INFO: task dhcpcd:5273 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd          state:D stack:24664 pid:5273  tgid:5273  ppid:1      task_flags:0x400140 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x16f9/0x5500 kernel/sched/core.c:7197
 __schedule_loop kernel/sched/core.c:7276 [inline]
 rt_mutex_schedule+0x76/0xf0 kernel/sched/core.c:7572
 rt_mutex_slowlock_block+0x508/0x680 kernel/locking/rtmutex.c:1667
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1744 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1784 [inline]
 rt_mutex_slowlock+0x2dc/0x780 kernel/locking/rtmutex.c:1824
 __rt_mutex_lock kernel/locking/rtmutex.c:1839 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:541 [inline]
 mutex_lock_nested+0x168/0x1d0 kernel/locking/rtmutex_api.c:559
 vlan_ioctl_handler+0xf0/0x630 net/8021q/vlan.c:579
 sock_ioctl+0x66b/0x7f0 net/socket.c:1413
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xff/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f449816b378
RSP: 002b:00007ffd9fb40ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000055cbe12de800 RCX: 00007f449816b378
RDX: 00007ffd9fb40eb0 RSI: 0000000000008982 RDI: 000000000000000f
RBP: 00007ffd9fb40eb0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 000055cbe12e7c80 R14: 00007ffd9fb512c0 R15: 000055cbe12de800
 </TASK>

Showing all locks held in the system:
4 locks held by ktimers/0/16:
 #0: ffffffff8de5f380 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #1: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #2: ffff8880b8628478 (&base->softirq_expiry_lock){+...}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #2: ffff8880b8628478 (&base->softirq_expiry_lock){+...}-{3:3}, at: hrtimer_cpu_base_lock_expiry kernel/time/hrtimer.c:1650 [inline]
 #2: ffff8880b8628478 (&base->softirq_expiry_lock){+...}-{3:3}, at: hrtimer_run_softirq+0x7f/0x260 kernel/time/hrtimer.c:2109
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
4 locks held by pr/legacy/17:
 #0: ffffffff8dfba4e0 (console_lock){+.+.}-{0:0}, at: legacy_kthread_func+0x1a3/0x250 kernel/printk/printk.c:3711
 #1: ffffffff8dea1dd8 (console_srcu){....}-{0:0}, at: rcu_try_lock_acquire include/linux/rcupdate.h:305 [inline]
 #1: ffffffff8dea1dd8 (console_srcu){....}-{0:0}, at: srcu_read_lock_nmisafe include/linux/srcu.h:428 [inline]
 #1: ffffffff8dea1dd8 (console_srcu){....}-{0:0}, at: console_srcu_read_lock kernel/printk/printk.c:291 [inline]
 #1: ffffffff8dea1dd8 (console_srcu){....}-{0:0}, at: console_flush_one_record+0xfa/0xb90 kernel/printk/printk.c:3246
 #2: ffffffff99b6ead8 (&port_lock_key){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #2: ffffffff99b6ead8 (&port_lock_key){+.+.}-{3:3}, at: uart_port_lock_irqsave include/linux/serial_core.h:717 [inline]
 #2: ffffffff99b6ead8 (&port_lock_key){+.+.}-{3:3}, at: serial8250_console_write+0x179/0x1b90 drivers/tty/serial/8250/8250_port.c:3316
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
5 locks held by kworker/1:0/32:
 #0: ffff88805e66fd38 ((wq_completion)wg-kex-wg0#10){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90000a6fc40 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))))((unsigned long)((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))) + (((__per_cpu_offset[(cpu)]))))); })->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffff88802a2216f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x14f/0x9e0 drivers/net/wireguard/noise.c:678
 #3: ffff88806048ee88 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x160/0x9e0 drivers/net/wireguard/noise.c:679
 #4: ffff8880b8736e10 ((crngs.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #4: ffff8880b8736e10 ((crngs.lock)){+.+.}-{3:3}, at: crng_make_state+0x162/0x5d0 drivers/char/random.c:358
1 lock held by khungtaskd/38:
 #0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6777
2 locks held by kworker/u8:2/44:
 #0: ffff88813fe84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90000b57c40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
3 locks held by kworker/u8:3/56:
 #0: ffff88813fe84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc9000122fc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:313
2 locks held by kworker/u8:5/69:
 #0: ffff88813fe84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc9000154fc40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
6 locks held by kworker/u8:7/181:
 #0: ffff88813fe84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90003957c40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)
){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffff88803aef2310 (&d[  439.910495][   T38]  #2: ffff88803aef2310 (&devlink->lock_key#3){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0 drivers/net/netdevsim/dev.c:909
 #3: ffff88803b1b0920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #3: ffff88803b1b0920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline]
 #3: ffff88803b1b0920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0 drivers/net/netdevsim/dev.c:922
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
 #5: ffff8880b8736e10 ((crngs.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #5: ffff8880b8736e10 ((crngs.lock)){+.+.}-{3:3}, at: crng_make_state+0x162/0x5d0 drivers/char/random.c:358
4 locks held by kworker/u8:9/1121:
 #0: ffff88813fe84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc9000617fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffff8880610308d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6875 [inline]
 #2: ffff8880610308d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 net/wireless/core.c:524
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __rt_spin_trylock kernel/locking/spinlock_rt.c:110 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x10c/0x2b0 kernel/locking/spinlock_rt.c:118
7 locks held by kworker/u8:10/1130:
 #0: ffff88801b68e138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc9000615fc40 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffffffff8f362ac0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 net/core/net_namespace.c:673
 #3: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xe5/0x9e0 net/core/dev.c:13078
 #4: ffffffff8de5f380 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #5: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #6: ffffffff8f49e3f8 (&tbl->lock){+...}-{3:3}, at: spin_lock_bh include/linux/spinlock_rt.h:90 [inline]
 #6: ffffffff8f49e3f8 (&tbl->lock){+...}-{3:3}, at: neigh_parms_release+0x6f/0x240 net/core/neighbour.c:1812
3 locks held by kworker/u8:11/1142:
 #0: ffff888031cb0138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc9000627fc40 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4746
4 locks held by kworker/u8:12/1297:
 #0: ffff88813fe84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc9000674fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffff8880612408d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6875 [inline]
 #2: ffff8880612408d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 net/wireless/core.c:524
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1181 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 arch/x86/kernel/unwind_orc.c:495
6 locks held by kworker/u8:13/1305:
 #0: ffff88813fe84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc9000679fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)
){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffff88805fd56310 (&devlink->lock_key){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0 drivers/net/netdevsim/dev.c:909
 #3: ffff88805faf3920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #3: ffff88805faf3920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline]
 #3: ffff88805faf3920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0 drivers/net/netdevsim/dev.c:922
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
 #5: ffff8880b8736e10 ((crngs.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #5: ffff8880b8736e10 ((crngs.lock)){+.+.}-{3:3}, at: crng_make_state+0x162/0x5d0 drivers/char/random.c:358
3 locks held by aoe_tx0/1340:
 #0: ffffffff8de5f380 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #1: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #2: ffffffff8dfc82a0 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #2: ffffffff8dfc82a0 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:891 [inline]
 #2: ffffffff8dfc82a0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2b3/0x3900 net/core/dev.c:4792
4 locks held by kworker/u8:15/3407:
 #0: ffff88813fe84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc9000ed8fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffff88804db008d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6875 [inline]
 #2: ffff88804db008d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 net/wireless/core.c:524
 #3: ffff88813fe15258 (&n->list_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #3: ffff88813fe15258 (&n->list_lock){+.+.}-{3:3}, at: get_partial_node_bulk mm/slub.c:3752 [inline]
 #3: ffff88813fe15258 (&n->list_lock){+.+.}-{3:3}, at: __refill_objects_node+0x89/0x620 mm/slub.c:7164
5 locks held by kworker/u8:16/3914:
 #0: ffff88813fe84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc9000ff3fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffff8880614908d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6875 [inline]
 #2: ffff8880614908d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 net/wireless/core.c:524
 #3: ffffffff8de5f380 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
3 locks held by kworker/u8:17/4388:
 #0: ffff88813fe84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90010a9fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffff8880629f08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6875 [inline]
 #2: ffff8880629f08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 net/wireless/core.c:524
2 locks held by klogd/4968:
 #0: ffffffff8de5f380 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #1: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
2 locks held by dhcpcd/5273:
 #0: ffffffff8f352578 (vlan_ioctl_mutex){+.+.}-{4:4}, at: sock_ioctl+0x644/0x7f0 net/socket.c:1411
 #1: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: vlan_ioctl_handler+0xf0/0x630 net/8021q/vlan.c:579
2 locks held by getty/5370:
 #0: ffff8880365ab0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 drivers/tty/n_tty.c:2211
4 locks held by kworker/0:4/5601:
 #0: ffff88805e6ffd38 ((wq_completion)wg-kex-wg0#4){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90004427c40 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))))((unsigned long)((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))) + (((__per_cpu_offset[(cpu)]))))); })->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffff88803ac8ce90 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 drivers/net/wireguard/noise.c:822
 #3: ffffffff8e0f1980 (fs_reclaim){+.+.}-{0:0}, at: might_alloc include/linux/sched/mm.h:317 [inline]
 #3: ffffffff8e0f1980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook mm/slub.c:4533 [inline]
 #3: ffffffff8e0f1980 (fs_reclaim){+.+.}-{0:0}, at: slab_alloc_node mm/slub.c:4888 [inline]
 #3: ffffffff8e0f1980 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x41/0x690 mm/slub.c:5427
2 locks held by kworker/0:5/5735:
 #0: ffff88813fe42538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90004d17c40 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
3 locks held by kworker/0:6/5837:
 #0: ffff88813fe43938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90005077c40 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
2 locks held by kworker/0:8/5915:
 #0: ffff88813fe42538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90005a57c40 ((gc_work).work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
3 locks held by kworker/1:8/5969:
 #0: ffff88813fe43938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90005bffc40 (drain_vmap_work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffffffff8e0ed538 (vmap_purge_lock){+.+.}-{4:4}, at: drain_vmap_area_work+0x17/0x40 mm/vmalloc.c:2429
4 locks held by kworker/1:9/5970:
 #0: ffff88805e6ffd38 ((wq_completion)wg-kex-wg0#4){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90005c0fc40 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))))((unsigned long)((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))) + (((__per_cpu_offset[(cpu)]))))); })->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffff88805e8d56f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1a1/0x9a0 drivers/net/wireguard/noise.c:598
 #3: ffff88803ac8ce90 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x58b/0x9a0 drivers/net/wireguard/noise.c:632
3 locks held by kworker/1:10/5971:
 #0: ffff88813fe42538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90005c1fc40 ((work_completion)(&(&gc_work->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #2: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #2: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: gc_worker+0x265/0x12e0 net/netfilter/nf_conntrack_core.c:1543
7 locks held by kworker/u8:19/6595:
 #0: ffff88813fe84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc9000635fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffff88803afa6310 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0 drivers/net/netdevsim/dev.c:909
 #3: ffff88801ff7cd20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #3: ffff88801ff7cd20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline]
 #3: ffff88801ff7cd20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0 drivers/net/netdevsim/dev.c:922
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
 #5: ffff8880b8736e10 ((crngs.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #5: ffff8880b8736e10 ((crngs.lock)){+.+.}-{3:3}, at: crng_make_state+0x162/0x5d0 drivers/char/random.c:358
 #6: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #6: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #6: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #6: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
1 lock held by syz-executor/6641:
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 drivers/net/tun.c:3438
1 lock held by syz.4.229/6828:
 #0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1181 [inline]
 #0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 arch/x86/kernel/unwind_orc.c:495
1 lock held by syz-executor/6834:
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 net/core/rtnetlink.c:4109
1 lock held by syz-executor/6836:
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 net/core/rtnetlink.c:4109
1 lock held by syz-executor/6843:
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 net/core/rtnetlink.c:4109
4 locks held by kworker/u8:22/6852:
 #0: ffff88813fe82938 ((wq_completion)kvfree_rcu_reclaim){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90004137c40 ((work_completion)(&(&krcp->krw_arr[i].rcu_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
 #2: ffffffff8dfc8360 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #2: ffffffff8dfc8360 (rcu_callback){....}-{0:0}, at: kvfree_rcu_bulk+0x6d/0x1b0 mm/slab_common.c:1496
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1181 [inline]
 #3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 arch/x86/kernel/unwind_orc.c:495
2 locks held by kworker/u8:23/6853:
 #0: ffff888032f3d938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
 #1: ffffc90004107c40 ((work_completion)(&(&bat_priv->tt.work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
1 lock held by syz-executor/6855:
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 net/core/rtnetlink.c:4109
1 lock held by syz-executor/6857:
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8f371f78 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 net/ipv4/devinet.c:978
1 lock held by modprobe/6904:
 #0: ffffffff8e0f1980 (fs_reclaim){+.+.}-{0:0}, at: might_alloc include/linux/sched/mm.h:317 [inline]
 #0: ffffffff8e0f1980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook mm/slub.c:4533 [inline]
 #0: ffffffff8e0f1980 (fs_reclaim){+.+.}-{0:0}, at: slab_alloc_node mm/slub.c:4888 [inline]
 #0: ffffffff8e0f1980 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_noprof+0x44/0x680 mm/slub.c:4918
1 lock held by modprobe/6905:
 #0: ffffffff8e6ea4f8 (tomoyo_ss){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:187 [inline]
 #0: ffffffff8e6ea4f8 (tomoyo_ss){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:294 [inline]
 #0: ffffffff8e6ea4f8 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_read_lock security/tomoyo/common.h:1112 [inline]
 #0: ffffffff8e6ea4f8 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_check_open_permission+0x1d3/0x470 security/tomoyo/file.c:772
3 locks held by udevd/6906:
 #0: ffff88803cf4f858 (&ep->mtx){+.+.}-{4:4}, at: epoll_mutex_lock fs/eventpoll.c:2215 [inline]
 #0: ffff88803cf4f858 (&ep->mtx){+.+.}-{4:4}, at: do_epoll_ctl_file+0x2d5/0x1070 fs/eventpoll.c:2283
 #1: ffffffff8e10d270 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:187 [inline]
 #1: ffffffff8e10d270 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 include/linux/srcu.h:294
 #2: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #2: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #2: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1181 [inline]
 #2: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 arch/x86/kernel/unwind_orc.c:495
1 lock held by udevd/6907:
 #0: ffff88803fbc5088 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 mm/mmap_lock.c:310

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
 watchdog+0xfd3/0x1030 kernel/hung_task.c:561
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:37 [inline]
RIP: 0010:native_write_msr arch/x86/include/asm/msr.h:139 [inline]
RIP: 0010:wrmsrq arch/x86/include/asm/msr.h:199 [inline]
RIP: 0010:native_apic_msr_write+0x39/0x50 arch/x86/include/asm/apic.h:208
Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 e9 40 df b6 09 cc 89 f6 31 d2 e9 16 18 73 03 66 0f 1f 44 00
RSP: 0018:ffffc90000157bd0 EFLAGS: 00000046
RAX: 000000000000000f RBX: ffff8880b8623c40 RCX: 0000000000000838
RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000000000000838
RBP: ffffc90000157c88 R08: 0000000000000000 R09: 0000000000000100
R10: 0000000000000100 R11: ffffffff81744440 R12: ffffffff81744440
R13: 1ffff110170c4791 R14: 0000000000000000 R15: ffff8880b8623c8c
FS:  0000000000000000(0000) GS:ffff888125f1f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a85b533008 CR3: 00000000295c0000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 apic_write arch/x86/include/asm/apic.h:405 [inline]
 lapic_next_event+0x11/0x20 arch/x86/kernel/apic/apic.c:418
 clockevents_program_event+0x44e/0x630 kernel/time/clockevents.c:381
 hrtimer_update_softirq_timer kernel/time/hrtimer.c:1309 [inline]
 hrtimer_run_softirq+0x207/0x260 kernel/time/hrtimer.c:2116
 handle_softirqs+0x1de/0x6d0 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 run_ktimerd+0x69/0x100 kernel/softirq.c:1155
 smpboot_thread_fn+0x541/0xa50 kernel/smpboot.c:160
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>