INFO: task kworker/u9:7:6476 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:7    state:D stack:22088 pid:6476  tgid:6476  ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker
Call Trace:
 <TASK>
 __schedule+0x17b4/0x5680
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 rwsem_down_write_slowpath+0x883/0x1080
 down_write+0x1bc/0x200
 wg_noise_handshake_create_initiation+0x140/0x830
 wg_packet_handshake_send_worker+0x18d/0x350
 process_scheduled_works+0xb5d/0x1860
 worker_thread+0xa53/0xfc0
 kthread+0x388/0x470
 ret_from_fork+0x514/0xb70
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task kworker/0:16:16818 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:16    state:D stack:23296 pid:16818 tgid:16818 ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker
Call Trace:
 <TASK>
 __schedule+0x17b4/0x5680
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 rwsem_down_read_slowpath+0x6d9/0x940
 down_read+0x99/0x2e0
 wg_noise_handshake_consume_initiation+0x58b/0x9a0
 wg_packet_handshake_receive_worker+0x674/0x10c0
 process_scheduled_works+0xb5d/0x1860
 worker_thread+0xa53/0xfc0
 kthread+0x388/0x470
 ret_from_fork+0x514/0xb70
 ret_from_fork_asm+0x1a/0x30
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/u8:1/13:
 #0: ffff88810d175140 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
 #1: ffffc90000127c40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
 #2: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x11e/0x14c0
1 lock held by kworker/R-mm_pe/14:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xc4d/0x1130
4 locks held by kworker/1:1/31:
1 lock held by khungtaskd/34:
 #0: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
4 locks held by kworker/u10:5/156:
 #0: ffff8881101ce940 ((wq_completion)wg-kex-wg2#9){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
 #1: ffffc900032f7c40 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
 #2: ffff88811ab5d3c0 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x12f/0x830
 #3: ffff88811a4dd270 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x140/0x830
3 locks held by kworker/1:3/5078:
1 lock held by dhcpcd/5357:
 #0: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x32b/0x1b30
2 locks held by getty/5445:
 #0: ffff88810d9000a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
 #1: ffffc9000346b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13a0
1 lock held by kworker/R-wg-cr/5660:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xc4d/0x1130
1 lock held by kworker/R-wg-cr/5661:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xc4d/0x1130
1 lock held by kworker/R-wg-cr/5662:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0
2 locks held by kworker/R-wg-cr/5667:
1 lock held by kworker/R-wg-cr/5668:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xc4d/0x1130
1 lock held by kworker/R-wg-cr/5669:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xc4d/0x1130
5 locks held by kworker/u8:3/5670:
 #0: ffff8881012b5940 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
 #1: ffffc90004e67c40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
 #2: ffffffff8fdb5e08 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800
 #3: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x940
 #4: ffffffff8e962f38 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
3 locks held by kworker/0:4/5672:
 #0: ffff88810006b140 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
 #1: ffffc900057afc40 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
 #2: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
2 locks held by kworker/1:5/5692:
4 locks held by kworker/u9:7/6476:
 #0: ffff8881101cb140 ((wq_completion)wg-kex-wg2#8){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
 #1: ffffc90007ccfc40 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
 #2: ffff88811d4ad3c0 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x12f/0x830
 #3: ffff888112f22ad0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x140/0x830
3 locks held by kworker/u9:12/6489:
 #0: ffff8881000ac140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
 #1: ffffc90007fbfc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
 #2: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
3 locks held by kworker/0:8/8092:
 #0: ffff88810006b140 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
 #1: ffffc900072cfc40 (rx_mode_work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
 #2: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: netdev_rx_mode_work+0x19/0x3c0
1 lock held by kworker/0:11/8095:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_thread+0xeb5/0xfc0
1 lock held by kworker/1:9/8097:
2 locks held by kworker/1:10/8099:
4 locks held by kworker/0:16/16818:
 #0: ffff88810d84f540 ((wq_completion)wg-kex-wg2#11){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
 #1: ffffc90004417c40 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))))((unsigned long)((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))) + (((__per_cpu_offset[(cpu)]))))); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
 #2: ffff88811ab5d3c0 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1a1/0x9a0
 #3: ffff88811a4dd270 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x58b/0x9a0
4 locks held by kworker/R-wg-cr/18930:
1 lock held by kworker/R-wg-cr/18932:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xc4d/0x1130
2 locks held by kworker/R-wg-cr/18933:
1 lock held by kworker/R-wg-cr/18935:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0
1 lock held by kworker/R-wg-cr/18936:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0
1 lock held by kworker/R-wg-cr/18939:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xc4d/0x1130
2 locks held by kworker/u9:1/19069:
 #0: ffff8881000ac140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
 #1: ffffc90004697c40 ((work_completion)(&pool->idle_cull_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
1 lock held by kworker/R-wg-cr/19161:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xc4d/0x1130
2 locks held by kworker/R-wg-cr/19162:
2 locks held by kworker/R-wg-cr/19163:
1 lock held by kworker/R-wg-cr/19169:
 #0: ffffffff8e7fb000 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xc4d/0x1130
2 locks held by kworker/R-wg-cr/19170:
1 lock held by syz.3.5781/19304:
 #0: ffffffff8e962f38 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
1 lock held by syz-executor/19348:
 #0: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
2 locks held by syz.7.5803/19389:
 #0: ffffffff8fdb5e08 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x4f7/0x730
 #1: ffffffff8e962f38 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
1 lock held by syz.6.5817/19417:
 #0: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
2 locks held by syz-executor/19427:
 #0: ffffffff8fdb5e08 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x4f7/0x730
 #1: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x88/0x290
5 locks held by syz-executor/19433:
 #0: ffffffff8fdb5e08 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x4f7/0x730
 #1: ffffffff8fb17568 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x200/0x2f0
 #2: ffffffff8fb17728 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x238/0x2f0
 #3: ffff88810e000fe0 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0xf0/0x650
 #4: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: ib_get_eth_speed+0x173/0x7f0
1 lock held by syz-executor/19464:
 #0: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19467:
 #0: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19478:
 #0: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19487:
 #0: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19495:
 #0: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19503:
 #0: ffffffff8fdc4ac0 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150
 nmi_cpu_backtrace+0x274/0x2d0
 nmi_trigger_cpumask_backtrace+0x17a/0x300
 sys_info+0x135/0x170
 watchdog+0xfd3/0x1030
 kthread+0x388/0x470
 ret_from_fork+0x514/0xb70
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 18930 Comm: kworker/R-wg-cr Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue:  0x0 (wg-crypt-wg0)
RIP: 0010:asm_sysvec_apic_timer_interrupt+0x0/0x20
Code: 06 5a a5 0a e9 81 06 00 00 90 f3 0f 1e fa 0f 1f 00 fc 6a ff e8 31 05 00 00 48 89 c4 48 89 e7 e8 16 59 a5 0a e9 61 06 00 00 90 <f3> 0f 1e fa 0f 1f 00 fc 6a ff e8 11 05 00 00 48 89 c4 48 89 e7 e8
RSP: 0000:ffffc90000a07e68 EFLAGS: 00000082
RAX: 134d7c4591902b00 RBX: 0000000000000000 RCX: 0000000080000101
RDX: 00000000a42637f2 RSI: ffffffff8e20f5c5 RDI: ffffffff8c28a9e0
RBP: ffffffff8176e256 R08: ffffffff8176e256 R09: ffffffff8e95cd60
R10: ffffc90000a07ff8 R11: ffffffff81b0da50 R12: 0000000000000002
R13: ffffffff8e95cd60 R14: 0000000000000000 R15: 0000000000000246
FS:  0000000000000000(0000) GS:ffff8882a92ae000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fea866b43c8 CR3: 000000000e74a000 CR4: 00000000000006f0
Call Trace:
 <IRQ>
RIP: 0010:lock_acquire+0x221/0x350
Code: ff ff ff e8 21 d5 03 0a f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 bb 7f 95 11 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 48 8d 3d c8 8d 91
RSP: 0000:ffffc90000a07e98 EFLAGS: 00000282
 unwind_next_frame+0xc3/0x2550
 arch_stack_walk+0x11b/0x150
 stack_trace_save+0xa9/0x100
 kasan_save_track+0x3e/0x80
 kasan_save_free_info+0x46/0x50
 __kasan_slab_free+0x5c/0x80
 kmem_cache_free+0x182/0x650
 nft_synproxy_eval_v4+0x352/0x4e0
 nft_synproxy_do_eval+0x305/0x580
 nft_do_chain+0x467/0x19f0
 nft_do_chain_inet+0x360/0x4b0
 nf_hook_slow+0xc5/0x220
 NF_HOOK+0x21f/0x3c0
 NF_HOOK+0x336/0x3c0
 process_backlog+0xaa3/0x1950
 __napi_poll+0xae/0x340
 net_rx_action+0x627/0xf70
 handle_softirqs+0x22a/0x840
 __irq_exit_rcu+0xca/0x220
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0xa6/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__schedule+0x17bc/0x5680
Code: d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 ca 8d 8a f6 4c 89 23 4c 89 ef 4c 89 e6 e8 bc da 8c f5 48 89 c7 e8 54 7a ee f5 <31> ff 4d 39 e5 40 0f 95 c7 e8 36 86 ee f5 48 8b 84 24 00 01 00 00
RSP: 0000:ffffc90007bdf6e0 EFLAGS: 00000206
RAX: 000000000012bfbb RBX: ffff88823c63aec8 RCX: 0000000080000001
RDX: 0000000000000006 RSI: ffffffff8df9cc9b RDI: ffffffff8c28a9e0
RBP: ffffc90007bdf8f8 R08: ffffffff902fd7f7 R09: 1ffffffff205fafe
R10: dffffc0000000000 R11: fffffbfff205faff R12: ffff88810d878000
R13: ffff88810d878000 R14: dffffc0000000000 R15: ffff88823c63ba38
 preempt_schedule_common+0x82/0xd0
 preempt_schedule_thunk+0x16/0x30
 __set_cpus_allowed_ptr_locked+0x10e8/0x19c0
 set_cpus_allowed_ptr+0x18f/0x1f0
 worker_attach_to_pool+0x1e0/0x3a0
 rescuer_thread+0x35c/0x1130
 kthread+0x388/0x470
 ret_from_fork+0x514/0xb70
 ret_from_fork_asm+0x1a/0x30
 </TASK>
