INFO: task kworker/u8:2:36 blocked for more than 156 seconds.
      Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:2    state:D stack:20792 pid:36    tgid:36    ppid:2      task_flags:0x4208160 flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6765
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6857
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6914
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 cleanup_net+0x6bf/0xd60 net/core/net_namespace.c:642
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xac0/0x18e0 kernel/workqueue.c:3319
 worker_thread+0x870/0xd30 kernel/workqueue.c:3400
 kthread+0x7ab/0x920 kernel/kthread.c:464
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task syz.0.558:7539 blocked for more than 158 seconds.
      Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.558       state:D stack:24656 pid:7539  tgid:7538  ppid:5831   task_flags:0x40054c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6765
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6857
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6914
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 tun_detach drivers/net/tun.c:698 [inline]
 tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
 __fput+0x3eb/0x9f0 fs/file_table.c:464
 task_work_run+0x251/0x310 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xa2a/0x28e0 kernel/exit.c:938
 do_group_exit+0x207/0x2c0 kernel/exit.c:1087
 get_signal+0x168c/0x1720 kernel/signal.c:3036
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fceadf8e90a
RSP: 002b:00007fceaed1fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: fffffffffffffffc RBX: 00007fceaed1fef0 RCX: 00007fceadf8e90a
RDX: 0000400000000140 RSI: 0000400000000100 RDI: 00007fceaed1feb0
RBP: 0000400000000140 R08: 00007fceaed1fef0 R09: 0000000001018852
R10: 0000000001018852 R11: 0000000000000246 R12: 0000400000000100
R13: 00007fceaed1feb0 R14: 000000000000551c R15: 00004000000003c0
 </TASK>
INFO: task syz-executor:7590 blocked for more than 159 seconds.
      Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:25984 pid:7590  tgid:7590  ppid:1      task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6765
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6857
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6914
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
 rtnetlink_rcv_msg+0x793/0xcf0 net/core/rtnetlink.c:6912
 netlink_rcv_skb+0x208/0x480 net/netlink/af_netlink.c:2533
 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
 netlink_unicast+0x7f8/0x990 net/netlink/af_netlink.c:1338
 netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1882
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x223/0x270 net/socket.c:733
 __sys_sendto+0x363/0x4c0 net/socket.c:2187
 __do_sys_sendto net/socket.c:2194 [inline]
 __se_sys_sendto net/socket.c:2190 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2190
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f301178effc
RSP: 002b:00007ffc75103550 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f30124d4620 RCX: 00007f301178effc
RDX: 0000000000000028 RSI: 00007f30124d4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffc751035a4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f30124d4670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:7593 blocked for more than 159 seconds.
      Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:25984 pid:7593  tgid:7593  ppid:1      task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6765
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6857
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6914
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
 rtnetlink_rcv_msg+0x793/0xcf0 net/core/rtnetlink.c:6912
 netlink_rcv_skb+0x208/0x480 net/netlink/af_netlink.c:2533
 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
 netlink_unicast+0x7f8/0x990 net/netlink/af_netlink.c:1338
 netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1882
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x223/0x270 net/socket.c:733
 __sys_sendto+0x363/0x4c0 net/socket.c:2187
 __do_sys_sendto net/socket.c:2194 [inline]
 __se_sys_sendto net/socket.c:2190 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2190
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f70a2d8effc
RSP: 002b:00007ffcf01b6820 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f70a3ad4620 RCX: 00007f70a2d8effc
RDX: 0000000000000028 RSI: 00007f70a3ad4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffcf01b6874 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f70a3ad4670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:7596 blocked for more than 160 seconds.
      Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:25984 pid:7596  tgid:7596  ppid:1      task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6765
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6857
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6914
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
 rtnetlink_rcv_msg+0x793/0xcf0 net/core/rtnetlink.c:6912
 netlink_rcv_skb+0x208/0x480 net/netlink/af_netlink.c:2533
 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
 netlink_unicast+0x7f8/0x990 net/netlink/af_netlink.c:1338
 netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1882
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x223/0x270 net/socket.c:733
 __sys_sendto+0x363/0x4c0 net/socket.c:2187
 __do_sys_sendto net/socket.c:2194 [inline]
 __se_sys_sendto net/socket.c:2190 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2190
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f217538effc
RSP: 002b:00007fff6fd5cbd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f21760d4620 RCX: 00007f217538effc
RDX: 0000000000000028 RSI: 00007f21760d4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff6fd5cc24 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f21760d4670 R15: 0000000000000000
 </TASK>

Showing all locks held in the system:
2 locks held by kworker/1:0/26:
1 lock held by khungtaskd/31:
 #0: ffffffff8eb39320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8eb39320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8eb39320 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6746
4 locks held by kworker/u8:2/36:
 #0: ffff88801beee148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801beee148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 kernel/workqueue.c:3319
 #1: ffffc90000ac7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc90000ac7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff8fec93d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 net/core/net_namespace.c:606
 #3: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: cleanup_net+0x6bf/0xd60 net/core/net_namespace.c:642
3 locks held by kworker/u8:3/37:
 #0: ffff888030a19948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff888030a19948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 kernel/workqueue.c:3319
 #1: ffffc90000ad7c60 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc90000ad7c60 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #2: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4730
3 locks held by kworker/u8:4/69:
 #0: ffff88801b081148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b081148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 kernel/workqueue.c:3319
 #1: ffffc90001557c60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc90001557c60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:285
2 locks held by dhcpcd/5498:
 #0: ffff8880581656c8 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0x119/0x790 net/netlink/af_netlink.c:2387
 #1: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #1: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x99/0x200 net/core/rtnetlink.c:6780
2 locks held by getty/5594:
 #0: ffff88814d5030a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002ff62f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x616/0x1770 drivers/tty/n_tty.c:2211
2 locks held by syz-executor/5837:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
 #1: ffffffff8eb3e7f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:302 [inline]
 #1: ffffffff8eb3e7f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x381/0x820 kernel/rcu/tree_exp.h:996
3 locks held by kworker/0:6/5888:
 #0: ffff88801b078d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b078d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 kernel/workqueue.c:3319
 #1: ffffc90004177c60 (deferred_process_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc90004177c60 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 kernel/workqueue.c:3319
 #2: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
1 lock held by syz-executor/7377:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
1 lock held by syz-executor/7442:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
4 locks held by kworker/u9:5/7454:
 #0: ffff88804f999948 ((wq_completion)hci3#3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88804f999948 ((wq_completion)hci3#3){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 kernel/workqueue.c:3319
 #1: ffffc9000473fc60 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc9000473fc60 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 kernel/workqueue.c:3319
 #2: ffff88805e2c0d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff88805e2c0078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x9ee/0x1340 net/bluetooth/hci_sync.c:5569
5 locks held by kworker/u9:6/7478:
 #0: ffff888037247948 ((wq_completion)hci13){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff888037247948 ((wq_completion)hci13){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 kernel/workqueue.c:3319
 #1: ffffc900041d7c60 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc900041d7c60 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 kernel/workqueue.c:3319
 #2: ffff88807df54d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff88807df54078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x9ee/0x1340 net/bluetooth/hci_sync.c:5569
 #4: ffffffff8eb3e7f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:334 [inline]
 #4: ffffffff8eb3e7f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x820 kernel/rcu/tree_exp.h:996
9 locks held by syz.3.555/7532:
1 lock held by syz.1.556/7531:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
1 lock held by syz.0.558/7539:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
1 lock held by syz-executor/7583:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x47a/0x2310 drivers/net/tun.c:3121
1 lock held by syz-executor/7590:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7593:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7596:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7601:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x47a/0x2310 drivers/net/tun.c:3121
1 lock held by syz-executor/7616:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7623:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7626:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7630:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7634:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7635:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7640:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7659:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7661:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7675:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7677:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7682:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987
1 lock held by syz-executor/7684:
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 #0: ffffffff8fed5c08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x47e/0x1bc0 net/ipv4/devinet.c:987

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:236 [inline]
 watchdog+0x1058/0x10a0 kernel/hung_task.c:399
 kthread+0x7ab/0x920 kernel/kthread.c:464
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 7532 Comm: syz.3.555 Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:instrument_atomic_read include/linux/instrumented.h:68 [inline]
RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
RIP: 0010:hlock_class kernel/locking/lockdep.c:230 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4853 [inline]
RIP: 0010:__lock_acquire+0x5ad/0x2100 kernel/locking/lockdep.c:5178
Code: 00 00 0f b6 2b 41 0f b6 04 16 84 c0 0f 85 0c 13 00 00 41 8b 1f 81 e3 ff 1f 00 00 48 89 d8 48 c1 e8 06 48 8d 3c c5 40 a8 54 94 <be> 08 00 00 00 e8 19 3f 8c 00 48 0f a3 1d f1 c9 b7 12 73 22 48 69
RSP: 0018:ffffc90000a277f0 EFLAGS: 00000012
RAX: 0000000000000016 RBX: 0000000000000587 RCX: ffffffff819cdd3c
RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffffffff9454a8f0
RBP: 0000000000000003 R08: ffffffff9454a8f7 R09: 1ffffffff28a951e
R10: dffffc0000000000 R11: fffffbfff28a951f R12: ffff888021bb8ad4
R13: 000000000000002d R14: 1ffff1100437718f R15: ffff888021bb8c78
FS:  00007f3ef4ac86c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6b19b6de59 CR3: 0000000067dd4000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
 local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 get_random_u16+0x1b3/0xa80 drivers/char/random.c:552
 cake_get_flow_quantum+0x191/0x290 net/sched/sch_cake.c:687
 cake_dequeue+0x2b04/0x4be0 net/sched/sch_cake.c:2106
 dequeue_skb net/sched/sch_generic.c:293 [inline]
 qdisc_restart net/sched/sch_generic.c:398 [inline]
 __qdisc_run+0x274/0x2180 net/sched/sch_generic.c:416
 __dev_xmit_skb net/core/dev.c:4108 [inline]
 __dev_queue_xmit+0x10dd/0x3f50 net/core/dev.c:4615
 dev_queue_xmit include/linux/netdevice.h:3313 [inline]
 neigh_hh_output include/net/neighbour.h:523 [inline]
 neigh_output include/net/neighbour.h:537 [inline]
 ip_finish_output2+0xcd3/0x12e0 net/ipv4/ip_output.c:236
 ip_local_out net/ipv4/ip_output.c:130 [inline]
 ip_send_skb net/ipv4/ip_output.c:1502 [inline]
 ip_push_pending_frames+0xbf/0x150 net/ipv4/ip_output.c:1522
 __icmp_send+0x12b2/0x1800 net/ipv4/icmp.c:783
 icmp_send include/net/icmp.h:43 [inline]
 ip_protocol_deliver_rcu+0x41b/0x440 net/ipv4/ip_input.c:216
 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233
 NF_HOOK+0x3a6/0x450 include/linux/netfilter.h:314
 NF_HOOK+0x3a6/0x450 include/linux/netfilter.h:314
 __netif_receive_skb_one_core net/core/dev.c:5893 [inline]
 __netif_receive_skb+0x2bf/0x650 net/core/dev.c:6006
 process_backlog+0x662/0x15b0 net/core/dev.c:6354
 __napi_poll+0xcd/0x490 net/core/dev.c:7188
 napi_poll net/core/dev.c:7257 [inline]
 net_rx_action+0x89b/0x1240 net/core/dev.c:7379
 handle_softirqs+0x2d6/0x9b0 kernel/softirq.c:561
 do_softirq+0x11b/0x1e0 kernel/softirq.c:462
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:389
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]
 __dev_queue_xmit+0x1775/0x3f50 net/core/dev.c:4676
 dev_queue_xmit include/linux/netdevice.h:3313 [inline]
 neigh_hh_output include/net/neighbour.h:523 [inline]
 neigh_output include/net/neighbour.h:537 [inline]
 ip_finish_output2+0xcd3/0x12e0 net/ipv4/ip_output.c:236
 ip_local_out net/ipv4/ip_output.c:130 [inline]
 ip_send_skb net/ipv4/ip_output.c:1502 [inline]
 ip_push_pending_frames+0xbf/0x150 net/ipv4/ip_output.c:1522
 raw_sendmsg+0x1ad7/0x24b0 net/ipv4/raw.c:657
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x1a6/0x270 net/socket.c:733
 ____sys_sendmsg+0x53a/0x860 net/socket.c:2573
 ___sys_sendmsg net/socket.c:2627 [inline]
 __sys_sendmmsg+0x36a/0x720 net/socket.c:2716
 __do_sys_sendmmsg net/socket.c:2743 [inline]
 __se_sys_sendmmsg net/socket.c:2740 [inline]
 __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2740
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3ef3b8d169
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3ef4ac8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f3ef3da5fa0 RCX: 00007f3ef3b8d169
RDX: 0000000004000095 RSI: 0000400000005240 RDI: 0000000000000003
RBP: 00007f3ef3c0e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f3ef3da5fa0 R15: 00007ffda8327208
 </TASK>