INFO: task syz.6.3977:20391 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.3977      state:D stack:25184 pid:20391 tgid:20390 ppid:18935  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x15dd/0x52d0
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7fe/0x1300
 nfnetlink_rcv_msg+0xa6e/0x12c0
 netlink_rcv_skb+0x232/0x4b0
 nfnetlink_rcv+0x2c0/0x27b0
 netlink_unicast+0x80f/0x9b0
 netlink_sendmsg+0x813/0xb40
 ____sys_sendmsg+0x972/0x9f0
 ___sys_sendmsg+0x2a5/0x360
 __x64_sys_sendmsg+0x1bd/0x2a0
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe13d39c819
RSP: 002b:00007fe13e2d0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fe13d615fa0 RCX: 00007fe13d39c819
RDX: 0000000004000084 RSI: 0000200000000000 RDI: 000000000000000b
RBP: 00007fe13d432c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe13d616038 R14: 00007fe13d615fa0 R15: 00007ffd049943c8
 </TASK>
INFO: task syz.7.3978:20394 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.3978      state:D stack:25536 pid:20394 tgid:20393 ppid:18443  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x15dd/0x52d0
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7fe/0x1300
 nfnetlink_rcv_msg+0xa6e/0x12c0
 netlink_rcv_skb+0x232/0x4b0
 nfnetlink_rcv+0x2c0/0x27b0
 netlink_unicast+0x80f/0x9b0
 netlink_sendmsg+0x813/0xb40
 ____sys_sendmsg+0x972/0x9f0
 ___sys_sendmsg+0x2a5/0x360
 __x64_sys_sendmsg+0x1bd/0x2a0
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcc9cf9c819
RSP: 002b:00007fcc9dee0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fcc9d215fa0 RCX: 00007fcc9cf9c819
RDX: 0000000020000000 RSI: 0000200000000040 RDI: 0000000000000003
RBP: 00007fcc9d032c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fcc9d216038 R14: 00007fcc9d215fa0 R15: 00007fff8a2433e8
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:1/10:
 #0: ffff88810006b148 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0xa52/0x18c0
 #1: ffffc900000f7c40 ((work_completion)(&aux->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa8d/0x18c0
 #2: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: bpf_prog_dev_bound_destroy+0x29/0x400
3 locks held by kworker/u8:0/12:
 #0: ffff888175327948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0xa52/0x18c0
 #1: ffffc90000117c40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa8d/0x18c0
 #2: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x11e/0x14c0
1 lock held by khungtaskd/35:
 #0: ffffffff8e75e5e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
3 locks held by kworker/u9:4/1095:
 #0: ffff8881000ac148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa52/0x18c0
 #1: ffffc90006dafc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0xa8d/0x18c0
 #2: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
1 lock held by dhcpcd/5554:
 #0: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: inet6_rtm_newaddr+0x65f/0xe30
2 locks held by getty/5634:
 #0: ffff888110b7d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
 #1: ffffc9000356e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0
3 locks held by syz.3.3933/20239:
1 lock held by syz.6.3977/20391:
 #0: ffffffff9a7ae7b8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0xa6e/0x12c0
1 lock held by syz.7.3978/20394:
 #0: ffffffff9a7ae7b8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0xa6e/0x12c0
1 lock held by syz-executor/20542:
 #0: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
1 lock held by syz-executor/20544:
 #0: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
1 lock held by syz.5.4006/20671:
 #0: ffffffff9a7ae7b8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0xa6e/0x12c0
7 locks held by syz-executor/20754:
 #0: ffff88810b414420 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x227/0xb90
 #1: ffff888112d26c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1de/0x540
 #2: ffff888108d3da58 (kn->active#48){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x231/0x540
 #3: ffffffff8f443108 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370
 #4: ffff88816abda130 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x870
 #5: ffff88816ab08250 (&devlink->lock_key#10){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x170
 #6: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x257/0x2f0
1 lock held by syz.0.4015/20839:
 #0: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
2 locks held by syz.9.4016/20843:
 #0: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
 #1: ffffffff8e764878 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770
1 lock held by syz-executor/20870:
 #0: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/20871:
 #0: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/20882:
 #0: ffffffff8fbceb48 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 35 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150
 nmi_cpu_backtrace+0x274/0x2d0
 nmi_trigger_cpumask_backtrace+0x17a/0x300
 sys_info+0x135/0x170
 watchdog+0xfd9/0x1030
 kthread+0x388/0x470
 ret_from_fork+0x51e/0xb90
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 20239 Comm: syz.3.3933 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:native_apic_msr_write+0x39/0x50
Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 c3 cc cc cc cc cc 89 f6 31 d2 e9 86 61 77 03 66 0f 1f 44 00
RSP: 0018:ffffc90000007850 EFLAGS: 00000046
RAX: 00000000000001eb RBX: ffff888121023e40 RCX: 0000000000000838
RDX: 0000000000000000 RSI: 00000000000001eb RDI: 0000000000000838
RBP: 0000000000000000 R08: ffffffff81b2ce75 R09: ffffffff9a2c0508
R10: 0000000000000003 R11: ffffffff8173caf0 R12: 0000000010000863
R13: dffffc0000000000 R14: 00000000000001eb R15: 0000000000000020
FS:  00007f953aa126c0(0000) GS:ffff88818de5a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff677c718c6 CR3: 000000019a1c2000 CR4: 00000000000006f0
DR0: 00000000000000d4 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 lapic_next_event+0x11/0x20
 clockevents_program_event+0x1c9/0x350
 hrtimer_interrupt+0xb08/0x1010
 __sysvec_apic_timer_interrupt+0x102/0x460
 sysvec_apic_timer_interrupt+0x52/0xc0
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__netdev_alloc_skb+0x4/0x810
Code: e8 f1 75 50 f8 e9 e0 fc ff ff 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <55> 41 57 41 56 41 55 41 54 53 48 83 ec 18 89 d5 41 89 f6 49 89 fd
RSP: 0018:ffffc90000007ac8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888106bd8000
RDX: 0000000000000820 RSI: 000000000000001c RDI: 0000000000000000
RBP: 0000000000000010 R08: ffffffff8b902759 R09: ffffffff8e75e5e0
R10: dffffc0000000000 R11: ffffffff8b904a40 R12: ffff8881a438ce00
R13: ffff88816d34d990 R14: ffff8881a438c1e2 R15: 000000000000000e
 hsr_init_skb+0xef/0x6e0
 send_hsr_supervision_frame+0x143/0xcb0
 hsr_announce+0x1db/0x370
 call_timer_fn+0x192/0x640
 __run_timer_base+0x652/0x8b0
 run_timer_softirq+0xb7/0x170
 handle_softirqs+0x22a/0x870
 __irq_exit_rcu+0x5f/0x150
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0xa6/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__schedule+0x18d/0x52d0
Code: 74 08 48 89 df e8 e3 56 80 f6 48 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 ca 56 80 f6 48 81 3b 9d 6e ac 57 <0f> 85 8a 1a 00 00 45 85 ed 7f 4c 48 8b 44 24 10 48 8d 58 18 48 89
RSP: 0018:ffffc90003e868c0 EFLAGS: 00000246
RAX: 1ffff920007d0000 RBX: ffffc90003e80000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8c27c9e0 RDI: ffffffff8c27c9a0
RBP: ffffc90003e86ac0 R08: ffffffff9011b4b7 R09: 1ffffffff2023696
R10: dffffc0000000000 R11: fffffbfff2023697 R12: ffff88818de5a000
R13: 0000000000000001 R14: dffffc0000000000 R15: 1ffff110242075c3
 preempt_schedule_irq+0x4d/0xa0
 irqentry_exit+0x599/0x620
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__sanitizer_cov_trace_pc+0x5c/0x70
Code: 80 16 00 00 83 fa 02 75 21 48 8b 91 88 16 00 00 48 8b 32 48 8d 7e 01 8b 89 84 16 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2 08 <e9> 0f 16 ec 09 cc 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90
RSP: 0018:ffffc90003e86bf0 EFLAGS: 00000293
RAX: ffffffff89f87a87 RBX: ffffc90025266008 RCX: ffff888106bd8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00000000000fb391 R08: ffffc90003e86b3f R09: 0000000000000000
R10: ffffc90003e86b00 R11: ffffffff89f87980 R12: 0000000000000000
R13: ffff888173dfdec0 R14: ffffc90025266018 R15: ffffc90025a3fca0
 hash_mac4_destroy+0x107/0x630
 ip_set_create+0x12e5/0x1a40
 nfnetlink_rcv_msg+0xc00/0x12c0
 netlink_rcv_skb+0x232/0x4b0
 nfnetlink_rcv+0x2c0/0x27b0
 netlink_unicast+0x80f/0x9b0
 netlink_sendmsg+0x813/0xb40
 ____sys_sendmsg+0x972/0x9f0
 ___sys_sendmsg+0x2a5/0x360
 __x64_sys_sendmsg+0x1bd/0x2a0
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9539b9c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f953aa12028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f9539e16090 RCX: 00007f9539b9c819
RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000008
RBP: 00007f9539c32c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9539e16128 R14: 00007f9539e16090 R15: 00007ffdbf617598
 </TASK>
