INFO: task kworker/u9:1:5135 blocked for more than 143 seconds.
Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:1 state:D stack:25880 pid:5135 tgid:5135 ppid:2 task_flags:0x4208060 flags:0x00004000
Workqueue: hci9 hci_rx_work
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x116a/0x5de0 kernel/sched/core.c:6785
__schedule_loop kernel/sched/core.c:6863 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:6878
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:747
hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
hci_event_func net/bluetooth/hci_event.c:7511 [inline]
hci_event_packet+0xa0d/0x11c0 net/bluetooth/hci_event.c:7565
hci_rx_work+0x2c5/0x16b0 net/bluetooth/hci_core.c:4044
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
kthread+0x3c2/0x780 kernel/kthread.c:464
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task kworker/u9:3:5814 blocked for more than 144 seconds.
Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:3 state:D stack:26920 pid:5814 tgid:5814 ppid:2 task_flags:0x4208060 flags:0x00004000
Workqueue: hci4 hci_rx_work
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x116a/0x5de0 kernel/sched/core.c:6785
__schedule_loop kernel/sched/core.c:6863 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:6878
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:747
hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
hci_event_func net/bluetooth/hci_event.c:7511 [inline]
hci_event_packet+0xa0d/0x11c0 net/bluetooth/hci_event.c:7565
hci_rx_work+0x2c5/0x16b0 net/bluetooth/hci_core.c:4044
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
kthread+0x3c2/0x780 kernel/kthread.c:464
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task kworker/u9:4:5822 blocked for more than 144 seconds.
Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:4 state:D stack:27144 pid:5822 tgid:5822 ppid:2 task_flags:0x4208060 flags:0x00004000
Workqueue: hci2 hci_rx_work
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x116a/0x5de0 kernel/sched/core.c:6785
__schedule_loop kernel/sched/core.c:6863 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:6878
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:747
hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
hci_event_func net/bluetooth/hci_event.c:7511 [inline]
hci_event_packet+0xa0d/0x11c0 net/bluetooth/hci_event.c:7565
hci_rx_work+0x2c5/0x16b0 net/bluetooth/hci_core.c:4044
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
kthread+0x3c2/0x780 kernel/kthread.c:464
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task kworker/u9:5:5825 blocked for more than 144 seconds.
Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:5 state:D stack:26776 pid:5825 tgid:5825 ppid:2 task_flags:0x4208060 flags:0x00004000
Workqueue: hci10 hci_rx_work
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x116a/0x5de0 kernel/sched/core.c:6785
__schedule_loop kernel/sched/core.c:6863 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:6878
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:747
hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
hci_event_func net/bluetooth/hci_event.c:7511 [inline]
hci_event_packet+0xa0d/0x11c0 net/bluetooth/hci_event.c:7565
hci_rx_work+0x2c5/0x16b0 net/bluetooth/hci_core.c:4044
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
kthread+0x3c2/0x780 kernel/kthread.c:464
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task kworker/u9:9:5829 blocked for more than 145 seconds.
Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:9 state:D stack:26264 pid:5829 tgid:5829 ppid:2 task_flags:0x4208060 flags:0x00004000
Workqueue: hci1 hci_rx_work
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x116a/0x5de0 kernel/sched/core.c:6785
__schedule_loop kernel/sched/core.c:6863 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:6878
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:747
hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
hci_event_func net/bluetooth/hci_event.c:7511 [inline]
hci_event_packet+0xa0d/0x11c0 net/bluetooth/hci_event.c:7565
hci_rx_work+0x2c5/0x16b0 net/bluetooth/hci_core.c:4044
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
kthread+0x3c2/0x780 kernel/kthread.c:464
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz-executor:6452 blocked for more than 145 seconds.
Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0
Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:24104 pid:6452 tgid:6452 ppid:1 task_flags:0x40054c flags:0x00004006
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x116a/0x5de0 kernel/sched/core.c:6785
__schedule_loop kernel/sched/core.c:6863 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:6878
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:747
hci_disconn_cfm include/net/bluetooth/hci_core.h:2066 [inline]
hci_conn_hash_flush+0xbb/0x260 net/bluetooth/hci_conn.c:2560
hci_dev_close_sync+0x602/0x11d0 net/bluetooth/hci_sync.c:5250
hci_dev_do_close+0x2e/0x90 net/bluetooth/hci_core.c:483
hci_unregister_dev+0x213/0x620 net/bluetooth/hci_core.c:2691
vhci_release+0x79/0xf0 drivers/bluetooth/hci_vhci.c:665
__fput+0x3ff/0xb70 fs/file_table.c:465
task_work_run+0x150/0x240 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x86c/0x2bd0 kernel/exit.c:964
do_group_exit+0xd3/0x2a0 kernel/exit.c:1105
get_signal+0x2673/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f036d18e221
RSP: 002b:00007fff1e2449c0 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00007f036d18e221
RDX: 0000000000090800 RSI: 00007f036d210e59 RDI: 00000000ffffff9c
RBP: 00007fff1e244a6c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000002ebbf R15: 00007fff1e244ac0
Showing all locks held in the system:
3 locks held by kworker/u8:0/12:
#0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc90000117d10 ((work_completion)(&pool->idle_cull_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: idle_cull_fn+0x99/0x460 kernel/workqueue.c:2960
1 lock held by kworker/R-mm_pe/14:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
3 locks held by kworker/1:0/24:
1 lock held by khungtaskd/31:
#0: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#0: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6770
8 locks held by kworker/u8:2/36:
#0: ffff88801c6f3948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc90000ac7d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffffffff90336b90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 net/core/net_namespace.c:662
#3: ffff8880256c50e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline]
#3: ffff8880256c50e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
#3: ffff8880256c50e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x12c/0x2b0 net/devlink/core.c:506
#4: ffff8880256c6250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
#4: ffff8880256c6250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
#4: ffff8880256c6250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x136/0x2b0 net/devlink/core.c:506
#5: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0xfc/0x5d0 drivers/net/netdevsim/netdev.c:1064
#6: ffff888077aacd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: netdev_lock include/linux/netdevice.h:2756 [inline]
#6: ffff888077aacd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: netdev_lock_ops include/net/netdev_lock.h:42 [inline]
#6: ffff888077aacd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: netdev_lock_ops include/net/netdev_lock.h:39 [inline]
#6: ffff888077aacd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xb2f/0x2700 net/core/dev.c:12064
#7: ffffffff8e5cff38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0 kernel/rcu/tree_exp.h:304
4 locks held by kworker/u9:0/50:
#0: ffff888043258948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc90000ba7d10 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffff88808866c078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x970 net/bluetooth/hci_event.c:3713
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
3 locks held by kworker/1:1/54:
6 locks held by kworker/1:2/974:
3 locks held by kworker/u8:6/1162:
#0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc9000400fd10 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 net/core/link_watch.c:303
4 locks held by kworker/u9:1/5135:
#0: ffff88803543d948 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc9000f69fd10 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffff88806117c078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x970 net/bluetooth/hci_event.c:3713
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
2 locks held by getty/5576:
#0: ffff88803268b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
4 locks held by kworker/u9:2/5813:
#0: ffff888078702148 ((wq_completion)hci7#2){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc90002e87d10 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffff88804da04078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x970 net/bluetooth/hci_event.c:3713
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
4 locks held by kworker/u9:3/5814:
#0: ffff888047291148 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc90002e77d10 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffff88804cbec078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x970 net/bluetooth/hci_event.c:3713
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
4 locks held by kworker/u9:4/5822:
#0: ffff888055a11948 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc90003effd10 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffff8880762e8078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x970 net/bluetooth/hci_event.c:3713
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
4 locks held by kworker/u9:5/5825:
#0: ffff88803947c148 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc90003f2fd10 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffff888042888078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x970 net/bluetooth/hci_event.c:3713
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
4 locks held by kworker/u9:8/5828:
#0: ffff888039a9f148 ((wq_completion)hci3#4){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc9000214fd10 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffff88804e418078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x970 net/bluetooth/hci_event.c:3713
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
4 locks held by kworker/u9:9/5829:
#0: ffff888035429148 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc90003f4fd10 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffff8880393c4078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x970 net/bluetooth/hci_event.c:3713
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
#3: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x472/0x970 net/bluetooth/hci_event.c:3747
1 lock held by kworker/R-wg-cr/5846:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/5847:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/5849:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/5850:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/5851:
1 lock held by kworker/R-wg-cr/5852:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/5853:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/5854:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/5855:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/5856:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/5857:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2736 [inline]
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3531
1 lock held by kworker/R-wg-cr/5858:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2736 [inline]
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3531
3 locks held by kworker/1:3/5871:
2 locks held by kworker/1:4/5878:
2 locks held by kworker/1:5/5885:
6 locks held by kworker/1:6/5892:
4 locks held by kworker/0:7/5933:
#0: ffff8880580b7948 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc90004adfd10 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffff8880581c5308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x880 drivers/net/wireguard/noise.c:598
#3: ffff888075a8bea8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x5ac/0x880 drivers/net/wireguard/noise.c:632
2 locks held by kworker/1:7/5963:
3 locks held by syz-executor/6452:
#0: ffff88807acd8d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 net/bluetooth/hci_core.c:481
#1: ffff88807acd8078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 net/bluetooth/hci_sync.c:5238
#2: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2066 [inline]
#2: ffffffff905be2c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 net/bluetooth/hci_conn.c:2560
2 locks held by kworker/1:8/6463:
1 lock held by kworker/R-wg-cr/6477:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/6480:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2736 [inline]
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3531
1 lock held by kworker/R-wg-cr/6481:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/6482:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/6483:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2736 [inline]
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3531
1 lock held by kworker/R-wg-cr/6484:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2736 [inline]
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3531
1 lock held by kworker/R-wg-cr/6485:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/6486:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2736 [inline]
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3531
1 lock held by kworker/R-wg-cr/6487:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2736 [inline]
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3531
1 lock held by kworker/R-wg-cr/6488:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/6489:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/6490:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/6491:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/6492:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/6493:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
2 locks held by kworker/1:9/6579:
2 locks held by kworker/1:10/6580:
3 locks held by syz.5.127/6589:
4 locks held by kworker/1:11/6586:
3 locks held by kworker/u8:9/6596:
#0: ffff88814c417948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc90003157d10 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#2: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4738
2 locks held by kworker/1:12/6603:
1 lock held by syz.8.125/6608:
#0: ffffffff8e5cff38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:336
2 locks held by syz-executor/6623:
#0: ffffffff90336b90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:570
#1: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x150 net/wireless/core.c:1649
2 locks held by syz-executor/6630:
#0: ffffffff90336b90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:570
#1: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x150 net/wireless/core.c:1649
2 locks held by syz-executor/6632:
#0: ffffffff90336b90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:570
#1: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x150 net/wireless/core.c:1649
2 locks held by syz-executor/6634:
#0: ffffffff90336b90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:570
#1: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x150 net/wireless/core.c:1649
3 locks held by kworker/u8:10/6642:
#0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc900030a7d10 ((work_completion)(&pool->idle_cull_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: idle_cull_fn+0x99/0x460 kernel/workqueue.c:2960
2 locks held by kworker/1:13/6646:
2 locks held by kworker/1:14/6647:
2 locks held by syz-executor/6649:
#0: ffffffff90336b90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:570
#1: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x150 net/wireless/core.c:1649
2 locks held by syz-executor/6655:
#0: ffffffff90336b90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:570
#1: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x150 net/wireless/core.c:1649
2 locks held by syz-executor/6657:
#0: ffffffff90336b90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:570
#1: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x150 net/wireless/core.c:1649
4 locks held by syz-executor/6664:
#0: ffff8880367ba428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805d5e3c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
#2: ffff8881437313c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
#3: ffffffff8f8e9928 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
5 locks held by syz-executor/6665:
#0: ffff8880367ba428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88803aae6888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
#2: ffff8881437313c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
#3: ffffffff8f8e9928 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
#4: ffff8880256c50e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline]
#4: ffff8880256c50e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9f0 drivers/base/core.c:3843
3 locks held by kworker/1:15/6679:
#0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
#1: ffffc90002f17d10 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
#2: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
4 locks held by kworker/1:16/6682:
4 locks held by syz-executor/6684:
#0: ffff8880367ba428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff8880448e9888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
#2: ffff8881437313c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
#3: ffffffff8f8e9928 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/6689:
#0: ffff8880367ba428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805c1da888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
#2: ffff8881437313c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
#3: ffffffff8f8e9928 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/6691:
#0: ffff8880367ba428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888022fc1488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
#2: ffff8881437313c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
#3: ffffffff8f8e9928 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
1 lock held by kworker/1:17/6707:
#0: ffffffff8e47b788 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2678
1 lock held by syz-executor/6726:
#0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
1 lock held by syz-executor/6729:
#0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
1 lock held by dhcpcd/6733:
#0: ffff88809f510258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
#0: ffff88809f510258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 net/packet/af_packet.c:3252
1 lock held by dhcpcd/6735:
#0: ffff88803c64c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
#0: ffff88803c64c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 net/packet/af_packet.c:3252
1 lock held by dhcpcd/6736:
#0: ffff888090756258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
#0: ffff888090756258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 net/packet/af_packet.c:3252
1 lock held by dhcpcd/6737:
#0: ffff88808b8c4258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
#0: ffff88808b8c4258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 net/packet/af_packet.c:3252
1 lock held by dhcpcd/6738:
#0: ffff88803326c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
#0: ffff88803326c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 net/packet/af_packet.c:3252
1 lock held by dhcpcd/6739:
#0: ffff8880a3424258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
#0: ffff8880a3424258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 net/packet/af_packet.c:3252
1 lock held by syz-executor/6743:
#0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
1 lock held by dhcpcd/6746:
#0: ffff888091220258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
#0: ffff888091220258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 net/packet/af_packet.c:3252
1 lock held by syz-executor/6748:
#0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
1 lock held by syz-executor/6750:
#0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:307 [inline]
watchdog+0xf70/0x12c0 kernel/hung_task.c:470
kthread+0x3c2/0x780 kernel/kthread.c:464
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 5885 Comm: kworker/1:5 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: wg-crypt-wg1 wg_packet_encrypt_worker
RIP: 0010:hlock_class+0x0/0x70 kernel/locking/lockdep.c:229
Code: ff ff ff 90 0f 0b 90 e9 01 ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <0f> b7 47 20 66 25 ff 1f 0f b7 c0 48 0f a3 05 3d 9b 3b 14 73 15 48
RSP: 0018:ffffc90000a081b0 EFLAGS: 00000086
RAX: ffffffff95d3aed8 RBX: 0000000000000004 RCX: 0000000036198be1
RDX: 0000000000000000 RSI: 00000000501fefef RDI: ffff888032cf0b90
RBP: ffff888032cf0000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888032cf0af0
R13: ffff888032cf0b90 R14: 0000000000000004 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff888124852000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000361030 CR3: 000000000e382000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__lock_acquire+0x622/0x1c90 kernel/locking/lockdep.c:5237
lock_acquire kernel/locking/lockdep.c:5871 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
rcu_read_lock include/linux/rcupdate.h:841 [inline]
class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
unwind_next_frame+0xd1/0x20a0 arch/x86/kernel/unwind_orc.c:479
arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
__kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
kasan_kmalloc include/linux/kasan.h:260 [inline]
__do_kmalloc_node mm/slub.c:4328 [inline]
__kmalloc_node_track_caller_noprof+0x221/0x510 mm/slub.c:4347
__do_krealloc mm/slub.c:4905 [inline]
krealloc_noprof+0x1fc/0x370 mm/slub.c:4958
nf_ct_ext_add+0x1a7/0x420 net/netfilter/nf_conntrack_extend.c:117
nf_ct_labels_ext_add include/net/netfilter/nf_conntrack_labels.h:45 [inline]
init_conntrack.constprop.0+0x5af/0x1080 net/netfilter/nf_conntrack_core.c:1783
resolve_normal_ct net/netfilter/nf_conntrack_core.c:1885 [inline]
nf_conntrack_in+0xb03/0x1950 net/netfilter/nf_conntrack_core.c:2037
nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
nf_hook_slow+0xbe/0x200 net/netfilter/core.c:623
nf_hook.constprop.0+0x422/0x750 include/linux/netfilter.h:272
NF_HOOK include/linux/netfilter.h:315 [inline]
ip_rcv+0x7d/0x5d0 net/ipv4/ip_input.c:567
__netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5977
__netif_receive_skb+0x1d/0x160 net/core/dev.c:6090
process_backlog+0x442/0x15e0 net/core/dev.c:6442
__napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:7414
napi_poll net/core/dev.c:7478 [inline]
net_rx_action+0xa9f/0xfe0 net/core/dev.c:7605
handle_softirqs+0x216/0x8e0 kernel/softirq.c:579
do_softirq kernel/softirq.c:480 [inline]
do_softirq+0xb2/0xf0 kernel/softirq.c:467
__local_bh_enable_ip+0x100/0x120 kernel/softirq.c:407
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0x5e/0x70 arch/x86/kernel/fpu/core.c:476
poly1305_blocks_arch+0x66/0xf0 arch/x86/lib/crypto/poly1305_glue.c:80
poly1305_blocks lib/crypto/poly1305.c:36 [inline]
poly1305_update+0x12e/0x2d0 lib/crypto/poly1305.c:44
chacha20poly1305_crypt_sg_inplace+0xa52/0xc90 lib/crypto/chacha20poly1305.c:304
chacha20poly1305_encrypt_sg_inplace+0x3e/0x50 lib/crypto/chacha20poly1305.c:340
encrypt_packet+0x73b/0x910 drivers/net/wireguard/send.c:216
wg_packet_encrypt_worker+0x2d0/0xdb0 drivers/net/wireguard/send.c:297
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
kthread+0x3c2/0x780 kernel/kthread.c:464
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245