitch/datapath.c:2561
3 locks held by kworker/0:6/5905:
#0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc9000495fc90 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_lock net/openvswitch/datapath.c:108 [inline]
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_dp_masks_rebalance+0x24/0xf0 net/openvswitch/datapath.c:2561
3 locks held by kworker/1:5/6001:
#0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc90004d47c90 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_lock net/openvswitch/datapath.c:108 [inline]
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_dp_masks_rebalance+0x24/0xf0 net/openvswitch/datapath.c:2561
4 locks held by kworker/1:6/6006:
#0: ffff88814374e148 ((wq_completion)wg-kex-wg2#6){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc90004abfc90 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffff88805eb3d308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x880 drivers/net/wireguard/noise.c:598
#3: ffff88803502dc60 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x5ac/0x880 drivers/net/wireguard/noise.c:632
3 locks held by kworker/u10:0/7006:
4 locks held by kworker/u10:1/7008:
4 locks held by kworker/u10:2/7010:
#0: ffff88801badf148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc90004bffc90 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff9012e710 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x830 net/core/net_namespace.c:670
#3: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: caif_exit_net+0x64/0x3c0 net/caif/caif_dev.c:528
3 locks held by kworker/u10:5/7016:
3 locks held by kworker/u10:6/7023:
7 locks held by kworker/u10:7/7033:
3 locks held by kworker/u10:9/7047:
4 locks held by kworker/u10:10/7054:
5 locks held by kworker/u10:11/7067:
4 locks held by kworker/u10:12/7072:
3 locks held by kworker/u11:2/7078:
#0: ffff88802ad20148 ((wq_completion)hci13){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc90004a8fc90 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffff888050d64ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_open+0x22/0xb0 net/bluetooth/hci_core.c:428
3 locks held by kworker/u10:13/7121:
#0: ffff88813ff69948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc90003a87c90 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 net/core/link_watch.c:303
3 locks held by kworker/u10:14/7178:
3 locks held by kworker/1:7/7258:
#0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc90003ae7c90 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_lock net/openvswitch/datapath.c:108 [inline]
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_dp_masks_rebalance+0x24/0xf0 net/openvswitch/datapath.c:2561
3 locks held by kworker/u10:15/7384:
3 locks held by kworker/u10:16/7415:
3 locks held by kworker/u10:18/7417:
3 locks held by kworker/u10:19/7418:
3 locks held by kworker/u10:20/7419:
4 locks held by kworker/u10:21/7420:
1 lock held by syz.1.424/8109:
#0: ffffffff8e3d4ac0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0 kernel/rcu/tree.c:3816
1 lock held by syz.3.510/8540:
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3436
2 locks held by syz.0.518/8585:
#0: ffffffff9012e710 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x333/0x7c0 net/core/net_namespace.c:577
#1: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: ops_exit_rtnl_list net/core/net_namespace.c:173 [inline]
#1: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x7e9/0xab0 net/core/net_namespace.c:248
7 locks held by kworker/u10:23/8589:
3 locks held by kworker/u10:24/8590:
#0: ffff88814cbe9148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc90003267c90 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#2: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4734
2 locks held by kworker/0:9/8595:
2 locks held by syz.2.522/8605:
#0: ffffffff9012e710 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x333/0x7c0 net/core/net_namespace.c:577
#1: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x21d/0x7d0 net/ipv4/ip_tunnel.c:1146
3 locks held by kworker/1:8/8609:
#0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc9000574fc90 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
3 locks held by syz-executor/8613:
#0: ffff888020764ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xc0 net/bluetooth/hci_core.c:499
#1: ffff8880207640c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3af/0x1260 net/bluetooth/hci_sync.c:5314
#2: ffffffff903c2148 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2143 [inline]
#2: ffffffff903c2148 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x290 net/bluetooth/hci_conn.c:2637
5 locks held by syz-executor/8617:
#0: ffff888050790ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xc0 net/bluetooth/hci_core.c:499
#1: ffff8880507900c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3af/0x1260 net/bluetooth/hci_sync.c:5314
#2: ffffffff903c2148 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2143 [inline]
#2: ffffffff903c2148 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x290 net/bluetooth/hci_conn.c:2637
#3: ffff88805c80c338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x760 net/bluetooth/l2cap_core.c:1763
#4: ffffffff8e3d4bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:343
3 locks held by syz-executor/8618:
#0: ffff888031a68ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xc0 net/bluetooth/hci_core.c:499
#1: ffff888031a680c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3af/0x1260 net/bluetooth/hci_sync.c:5314
#2: ffffffff903c2148 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2143 [inline]
#2: ffffffff903c2148 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x290 net/bluetooth/hci_conn.c:2637
3 locks held by kworker/0:10/8624:
#0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc900050bfc90 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_lock net/openvswitch/datapath.c:108 [inline]
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_dp_masks_rebalance+0x24/0xf0 net/openvswitch/datapath.c:2561
4 locks held by kworker/0:11/8630:
2 locks held by kworker/u10:25/8632:
1 lock held by syz-executor/8644:
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:978
1 lock held by syz-executor/8645:
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:978
1 lock held by syz-executor/8646:
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:978
1 lock held by syz-executor/8649:
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:978
1 lock held by syz-executor/8664:
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:978
1 lock held by syz-executor/8671:
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:978
1 lock held by syz-executor/8674:
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:978
1 lock held by syz-executor/8676:
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90144ee8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:978
3 locks held by kworker/0:21/8687:
2 locks held by kworker/0:23/8689:
2 locks held by kworker/0:24/8690:
3 locks held by kworker/0:26/8692:
#0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
#1: ffffc90003287c90 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_lock net/openvswitch/datapath.c:108 [inline]
#2: ffffffff906775e8 (ovs_mutex){+.+.}-{4:4}, at: ovs_dp_masks_rebalance+0x24/0xf0 net/openvswitch/datapath.c:2561
2 locks held by kworker/0:28/8694:
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x133/0x180 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xe66/0x1180 kernel/hung_task.c:515
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 7072 Comm: kworker/u10:12 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker
RIP: 0010:jhash2 include/linux/jhash.h:128 [inline]
RIP: 0010:hash_stack lib/stackdepot.c:563 [inline]
RIP: 0010:stack_depot_save_flags+0x63/0x9b0 lib/stackdepot.c:664
Code: c0 e9 8d 01 00 00 41 89 c6 4b 8d 04 36 89 c6 8d 1c 85 7b 71 f5 75 83 f8 03 0f 86 3e 04 00 00 89 d8 41 89 d9 4c 89 f9 44 8b 11 <03> 41 08 83 ee 03 48 83 c1 0c 89 c7 44 03 49 f8 41 29 c2 c1 c7 04
RSP: 0018:ffffc900000069d8 EFLAGS: 00000206
RAX: 0000000024275607 RBX: 00000000679c25e0 RCX: ffffc90000006ad8
RDX: ffffffff812b91ca RSI: 0000000000000036 RDI: 00000000d1d084be
RBP: 0000000000000030 R08: ffffffff911b6bfa R09: 0000000006fba30b
R10: 000000008a4dec87 R11: 0000000000002b91 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000030 R15: ffffc90000006a30
FS: 0000000000000000(0000) GS:ffff8881248fc000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f84166e1e9c CR3: 000000000e184000 CR4: 00000000003526f0
Call Trace:
kasan_save_stack+0x42/0x60 mm/kasan/common.c:57
kasan_save_track+0x14/0x30 mm/kasan/common.c:77
kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:584
poison_slab_object mm/kasan/common.c:252 [inline]
__kasan_slab_free+0x5f/0x80 mm/kasan/common.c:284
kasan_slab_free include/linux/kasan.h:234 [inline]
slab_free_hook mm/slub.c:2540 [inline]
slab_free mm/slub.c:6668 [inline]
kmem_cache_free+0x2d8/0x770 mm/slub.c:6779
__skb_ext_put+0x102/0x2c0 net/core/skbuff.c:7201
__skb_ext_del+0xf3/0x340 net/core/skbuff.c:7168
skb_ext_del include/linux/skbuff.h:5057 [inline]
nf_bridge_info_free net/bridge/br_netfilter_hooks.c:156 [inline]
br_nf_dev_queue_xmit+0x7a0/0x2b00 net/bridge/br_netfilter_hooks.c:919
NF_HOOK include/linux/netfilter.h:318 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
br_nf_post_routing+0x8e7/0x1190 net/bridge/br_netfilter_hooks.c:966
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xbe/0x200 net/netfilter/core.c:623
nf_hook+0x45e/0x780 include/linux/netfilter.h:273
NF_HOOK include/linux/netfilter.h:316 [inline]
br_forward_finish+0xcd/0x130 net/bridge/br_forward.c:66
br_nf_hook_thresh+0x307/0x410 net/bridge/br_netfilter_hooks.c:1167
br_nf_forward_finish+0x66a/0xba0 net/bridge/br_netfilter_hooks.c:662
NF_HOOK include/linux/netfilter.h:318 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
br_nf_forward_ip.part.0+0x609/0x810 net/bridge/br_netfilter_hooks.c:716
br_nf_forward_ip net/bridge/br_netfilter_hooks.c:676 [inline]
br_nf_forward+0xf0f/0x1be0 net/bridge/br_netfilter_hooks.c:773
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xbe/0x200 net/netfilter/core.c:623
nf_hook+0x45e/0x780 include/linux/netfilter.h:273
NF_HOOK include/linux/netfilter.h:316 [inline]
__br_forward+0x1be/0x5b0 net/bridge/br_forward.c:115
deliver_clone net/bridge/br_forward.c:131 [inline]
br_flood+0x39c/0x650 net/bridge/br_forward.c:250
br_handle_frame_finish+0x1117/0x1f00 net/bridge/br_input.c:229
br_nf_hook_thresh+0x307/0x410 net/bridge/br_netfilter_hooks.c:1167
br_nf_pre_routing_finish_ipv6+0x76a/0xfc0 net/bridge/br_netfilter_ipv6.c:154
NF_HOOK include/linux/netfilter.h:318 [inline]
br_nf_pre_routing_ipv6+0x3cd/0x8c0 net/bridge/br_netfilter_ipv6.c:184
br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:508
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
br_handle_frame+0xb28/0x14e0 net/bridge/br_input.c:442
__netif_receive_skb_core.constprop.0+0x6b3/0x35b0 net/core/dev.c:6024
__netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6135
__netif_receive_skb+0x1d/0x160 net/core/dev.c:6250
process_backlog+0x4a2/0x1650 net/core/dev.c:6602
__napi_poll.constprop.0+0xb3/0x540 net/core/dev.c:7666
napi_poll net/core/dev.c:7729 [inline]
net_rx_action+0x9f9/0xfa0 net/core/dev.c:7881
handle_softirqs+0x219/0x950 kernel/softirq.c:622
do_softirq kernel/softirq.c:523 [inline]
do_softirq+0xb2/0xf0 kernel/softirq.c:510
__local_bh_enable_ip+0x100/0x120 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end arch/x86/kernel/fpu/core.c:480 [inline]
kernel_fpu_end+0x5e/0x70 arch/x86/kernel/fpu/core.c:473
blake2s_compress+0x77/0xe0 lib/crypto/x86/blake2s.h:42
blake2s_final+0xc9/0x160 lib/crypto/blake2s.c:142
hmac.constprop.0+0x252/0x420 drivers/net/wireguard/noise.c:325
kdf.constprop.0+0x122/0x280 drivers/net/wireguard/noise.c:360
mix_precomputed_dh drivers/net/wireguard/noise.c:426 [inline]
wg_noise_handshake_create_initiation+0x406/0x610 drivers/net/wireguard/noise.c:560
wg_packet_send_handshake_initiation+0x19a/0x360 drivers/net/wireguard/send.c:34
wg_packet_handshake_send_worker+0x1c/0x30 drivers/net/wireguard/send.c:51
process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257
process_scheduled_works kernel/workqueue.c:3340 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246