INFO: task kworker/1:3:1095 blocked for more than 148 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3     state:D stack:0     pid:1095  tgid:1095  ppid:2      task_flags:0x4208060 flags:0x00000010
Workqueue: events reg_todo
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1c04/0x2db8 kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x13c/0x20c kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4fc/0xed0 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 class_wiphy_constructor include/net/cfg80211.h:6646 [inline]
 reg_process_self_managed_hints+0x94/0x1c0 net/wireless/reg.c:3192
 reg_todo+0x60c/0x6a4 net/wireless/reg.c:3205
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0x788/0x10b8 kernel/workqueue.c:3397
 worker_thread+0x798/0xbd0 kernel/workqueue.c:3478
 kthread+0x304/0x3d4 kernel/kthread.c:436
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842
INFO: task syz.9.439:7693 blocked for more than 148 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.439       state:D stack:0     pid:7693  tgid:7692  ppid:6424   task_flags:0x400140 flags:0x00000011
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1c04/0x2db8 kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x13c/0x20c kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4fc/0xed0 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
 ops_exit_rtnl_list net/core/net_namespace.c:173 [inline]
 ops_undo_list+0x240/0x81c net/core/net_namespace.c:248
 setup_net+0x2a0/0x2fc net/core/net_namespace.c:462
 copy_net_ns+0x458/0x66c net/core/net_namespace.c:579
 create_new_namespaces+0x304/0x50c kernel/nsproxy.c:132
 unshare_nsproxy_namespaces+0x120/0x170 kernel/nsproxy.c:234
 ksys_unshare+0x3d4/0x6d8 kernel/fork.c:3242
 __do_sys_unshare kernel/fork.c:3316 [inline]
 __se_sys_unshare kernel/fork.c:3314 [inline]
 __arm64_sys_unshare+0x3c/0x50 kernel/fork.c:3314
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xec/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x4c/0x5c arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.5.443:7708 blocked for more than 148 seconds.
      Not tainted syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.443       state:D stack:0     pid:7708  tgid:7708  ppid:5151   task_flags:0x40044c flags:0x00800019
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1c04/0x2db8 kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x13c/0x20c kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4fc/0xed0 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
 tun_detach drivers/net/tun.c:634 [inline]
 tun_chr_close+0x44/0x1f4 drivers/net/tun.c:3441
 __fput+0x338/0x74c fs/file_table.c:510
 ____fput+0x20/0x30 fs/file_table.c:538
 task_work_run+0x1cc/0x25c kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x58c/0x1a74 kernel/exit.c:976
 do_group_exit+0x198/0x238 kernel/exit.c:1119
 get_signal+0xfb0/0x1094 kernel/signal.c:3038
 arch_do_signal_or_restart+0x288/0x444c arch/arm64/kernel/signal.c:1665
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop+0x70/0x17c kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
 arm64_syscall_exit_to_user_mode arch/arm64/kernel/entry-common.c:88 [inline]
 el0_svc+0x18c/0x260 arch/arm64/kernel/entry-common.c:737
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.1.453:7774 blocked for more than 148 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.453       state:D stack:0     pid:7774  tgid:7774  ppid:6726   task_flags:0x400040 flags:0x00800011
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1c04/0x2db8 kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x13c/0x20c kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4fc/0xed0 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
 tun_detach drivers/net/tun.c:634 [inline]
 tun_chr_close+0x44/0x1f4 drivers/net/tun.c:3441
 __fput+0x338/0x74c fs/file_table.c:510
 ____fput+0x20/0x30 fs/file_table.c:538
 task_work_run+0x1cc/0x25c kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0x10c/0x17c kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
 arm64_syscall_exit_to_user_mode arch/arm64/kernel/entry-common.c:88 [inline]
 el0_svc+0x18c/0x260 arch/arm64/kernel/entry-common.c:737
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594

Showing all locks held in the system:
2 locks held by kworker/1:1/26:
 #0: ffff0000c002b540 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #0: ffff0000c002b540 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x734/0x10b8 kernel/workqueue.c:3397
 #1: ffff80008ec37c40 (free_ipc_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #1: ffff80008ec37c40 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x73c/0x10b8 kernel/workqueue.c:3397
1 lock held by khungtaskd/31:
 #0: ffff800088bf70c0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffff800088bf70c0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffff800088bf70c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x4c/0x188 kernel/locking/lockdep.c:6775
1 lock held by pr/ttyAMA-1/41:
4 locks held by kworker/u9:0/50:
 #0: ffff0000da545140 ((wq_completion)hci4){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #0: ffff0000da545140 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x734/0x10b8 kernel/workqueue.c:3397
 #1: ffff800090137c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #1: ffff800090137c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x73c/0x10b8 kernel/workqueue.c:3397
 #2: ffff0000f2e9cea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x178/0x374 net/bluetooth/hci_sync.c:331
 #3: ffff0000f2e9c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1d8/0x938 net/bluetooth/hci_sync.c:5764
4 locks held by kworker/1:3/1095:
 #0: ffff0000c002b540 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #0: ffff0000c002b540 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x734/0x10b8 kernel/workqueue.c:3397
 #1: ffff800094397c40 (reg_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #1: ffff800094397c40 (reg_work){+.+.}-{0:0}, at: process_scheduled_works+0x73c/0x10b8 kernel/workqueue.c:3397
 #2: ffff800089cca300 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
 #3: ffff0000cb230780 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6646 [inline]
 #3: ffff0000cb230780 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_process_self_managed_hints+0x94/0x1c0 net/wireless/reg.c:3192
4 locks held by kworker/u8:6/1300:
3 locks held by kworker/u8:7/1335:
 #0: ffff0000c004b940 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #0: ffff0000c004b940 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x734/0x10b8 kernel/workqueue.c:3397
 #1: ffff800095127c40 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #1: ffff800095127c40 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x73c/0x10b8 kernel/workqueue.c:3397
 #2: ffff800089cca300 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
1 lock held by dhcpcd/4397:
 #0: ffff800089cca300 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
1 lock held by crond/4473:
2 locks held by getty/4491:
 #0: ffff0000cf6b50a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff8000923ab2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x348/0xf70 drivers/tty/n_tty.c:2211
1 lock held by syz-executor/4696:
1 lock held by udevd/4701:
6 locks held by kworker/u9:2/4713:
 #0: ffff0000d9e4b140 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #0: ffff0000d9e4b140 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x734/0x10b8 kernel/workqueue.c:3397
 #1: ffff800097f47c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #1: ffff800097f47c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x73c/0x10b8 kernel/workqueue.c:3397
 #2: ffff0000f403cea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x178/0x374 net/bluetooth/hci_sync.c:331
 #3: ffff0000f403c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1d8/0x938 net/bluetooth/hci_sync.c:5764
 #4: ffff800089e296c0 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #4: ffff800089e296c0 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x13c/0x334 net/bluetooth/hci_conn.c:1411
 #5: ffff0000cb76d2f8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x450 net/bluetooth/l2cap_core.c:1779
3 locks held by syz-executor/4717:
4 locks held by kworker/0:8/4820:
3 locks held by kworker/u8:12/4937:
3 locks held by kworker/u8:19/5053:
3 locks held by kworker/u8:21/5055:
3 locks held by kworker/u8:25/5059:
3 locks held by kworker/u8:26/5060:
4 locks held by kworker/u8:28/5062:
3 locks held by kworker/u8:29/5063:
3 locks held by kworker/u8:31/5065:
4 locks held by syz-executor/6998:
3 locks held by kworker/u8:35/7654:
2 locks held by kworker/u8:36/7655:
2 locks held by kworker/u8:39/7658:
3 locks held by kworker/u8:40/7659:
3 locks held by kworker/u8:41/7660:
3 locks held by kworker/u8:42/7661:
3 locks held by kworker/u8:43/7662:
2 locks held by kworker/u8:44/7663:
4 locks held by kworker/u8:45/7664:
3 locks held by kworker/u8:48/7667:
3 locks held by kworker/u8:49/7668:
3 locks held by kworker/u8:52/7674:
 #0: ffff0000cefae940 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #0: ffff0000cefae940 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x734/0x10b8 kernel/workqueue.c:3397
 #1: ffff800093e77c40 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #1: ffff800093e77c40 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x73c/0x10b8 kernel/workqueue.c:3397
 #2: ffff800089cca300 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
3 locks held by kworker/u8:54/7678:
 #0: ffff0000c004b940 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #0: ffff0000c004b940 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x734/0x10b8 kernel/workqueue.c:3397
 #1: ffff8000943e7c40 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #1: ffff8000943e7c40 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x73c/0x10b8 kernel/workqueue.c:3397
 #2: ffff800089cca300 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
6 locks held by kworker/u8:55/7679:
3 locks held by kworker/u8:57/7681:
3 locks held by kworker/u8:58/7682:
2 locks held by syz.9.439/7693:
 #0: ffff800089cbce08 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x43c/0x66c net/core/net_namespace.c:575
 #1: ffff800089cca300 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
1 lock held by syz.9.439/7720:
1 lock held by syz.5.443/7708:
 #0: ffff800089cca300 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
1 lock held by syz.1.453/7774:
 #0: ffff800089cca300 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
1 lock held by kmmpd-loop1/7776:
 #0: ffff0000c468c410 (sb_writers#3){.+.+}-{0:0}, at: kmmpd+0x2fc/0x938 fs/ext4/mmp.c:174

=============================================