INFO: task syz.9.5841:8755 blocked for more than 143 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.5841 state:D stack:26256 pid:8755 tgid:8747 ppid:4889 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x14bc/0x5000 kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6960
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7017
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:776
nfnl_lock net/netfilter/nfnetlink.c:98 [inline]
nfnetlink_rcv_msg+0x9dc/0x1130 net/netfilter/nfnetlink.c:295
netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2550
nfnetlink_rcv+0x282/0x2590 net/netfilter/nfnetlink.c:669
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:728
__sock_sendmsg net/socket.c:743 [inline]
____sys_sendmsg+0x577/0x880 net/socket.c:2601
___sys_sendmsg+0x21f/0x2a0 net/socket.c:2655
__sys_sendmsg net/socket.c:2687 [inline]
__do_sys_sendmsg net/socket.c:2692 [inline]
__se_sys_sendmsg net/socket.c:2690 [inline]
__x64_sys_sendmsg+0x19b/0x260 net/socket.c:2690
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3f3818f749
RSP: 002b:00007f3f363f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f3f383e5fa0 RCX: 00007f3f3818f749
RDX: 0000000004004010 RSI: 0000200000000000 RDI: 0000000000000003
RBP: 00007f3f38213f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3f383e6038 R14: 00007f3f383e5fa0 R15: 00007ffd44772be8
Showing all locks held in the system:
4 locks held by kworker/0:0/9:
1 lock held by khungtaskd/31:
#0: ffffffff8e3419e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e3419e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8e3419e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by kworker/0:2/846:
4 locks held by kworker/1:3/5871:
#0: ffff88805bcf4148 ((wq_completion)wg-kex-wg2#40){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3236
#1: ffffc9000448fb80 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3237
#2: ffff88807c2b1348 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 drivers/net/wireguard/noise.c:598
#3: ffff88807f3ce648 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4bf/0x900 drivers/net/wireguard/noise.c:632
4 locks held by kworker/1:7/5924:
#0: ffff888063c21148 ((wq_completion)wg-kex-wg1#52){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3236
#1: ffffc90004aefb80 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3237
#2: ffff8880acb75348 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 drivers/net/wireguard/noise.c:598
#3: ffff88807f3ca0f0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4bf/0x900 drivers/net/wireguard/noise.c:632
2 locks held by kworker/0:8/8863:
1 lock held by syz.9.4590/27643:
5 locks held by kworker/R-wg-cr/28206:
1 lock held by kworker/R-wg-cr/28869:
2 locks held by kworker/R-wg-cr/28875:
2 locks held by getty/1050:
#0: ffff8880350b90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90003a6f2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460 drivers/tty/n_tty.c:2211
1 lock held by kworker/R-wg-cr/2075:
2 locks held by kworker/R-wg-cr/2079:
2 locks held by kworker/0:9/2404:
2 locks held by kworker/R-wg-cr/8849:
1 lock held by syz.3.5904/9885:
#0: ffffffff9a88eef8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnl_lock net/netfilter/nfnetlink.c:98 [inline]
#0: ffffffff9a88eef8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130 net/netfilter/nfnetlink.c:295
2 locks held by syz-executor/10082:
1 lock held by syz.6.5932/10757:
#0: ffffffff9a88eef8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnl_lock net/netfilter/nfnetlink.c:98 [inline]
#0: ffffffff9a88eef8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130 net/netfilter/nfnetlink.c:295
1 lock held by syz.6.5932/10758:
#0: ffffffff9a88eef8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnl_lock net/netfilter/nfnetlink.c:98 [inline]
#0: ffffffff9a88eef8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130 net/netfilter/nfnetlink.c:295
1 lock held by syz.4.6101/12174:
#0: ffffffff8e347538 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
#0: ffffffff8e347538 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:956
1 lock held by syz.5.6144/12478:
#0: ffffffff9a88eef8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnl_lock net/netfilter/nfnetlink.c:98 [inline]
#0: ffffffff9a88eef8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130 net/netfilter/nfnetlink.c:295
3 locks held by kworker/0:10/12667:
2 locks held by kworker/0:12/12675:
3 locks held by kworker/0:13/12710:
3 locks held by kworker/0:14/12711:
3 locks held by kworker/0:15/12712:
2 locks held by kworker/0:16/12722:
2 locks held by kworker/0:17/12723:
1 lock held by syz-executor/12724:
#0: ffffffff8e347538 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
#0: ffffffff8e347538 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:956
1 lock held by syz.2.6193/12940:
#0: ffffffff9a88eef8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnl_lock net/netfilter/nfnetlink.c:98 [inline]
#0: ffffffff9a88eef8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130 net/netfilter/nfnetlink.c:295
3 locks held by kworker/0:19/13177:
4 locks held by kworker/0:20/13182:
3 locks held by kworker/0:21/13268:
1 lock held by sed/13270:
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xf95/0xfe0 kernel/hung_task.c:515
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x0/0x90 kernel/kcov.c:320
Code: 7c 11 10 48 89 74 11 18 48 89 44 11 20 e9 08 d3 a5 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 30 c3 92 65 8b 15 a8 37
RSP: 0018:ffffc90000007538 EFLAGS: 00000246
RAX: 0000607eda0d76f0 RBX: ffff888166add920 RCX: ffff88801d6a9e80
RDX: 0000000000000100 RSI: ffff88814e0ce640 RDI: 0000000000000000
RBP: ffffc90000007650 R08: 0000000000000000 R09: ffff8880365d1140
R10: dffffc0000000000 R11: fffffbfff1f874af R12: ffff88814e0ce640
R13: ffffffff8a15a592 R14: dffffc0000000000 R15: ffffffff8a15a592
FS: 0000000000000000(0000) GS:ffff8881259ed000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffc7188ad0 CR3: 0000000028d66000 CR4: 00000000003526f0
DR0: 0000000000008009 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
rt6_get_pcpu_route net/ipv6/route.c:1445 [inline]
ip6_pol_route+0x433/0x1180 net/ipv6/route.c:2302
pol_lookup_func include/net/ip6_fib.h:617 [inline]
fib6_rule_lookup+0x52f/0x6f0 net/ipv6/fib6_rules.c:120
ip6_route_input_lookup net/ipv6/route.c:2338 [inline]
ip6_route_input+0x6de/0xad0 net/ipv6/route.c:2641
ip6_rcv_finish+0x141/0x2e0 net/ipv6/ip6_input.c:77
NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318
__netif_receive_skb_one_core net/core/dev.c:6138 [inline]
__netif_receive_skb+0xd3/0x380 net/core/dev.c:6251
process_backlog+0x622/0x1500 net/core/dev.c:6603
__napi_poll+0xae/0x320 net/core/dev.c:7667
napi_poll net/core/dev.c:7730 [inline]
net_rx_action+0x672/0xe50 net/core/dev.c:7882
handle_softirqs+0x27d/0x850 kernel/softirq.c:626
do_softirq+0xec/0x180 kernel/softirq.c:523
__local_bh_enable_ip+0x17d/0x1c0 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0xd2/0x120 arch/x86/kernel/fpu/core.c:480
blake2s_compress+0xe9/0x1b80 lib/crypto/x86/blake2s.h:42
blake2s_update+0x14b/0x450 lib/crypto/blake2s.c:125
blake2s include/crypto/blake2s.h:156 [inline]
compute_mac1+0x145/0x1a0 drivers/net/wireguard/cookie.c:80
wg_cookie_validate_packet+0x129/0x320 drivers/net/wireguard/cookie.c:130
wg_receive_handshake_packet drivers/net/wireguard/receive.c:121 [inline]
wg_packet_handshake_receive_worker+0x476/0xfc0 drivers/net/wireguard/receive.c:213
process_one_work+0x93a/0x15a0 kernel/workqueue.c:3261
process_scheduled_works kernel/workqueue.c:3344 [inline]
worker_thread+0x9b0/0xee0 kernel/workqueue.c:3425
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
net_ratelimit: 8919 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:7c:b9:e5:7f:ab, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:b2:7c:b9:e5:7f:ab, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)