INFO: task syz-executor:21792 blocked for more than 143 seconds.
      Tainted: G     U              6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:28216 pid:21792 tgid:21792 ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x116a/0x5de0 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6878
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:747
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
 rtnetlink_rcv_msg+0x95b/0xe90 net/core/rtnetlink.c:6944
 netlink_rcv_skb+0x158/0x420 net/netlink/af_netlink.c:2534
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg net/socket.c:727 [inline]
 __sys_sendto+0x4a0/0x520 net/socket.c:2180
 __do_sys_sendto net/socket.c:2187 [inline]
 __se_sys_sendto net/socket.c:2183 [inline]
 __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2183
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fae665907bc
RSP: 002b:00007fff796dce00 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fae672e4620 RCX: 00007fae665907bc
RDX: 0000000000000028 RSI: 00007fae672e4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff796dce54 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007fae672e4670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:21797 blocked for more than 143 seconds.
      Tainted: G     U              6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:27800 pid:21797 tgid:21797 ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x116a/0x5de0 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6878
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:747
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
 rtnetlink_rcv_msg+0x95b/0xe90 net/core/rtnetlink.c:6944
 netlink_rcv_skb+0x158/0x420 net/netlink/af_netlink.c:2534
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg net/socket.c:727 [inline]
 __sys_sendto+0x4a0/0x520 net/socket.c:2180
 __do_sys_sendto net/socket.c:2187 [inline]
 __se_sys_sendto net/socket.c:2183 [inline]
 __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2183
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1a6fb907bc
RSP: 002b:00007fffbcf7be40 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f1a708e4620 RCX: 00007f1a6fb907bc
RDX: 0000000000000028 RSI: 00007f1a708e4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fffbcf7be94 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f1a708e4670 R15: 0000000000000000
 </TASK>
INFO: task kworker/u10:18:21809 blocked for more than 143 seconds.
      Tainted: G     U              6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u10:18  state:D stack:29688 pid:21809 tgid:21809 ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: events_unbound linkwatch_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x116a/0x5de0 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6878
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:747
 linkwatch_event+0x51/0xc0 net/core/link_watch.c:303
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Showing all locks held in the system:
4 locks held by kworker/R-netns/8:
 #0: ffff88801c6fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc900000d7ca8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 net/core/net_namespace.c:662
 #3: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x150 net/wireless/core.c:1649
1 lock held by khungtaskd/31:
 #0: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6770
2 locks held by syz-executor/5819:
4 locks held by kworker/1:5/5839:
 #0: ffff8880342dd148 ((wq_completion)wg-kex-wg1#16){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc9000403fd10 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff88805c94d308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x880 drivers/net/wireguard/noise.c:598
 #3: ffff88805c830338 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x5ac/0x880 drivers/net/wireguard/noise.c:632
4 locks held by kworker/1:7/5904:
 #0: ffff888066124948 ((wq_completion)wg-kex-wg0#16){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc9000441fd10 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff888066d89308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_response+0x22b/0x950 drivers/net/wireguard/noise.c:742
 #3: ffff88805f145c60 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_response+0x2f7/0x950 drivers/net/wireguard/noise.c:753
3 locks held by kworker/0:4/5923:
2 locks held by kworker/0:5/5924:
4 locks held by kworker/1:0/10766:
 #0: ffff88801b881d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc900045e7d10 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x83/0x1170 net/wireless/reg.c:2483
 #3: ffff888059e00768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6062 [inline]
 #3: ffff888059e00768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_leave_invalid_chans net/wireless/reg.c:2471 [inline]
 #3: ffff888059e00768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x110/0x1170 net/wireless/reg.c:2486
3 locks held by kworker/u10:0/12198:
3 locks held by kworker/u10:1/12201:
3 locks held by kworker/u10:2/12202:
3 locks held by kworker/u10:3/12207:
3 locks held by kworker/u10:4/12233:
9 locks held by kworker/u11:3/12316:
3 locks held by kworker/u10:5/12345:
3 locks held by kworker/u10:6/12654:
3 locks held by kworker/0:1/15345:
 #0: ffff88801b880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc90005287d10 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
3 locks held by kworker/u10:7/15616:
1 lock held by syz.4.2042/16406:
1 lock held by syz.4.2042/16407:
3 locks held by kworker/u10:8/16449:
2 locks held by getty/16941:
 #0: ffff8880322930a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000357b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
1 lock held by syz-executor/19450:
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: netdev_wait_allrefs_any net/core/dev.c:11281 [inline]
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: netdev_run_todo+0xebf/0x1320 net/core/dev.c:11393
5 locks held by kworker/u11:2/19451:
 #0: ffff888025b0b148 ((wq_completion)hci4){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc900051cfd10 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff888041ec8d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x175/0x430 net/bluetooth/hci_sync.c:331
 #3: ffff888041ec8078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x13f/0xb10 net/bluetooth/hci_sync.c:5626
 #4: ffffffff905bf988 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
 #4: ffffffff905bf988 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x14f/0x330 net/bluetooth/hci_conn.c:1275
2 locks held by syz.1.3236/21734:
 #0: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:570
 #1: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: netdev_wait_allrefs_any net/core/dev.c:11281 [inline]
 #1: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: netdev_run_todo+0xebf/0x1320 net/core/dev.c:11393
4 locks held by kworker/u10:9/21742:
3 locks held by kworker/u10:10/21750:
2 locks held by kworker/u10:11/21753:
3 locks held by kworker/u10:12/21774:
 #0: ffff888031097148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc9000ba87d10 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4738
2 locks held by syz-executor/21779:
 #0: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:570
 #1: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x1b/0x70 net/ipv4/nexthop.c:3929
2 locks held by syz.0.3247/21784:
 #0: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:570
 #1: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x1b/0x70 net/ipv4/nexthop.c:3929
4 locks held by kworker/u10:13/21783:
1 lock held by syz.3.3248/21788:
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:633 [inline]
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3396
1 lock held by syz-executor/21792:
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
5 locks held by kworker/u11:4/21794:
 #0: ffff888030c80948 ((wq_completion)hci6){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc9000baa7d10 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff888041eccd80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x175/0x430 net/bluetooth/hci_sync.c:331
 #3: ffff888041ecc078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x13f/0xb10 net/bluetooth/hci_sync.c:5626
 #4: ffffffff905bf988 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
 #4: ffffffff905bf988 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x14f/0x330 net/bluetooth/hci_conn.c:1275
3 locks held by kworker/u10:14/21795:
1 lock held by syz-executor/21797:
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
4 locks held by kworker/u10:15/21800:
4 locks held by kworker/u10:16/21801:
4 locks held by kworker/u10:17/21802:
3 locks held by kworker/u10:18/21809:
 #0: ffff88801b889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc9000b797d10 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 net/core/link_watch.c:303
3 locks held by kworker/u10:19/21812:
3 locks held by kworker/u10:20/21813:
4 locks held by kworker/u10:21/21819:
3 locks held by kworker/u10:22/21821:
4 locks held by kworker/u10:23/21822:
2 locks held by kworker/u10:24/21823:
1 lock held by syz-executor/21826:
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
4 locks held by kworker/u10:25/21835:
1 lock held by syz-executor/21837:
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
2 locks held by kworker/0:6/21841:
7 locks held by kworker/u11:5/21851:
 #0: ffff888061522148 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc90003fcfd10 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff8880233dcd80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x175/0x430 net/bluetooth/hci_sync.c:331
 #3: ffff8880233dc078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x13f/0xb10 net/bluetooth/hci_sync.c:5626
 #4: ffffffff905bf988 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2051 [inline]
 #4: ffffffff905bf988 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x14f/0x330 net/bluetooth/hci_conn.c:1275
 #5: ffff8880494d8b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730 net/bluetooth/l2cap_core.c:1762
 #6: ffffffff8e5cfdb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:336
4 locks held by kworker/u10:26/21854:
4 locks held by kworker/u10:27/21856:
3 locks held by kworker/u10:28/21861:
4 locks held by kworker/u10:29/21862:
4 locks held by kworker/1:1/21863:
 #0: ffff88804b064948 ((wq_completion)wg-kex-wg0#10){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc9000418fd10 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff888058275308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x880 drivers/net/wireguard/noise.c:598
 #3: ffff88805c835c60 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x5ac/0x880 drivers/net/wireguard/noise.c:632
4 locks held by kworker/u10:30/21869:
4 locks held by kworker/u10:31/21870:
1 lock held by syz-executor/21876:
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
3 locks held by kworker/u10:32/21881:
4 locks held by kworker/u10:33/21882:
1 lock held by syz-executor/21886:
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff9034e2a8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
4 locks held by kworker/u10:34/21891:
1 lock held by dhcpcd/21907:
 #0: ffff8880784de258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #0: ffff8880784de258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 net/packet/af_packet.c:3252
4 locks held by kworker/1:6/21909:
 #0: ffff8880595b2948 ((wq_completion)wg-kex-wg0#18){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc90003017d10 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff888069289308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_response+0x22b/0x950 drivers/net/wireguard/noise.c:742
 #3: ffff88807bd39708 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_response+0x2f7/0x950 drivers/net/wireguard/noise.c:753
1 lock held by dhcpcd/21913:
 #0: ffff88803142c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #0: ffff88803142c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 net/packet/af_packet.c:3252
1 lock held by dhcpcd/21914:
 #0: ffff888025f50258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #0: ffff888025f50258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 net/packet/af_packet.c:3252
2 locks held by dhcpcd/21915:
 #0: ffff88802a6f6258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #0: ffff88802a6f6258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 net/packet/af_packet.c:3252
 #1: ffffffff8e5cfdb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:336
1 lock held by syz-executor/21919:
 #0: ffff888060224d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_open+0x22/0x90 net/bluetooth/hci_core.c:410
3 locks held by kworker/u10:35/21922:
4 locks held by kworker/u10:36/21923:
4 locks held by kworker/u10:37/21927:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G     U              6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
Tainted: [U]=USER
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:307 [inline]
 watchdog+0xf70/0x12c0 kernel/hung_task.c:470
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 12316 Comm: kworker/u11:3 Tainted: G     U              6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
Tainted: [U]=USER
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: hci11 hci_power_on
RIP: 0010:iterate_chain_key kernel/locking/lockdep.c:454 [inline]
RIP: 0010:__lock_acquire+0x65f/0x1c90 kernel/locking/lockdep.c:5228
Code: 10 8b 74 24 18 44 8b 74 24 28 c1 e0 0d 66 0b 04 24 98 29 f0 8b 74 24 20 31 f0 89 c2 41 29 c6 01 c8 c1 c2 06 41 31 d6 44 89 f2 <44> 29 f1 41 01 c6 c1 c2 08 31 d1 89 ca 29 c8 44 01 f1 c1 c2 10 89
RSP: 0018:ffffc90000006b58 EFLAGS: 00000002
RAX: 0000000090fb3ac7 RBX: 0000000000000007 RCX: 0000000036198be1
RDX: 000000005e5e646b RSI: 00000000501fefef RDI: ffff88802b958c08
RBP: ffff88802b958000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802b958af0
R13: ffff88802b958c08 R14: 000000005e5e646b R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff888124760000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056101c8490e0 CR3: 000000000e382000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 lock_acquire kernel/locking/lockdep.c:5871 [inline]
 lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xd1/0x20a0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:319 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:345
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4148 [inline]
 slab_alloc_node mm/slub.c:4197 [inline]
 kmem_cache_alloc_noprof+0x1cb/0x3b0 mm/slub.c:4204
 skb_ext_maybe_cow net/core/skbuff.c:6995 [inline]
 skb_ext_add+0xf8/0x7a0 net/core/skbuff.c:7069
 nf_bridge_unshare net/bridge/br_netfilter_hooks.c:169 [inline]
 br_nf_forward_ip.part.0+0x28/0x810 net/bridge/br_netfilter_hooks.c:684
 br_nf_forward_ip net/bridge/br_netfilter_hooks.c:679 [inline]
 br_nf_forward+0xf0f/0x1be0 net/bridge/br_netfilter_hooks.c:776
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_slow+0xbe/0x200 net/netfilter/core.c:623
 nf_hook+0x45e/0x780 include/linux/netfilter.h:272
 NF_HOOK include/linux/netfilter.h:315 [inline]
 __br_forward+0x1be/0x5b0 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 br_flood+0x39c/0x650 net/bridge/br_forward.c:249
 br_handle_frame_finish+0xf2d/0x1ca0 net/bridge/br_input.c:221
 br_nf_hook_thresh+0x304/0x410 net/bridge/br_netfilter_hooks.c:1170
 br_nf_pre_routing_finish_ipv6+0x76a/0xfb0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:317 [inline]
 br_nf_pre_routing_ipv6+0x3cd/0x8c0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:283 [inline]
 br_handle_frame+0xad8/0x14b0 net/bridge/br_input.c:434
 __netif_receive_skb_core.constprop.0+0xa23/0x4a00 net/core/dev.c:5863
 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:5975
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6090
 process_backlog+0x442/0x15e0 net/core/dev.c:6442
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0xa9f/0xfe0 net/core/dev.c:7605
 handle_softirqs+0x216/0x8e0 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:console_flush_all+0x9a2/0xc60 kernel/printk/printk.c:3227
Code: 00 e8 32 7e 28 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 00 aa 20 00 48 85 db 0f 85 55 01 00 00 e8 82 ae 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 17 92 86
RSP: 0018:ffffc90004aef628 EFLAGS: 00000293
RAX: ffffffff8f2ed158 RBX: 0000000000000000 RCX: ffffffff819adb70
RDX: ffff88802b958000 RSI: ffffffff819adb7e RDI: 0000000000000007
RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8f2ed158
R13: ffffffff8f2ed100 R14: ffffc90004aef6b8 R15: dffffc0000000000
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0xd8/0x210 kernel/printk/printk.c:3325
 vprintk_emit+0x418/0x6d0 kernel/printk/printk.c:2450
 _printk+0xc7/0x100 kernel/printk/printk.c:2475
 bt_err+0xe4/0x120 net/bluetooth/lib.c:296
 __hci_cmd_sync_status_sk net/bluetooth/hci_sync.c:271 [inline]
 __hci_cmd_sync_status net/bluetooth/hci_sync.c:287 [inline]
 hci_read_dev_class_sync+0x13e/0x160 net/bluetooth/hci_sync.c:3710
 hci_init_stage_sync net/bluetooth/hci_sync.c:3565 [inline]
 hci_init2_sync net/bluetooth/hci_sync.c:3989 [inline]
 hci_init_sync net/bluetooth/hci_sync.c:4816 [inline]
 hci_dev_init_sync net/bluetooth/hci_sync.c:5001 [inline]
 hci_dev_open_sync+0x1b70/0x2430 net/bluetooth/hci_sync.c:5079
 hci_dev_do_open+0x2a/0x90 net/bluetooth/hci_core.c:412
 hci_power_on+0x131/0x610 net/bluetooth/hci_core.c:941
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>