syzbot

watchdog: BUG: soft lockup - CPU#1 stuck for 143s! [kworker/u4:1:3632]
Modules linked in:
irq event stamp: 45854
hardirqs last  enabled at (45853): [<ffffffff89600c02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
hardirqs last disabled at (45854): [<ffffffff8945558b>] sysvec_apic_timer_interrupt+0xb/0xc0 arch/x86/kernel/apic/apic.c:1097
softirqs last  enabled at (17476): [<ffffffff84d03feb>] rcu_read_unlock_bh include/linux/rcupdate.h:754 [inline]
softirqs last  enabled at (17476): [<ffffffff84d03feb>] mod_peer_timer drivers/net/wireguard/timers.c:38 [inline]
softirqs last  enabled at (17476): [<ffffffff84d03feb>] wg_timers_handshake_initiated+0x1ab/0x300 drivers/net/wireguard/timers.c:184
softirqs last disabled at (17472): [<ffffffff84d03e88>] wg_timers_handshake_initiated+0x48/0x300 drivers/net/wireguard/timers.c:185
CPU: 1 PID: 3632 Comm: kworker/u4:1 Not tainted 5.16.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:csd_lock_wait kernel/smp.c:440 [inline]
RIP: 0010:smp_call_function_many_cond+0x45c/0xc20 kernel/smp.c:969
Code: 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 40 78 0b 00 f3 90 41 0f b6 04 24 40 38 c5 7c 08 <84> c0 0f 85 33 06 00 00 8b 43 08 31 ff 83 e0 01 41 89 c7 89 c6 e8
RSP: 0018:ffffc90001acf9f8 EFLAGS: 00000206
RAX: 0000000000000000 RBX: ffff8880b9c41d40 RCX: 0000000000000000
RDX: ffff8880184a9d00 RSI: ffffffff816c2a00 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff816c2a26 R11: 0000000000000000 R12: ffffed10173883a9
R13: 0000000000000000 R14: ffff8880b9c41d48 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffce47bb080 CR3: 000000000b88e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 on_each_cpu_cond_mask+0x56/0xa0 kernel/smp.c:1135
 on_each_cpu include/linux/smp.h:71 [inline]
 text_poke_sync arch/x86/kernel/alternative.c:1112 [inline]
 text_poke_bp_batch+0x1b3/0x560 arch/x86/kernel/alternative.c:1297
 text_poke_flush arch/x86/kernel/alternative.c:1451 [inline]
 text_poke_flush arch/x86/kernel/alternative.c:1448 [inline]
 text_poke_finish+0x16/0x30 arch/x86/kernel/alternative.c:1458
 arch_jump_label_transform_apply+0x13/0x20 arch/x86/kernel/jump_label.c:146
 jump_label_update+0x1d5/0x430 kernel/jump_label.c:830
 static_key_enable_cpuslocked+0x1b1/0x260 kernel/jump_label.c:177
 static_key_enable+0x16/0x20 kernel/jump_label.c:190
 toggle_allocation_gate mm/kfence/core.c:732 [inline]
 toggle_allocation_gate+0x100/0x390 mm/kfence/core.c:724
 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
----------------
Code disassembly (best guess), 5 bytes skipped:
   0:	df 4d 89             	fisttps -0x77(%rbp)
   3:	f4                   	hlt
   4:	4c 89 f5             	mov    %r14,%rbp
   7:	49 c1 ec 03          	shr    $0x3,%r12
   b:	83 e5 07             	and    $0x7,%ebp
   e:	49 01 c4             	add    %rax,%r12
  11:	83 c5 03             	add    $0x3,%ebp
  14:	e8 40 78 0b 00       	callq  0xb7859
  19:	f3 90                	pause
  1b:	41 0f b6 04 24       	movzbl (%r12),%eax
  20:	40 38 c5             	cmp    %al,%bpl
  23:	7c 08                	jl     0x2d
* 25:	84 c0                	test   %al,%al <-- trapping instruction
  27:	0f 85 33 06 00 00    	jne    0x660
  2d:	8b 43 08             	mov    0x8(%rbx),%eax
  30:	31 ff                	xor    %edi,%edi
  32:	83 e0 01             	and    $0x1,%eax
  35:	41 89 c7             	mov    %eax,%r15d
  38:	89 c6                	mov    %eax,%esi
  3a:	e8                   	.byte 0xe8