INFO: task syz-executor:11616 blocked for more than 144 seconds.
      Not tainted 6.10.0-syzkaller-11840-g933069701c1b #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:24528 pid:11616 tgid:11616 ppid:1      flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5188 [inline]
 __schedule+0x17ae/0x4a10 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 __tun_chr_ioctl+0x48f/0x2400 drivers/net/tun.c:3117
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff04df75b1b
RSP: 002b:00007fffb5f23d40 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ff04e105f20 RCX: 00007ff04df75b1b
RDX: 00007fffb5f23dc0 RSI: 00000000400454ca RDI: 00000000000000c8
RBP: 00007ff04e106a18 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c
R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009
 </TASK>
INFO: task syz-executor:11619 blocked for more than 145 seconds.
      Not tainted 6.10.0-syzkaller-11840-g933069701c1b #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:24160 pid:11619 tgid:11619 ppid:1      flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5188 [inline]
 __schedule+0x17ae/0x4a10 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 ip_tunnel_init_net+0x20e/0x710 net/ipv4/ip_tunnel.c:1158
 vti_init_net+0x2e/0xf0 net/ipv4/ip_vti.c:517
 ops_init+0x359/0x610 net/core/net_namespace.c:139
 setup_net+0x515/0xca0 net/core/net_namespace.c:343
 copy_net_ns+0x4e2/0x7b0 net/core/net_namespace.c:508
 create_new_namespaces+0x425/0x7b0 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0x124/0x180 kernel/nsproxy.c:228
 ksys_unshare+0x619/0xc10 kernel/fork.c:3309
 __do_sys_unshare kernel/fork.c:3380 [inline]
 __se_sys_unshare kernel/fork.c:3378 [inline]
 __x64_sys_unshare+0x38/0x40 kernel/fork.c:3378
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fac9ed77677
RSP: 002b:00007ffd38d089d8 EFLAGS: 00000202
 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007fac9ef05f20 RCX: 00007fac9ed77677
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00007fac9ef06a18 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c
R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009
 </TASK>
INFO: task syz-executor:11621 blocked for more than 146 seconds.
      Not tainted 6.10.0-syzkaller-11840-g933069701c1b #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:24992 pid:11621 tgid:11621 ppid:1      flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5188 [inline]
 __schedule+0x17ae/0x4a10 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 ip_tunnel_init_net+0x20e/0x710 net/ipv4/ip_tunnel.c:1158
 ops_init+0x359/0x610 net/core/net_namespace.c:139
 setup_net+0x515/0xca0 net/core/net_namespace.c:343
 copy_net_ns+0x4e2/0x7b0 net/core/net_namespace.c:508
 create_new_namespaces+0x425/0x7b0 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0x124/0x180 kernel/nsproxy.c:228
 ksys_unshare+0x619/0xc10 kernel/fork.c:3309
 __do_sys_unshare kernel/fork.c:3380 [inline]
 __se_sys_unshare kernel/fork.c:3378 [inline]
 __x64_sys_unshare+0x38/0x40 kernel/fork.c:3378
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe218377677
RSP: 002b:00007ffec705a708 EFLAGS: 00000206
 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007fe218505f20 RCX: 00007fe218377677
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00007fe218506a18 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c
R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009
 </TASK>
INFO: task syz-executor:11623 blocked for more than 147 seconds.
      Not tainted 6.10.0-syzkaller-11840-g933069701c1b #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:24992 pid:11623 tgid:11623 ppid:1      flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5188 [inline]
 __schedule+0x17ae/0x4a10 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3871
 ops_init+0x359/0x610 net/core/net_namespace.c:139
 setup_net+0x515/0xca0 net/core/net_namespace.c:343
 copy_net_ns+0x4e2/0x7b0 net/core/net_namespace.c:508
 create_new_namespaces+0x425/0x7b0 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0x124/0x180 kernel/nsproxy.c:228
 ksys_unshare+0x619/0xc10 kernel/fork.c:3309
 __do_sys_unshare kernel/fork.c:3380 [inline]
 __se_sys_unshare kernel/fork.c:3378 [inline]
 __x64_sys_unshare+0x38/0x40 kernel/fork.c:3378
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f71fc977677
RSP: 002b:00007ffc2ea3beb8 EFLAGS: 00000206
 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f71fcb05f20 RCX: 00007f71fc977677
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00007f71fcb06a18 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c
R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/u8:1/12:
 #0: 
ffff888029a7e948
 (
(wq_completion)ipv6_addrconf
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3206 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc90000117d00
 (
(work_completion)(&(&net->ipv6.addr_chk_work)->work)
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3207 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4734
3 locks held by kworker/1:0/25:
 #0: ffff888015080948
 (
(wq_completion)events
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3206 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc900001f7d00
 (
deferred_process_work
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3207 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
1 lock held by khungtaskd/30:
 #0: 
ffffffff8e337560 (
rcu_read_lock
){....}-{1:2}
, at: rcu_lock_acquire include/linux/rcupdate.h:326 [inline]
, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6620
5 locks held by kworker/u8:3/52:
6 locks held by kworker/0:1H/1056:
7 locks held by kworker/0:2/1579:
2 locks held by getty/4844:
 #0: 
ffff88802adc50a0
 (&tty->ldisc_sem
){++++}-{0:0}
, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: 
ffffc90002f062f0
 (&ldata->atomic_read_lock
){+.+.}-{3:3}
, at: n_tty_read+0x6b5/0x1e10 drivers/tty/n_tty.c:2211
1 lock held by syz-executor/5092:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: tun_detach drivers/net/tun.c:698 [inline]
, at: tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3507
3 locks held by kworker/u9:2/5099:
 #0: 
ffff888029b7f148
 (
(wq_completion)hci13
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3206 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc90003b7fd00
 (
(work_completion)(&hdev->power_on)
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3207 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffff88802a284d80
 (
&hdev->req_lock
){+.+.}-{3:3}
, at: hci_dev_do_open net/bluetooth/hci_core.c:417 [inline]
, at: hci_power_on+0x1bf/0x6b0 net/bluetooth/hci_core.c:948
5 locks held by kworker/u9:3/5100:
 #0: 
ffff88802c572148
 (
(wq_completion)hci8
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3206 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc90003b8fd00
 (
(work_completion)(&hdev->cmd_sync_work)
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3207 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffff88804eb80d80
 (
&hdev->req_lock
){+.+.}-{3:3}
, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
 #3: 
ffff88804eb80078
 (
&hdev->lock
){+.+.}-{3:3}
, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5491
 #4: 
ffffffff8f761ca8
 (
hci_cb_list_lock
){+.+.}-{3:3}
, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
, at: hci_conn_failed+0x185/0x340 net/bluetooth/hci_conn.c:1265
5 locks held by kworker/u9:4/5101:
 #0: ffff888069990148
 (
(wq_completion)hci7
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3206 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc90003bafd00
 (
(work_completion)(&hdev->cmd_sync_work)
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3207 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffff888022234d80
 (
&hdev->req_lock
){+.+.}-{3:3}
, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
 #3: 
ffff888022234078
 (
&hdev->lock
){+.+.}-{3:3}
, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5491
 #4: 
ffffffff8f761ca8
 (
hci_cb_list_lock
){+.+.}-{3:3}
, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
, at: hci_conn_failed+0x185/0x340 net/bluetooth/hci_conn.c:1265
5 locks held by kworker/u9:5/5103:
 #0: 
ffff88806709a948
 (
(wq_completion)hci9
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3206 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc90003bcfd00
 (
(work_completion)(&hdev->cmd_sync_work)
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3207 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffff88804af20d80
 (
&hdev->req_lock
){+.+.}-{3:3}
, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
 #3: 
ffff88804af20078
 (
&hdev->lock
){+.+.}-{3:3}
, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5491
 #4: 
ffffffff8f761ca8
 (
hci_cb_list_lock
){+.+.}-{3:3}
, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
, at: hci_conn_failed+0x185/0x340 net/bluetooth/hci_conn.c:1265
5 locks held by kworker/u9:6/5107:
 #0: 
ffff88804a83c148
 (
(wq_completion)hci10){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
(wq_completion)hci10){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc90003d07d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc90003d07d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffff88804a800d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
 #3: 
ffff88804a800078
 (
&hdev->lock
){+.+.}-{3:3}
, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5491
 #4: 
ffffffff8f761ca8
 (
hci_cb_list_lock
){+.+.}-{3:3}
, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
, at: hci_conn_failed+0x185/0x340 net/bluetooth/hci_conn.c:1265
5 locks held by kworker/u9:9/5112:
 #0: 
ffff888066588948
 (
(wq_completion)hci6
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3206 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc90003d77d00
 (
(work_completion)(&hdev->cmd_sync_work)
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3207 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffff888024454d80
 (
&hdev->req_lock
){+.+.}-{3:3}
, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
 #3: 
ffff888024454078
 (
&hdev->lock
){+.+.}-{3:3}
, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5491
 #4: 
ffffffff8f761ca8
 (
hci_cb_list_lock
){+.+.}-{3:3}
, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
, at: hci_conn_failed+0x185/0x340 net/bluetooth/hci_conn.c:1265
9 locks held by kworker/0:5/5149:
7 locks held by kworker/0:6/5151:
3 locks held by kworker/1:6/5152:
 #0: 
ffff888015080948
 (
(wq_completion)events
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3206 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc90004037d00
 (
(linkwatch_work).work
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3207 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:276
5 locks held by kworker/0:7/5237:
1 lock held by syz-executor/9102:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: tun_detach drivers/net/tun.c:698 [inline]
, at: tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3507
1 lock held by syz.1.1642/10481:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex){+.+.}-{3:3}
, at: tun_detach drivers/net/tun.c:698 [inline]
, at: tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3507
1 lock held by syz.2.2050/11589:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: tun_detach drivers/net/tun.c:698 [inline]
, at: tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3507
1 lock held by syz.0.2053/11601:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: tun_detach drivers/net/tun.c:698 [inline]
, at: tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3507
2 locks held by syz-executor/11615:
 #0: 
ffffffff8f5e9950
 (
pernet_ops_rwsem
){++++}-{3:3}
, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: wg_netns_pre_exit+0x1f/0x1e0 drivers/net/wireguard/device.c:414
1 lock held by syz-executor/11616:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: __tun_chr_ioctl+0x48f/0x2400 drivers/net/tun.c:3117
2 locks held by syz-executor/11619:
 #0: 
ffffffff8f5e9950
 (
pernet_ops_rwsem
){++++}-{3:3}
, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: ip_tunnel_init_net+0x20e/0x710 net/ipv4/ip_tunnel.c:1158
2 locks held by syz-executor/11621:
 #0: 
ffffffff8f5e9950
 (
pernet_ops_rwsem){++++}-{3:3}
, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: ffffffff8f5f64c8
 (rtnl_mutex
){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x710 net/ipv4/ip_tunnel.c:1158
2 locks held by syz-executor/11623:
 #0: ffffffff8f5e9950
 (
pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3871
1 lock held by syz-executor/11637:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
1 lock held by syz-executor/11638:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
1 lock held by syz-executor/11641:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
1 lock held by syz-executor/11643:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
1 lock held by syz-executor/11645:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
1 lock held by syz-executor/11652:
 #0: 
ffffffff8f5f64c8
 (
rtnl_mutex
){+.+.}-{3:3}
, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
1 lock held by syz-executor/11654:
 #0: 
ffff888024194d80
 (
&hdev->req_lock
){+.+.}-{3:3}, at: hci_dev_do_open net/bluetooth/hci_core.c:417 [inline]
){+.+.}-{3:3}, at: hci_dev_open+0x1f4/0x300 net/bluetooth/hci_core.c:475
1 lock held by dhcpcd/11659:
 #0: 
ffff888022ed0258
 (
sk_lock-AF_PACKET
){+.+.}-{0:0}
, at: lock_sock include/net/sock.h:1607 [inline]
, at: packet_do_bind+0x32/0xcb0 net/packet/af_packet.c:3266
2 locks held by dhcpcd/11660:
 #0: 
ffff888061c30258
 (
sk_lock-AF_PACKET
){+.+.}-{0:0}
, at: lock_sock include/net/sock.h:1607 [inline]
, at: packet_do_bind+0x32/0xcb0 net/packet/af_packet.c:3266
 #1: 
ffffffff8e33c938
 (
rcu_state.exp_mutex
){+.+.}-{3:3}
, at: exp_funnel_lock kernel/rcu/tree_exp.h:328 [inline]
, at: synchronize_rcu_expedited+0x451/0x830 kernel/rcu/tree_exp.h:958
1 lock held by dhcpcd/11661:
 #0: 
ffff88801d54d608
 (
&sb->s_type->i_mutex_key
#9
){+.+.}-{3:3}
, at: inode_lock include/linux/fs.h:799 [inline]
, at: __sock_release net/socket.c:658 [inline]
, at: sock_close+0x90/0x240 net/socket.c:1421
1 lock held by dhcpcd/11662:
 #0: 
ffff88805a328258
 (
sk_lock-AF_PACKET
){+.+.}-{0:0}
, at: lock_sock include/net/sock.h:1607 [inline]
, at: packet_do_bind+0x32/0xcb0 net/packet/af_packet.c:3266
1 lock held by dhcpcd/11663:
 #0: 
ffff88805a32a258
 (
sk_lock-AF_PACKET
){+.+.}-{0:0}
, at: lock_sock include/net/sock.h:1607 [inline]
, at: packet_do_bind+0x32/0xcb0 net/packet/af_packet.c:3266
3 locks held by kworker/u9:1/11667:
 #0: 
ffff88802ace5948
 (
(wq_completion)hci15
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3206 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc90013e37d00
 (
(work_completion)(&hdev->power_on)
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3207 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffff88801fd84d80
 (
&hdev->req_lock
){+.+.}-{3:3}
, at: hci_dev_do_open net/bluetooth/hci_core.c:417 [inline]
, at: hci_power_on+0x1bf/0x6b0 net/bluetooth/hci_core.c:948
1 lock held by dhcpcd/11668:
 #0: 
ffff8880248f8258
 (
sk_lock-AF_PACKET
){+.+.}-{0:0}
, at: lock_sock include/net/sock.h:1607 [inline]
, at: packet_do_bind+0x32/0xcb0 net/packet/af_packet.c:3266

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-syzkaller-11840-g933069701c1b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
 nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113