INFO: task syz.4.969:8786 blocked for more than 143 seconds.
      Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.969       state:D
 stack:26784 pid:8786  tgid:8785  ppid:8043   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 __tun_chr_ioctl+0x48f/0x2400 drivers/net/tun.c:3110
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff7a1575bd9
RSP: 002b:00007ff7a2286048 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ff7a1703f60 RCX: 00007ff7a1575bd9
RDX: 0000000020000180 RSI: 00000000400454ca RDI: 000000000000000c
RBP: 00007ff7a15e4aa1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007ff7a1703f60 R15: 00007fff4d800c78
 </TASK>
INFO: task syz.4.969:8787 blocked for more than 144 seconds.
      Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.969       state:D
 stack:26968 pid:8787  tgid:8785  ppid:8043   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 tun_set_queue drivers/net/tun.c:2981 [inline]
 __tun_chr_ioctl+0x41c/0x2400 drivers/net/tun.c:3103
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff7a1575bd9
RSP: 002b:00007ff7a2265048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ff7a1704038 RCX: 00007ff7a1575bd9
RDX: 00000000200002c0 RSI: 00000000400454d9 RDI: 000000000000000c
RBP: 00007ff7a15e4aa1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007ff7a1704038 R15: 00007fff4d800c78
 </TASK>
INFO: task syz.4.969:8792 blocked for more than 145 seconds.
      Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.969       state:D
 stack:26800 pid:8792  tgid:8785  ppid:8043   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 rtnl_lock net/core/rtnetlink.c:79 [inline]
 rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
 netlink_rcv_skb+0x1e5/0x430 net/netlink/af_netlink.c:2564
 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
 netlink_unicast+0x7ec/0x980 net/netlink/af_netlink.c:1361
 netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x223/0x270 net/socket.c:745
 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2585
 ___sys_sendmsg net/socket.c:2639 [inline]
 __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2668
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff7a1575bd9
RSP: 002b:00007ff7a0fde048 EFLAGS: 00000246
 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007ff7a17041e8 RCX: 00007ff7a1575bd9
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 000000000000000e
RBP: 00007ff7a15e4aa1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007ff7a17041e8 R15: 00007fff4d800c78
 </TASK>

Showing all locks held in the system:
1 lock held by kworker/R-mm_pe/13:
 #0: ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_detach_from_pool+0x85/0x2f0 kernel/workqueue.c:2729
2 locks held by kworker/1:0/25:
1 lock held by khungtaskd/30:
 #0: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}
, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6614
2 locks held by kworker/1:1/50:
3 locks held by kworker/u8:5/181:
 #0: 
ffff8880b943e798
 (&rq->__lock){-.-.}-{2:2}, at: process_one_work kernel/workqueue.c:3223 [inline]
 (&rq->__lock){-.-.}-{2:2}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: 
ffffc90002e2fd00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
ffffc90002e2fd00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffff8880b943e798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:559
2 locks held by kworker/1:2/925:
3 locks held by kworker/u8:6/1039:
 #0: 
ffff888029d8e948
 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: 
ffffc90004917d00
 (
(work_completion)(&(&ifa->dad_work)->work)
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3224 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: 
ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}
, at: addrconf_dad_work+0xd0/0x16f0 net/ipv6/addrconf.c:4193
2 locks held by getty/4842:
 #0: 
ffff88802af810a0
 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002f162f0
 (&ldata->atomic_read_lock
){+.+.}-{3:3}
, at: n_tty_read+0x6b5/0x1e10 drivers/tty/n_tty.c:2211
1 lock held by kworker/1:3/5094:
 #0: ffffffff8e1deb68 (
wq_pool_attach_mutex
){+.+.}-{3:3}
, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/u9:8/5110:
 #0: 
ffffffff8e1deb68
 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/5122:
 #0: 
ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_detach_from_pool+0x85/0x2f0 kernel/workqueue.c:2729
1 lock held by kworker/R-wg-cr/5124:
 #0: 
ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/5140:
 #0: 
ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}
, at: worker_detach_from_pool+0x85/0x2f0 kernel/workqueue.c:2729
1 lock held by kworker/R-wg-cr/5141:
 #0: ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/5144:
 #0: 
ffffffff8e1deb68
 (
wq_pool_attach_mutex
){+.+.}-{3:3}
, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
3 locks held by kworker/0:5/5152:
 #0: 
ffff888015078948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
ffff888015078948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc90002d3fd00 (deferred_process_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc90002d3fd00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
8 locks held by kworker/1:4/5154:
4 locks held by kworker/1:5/5155:
3 locks held by kworker/1:6/5156:
3 locks held by kworker/0:7/5160:
 #0: ffff888015079948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff888015079948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: 
ffffc90003bbfd00
 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: 
ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}
, at: reg_check_chans_work+0x91/0xea0 net/wireless/reg.c:2478
2 locks held by kworker/1:7/5212:
7 locks held by kworker/1:8/5936:
4 locks held by kworker/u8:11/6008:
 #0: 
ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: 
ffffc90005357d00
 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: 
ffffffff8f5da5d0 (pernet_ops_rwsem){++++}-{3:3}
, at: cleanup_net+0x16a/0xcc0 net/core/net_namespace.c:594
 #3: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2c0 net/mac80211/main.c:1652
1 lock held by kworker/R-wg-cr/7481:
1 lock held by kworker/R-wg-cr/7482:
 #0: 
ffffffff8e1deb68
 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/8065:
 #0: 
ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_detach_from_pool+0x85/0x2f0 kernel/workqueue.c:2729
1 lock held by kworker/R-wg-cr/8069:
 #0: 
ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/8070:
 #0: 
ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/8079:
 #0: 
ffffffff8e1deb68
 (
wq_pool_attach_mutex
){+.+.}-{3:3}
, at: worker_detach_from_pool+0x85/0x2f0 kernel/workqueue.c:2729
1 lock held by kworker/R-wg-cr/8087:
 #0: ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/8095:
 #0: 
ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/8165:
 #0: 
ffffffff8e1deb68
 (
wq_pool_attach_mutex
){+.+.}-{3:3}
, at: worker_detach_from_pool+0x85/0x2f0 kernel/workqueue.c:2729
1 lock held by kworker/R-wg-cr/8170:
 #0: 
ffffffff8e1deb68
 (
wq_pool_attach_mutex
){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/8175:
 #0: 
ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by syz-executor/8405:
 #0: 
ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}
, at: tun_detach drivers/net/tun.c:698 [inline]
, at: tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3500
1 lock held by kworker/R-wg-cr/8569:
 #0: ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_detach_from_pool+0x85/0x2f0 kernel/workqueue.c:2729
1 lock held by kworker/R-wg-cr/8571:
 #0: 
ffffffff8e1deb68
 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_detach_from_pool+0x85/0x2f0 kernel/workqueue.c:2729
7 locks held by syz-executor/8596:
 #0: 
ffff88802a442420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2854 [inline]
ffff88802a442420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 fs/read_write.c:586
 #1: 
ffff8880127cb488
 (
&of->mutex
){+.+.}-{3:3}
, at: kernfs_fop_write_iter+0x1eb/0x500 fs/kernfs/file.c:325
 #2: ffff888023262788
 (
kn->active
#50
){.+.+}-{0:0}
, at: kernfs_fop_write_iter+0x20f/0x500 fs/kernfs/file.c:326
 #3: 
ffffffff8eef4428 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 drivers/net/netdevsim/bus.c:166
 #4: ffff888061f8e0e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1009 [inline]
 #4: ffff888061f8e0e8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 drivers/base/dd.c:1003
 #5: 
ffff888061f8f250
 (&devlink->lock_key#22){+.+.}-{3:3}, at: nsim_drv_probe+0xcb/0xb80 drivers/net/netdevsim/dev.c:1534
 #6: 
ffffffff8f5e6e08
 (
rtnl_mutex){+.+.}-{3:3}, at: nsim_init_netdevsim drivers/net/netdevsim/netdev.c:678 [inline]
rtnl_mutex){+.+.}-{3:3}, at: nsim_create+0x408/0x890 drivers/net/netdevsim/netdev.c:750
1 lock held by syz-executor/8632:
 #0: ffffffff8f5e6e08
 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/8636:
 #0: 
ffffffff8f5e6e08
 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz.4.969/8786:
 #0: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 drivers/net/tun.c:3110
1 lock held by syz.4.969/8787:
 #0: 
ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: tun_set_queue drivers/net/tun.c:2981 [inline]
ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x41c/0x2400 drivers/net/tun.c:3103
1 lock held by syz.4.969/8792:
 #0: 
ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/8810:
 #0: 
ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz.2.975/8816:
 #0: 
ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}
, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/8822:
 #0: 
ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}