rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 2690 jiffies s: 138905 root: 0x2/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 9521 Comm: syz-fuzzer Not tainted 6.10.0-rc3-next-20240611-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x11/0x70 kernel/kcov.c:207
Code: 5b e9 73 96 5a 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 00 d6 03 00 <65> 8b 15 00 8e 70 7e f7 c2 00 01 ff 00 74 11 f7 c2 00 01 00 00 74
RSP: 0018:ffffc90000a182b0 EFLAGS: 00000046
RAX: ffffffff81938979 RBX: 0000000000000000 RCX: ffff88802aa21e00
RDX: 0000000000000102 RSI: ffffffff8c200740 RDI: 0000000000000001
RBP: ffffc90000a18490 R08: ffffffff853e50e4 R09: 1ffff11004081046
R10: dffffc0000000000 R11: ffffffff8b86d140 R12: dffffc0000000000
R13: ffffffff94803bc0 R14: 0000000000002700 R15: ffffffff94af2360
FS:  000000c000058c90(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c00094f000 CR3: 000000001207a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 touch_softlockup_watchdog+0x9/0x30 kernel/watchdog.c:599
 touch_nmi_watchdog include/linux/nmi.h:151 [inline]
 wait_for_lsr drivers/tty/serial/8250/8250_port.c:2075 [inline]
 serial8250_console_fifo_write drivers/tty/serial/8250/8250_port.c:3315 [inline]
 serial8250_console_write+0x1332/0x1ed0 drivers/tty/serial/8250/8250_port.c:3393
 console_emit_next_record kernel/printk/printk.c:2975 [inline]
 console_flush_all+0x880/0xf50 kernel/printk/printk.c:3047
 console_unlock+0x13b/0x4d0 kernel/printk/printk.c:3118
 vprintk_emit+0x7a1/0x900 kernel/printk/printk.c:2420
 _printk+0xd5/0x120 kernel/printk/printk.c:2447
 printk_stack_address arch/x86/kernel/dumpstack.c:72 [inline]
 show_trace_log_lvl+0x43a/0x520 arch/x86/kernel/dumpstack.c:285
 sched_show_task+0x578/0x740 kernel/sched/core.c:7432
 report_rtnl_holders+0x1ba/0x2d0 net/core/rtnetlink.c:104
 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1792
 expire_timers kernel/time/timer.c:1843 [inline]
 __run_timers kernel/time/timer.c:2417 [inline]
 __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2428
 run_timer_base kernel/time/timer.c:2437 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2447
 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:tomoyo_path_matches_pattern+0x4a/0x270 security/tomoyo/util.c:941
Code: 5c 5c 2d fd 4c 89 e0 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 e7 e8 16 6b 93 fd 49 8b 2c 24 48 89 d8 48 c1 e8 03 42 80 3c 30 00 <74> 08 48 89 df e8 fc 6a 93 fd 48 89 2c 24 4c 8b 3b 48 8d 7b 0c 48
RSP: 0018:ffffc90004e079c0 EFLAGS: 00000246
RAX: 1ffff11005f5a413 RBX: ffff88802fad2098 RCX: ffff88802aa21e00
RDX: 0000000000000000 RSI: ffff88802fad2098 RDI: ffffc90004e07aa0
RBP: ffff888064bd6000 R08: ffffffff846441aa R09: ffffffff8465e85c
R10: 0000000000000002 R11: ffffffff84648ad0 R12: ffffc90004e07aa0
R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807b763990
 tomoyo_check_acl+0x12e/0x3f0 security/tomoyo/domain.c:175
 tomoyo_env_perm+0x13e/0x210 security/tomoyo/environ.c:62
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x1384/0x1cf0 security/tomoyo/domain.c:878
 tomoyo_bprm_check_security+0x115/0x180 security/tomoyo/tomoyo.c:102
 security_bprm_check+0x65/0x90 security/security.c:1191
 search_binary_handler fs/exec.c:1778 [inline]
 exec_binprm fs/exec.c:1832 [inline]
 bprm_execve+0xa56/0x1770 fs/exec.c:1883
 do_execveat_common+0x553/0x700 fs/exec.c:1990
 do_execve fs/exec.c:2064 [inline]
 __do_sys_execve fs/exec.c:2140 [inline]
 __se_sys_execve fs/exec.c:2135 [inline]
 __x64_sys_execve+0x92/0xb0 fs/exec.c:2135
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x40720e
Code: 48 83 ec 38 e8 13 00 00 00 48 83 c4 38 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48
RSP: 002b:000000c0007c1178 EFLAGS: 00000202 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 000000c000816168 RCX: 000000000040720e
RDX: 000000c0017cacc0 RSI: 000000c00213a840 RDI: 000000c000816168
RBP: 000000c0007c11b8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00000000004b95a5
R13: 000000c000058c00 R14: 000000c001151a00 R15: 0000000000000018
 </TASK>
 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
 netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1357
 netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1901
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 __sys_sendto+0x3a4/0x4f0 net/socket.c:2192
 __do_sys_sendto net/socket.c:2204 [inline]
 __se_sys_sendto net/socket.c:2200 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2200
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7932a7eb9c
RSP: 002b:00007ffea13b20d0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f79336e4620 RCX: 00007f7932a7eb9c
RDX: 000000000000002c RSI: 00007f79336e4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffea13b2124 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f79336e4670 R15: 0000000000000000
 </TASK>
DEBUG: holding rtnl_mutex for 7162 jiffies.
task:kworker/u8:1    state:D stack:19288 pid:12    tgid:12    ppid:2      flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5192 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline]
 synchronize_rcu_expedited+0x451/0x830 kernel/rcu/tree_exp.h:959
 synchronize_rcu+0x11b/0x360 kernel/rcu/tree.c:4015
 lockdep_unregister_key+0x4b7/0x540 kernel/locking/lockdep.c:6542
 __qdisc_destroy+0x165/0x410 net/sched/sch_generic.c:1078
 netdev_for_each_tx_queue include/linux/netdevice.h:2504 [inline]
 dev_shutdown+0x9b/0x440 net/sched/sch_generic.c:1489
 unregister_netdevice_many_notify+0x977/0x16b0 net/core/dev.c:11209
 unregister_netdevice_many net/core/dev.c:11277 [inline]
 default_device_exit_batch+0xa0f/0xa90 net/core/dev.c:11760
 ops_exit_list net/core/net_namespace.c:178 [inline]
 cleanup_net+0x89d/0xcc0 net/core/net_namespace.c:640
 process_one_work kernel/workqueue.c:3248 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3329
 worker_thread+0x86d/0xd50 kernel/workqueue.c:3409
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:144
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
DEBUG: waiting rtnl_mutex for 7147 jiffies.
task:kworker/1:4     state:D stack:21016 pid:5173  tgid:5173  ppid:2      flags:0x00004000
Workqueue: events linkwatch_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5192 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 linkwatch_event+0xe/0x60 net/core/link_watch.c:276
 process_one_work kernel/workqueue.c:3248 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3329
 worker_thread+0x86d/0xd50 kernel/workqueue.c:3409
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:144
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
DEBUG: waiting rtnl_mutex for 7077 jiffies.
task:syz-executor.0  state:D stack:23800 pid:9445  tgid:9443  ppid:8940   flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5192 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 dev_ioctl+0x86e/0x1340 net/core/dev_ioctl.c:811
 sock_ioctl+0x7f2/0x8e0 net/socket.c:1268
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd95327cea9
RSP: 002b:00007fd953f840c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fd9533b4050 RCX: 00007fd95327cea9
RDX: 0000000020000a80 RSI: 00000000000089f2 RDI: 0000000000000004
RBP: 00007fd9532ebff4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007fd9533b4050 R15: 00007ffe9a9ae708
 </TASK>
DEBUG: waiting rtnl_mutex for 6671 jiffies.
task:syz-executor.1  state:D stack:19504 pid:9046  tgid:9046  ppid:1      flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5192 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 tun_detach drivers/net/tun.c:698 [inline]
 tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3500
 __fput+0x406/0x8b0 fs/file_table.c:422
 task_work_run+0x24f/0x310 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa27/0x28e0 kernel/exit.c:874
 do_group_exit+0x207/0x2c0 kernel/exit.c:1023
 __do_sys_exit_group kernel/exit.c:1034 [inline]
 __se_sys_exit_group kernel/exit.c:1032 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1032
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa24a47cea9
RSP: 002b:00007ffee9960638 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa24a47cea9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 00007fa24a4c88a0 R08: 00007ffee995e3d7 R09: 000000000008355f
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 000000000008355f R14: 0000000000000000 R15: 0000000000000017
 </TASK>
DEBUG: waiting rtnl_mutex for 6487 jiffies.
task:syz-executor.4  state:D stack:21408 pid:9513  tgid:9506  ppid:9195   flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5192 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 rtnl_lock net/core/rtnetlink.c:148 [inline]
 rtnl_dumpit+0x1bd/0x300 net/core/rtnetlink.c:6586
 netlink_dump+0x645/0xd80 net/netlink/af_netlink.c:2325
 __netlink_dump_start+0x59d/0x780 net/netlink/af_netlink.c:2440
 netlink_dump_start include/linux/netlink.h:339 [inline]
 rtnetlink_dump_start net/core/rtnetlink.c:6616 [inline]
 rtnetlink_rcv_msg+0xd9c/0x1170 net/core/rtnetlink.c:6683
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550
 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
 netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1357
 netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1901
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 __sys_sendto+0x3a4/0x4f0 net/socket.c:2192
 __do_sys_sendto net/socket.c:2204 [inline]
 __se_sys_sendto net/socket.c:2200 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2200
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5f5647cea9
RSP: 002b:00007f5f571e60c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f5f565b4120 RCX: 00007f5f5647cea9
RDX: 0000000000000012 RSI: 0000000020000740 RDI: 0000000000000009
RBP: 00007f5f564ebff4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f5f565b4120 R15: 00007ffd57434a58
 </TASK>
DEBUG: waiting rtnl_mutex for 4003 jiffies.
task:syz-executor.1  state:D stack:24992 pid:9518  tgid:9518  ppid:9517   flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5192 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 rtnetlink_rcv_msg+0x839/0x1170 net/core/rtnetlink.c:6724
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550
 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
 netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1357
 netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1901
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 __sys_sendto+0x3a4/0x4f0 net/socket.c:2192
 __do_sys_sendto net/socket.c:2204 [inline]
 __se_sys_sendto net/socket.c:2200 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2200
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5c5c87eb9c
RSP: 002b:00007ffe84f6df90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f5c5d4e4620 RCX: 00007f5c5c87eb9c
RDX: 0000000000000028 RSI: 00007f5c5d4e4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffe84f6dfe4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f5c5d4e4670 R15: 0000000000000000
 </TASK>

Showing all locks held in the system:
1 lock held by pool_workqueue_/3:
 #0: ffffffff8e33a878 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:297 [inline]
 #0: ffffffff8e33a878 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 kernel/rcu/tree_exp.h:959
5 locks held by kworker/u8:1/12:
 #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc90000117d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc90000117d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffffffff8f5e2c90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 net/core/net_namespace.c:594
 #3: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 net/core/dev.c:11746
 #4: ffffffff8e33a878 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline]
 #4: ffffffff8e33a878 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 kernel/rcu/tree_exp.h:959
3 locks held by kworker/u8:8/2802:
 #0: ffff88802a497148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff88802a497148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc9000a0c7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc9000a0c7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 net/ipv6/addrconf.c:4193
2 locks held by getty/4850:
 #0: ffff88802a6c70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 drivers/tty/n_tty.c:2211
4 locks held by syz-fuzzer/5091:
 #0: ffff8880617af748 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x310 fs/file.c:1191
 #1: ffff888078a9d3b8 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: iterate_dir+0x55b/0x820 fs/readdir.c:101
 #2: ffff88802fb8a420 (sb_writers#4){.+.+}-{0:0}, at: file_accessed include/linux/fs.h:2474 [inline]
 #2: ffff88802fb8a420 (sb_writers#4){.+.+}-{0:0}, at: iterate_dir+0x704/0x820 fs/readdir.c:111
 #3: ffff88802fb8e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x203f/0x22a0 fs/jbd2/transaction.c:463
4 locks held by syz-fuzzer/5103:
 #0: ffff8880617af9c8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x310 fs/file.c:1191
 #1: ffff88805bbdabd8 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: iterate_dir+0x55b/0x820 fs/readdir.c:101
 #2: ffff88802fb8a420 (sb_writers#4){.+.+}-{0:0}, at: file_accessed include/linux/fs.h:2474 [inline]
 #2: ffff88802fb8a420 (sb_writers#4){.+.+}-{0:0}, at: iterate_dir+0x704/0x820 fs/readdir.c:111
 #3: ffff88802fb8e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x203f/0x22a0 fs/jbd2/transaction.c:463
4 locks held by syz-fuzzer/5109:
 #0: ffff8880617afc48 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x310 fs/file.c:1191
 #1: ffff888078a9b5d0 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: iterate_dir+0x55b/0x820 fs/readdir.c:101
 #2: ffff88802fb8a420 (sb_writers#4){.+.+}-{0:0}, at: file_accessed include/linux/fs.h:2474 [inline]
 #2: ffff88802fb8a420 (sb_writers#4){.+.+}-{0:0}, at: iterate_dir+0x704/0x820 fs/readdir.c:111
 #3: ffff88802fb8e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x203f/0x22a0 fs/jbd2/transaction.c:463
5 locks held by kworker/u9:4/5128:
 #0: ffff88807fed0948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff88807fed0948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc90003c8fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc90003c8fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffff8880631e4d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:309
 #3: ffff8880631e4078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5431
 #4: ffffffff8f759f08 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1968 [inline]
 #4: ffffffff8f759f08 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 net/bluetooth/hci_conn.c:1257
3 locks held by kworker/1:4/5173:
 #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc90004737d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc90004737d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:276
1 lock held by syz-executor.1/9046:
 #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3500
1 lock held by syz-executor.3/9384:
 #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 net/core/rtnetlink.c:6724
1 lock held by syz-executor.0/9445:
 #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x86e/0x1340 net/core/dev_ioctl.c:811
2 locks held by syz-executor.4/9513:
 #0: ffff88805d0f9678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780 net/netlink/af_netlink.c:2404
 #1: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:148 [inline]
 #1: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x1bd/0x300 net/core/rtnetlink.c:6586
3 locks held by syz-executor.2/9516:
 #0: ffff88807fc360e0 (&type->s_umount_key#74/1){+.+.}-{3:3}, at: alloc_super+0x221/0x9d0 fs/super.c:344
 #1: ffffffff8e8a79c8 (uuid_mutex){+.+.}-{3:3}, at: btrfs_close_devices+0xc0/0x5c0 fs/btrfs/volumes.c:1158
 #2: ffffffff8e3ee9a8 (lock#3){+.+.}-{3:3}, at: __lru_add_drain_all+0x66/0x560 mm/swap.c:856
1 lock held by syz-executor.1/9518:
 #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 net/core/rtnetlink.c:6724
5 locks held by syz-fuzzer/9521:
 #0: ffff888028ebd648 (&sig->cred_guard_mutex){+.+.}-{3:3}, at: prepare_bprm_creds fs/exec.c:1508 [inline]
 #0: ffff888028ebd648 (&sig->cred_guard_mutex){+.+.}-{3:3}, at: bprm_execve+0xd1/0x1770 fs/exec.c:1863
 #1: ffffffff8e9c3b50 (tomoyo_ss){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
 #1: ffffffff8e9c3b50 (tomoyo_ss){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
 #1: ffffffff8e9c3b50 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_read_lock security/tomoyo/common.h:1108 [inline]
 #1: ffffffff8e9c3b50 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_bprm_check_security+0xe9/0x180 security/tomoyo/tomoyo.c:101
 #2: ffffc90000a18c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 kernel/time/timer.c:1789
 #3: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:326 [inline]
 #3: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #3: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 net/core/rtnetlink.c:95
 #4: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:326 [inline]
 #4: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #4: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6689

=============================================