INFO: task syz.6.1015:10071 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.1015      state:D stack:27560 pid:10071 tgid:10059 ppid:9988   task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x116a/0x5de0 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6878
 schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common+0x2ff/0x4e0 kernel/sched/completion.c:116
 kthread_flush_worker+0xb8/0xf0 kernel/kthread.c:1564
 drm_vblank_flush_worker drivers/gpu/drm/drm_internal.h:109 [inline]
 drm_crtc_vblank_off+0x68d/0x9b0 drivers/gpu/drm/drm_vblank.c:1402
 disable_outputs+0x83f/0xcd0 drivers/gpu/drm/drm_atomic_helper.c:1252
 drm_atomic_helper_commit_modeset_disables+0x1c/0x40 drivers/gpu/drm/drm_atomic_helper.c:1456
 vkms_atomic_commit_tail+0x51/0x240 drivers/gpu/drm/vkms/vkms_drv.c:61
 commit_tail+0x28c/0x400 drivers/gpu/drm/drm_atomic_helper.c:1871
 drm_atomic_helper_commit+0x2fd/0x380 drivers/gpu/drm/drm_atomic_helper.c:2111
 drm_atomic_commit+0x234/0x300 drivers/gpu/drm/drm_atomic.c:1577
 drm_client_modeset_commit_atomic+0x69d/0x7e0 drivers/gpu/drm/drm_client_modeset.c:1101
 drm_client_modeset_dpms+0x17e/0x210 drivers/gpu/drm/drm_client_modeset.c:1283
 drm_fb_helper_dpms drivers/gpu/drm/drm_fb_helper.c:312 [inline]
 drm_fb_helper_blank+0xcf/0x260 drivers/gpu/drm/drm_fb_helper.c:345
 fb_blank+0xb8/0x200 drivers/video/fbdev/core/fbmem.c:396
 do_fb_ioctl+0x430/0x7e0 drivers/video/fbdev/core/fb_chrdev.c:145
 fb_ioctl+0xe5/0x150 drivers/video/fbdev/core/fb_chrdev.c:169
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff988d8e929
RSP: 002b:00007ff989b9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ff988fb6160 RCX: 00007ff988d8e929
RDX: 0000000000000004 RSI: 0000000000004611 RDI: 000000000000000a
RBP: 00007ff988e10b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff988fb6160 R15: 00007ffe26e4ad38
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/1:0/24:
1 lock held by khungtaskd/31:
 #0: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6770
2 locks held by kworker/1:1/48:
3 locks held by kworker/0:2/974:
 #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc900037b7d10 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
1 lock held by dhcpcd/5479:
 #0: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x26d/0x1f50 net/ipv4/devinet.c:1121
2 locks held by getty/5576:
 #0: ffff88814c5f40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000361c2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
3 locks held by kworker/u9:6/5825:
 #0: ffff8880920fe148 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc900030e7d10 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff888092588dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x175/0x430 net/bluetooth/hci_sync.c:331
2 locks held by kworker/1:4/5922:
2 locks held by kworker/1:5/7261:
3 locks held by kworker/u8:14/9248:
 #0: ffff888031efa148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc90003d0fd10 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4738
3 locks held by kworker/u8:18/9252:
 #0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc90003b9fd10 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 net/core/link_watch.c:303
4 locks held by kworker/u8:25/9259:
 #0: ffff888087917148 ((wq_completion)wg-kex-wg1#20){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc90003a8fd10 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff88808758d308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0xec/0x650 drivers/net/wireguard/noise.c:529
 #3: ffff88806269f030 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x100/0x650 drivers/net/wireguard/noise.c:530
5 locks held by kworker/u8:35/9269:
 #0: ffff88801c6f3948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc9000af87d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffffffff903367d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 net/core/net_namespace.c:662
 #3: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: ops_exit_rtnl_list net/core/net_namespace.c:174 [inline]
 #3: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x7e9/0xab0 net/core/net_namespace.c:249
 #4: ffffffff8e5cfe00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0 kernel/rcu/tree.c:3786
4 locks held by kworker/u8:40/9277:
 #0: ffff88803a899948 ((wq_completion)wg-kex-wg1#17){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc9000af37d10 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff88803a87d308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0xec/0x650 drivers/net/wireguard/noise.c:529
 #3: ffff88806269aad8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x100/0x650 drivers/net/wireguard/noise.c:530
7 locks held by syz.6.1015/10071:
 #0: ffffffff8e5b2320 (console_lock){+.+.}-{0:0}, at: do_fb_ioctl+0x41b/0x7e0 drivers/video/fbdev/core/fb_chrdev.c:143
 #1: ffff88802619a078 (&fb_info->lock){+.+.}-{4:4}, at: lock_fb_info include/linux/fb.h:623 [inline]
 #1: ffff88802619a078 (&fb_info->lock){+.+.}-{4:4}, at: do_fb_ioctl+0x425/0x7e0 drivers/video/fbdev/core/fb_chrdev.c:144
 #2: ffff888146287280 (&helper->lock){+.+.}-{4:4}, at: drm_fb_helper_dpms drivers/gpu/drm/drm_fb_helper.c:311 [inline]
 #2: ffff888146287280 (&helper->lock){+.+.}-{4:4}, at: drm_fb_helper_blank+0xc2/0x260 drivers/gpu/drm/drm_fb_helper.c:345
 #3: ffff8880261b61b8 (&dev->master_mutex){+.+.}-{4:4}, at: drm_master_internal_acquire+0x21/0x80 drivers/gpu/drm/drm_auth.c:452
 #4: ffff888146287098 (&client->modeset_mutex){+.+.}-{4:4}, at: drm_client_modeset_dpms+0x66/0x210 drivers/gpu/drm/drm_client_modeset.c:1281
 #5: ffffc9001d6e7aa8 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_client_modeset_commit_atomic+0xc4/0x7e0 drivers/gpu/drm/drm_client_modeset.c:1040
 #6: ffffc9001d6e7ad0 (crtc_ww_class_mutex){+.+.}-{4:4}, at: drm_client_modeset_commit_atomic+0xc4/0x7e0 drivers/gpu/drm/drm_client_modeset.c:1040
3 locks held by kworker/1:6/10081:
5 locks held by kworker/1:9/10150:
2 locks held by kworker/1:10/10154:
2 locks held by syz.9.1027/10161:
 #0: ffffffff8f2c6a68 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f2c6a68 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x53e/0xf90 drivers/tty/tty_io.c:2120
 #1: ffff888062a681c0 (&tty->legacy_mutex){+.+.}-{4:4}, at: tty_init_dev.part.0+0x37/0x500 drivers/tty/tty_io.c:1406
1 lock held by syz.9.1027/10162:
 #0: ffffffff8f2c6a68 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f2c6a68 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x53e/0xf90 drivers/tty/tty_io.c:2120
1 lock held by syz.9.1027/10164:
 #0: ffffffff8f2c6a68 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f2c6a68 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x53e/0xf90 drivers/tty/tty_io.c:2120
7 locks held by syz-executor/10168:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888078309488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
 #4: ffff888056aea0e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline]
 #4: ffff888056aea0e8 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1094 [inline]
 #4: ffff888056aea0e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xa4/0x620 drivers/base/dd.c:1292
 #5: ffff888056aeb250 (&devlink->lock_key#3){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1d0 drivers/net/netdevsim/dev.c:1675
 #6: ffffffff8e5cfe00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0 kernel/rcu/tree.c:3786
4 locks held by syz-executor/10170:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88804e50f088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
1 lock held by syz.8.1031/10192:
 #0: ffffffff8f2c6a68 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:823 [inline]
 #0: ffffffff8f2c6a68 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0xff/0x360 drivers/tty/pty.c:790
4 locks held by syz-executor/10196:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88802c1d7488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/10212:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88805710e088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/10225:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88803f7ebc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/10237:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff8880a8e7cc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/10249:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88805fd53088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/10261:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff8880a318ec88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/10276:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff8880a4c70488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/10289:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff8880990a8088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/10303:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888094654088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/10314:
 #0: ffff8880323fe428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88809bbb2488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888028b2fe18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8e9168 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:216
1 lock held by syz-executor/10338:
 #0: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
1 lock held by syz-executor/10344:
 #0: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff9034c828 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:307 [inline]
 watchdog+0xf70/0x12c0 kernel/hung_task.c:470
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 10150 Comm: kworker/1:9 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:114 [inline]
RIP: 0010:arch_local_irq_save arch/x86/include/asm/irqflags.h:128 [inline]
RIP: 0010:lock_acquire kernel/locking/lockdep.c:5867 [inline]
RIP: 0010:lock_acquire+0x133/0x350 kernel/locking/lockdep.c:5828
Code: 00 65 8b 05 e7 a3 34 12 85 c0 0f 85 a2 00 00 00 65 48 8b 05 27 62 34 12 8b 90 ec 0a 00 00 85 d2 0f 85 8c 00 00 00 9c 8f 04 24 <fa> 48 c7 c7 e7 c4 f0 8d e8 00 67 e8 09 45 89 e0 89 e9 44 89 ea 65
RSP: 0018:ffffc90000a07f90 EFLAGS: 00000246
RAX: ffff88801fb10000 RBX: ffffffff8e5c4940 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff816ac7b1 RDI: fffffbfff1cb8928
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000085cbf R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888124852000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2ed09ff8 CR3: 0000000086d42000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xd1/0x20a0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:319 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:345
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4148 [inline]
 slab_alloc_node mm/slub.c:4197 [inline]
 kmem_cache_alloc_node_noprof+0x1d5/0x3b0 mm/slub.c:4249
 __alloc_skb+0x2b2/0x380 net/core/skbuff.c:660
 alloc_skb include/linux/skbuff.h:1336 [inline]
 synproxy_send_client_synack+0x1af/0x8f0 net/netfilter/nf_synproxy_core.c:460
 nft_synproxy_eval_v4 net/netfilter/nft_synproxy.c:59 [inline]
 nft_synproxy_do_eval+0xa63/0xd80 net/netfilter/nft_synproxy.c:141
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x2e6/0x1920 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x18a/0x340 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_slow+0xbe/0x200 net/netfilter/core.c:623
 nf_hook.constprop.0+0x422/0x750 include/linux/netfilter.h:272
 NF_HOOK include/linux/netfilter.h:315 [inline]
 ip_local_deliver+0x169/0x1f0 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:469 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:447 [inline]
 NF_HOOK include/linux/netfilter.h:317 [inline]
 NF_HOOK include/linux/netfilter.h:311 [inline]
 ip_rcv+0x2c3/0x5d0 net/ipv4/ip_input.c:567
 __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5977
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6090
 process_backlog+0x442/0x15e0 net/core/dev.c:6442
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0xa9f/0xfe0 net/core/dev.c:7605
 handle_softirqs+0x219/0x8e0 kernel/softirq.c:579
 do_softirq kernel/softirq.c:480 [inline]
 do_softirq+0xb2/0xf0 kernel/softirq.c:467
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:407
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
 wg_packet_encrypt_worker+0x264/0xdb0 drivers/net/wireguard/send.c:293
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>