INFO: task kworker/R-ipv6_:2882 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/R-ipv6_ state:D stack:28928 pid:2882  tgid:2882  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x805/0x10c0 kernel/locking/mutex.c:746
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 addrconf_dad_work+0x110/0x16a0 net/ipv6/addrconf.c:4195
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xac3/0x18e0 kernel/workqueue.c:3319
 rescuer_thread+0x662/0x1020 kernel/workqueue.c:3496
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz-executor:5470 blocked for more than 148 seconds.
      Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20648 pid:5470  tgid:5470  ppid:1      task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 </TASK>

Showing all locks held in the system:
3 locks held by init/1:
3 locks held by kworker/0:1/10:
 #0: ffff88801b075d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b075d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc900001c7c60 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc900001c7c60 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x9b/0xfc0 net/wireless/reg.c:2483
4 locks held by kworker/u4:1/13:
 #0: ffff88801b079948 ((wq_completion)kvfree_rcu_reclaim){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b079948 ((wq_completion)kvfree_rcu_reclaim){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc900001f7c60 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc900001f7c60 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff8ee44e00 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4137 [inline]
 #2: ffffffff8ee44e00 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xd6/0x3c0 mm/page_alloc.c:4162
 #3: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:921 [inline]
 #3: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:952 [inline]
 #3: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1495 [inline]
 #3: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xa8e/0x1c00 mm/zswap.c:1604
1 lock held by khungtaskd/26:
 #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x30/0x180 kernel/locking/lockdep.c:6764
3 locks held by kworker/u4:3/42:
2 locks held by kswapd1/82:
 #0: ffffffff8ee44e00 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat mm/vmscan.c:6941 [inline]
 #0: ffffffff8ee44e00 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0xb93/0x38d0 mm/vmscan.c:7315
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:921 [inline]
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:952 [inline]
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1495 [inline]
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xa8e/0x1c00 mm/zswap.c:1604
2 locks held by kworker/u4:9/1079:
 #0: ffff88801b079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffff88801fc23b08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x41f/0x7a0 kernel/sched/psi.c:987
1 lock held by jbd2/sda1-8/4698:
 #0: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:921 [inline]
 #0: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:952 [inline]
 #0: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1495 [inline]
 #0: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xa8e/0x1c00 mm/zswap.c:1604
4 locks held by syslogd/4718:
 #0: ffff888012be2420 (sb_writers#5){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3041 [inline]
 #0: ffff888012be2420 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x23f/0xd10 fs/read_write.c:680
 #1: ffff888012bee4c0 (&sb->s_type->i_mutex_key#12){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff888012bee4c0 (&sb->s_type->i_mutex_key#12){+.+.}-{4:4}, at: shmem_file_write_iter+0x80/0x120 mm/shmem.c:3454
 #2: ffffffff8ee44e00 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4137 [inline]
 #2: ffffffff8ee44e00 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xd6/0x3c0 mm/page_alloc.c:4162
 #3: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:921 [inline]
 #3: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:952 [inline]
 #3: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1495 [inline]
 #3: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xa8e/0x1c00 mm/zswap.c:1604
2 locks held by udevd/4736:
 #0: ffffffff8ee44e00 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4137 [inline]
 #0: ffffffff8ee44e00 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xd6/0x3c0 mm/page_alloc.c:4162
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:921 [inline]
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:952 [inline]
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1495 [inline]
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xa8e/0x1c00 mm/zswap.c:1604
3 locks held by dhcpcd/5030:
 #0: ffff88801209dbc8 (vm_lock){++++}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1328 [inline]
 #0: ffff88801209dbc8 (vm_lock){++++}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 #0: ffff88801209dbc8 (vm_lock){++++}-{0:0}, at: exc_page_fault+0x17d/0x920 arch/x86/mm/fault.c:1538
 #1: ffffffff8ee44e00 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4137 [inline]
 #1: ffffffff8ee44e00 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xd6/0x3c0 mm/page_alloc.c:4162
 #2: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:921 [inline]
 #2: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:952 [inline]
 #2: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1495 [inline]
 #2: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xa8e/0x1c00 mm/zswap.c:1604
2 locks held by getty/5113:
 #0: ffff888036a310a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000018e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x5bb/0x1700 drivers/tty/n_tty.c:2222
3 locks held by syz-execprog/5341:
 #0: ffff8880443376c8 (vm_lock){++++}-{0:0}, at: do_user_addr_fault arch/x86/mm/fault.c:1328 [inline]
 #0: ffff8880443376c8 (vm_lock){++++}-{0:0}, at: handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 #0: ffff8880443376c8 (vm_lock){++++}-{0:0}, at: exc_page_fault+0x17d/0x920 arch/x86/mm/fault.c:1538
 #1: ffff88801fc39b18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:605
 #2: ffff8880304500b0 (&lruvec->lru_lock){....}-{3:3}, at: folio_lruvec_lock_irqsave+0x113/0x1d0 mm/memcontrol.c:1272
2 locks held by syz-executor/5340:
 #0: ffff88804533e8e8 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:922 [inline]
 #0: ffff88804533e8e8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_unbounded+0x156/0x820 mm/readahead.c:228
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:921 [inline]
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:952 [inline]
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1495 [inline]
 #1: ffffe8ffffc37910 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xa8e/0x1c00 mm/zswap.c:1604
1 lock held by syz-executor/5467:
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3390
3 locks held by syz-executor/5468:
 #0: ffff888045030d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:481 [inline]
 #0: ffff888045030d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2678
 #1: ffff888045030078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x60f/0x1260 net/bluetooth/hci_sync.c:5213
 #2: ffffffff8ed43438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:336 [inline]
 #2: ffffffff8ed43438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x454/0x830 kernel/rcu/tree_exp.h:998
1 lock held by syz-executor/5469:
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3390
3 locks held by syz-executor/5470:
 #0: ffff888045028d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:481 [inline]
 #0: ffff888045028d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2678
 #1: ffff888045028078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x60f/0x1260 net/bluetooth/hci_sync.c:5213
 #2: ffffffff90263728 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2066 [inline]
 #2: ffffffff90263728 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2701
4 locks held by syz-executor/5472:
 #0: ffff888012390d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:481 [inline]
 #0: ffff888012390d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2678
 #1: ffff888012390078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x60f/0x1260 net/bluetooth/hci_sync.c:5213
 #2: ffffffff90263728 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2066 [inline]
 #2: ffffffff90263728 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2701
 #3: ffff88805467f338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x71/0x690 net/bluetooth/l2cap_core.c:1761
1 lock held by syz-executor/5473:
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3390
3 locks held by kworker/u5:3/5475:
 #0: ffff888012191948 ((wq_completion)hci10){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff888012191948 ((wq_completion)hci10){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc90002aefc60 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc90002aefc60 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffff88804427c078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9f/0x9e0 net/bluetooth/hci_event.c:3702
4 locks held by kworker/u5:4/5479:
 #0: ffff888050443948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff888050443948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc90002b2fc60 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc90002b2fc60 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffff8880442d0078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9f/0x9e0 net/bluetooth/hci_event.c:3702
 #3: ffffffff90263728 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
 #3: ffffffff90263728 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x5b1/0x9e0 net/bluetooth/hci_event.c:3736
4 locks held by kworker/u5:5/5480:
 #0: ffff8880459b5948 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff8880459b5948 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc90002b3fc60 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc90002b3fc60 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffff8880439cc078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9f/0x9e0 net/bluetooth/hci_event.c:3702
 #3: ffffffff90263728 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
 #3: ffffffff90263728 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x5b1/0x9e0 net/bluetooth/hci_event.c:3736
4 locks held by kworker/u5:7/5483:
 #0: ffff888012e4a948 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff888012e4a948 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc9000ccf7c60 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc9000ccf7c60 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffff8880442e4078 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9f/0x9e0 net/bluetooth/hci_event.c:3702
 #3: ffffffff90263728 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
 #3: ffffffff90263728 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x5b1/0x9e0 net/bluetooth/hci_event.c:3736
3 locks held by kworker/0:9/5650:
 #0: ffff88801b074d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b074d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc9000d1cfc60 (free_ipc_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc9000d1cfc60 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff8ed43438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:336 [inline]
 #2: ffffffff8ed43438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x454/0x830 kernel/rcu/tree_exp.h:998
3 locks held by kworker/u4:20/5667:
 #0: ffff88801b079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc9000d34fc60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc9000d34fc60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:303
1 lock held by syz-executor/5714:
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x406/0x1c40 net/ipv4/devinet.c:979
3 locks held by kworker/u4:23/5715:
 #0: ffff88803f712948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88803f712948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
 #1: ffffc9000d747c60 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc9000d747c60 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x110/0x16a0 net/ipv6/addrconf.c:4195
1 lock held by dhcpcd/5717:
 #0: ffff888000668258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1651 [inline]
 #0: ffff888000668258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 net/packet/af_packet.c:3252
1 lock held by syz-executor/5721:
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x406/0x1c40 net/ipv4/devinet.c:979
1 lock held by syz-executor/5731:
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x406/0x1c40 net/ipv4/devinet.c:979
1 lock held by syz-executor/5732:
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x406/0x1c40 net/ipv4/devinet.c:979
1 lock held by syz-executor/5733:
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x406/0x1c40 net/ipv4/devinet.c:979
1 lock held by syz-executor/5735:
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x406/0x1c40 net/ipv4/devinet.c:979
1 lock held by syz-executor/5736:
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x406/0x1c40 net/ipv4/devinet.c:979

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 26 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x4ab/0x4e0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0x1058/0x10a0 kernel/hung_task.c:437
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>