INFO: task syz.1.7686:32080 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.7686      state:D
 stack:28120 pid:32080 tgid:32077 ppid:24658  task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0x153e/0x4fe0 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7004
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
 device_lock include/linux/device.h:895 [inline]
 usbdev_open+0x182/0x770 drivers/usb/core/devio.c:1054
 chrdev_open+0x4cd/0x5e0 fs/char_dev.c:411
 do_dentry_open+0x785/0x14e0 fs/open.c:949
 vfs_open+0x3b/0x340 fs/open.c:1081
 do_open fs/namei.c:4671 [inline]
 path_openat+0x2e08/0x3860 fs/namei.c:4830
 do_file_open+0x23e/0x4a0 fs/namei.c:4859
 do_sys_openat2+0x113/0x200 fs/open.c:1366
 do_sys_open fs/open.c:1372 [inline]
 __do_sys_openat fs/open.c:1388 [inline]
 __se_sys_openat fs/open.c:1383 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1383
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f53b375b58e
RSP: 002b:00007f53b45fdb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f53b45fe6c0 RCX: 00007f53b375b58e
RDX: 0000000000008401 RSI: 00007f53b45fdc00 RDI: ffffffffffffff9c
RBP: 00007f53b45fdc00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
R13: 00007f53b3a16038 R14: 00007f53b3a15fa0 R15: 00007ffee66f6008
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/30:
 #0: ffffffff8e75dda0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff8e75dda0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #0: ffffffff8e75dda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
3 locks held by kworker/u8:12/3449:
2 locks held by getty/5584:
 #0: ffff888032c540a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
2 locks held by kworker/1:5/5893:
2 locks held by kworker/0:7/7368:
6 locks held by kworker/1:9/8921:
 #0: ffff88801eea6d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x855/0x15a0 kernel/workqueue.c:3254
 #1: ffffc90018987c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x87c/0x15a0 kernel/workqueue.c:3255
 #2: ffff88802a2ea198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #2: ffff88802a2ea198 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30 drivers/usb/core/hub.c:5899
 #3: ffff8880590b2198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #3: ffff8880590b2198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 drivers/base/dd.c:1008
 #4: ffff88807c8d1160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #4: ffff88807c8d1160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 drivers/base/dd.c:1008
 #5: ffffffff8e5fb370 (umhelper_sem){++++}-{4:4}, at: usermodehelper_read_trylock+0xfc/0x2c0 kernel/umh.c:214
5 locks held by kworker/u8:4/22440:
 #0: ffff88801bad6948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x855/0x15a0 kernel/workqueue.c:3254
 #1: ffffc900041afc40 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x87c/0x15a0 kernel/workqueue.c:3255
 #2: ffffffff8fbc7670 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xfe/0x7b0 net/core/net_namespace.c:670
 #3: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xe5/0xa10 net/core/dev.c:13072
 #4: ffffffff8e764038 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline]
 #4: ffffffff8e764038 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770 kernel/rcu/tree_exp.h:961
4 locks held by kworker/1:7/26723:
 #0: ffff888050d66948 ((wq_completion)wg-kex-wg2#44){+.+.}-{0:0}, at: process_one_work+0x855/0x15a0 kernel/workqueue.c:3254
 #1: ffffc90004a5fc40 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x15a0 kernel/workqueue.c:3255
 #2: ffff88803500d348 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1a1/0x9a0 drivers/net/wireguard/noise.c:598
 #3: ffff88807eb13ea8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x58b/0x9a0 drivers/net/wireguard/noise.c:632
3 locks held by kworker/u8:24/28819:
 #0: ffff888031fd1948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x855/0x15a0 kernel/workqueue.c:3254
 #1: ffffc900015f7c40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x15a0 kernel/workqueue.c:3255
 #2: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x11e/0x14c0 net/ipv6/addrconf.c:4194
3 locks held by kworker/u8:27/28823:
 #0: ffff88813ff4c148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x855/0x15a0 kernel/workqueue.c:3254
 #1: ffffc9000d0b7c40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x87c/0x15a0 kernel/workqueue.c:3255
 #2: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:303
1 lock held by syz.1.7686/32080:
 #0: ffff88802a2ea198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #0: ffff88802a2ea198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x182/0x770 drivers/usb/core/devio.c:1054
3 locks held by kworker/0:16/32123:
2 locks held by kworker/0:21/32531:
2 locks held by syz-executor/372:
 #0: ffffffff90121608 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff90121608 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #0: ffffffff90121608 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 net/core/rtnetlink.c:570
 #1: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #1: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #1: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
1 lock held by syz-executor/376:
 #0: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
1 lock held by syz-executor/378:
 #0: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
2 locks held by kworker/0:27/418:
5 locks held by kworker/0:28/480:
1 lock held by syz.2.7809/486:
 #0: ffff88802a2ea198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #0: ffff88802a2ea198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x182/0x770 drivers/usb/core/devio.c:1054
2 locks held by kworker/0:29/510:
3 locks held by kworker/0:30/514:
1 lock held by syz-executor/523:
 #0: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8fbd6588 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 net/ipv4/devinet.c:978
2 locks held by dhcpcd/561:
 #0: ffff88807661a260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1700 [inline]
 #0: ffff88807661a260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30 net/packet/af_packet.c:3197
 #1: ffffffff8e764038 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
 #1: ffffffff8e764038 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 kernel/rcu/tree_exp.h:961
1 lock held by dhcpcd/562:
 #0: ffff888057586260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1700 [inline]
 #0: ffff888057586260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30 net/packet/af_packet.c:3197

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xf90/0xfe0 kernel/hung_task.c:515
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 32123 Comm: kworker/0:16 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker
RIP: 0010:debug_lockdep_rcu_enabled+0x0/0x40 kernel/rcu/update.c:319
Code: 48 8d 3d 93 bf 8a 04 48 c7 c6 4b 6d dd 8d 67 48 0f b9 3a 90 eb ca cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 31 c0 83 3d 53 71 87 04 00 74 1d 83 3d 8a a2 87 04 00
RSP: 0018:ffffc90000007148 EFLAGS: 00000202
RAX: ffffffff8a5a0867 RBX: 0000000000000001 RCX: 0000000000000100
RDX: ffff888028505ac0 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90000007278 R08: ffffffff8a5a0782 R09: ffffffff8e75dda0
R10: dffffc0000000000 R11: ffffed1006859c45 R12: 1ffff92000000e34
R13: ffff8880636ab9c0 R14: 0000000000000002 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88812529d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe72a97ff8 CR3: 000000000e54a000 CR4: 00000000003526f0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 rcu_read_lock_held_common kernel/rcu/update.c:105 [inline]
 rcu_read_lock_held+0xa/0x50 kernel/rcu/update.c:349
 nf_hook include/linux/netfilter.h:259 [inline]
 NF_HOOK+0x190/0x3f0 include/linux/netfilter.h:316
 __br_forward+0x397/0x540 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0xb5/0x160 net/bridge/br_forward.c:191
 br_flood+0x31a/0x690 net/bridge/br_forward.c:238
 br_handle_frame_finish+0x1492/0x1b40 net/bridge/br_input.c:229
 br_nf_hook_thresh+0x3dd/0x4c0 net/bridge/br_netfilter_hooks.c:-1
 br_nf_pre_routing_finish_ipv6+0xa3a/0xd70 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x374/0x6f0 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x989/0x1520 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x98f/0x30a0 net/core/dev.c:6039
 __netif_receive_skb_one_core net/core/dev.c:6150 [inline]
 __netif_receive_skb+0x72/0x370 net/core/dev.c:6265
 process_backlog+0x54e/0x1340 net/core/dev.c:6617
 __napi_poll+0xae/0x320 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x696/0xe30 net/core/dev.c:7896
 handle_softirqs+0x22a/0x7c0 kernel/softirq.c:626
 do_softirq+0x76/0xd0 kernel/softirq.c:523
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
 blake2s_compress+0xf9/0x1eb0 lib/crypto/x86/blake2s.h:42
 blake2s_final+0x116/0x270 lib/crypto/blake2s.c:142
 hmac+0x2de/0x3b0 drivers/net/wireguard/noise.c:333
 kdf+0xff/0x2b0 drivers/net/wireguard/noise.c:360
 mix_dh drivers/net/wireguard/noise.c:413 [inline]
 wg_noise_handshake_consume_initiation+0x276/0x9a0 drivers/net/wireguard/noise.c:608
 wg_receive_handshake_packet drivers/net/wireguard/receive.c:144 [inline]
 wg_packet_handshake_receive_worker+0x674/0x10c0 drivers/net/wireguard/receive.c:213
 process_one_work+0x949/0x15a0 kernel/workqueue.c:3279
 process_scheduled_works kernel/workqueue.c:3362 [inline]
 worker_thread+0x9af/0xee0 kernel/workqueue.c:3443
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
net_ratelimit: 4550 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:22:53:f7:4d:ef:43, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:22:53:f7:4d:ef:43, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:22:53:f7:4d:ef:43, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)