INFO: task kworker/u8:5:150 blocked for more than 143 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:5    state:D stack:20056 pid:150   tgid:150   ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 addrconf_dad_work+0x10e/0x16a0 net/ipv6/addrconf.c:4190
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task dhcpcd:5501 blocked for more than 143 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd          state:D stack:20352 pid:5501  tgid:5501  ppid:5500   task_flags:0x400140 flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 rtnl_lock net/core/rtnetlink.c:79 [inline]
 rtnl_dumpit+0x99/0x200 net/core/rtnetlink.c:6779
 netlink_dump+0x64d/0xe10 net/netlink/af_netlink.c:2318
 __netlink_dump_start+0x5a2/0x790 net/netlink/af_netlink.c:2433
 netlink_dump_start include/linux/netlink.h:340 [inline]
 rtnetlink_dump_start net/core/rtnetlink.c:6809 [inline]
 rtnetlink_rcv_msg+0xb3d/0xcf0 net/core/rtnetlink.c:6876
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
 netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348
 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1892
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:733
 __sys_sendto+0x363/0x4c0 net/socket.c:2187
 __do_sys_sendto net/socket.c:2194 [inline]
 __se_sys_sendto net/socket.c:2190 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2190
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9d9cf13ad7
RSP: 002b:00007ffdc6dfc068 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ffdc6dfd190 RCX: 00007f9d9cf13ad7
RDX: 0000000000000014 RSI: 00007ffdc6dfd0b0 RDI: 0000000000000014
RBP: 00007ffdc6dfd120 R08: 00007ffdc6dfd094 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012
R13: 00007ffdc6dfd094 R14: 00007ffdc6dfd0b0 R15: 0000000000000105
 </TASK>
INFO: task kworker/u8:9:29031 blocked for more than 144 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:9    state:D stack:20184 pid:29031 tgid:29031 ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: events_unbound linkwatch_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 linkwatch_event+0xe/0x60 net/core/link_watch.c:285
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task syz-executor:2105 blocked for more than 144 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20992 pid:2105  tgid:2105  ppid:1      task_flags:0x400140 flags:0x20000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 rtnl_lock net/core/rtnetlink.c:79 [inline]
 rtnl_nets_lock net/core/rtnetlink.c:335 [inline]
 rtnl_newlink+0xce2/0x2210 net/core/rtnetlink.c:4020
 rtnetlink_rcv_msg+0x791/0xcf0 net/core/rtnetlink.c:6911
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
 netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348
 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1892
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:733
 __sys_sendto+0x363/0x4c0 net/socket.c:2187
 __se_compat_sys_socketcall+0xb18/0x1430 net/compat.c:423
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf745d579
RSP: 002b:00000000f75af770 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f75af784
RDX: 0000000000000000 RSI: 00000000f7fb3528 RDI: 00000000f744cff4
RBP: 00000000f7fb3528 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:2230 blocked for more than 144 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20992 pid:2230  tgid:2230  ppid:1      task_flags:0x400140 flags:0x20000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 rtnl_lock net/core/rtnetlink.c:79 [inline]
 rtnl_nets_lock net/core/rtnetlink.c:335 [inline]
 rtnl_newlink+0xce2/0x2210 net/core/rtnetlink.c:4020
 rtnetlink_rcv_msg+0x791/0xcf0 net/core/rtnetlink.c:6911
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
 netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348
 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1892
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:733
 __sys_sendto+0x363/0x4c0 net/socket.c:2187
 __se_compat_sys_socketcall+0xb18/0x1430 net/compat.c:423
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7fa4579
RSP: 002b:00000000f758f7e0 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f758f7f4
RDX: 0000000000000000 RSI: 00000000f7f94568 RDI: 00000000f742cff4
RBP: 00000000f7f94568 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:2283 blocked for more than 145 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20992 pid:2283  tgid:2283  ppid:1      task_flags:0x400140 flags:0x20004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 rtnl_lock net/core/rtnetlink.c:79 [inline]
 rtnl_nets_lock net/core/rtnetlink.c:335 [inline]
 rtnl_newlink+0xce2/0x2210 net/core/rtnetlink.c:4020
 rtnetlink_rcv_msg+0x791/0xcf0 net/core/rtnetlink.c:6911
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
 netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348
 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1892
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:733
 __sys_sendto+0x363/0x4c0 net/socket.c:2187
 __se_compat_sys_socketcall+0xb18/0x1430 net/compat.c:423
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7ff0579
RSP: 002b:00000000f75df850 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f75df864
RDX: 0000000000000000 RSI: 00000000f7fe4568 RDI: 00000000f747cff4
RBP: 00000000f7fe4568 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
INFO: task syz.6.4973:2308 blocked for more than 145 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.4973      state:D stack:23744 pid:2308  tgid:2307  ppid:32702  task_flags:0x400140 flags:0x20004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 ppp_release+0x87/0x1f0 drivers/net/ppp/ppp_generic.c:408
 __fput+0x3e9/0x9f0 fs/file_table.c:464
 task_work_run+0x24f/0x310 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218
 __do_fast_syscall_32+0xc4/0x110 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf73cd579
RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000ffffffff
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
INFO: task syz.4.4977:2350 blocked for more than 146 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.4977      state:D stack:26240 pid:2350  tgid:2346  ppid:1510   task_flags:0x400040 flags:0x20000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 __tun_chr_ioctl+0x48c/0x2400 drivers/net/tun.c:3121
 __do_compat_sys_ioctl fs/ioctl.c:1004 [inline]
 __se_compat_sys_ioctl+0x502/0xc10 fs/ioctl.c:947
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f70579
RSP: 002b:00000000f4c3155c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000400454da
RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:1/9:
 #0: ffff88801ac81d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88801ac81d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317
 #1: ffffc900000e7c60 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900000e7c60 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317
 #2: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x99/0xfb0 net/wireless/reg.c:2480
1 lock held by khungtaskd/30:
 #0: ffffffff8e9387e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8e9387e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8e9387e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6746
3 locks held by kworker/u8:5/150:
 #0: ffff88814d7a5148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88814d7a5148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317
 #1: ffffc90002f37c60 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90002f37c60 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317
 #2: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #2: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x10e/0x16a0 net/ipv6/addrconf.c:4190
2 locks held by dhcpcd/5501:
 #0: ffff8880702356c8 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0x119/0x790 net/netlink/af_netlink.c:2397
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x99/0x200 net/core/rtnetlink.c:6779
2 locks held by getty/5600:
 #0: ffff8880358aa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00 drivers/tty/n_tty.c:2211
5 locks held by kworker/u8:8/20663:
 #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317
 #1: ffffc9000605fc60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000605fc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317
 #2: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 net/core/net_namespace.c:606
 #3: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xe9/0xaa0 net/core/dev.c:12337
 #4: ffff888070b34d28 (&dev->lock){+.+.}-{4:4}, at: netdev_lock include/linux/netdevice.h:2700 [inline]
 #4: ffff888070b34d28 (&dev->lock){+.+.}-{4:4}, at: napi_disable+0x4d/0x80 net/core/dev.c:7012
3 locks held by kworker/u8:9/29031:
 #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317
 #1: ffffc9000356fc60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000356fc60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317
 #2: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:285
2 locks held by kworker/u8:13/32319:
1 lock held by syz-executor/32702:
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
1 lock held by syz-executor/1510:
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
1 lock held by syz-executor/2105:
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:335 [inline]
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xce2/0x2210 net/core/rtnetlink.c:4020
1 lock held by syz-executor/2230:
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:335 [inline]
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xce2/0x2210 net/core/rtnetlink.c:4020
1 lock held by syz-executor/2283:
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:335 [inline]
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xce2/0x2210 net/core/rtnetlink.c:4020
1 lock held by syz.6.4973/2308:
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: ppp_release+0x87/0x1f0 drivers/net/ppp/ppp_generic.c:408
1 lock held by syz.4.4977/2350:
 #0: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x48c/0x2400 drivers/net/tun.c:3121
2 locks held by syz-executor/2357:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878
2 locks held by syz-executor/2362:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878
2 locks held by syz-executor/2367:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878
2 locks held by syz-executor/2371:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878
2 locks held by syz-executor/2374:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878
2 locks held by syz-executor/2378:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878
2 locks held by syz-executor/2382:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878
2 locks held by syz-executor/2386:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878
2 locks held by syz-executor/2391:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878
2 locks held by syz-executor/2397:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878
2 locks held by syz-executor/2405:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878
2 locks held by syz-executor/2413:
 #0: ffffffff8fcb4990 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcc0f08 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3878

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:236 [inline]
 watchdog+0x1058/0x10a0 kernel/hung_task.c:399
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 32322 Comm: kworker/u8:16 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:183 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:246 [inline]
RIP: 0010:__sanitizer_cov_trace_switch+0x9d/0x120 kernel/kcov.c:351
Code: 00 00 4d 85 d2 0f 84 8b 00 00 00 4c 8b 4c 24 20 65 4c 8b 1c 25 80 d6 03 00 31 d2 eb 08 48 ff c2 49 39 d2 74 71 4c 8b 74 d6 10 <65> 8b 05 c4 80 44 7e 25 00 01 ff 00 74 11 3d 00 01 00 00 75 de 41
RSP: 0018:ffffc90004cfe678 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000009 RCX: ffff88802afdbc00
RDX: 0000000000000000 RSI: ffffffff8ff409b0 RDI: 00000000000000dd
RBP: ffffc90004cfeab0 R08: 0000000000000001 R09: ffffffff8b7461c1
R10: 000000000000002b R11: ffff88802afdbc00 R12: ffff88803c97d33c
R13: ffff88803c97d33c R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a70d221088 CR3: 000000000e738000 CR4: 00000000003526f0
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 _ieee802_11_parse_elems_full+0xc11/0x4b00 net/mac80211/parse.c:357
 ieee802_11_parse_elems_full+0xdc5/0x2750 net/mac80211/parse.c:1011
 ieee802_11_parse_elems_crc net/mac80211/ieee80211_i.h:2397 [inline]
 ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2404 [inline]
 ieee80211_inform_bss+0x15f/0x1080 net/mac80211/scan.c:79
 rdev_inform_bss net/wireless/rdev-ops.h:418 [inline]
 cfg80211_inform_single_bss_data+0xec1/0x2070 net/wireless/scan.c:2367
 cfg80211_inform_bss_data+0x3c8/0x5d60 net/wireless/scan.c:3222
 cfg80211_inform_bss_frame_data+0x3bb/0x720 net/wireless/scan.c:3317
 ieee80211_bss_info_update+0x8a7/0xbc0 net/mac80211/scan.c:226
 ieee80211_rx_bss_info net/mac80211/ibss.c:1102 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1581 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x1969/0x2d70 net/mac80211/ibss.c:1608
 ieee80211_iface_process_skb net/mac80211/iface.c:1611 [inline]
 ieee80211_iface_work+0x8dc/0xf90 net/mac80211/iface.c:1665
 cfg80211_wiphy_work+0x2f0/0x490 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>