INFO: task kworker/0:1:9 blocked for more than 143 seconds.
      Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:1     state:D stack:20624 pid:9     tgid:9     ppid:2      flags:0x00004000
Workqueue: events linkwatch_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5188 [inline]
 __schedule+0x1800/0x4a60 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 linkwatch_event+0xe/0x60 net/core/link_watch.c:276
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task dhcpcd:4893 blocked for more than 144 seconds.
      Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd          state:D stack:20672 pid:4893  tgid:4893  ppid:4892   flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5188 [inline]
 __schedule+0x1800/0x4a60 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 rtnl_lock net/core/rtnetlink.c:79 [inline]
 rtnl_dumpit+0x99/0x200 net/core/rtnetlink.c:6506
 netlink_dump+0x647/0xd80 net/netlink/af_netlink.c:2325
 __netlink_dump_start+0x59f/0x780 net/netlink/af_netlink.c:2440
 netlink_dump_start include/linux/netlink.h:339 [inline]
 rtnetlink_dump_start net/core/rtnetlink.c:6536 [inline]
 rtnetlink_rcv_msg+0xb3d/0xcf0 net/core/rtnetlink.c:6603
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550
 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
 netlink_unicast+0x7f0/0x990 net/netlink/af_netlink.c:1357
 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 __sys_sendto+0x3a4/0x4f0 net/socket.c:2204
 __do_sys_sendto net/socket.c:2216 [inline]
 __se_sys_sendto net/socket.c:2212 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2212
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1266943ad7
RSP: 002b:00007ffd223159a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ffd22316ad0 RCX: 00007f1266943ad7
RDX: 0000000000000014 RSI: 00007ffd223169f0 RDI: 000000000000000f
RBP: 00007ffd22316a60 R08: 00007ffd223169d4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012
R13: 00007ffd223169d4 R14: 00007ffd223169f0 R15: 0000000000000105
 </TASK>
INFO: task udevd:5222 blocked for more than 145 seconds.
      Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:udevd           state:D
 stack:21632 pid:5222  tgid:5222  ppid:4679   flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5188 [inline]
 __schedule+0x1800/0x4a60 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 device_lock include/linux/device.h:1009 [inline]
 uevent_show+0x17d/0x340 drivers/base/core.c:2743
 dev_attr_show+0x55/0xc0 drivers/base/core.c:2437
 sysfs_kf_seq_show+0x331/0x4c0 fs/sysfs/file.c:59
 seq_read_iter+0x445/0xd60 fs/seq_file.c:230
 new_sync_read fs/read_write.c:395 [inline]
 vfs_read+0x9bd/0xbc0 fs/read_write.c:476
 ksys_read+0x1a0/0x2c0 fs/read_write.c:619
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe5b8f16b6a
RSP: 002b:00007fff0ce480d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000555cffc64590 RCX: 00007fe5b8f16b6a
RDX: 0000000000001000 RSI: 0000555cffc5e930 RDI: 0000000000000008
RBP: 0000555cffc64590 R08: 0000000000000008 R09: 0000000000000020
R10: 000000000000010f R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000003fff R14: 00007fff0ce485b8 R15: 000000000000000a
 </TASK>
INFO: task kworker/u8:9:9353 blocked for more than 146 seconds.
      Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:9    state:D
 stack:21008 pid:9353  tgid:9353  ppid:2      flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5188 [inline]
 __schedule+0x1800/0x4a60 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 addrconf_dad_work+0xd0/0x16f0 net/ipv6/addrconf.c:4194
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task syz.1.1546:11976 blocked for more than 146 seconds.
      Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.1546      state:D stack:27136 pid:11976 tgid:11970 ppid:11144  flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5188 [inline]
 __schedule+0x1800/0x4a60 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 rtnl_lock net/core/rtnetlink.c:79 [inline]
 rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550
 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
 netlink_unicast+0x7f0/0x990 net/netlink/af_netlink.c:1357
 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597
 ___sys_sendmsg net/socket.c:2651 [inline]
 __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9ebfd779f9
RSP: 002b:00007f9ec0b1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f9ebff06058 RCX: 00007f9ebfd779f9
RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
RBP: 00007f9ebfde58ee R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f9ebff06058 R15: 00007f9ec002fa38
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:1/9:
 #0: ffff888015880948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff888015880948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc900000e7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
ffffc900000e7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:276
1 lock held by khungtaskd/30:
 #0: ffffffff8e9382a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:326 [inline]
 #0: ffffffff8e9382a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff8e9382a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6620
5 locks held by kworker/u9:0/55:
 #0: ffff88805f026948 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff88805f026948 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc90000bf7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc90000bf7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffff8880644f8d80 (&hdev->req_lock){+.+.}-{3:3}
, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
 #3: ffff8880644f8078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5512
 #4: 
ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 net/bluetooth/hci_conn.c:1265
2 locks held by dhcpcd/4893:
 #0: 
ffff88805f911678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780 net/netlink/af_netlink.c:2404
 #1: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #1: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x99/0x200 net/core/rtnetlink.c:6506
2 locks held by getty/4978:
 #0: ffff8880300a10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00 drivers/tty/n_tty.c:2211
4 locks held by udevd/5222:
 #0: 
ffff88806c30a8b8 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60 fs/seq_file.c:182
 #1: ffff88802f5c7888 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0 fs/kernfs/file.c:154
 #2: 
ffff88805e4b62d8 (kn->active
#5
){++++}-{0:0}
, at: kernfs_seq_start+0x72/0x3b0 fs/kernfs/file.c:155
 #3: 
ffff88802d545190
 (
&dev->mutex
){....}-{3:3}
, at: device_lock include/linux/device.h:1009 [inline]
, at: uevent_show+0x17d/0x340 drivers/base/core.c:2743
4 locks held by kworker/u9:3/5226:
 #0: ffff88807a090148 ((wq_completion)hci12#2){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3206 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc900038bfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
ffffc900038bfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffff88806522c078
 (
&hdev->lock
){+.+.}-{3:3}
, at: hci_remote_features_evt+0x97/0xaf0 net/bluetooth/hci_event.c:3687
 #3: 
ffffffff8fded328
 (
hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
5 locks held by kworker/u9:4/5228:
 #0: ffff88807d564948
 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc900038efd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc900038efd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffff88806a970d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
 #3: ffff88806a970078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5512
 #4: ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
 #4: ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 net/bluetooth/hci_conn.c:1265
5 locks held by kworker/u9:5/5232:
 #0: ffff8880670a7148 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff8880670a7148 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc90003d9fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc90003d9fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffff88806c0ecd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
 #3: ffff88806c0ec078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5512
 #4: ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}
, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
, at: hci_conn_failed+0x185/0x340 net/bluetooth/hci_conn.c:1265
3 locks held by kworker/1:6/5277:
 #0: ffff888015880948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff888015880948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc90004217d00 (deferred_process_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc90004217d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffffffff8fc81a08
 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
3 locks held by kworker/0:3/5278:
5 locks held by kworker/0:5/5287:
3 locks held by kworker/0:6/5335:
 #0: ffff888015881948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff888015881948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc9000464fd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc9000464fd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 net/wireless/reg.c:2480
9 locks held by kworker/0:8/7819:
3 locks held by kworker/u8:9/9353:
 #0: 
ffff88802a4a3948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
ffff88802a4a3948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc9000463fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
ffffc9000463fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 net/ipv6/addrconf.c:4194
4 locks held by kworker/u8:10/9355:
 #0: ffff8880166e5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff8880166e5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc9000992fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc9000992fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffffffff8fc74e90
 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 net/core/net_namespace.c:594
 #3: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}
, at: wg_destruct+0x25/0x2e0 drivers/net/wireguard/device.c:246
3 locks held by kworker/u8:13/9362:
 #0: ffff8880b933ea18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:560
 #1: ffff8880b9328948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770 kernel/sched/psi.c:989
 #2: 
ffff8880b932a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 kernel/time/timer.c:1051
1 lock held by syz-executor/11685:
 #0: 
ffffffff8fc81a08
 (
rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
7 locks held by syz-executor/11840:
 #0: 
ffff88803055c420 (sb_writers#8){.+.+}-{0:0}
, at: file_start_write include/linux/fs.h:2876 [inline]
, at: vfs_write+0x227/0xc90 fs/read_write.c:586
 #1: ffff888011b30888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 fs/kernfs/file.c:325
 #2: ffff8880226d1698 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 fs/kernfs/file.c:326
 #3: ffffffff8f51e848
 (
nsim_bus_dev_list_lock
){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 drivers/net/netdevsim/bus.c:216
 #4: ffff888069dc60e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1009 [inline]
 #4: ffff888069dc60e8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1094 [inline]
 #4: ffff888069dc60e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1292
 #5: ffff888069dc7250 (&devlink->lock_key#32){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 drivers/net/netdevsim/dev.c:1672
 #6: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0 drivers/net/netdevsim/netdev.c:773
1 lock held by syz-executor/11917:
 #0: 
ffffffff8fc81a08
 (rtnl_mutex
){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
1 lock held by syz.1.1546/11976:
 #0: 
ffffffff8fc81a08
 (
rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
1 lock held by syz.4.1548/12004:
 #0: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x86e/0x1340 net/core/dev_ioctl.c:808
4 locks held by syz.4.1548/12005:
 #0: ffff888011e04420 (sb_writers#11){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:515
 #1: ffff88805ec75f78 (&type->i_mutex_dir_key#7/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:834 [inline]
 #1: ffff88805ec75f78 (&type->i_mutex_dir_key#7/1){+.+.}-{3:3}, at: filename_create+0x260/0x540 fs/namei.c:3979
 #2: ffffffff8e965ea8 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock include/linux/cgroup.h:367 [inline]
 #2: ffffffff8e965ea8 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_kn_lock_live+0xe6/0x290 kernel/cgroup/cgroup.c:1662
 #3: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: cgrp_css_online+0x90/0x2f0 net/core/netprio_cgroup.c:157
1 lock held by syz.4.1548/12006:
 #0: ffff88805ec75f78 (&type->i_mutex_dir_key#7){++++}-{3:3}, at: inode_lock_shared include/linux/fs.h:809 [inline]
 #0: ffff88805ec75f78 (&type->i_mutex_dir_key#7){++++}-{3:3}, at: lookup_slow+0x45/0x70 fs/namei.c:1734
1 lock held by syz.4.1548/12007:
 #0: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x86e/0x1340 net/core/dev_ioctl.c:808
2 locks held by syz.4.1548/12009:
 #0: 
ffffffff8f4683a8
 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 drivers/net/ppp/ppp_generic.c:729
 #1: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: ppp_create_interface drivers/net/ppp/ppp_generic.c:3346 [inline]
 #1: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: ppp_unattached_ioctl drivers/net/ppp/ppp_generic.c:1060 [inline]
 #1: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x78b/0x1cd0 drivers/net/ppp/ppp_generic.c:733
1 lock held by syz.4.1548/12010:
 #0: ffffffff8f4683a8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 drivers/net/ppp/ppp_generic.c:729
1 lock held by syz.4.1548/12011:
 #0: 
ffffffff8fc81a08
 (
rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
2 locks held by syz-executor/12015:
 #0: ffffffff8fc74e90 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}
, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3872
2 locks held by syz-executor/12018:
 #0: 
ffffffff8fc74e90
 (
pernet_ops_rwsem
){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: ffffffff8fc81a08
 (
rtnl_mutex
){+.+.}-{3:3}
, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3872
2 locks held by syz-executor/12021:
 #0: 
ffffffff8fc74e90
 (
pernet_ops_rwsem
){++++}-{3:3}
, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: 
ffffffff8fc81a08
 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3872
2 locks held by syz-executor/12024:
 #0: 
ffffffff8fc74e90 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3872
2 locks held by syz-executor/12027:
 #0: ffffffff8fc74e90 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3872
2 locks held by syz-executor/12030:
 #0: 
ffffffff8fc74e90 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3872
2 locks held by syz-executor/12033:
 #0: ffffffff8fc74e90 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: 
ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3872
5 locks held by kworker/u9:1/12036:
 #0: ffff8880670a0948 ((wq_completion)hci1){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff8880670a0948 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc9000342fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc9000342fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffff888065228d80
 (
&hdev->req_lock
){+.+.}-{3:3}
, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
 #3: ffff888065228078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5512
 #4: ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
 #4: ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 net/bluetooth/hci_conn.c:1265
2 locks held by syz-executor/12037:
 #0: 
ffffffff8fc74e90
 (
pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3872
5 locks held by kworker/u9:2/12038:
 #0: ffff88807be4d148 ((wq_completion)hci4){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff88807be4d148 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc900033ffd00
 (
(work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
(work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffff88806d5f4d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
 #3: ffff88806d5f4078 (
&hdev->lock
){+.+.}-{3:3}
, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5512
 #4: ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
 #4: ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 net/bluetooth/hci_conn.c:1265
4 locks held by kworker/u9:6/12040:
 #0: ffff88806ba35148 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff88806ba35148 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc90003757d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
ffffc90003757d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffff88806cf74078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 net/bluetooth/hci_event.c:3687
 #3: 
ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
4 locks held by kworker/u9:7/12041:
 #0: ffff88806a23a948 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff88806a23a948 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: 
ffffc900032bfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3207 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffff888022b30078
 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 net/bluetooth/hci_event.c:3687
 #3: ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
 #3: ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
2 locks held by syz-executor/12043:
 #0: ffffffff8fc74e90 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: ffffffff8fc81a08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3872
4 locks held by kworker/u9:8/12045:
 #0: 
ffff88806e418148
 (
(wq_completion)hci15
#2
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3206 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc90003747d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc90003747d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: 
ffff88802fbf0078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 net/bluetooth/hci_event.c:3687
 #3: 
ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
ffffffff8fded328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
2 locks held by syz-executor/12047:
 #0: ffffffff8fc74e90
 (
pernet_ops_rwsem
){++++}-{3:3}
, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: ffffffff8fc81a08
 (
rtnl_mutex
){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 net/ipv4/nexthop.c:3872
5 locks held by kworker/u9:10/12050: