INFO: task kworker/u8:9:2469 blocked for more than 143 seconds.
      Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:9    state:D
 stack:18672 pid:2469  tgid:2469  ppid:2      flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work

Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 addrconf_dad_work+0xd0/0x16f0 net/ipv6/addrconf.c:4193
 process_one_work kernel/workqueue.c:3248 [inline]
 process_scheduled_works+0xa2e/0x1830 kernel/workqueue.c:3329
 worker_thread+0x86d/0xd50 kernel/workqueue.c:3409
 kthread+0x2f2/0x390 kernel/kthread.c:389
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task syz.4.1599:11065 blocked for more than 144 seconds.
      Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.1599      state:D
 stack:23800 pid:11065 tgid:11064 ppid:10695  flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 wext_ioctl_dispatch+0x106/0x640 net/wireless/wext-core.c:1015
 wext_handle_ioctl+0x15f/0x270 net/wireless/wext-core.c:1077
 sock_ioctl+0x17f/0x8e0 net/socket.c:1275
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff679f75bd9
RSP: 002b:00007ff6799ff048 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ff67a103f60 RCX: 00007ff679f75bd9
RDX: 0000000020000000 RSI: 0000000000008b24 RDI: 0000000000000003
RBP: 00007ff679fe4aa1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007ff67a103f60 R15: 00007ffda2961e78
 </TASK>
INFO: task syz.5.1601:11075 blocked for more than 145 seconds.
      Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.1601      state:D
 stack:25728 pid:11075 tgid:11074 ppid:10756  flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 pipe_write+0xd60/0x1a40 fs/pipe.c:580
 new_sync_write fs/read_write.c:497 [inline]
 vfs_write+0xa74/0xc90 fs/read_write.c:590
 ksys_write+0x1a0/0x2c0 fs/read_write.c:643
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7d34f75bd9
RSP: 002b:00007f7d35c9a048 EFLAGS: 00000246
 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f7d35103f60 RCX: 00007f7d34f75bd9
RDX: 00000000fffffecc RSI: 0000000020000000 RDI: 0000000000000004
RBP: 00007f7d34fe4aa1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f7d35103f60 R15: 00007ffe03d0c418
 </TASK>
INFO: task syz.5.1601:11076 blocked for more than 147 seconds.
      Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.1601      state:D stack:25872 pid:11076 tgid:11074 ppid:10756  flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 rtnl_lock net/core/rtnetlink.c:79 [inline]
 rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
 netlink_rcv_skb+0x1e5/0x430 net/netlink/af_netlink.c:2564
 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
 netlink_unicast+0x7ec/0x980 net/netlink/af_netlink.c:1361
 netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x223/0x270 net/socket.c:745
 sock_sendmsg+0x134/0x200 net/socket.c:768
 splice_to_socket+0xa13/0x10b0 fs/splice.c:889
 do_splice_from fs/splice.c:941 [inline]
 do_splice+0xd79/0x1900 fs/splice.c:1354
 __do_splice fs/splice.c:1436 [inline]
 __do_sys_splice fs/splice.c:1652 [inline]
 __se_sys_splice+0x331/0x4a0 fs/splice.c:1634
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7d34f75bd9
RSP: 002b:00007f7d35c79048 EFLAGS: 00000246
 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 00007f7d35104038 RCX: 00007f7d34f75bd9
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f7d34fe4aa1 R08: 000000000004ffe2 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f7d35104038 R15: 00007ffe03d0c418
 </TASK>

Showing all locks held in the system:
1 lock held by kworker/R-mm_pe/13:
3 locks held by kworker/1:0/25:
 #0: ffff888015078948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff888015078948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc900001f7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc900001f7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:276
1 lock held by khungtaskd/30:
 #0: 
ffffffff8e333f20
 (
rcu_read_lock
){....}-{1:2}
, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6614
4 locks held by kworker/u8:2/35:
 #0: 
ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc90000ab7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc90000ab7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffffffff8f5da5d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 net/core/net_namespace.c:594
 #3: 
ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}
, at: wg_destruct+0x25/0x2e0 drivers/net/wireguard/device.c:246
2 locks held by kworker/1:1/45:
5 locks held by kworker/u8:7/1260:
1 lock held by kworker/R-dm_bu/2302:
 #0: ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
3 locks held by kworker/u8:9/2469:
 #0: 
ffff888029ccb148
 (
(wq_completion)ipv6_addrconf
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3223 [inline]
, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: 
ffffc900094d7d00
 (
(work_completion)(&(&ifa->dad_work)->work)
){+.+.}-{0:0}
, at: process_one_work kernel/workqueue.c:3224 [inline]
, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: 
ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}
, at: addrconf_dad_work+0xd0/0x16f0 net/ipv6/addrconf.c:4193
1 lock held by dhcpcd/4756:
 #0: ffffffff8f5e6e08 (rtnl_mutex
){+.+.}-{3:3}
, at: devinet_ioctl+0x2ce/0x1bc0 net/ipv4/devinet.c:1101
2 locks held by getty/4848:
 #0: ffff88802a3de0a0 (&tty->ldisc_sem){++++}-{0:0}
, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: 
ffffc900031332f0
 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 drivers/tty/n_tty.c:2211
1 lock held by kworker/R-wg-cr/5137:
 #0: 
ffffffff8e1deb68
 (
wq_pool_attach_mutex
){+.+.}-{3:3}
, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/5140:
 #0: 
ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/5141:
 #0: 
ffffffff8e1deb68
 (
wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
2 locks held by kworker/1:3/5159:
2 locks held by kworker/1:4/5160:
12 locks held by kworker/1:5/5162:
2 locks held by kworker/1:6/5163:
1 lock held by syz-executor/10620:
 #0: ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}
, at: tun_detach drivers/net/tun.c:698 [inline]
, at: tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3500
1 lock held by kworker/R-wg-cr/10697:
 #0: 
ffffffff8e1deb68
 (
wq_pool_attach_mutex
){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/10699:
 #0: ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/10707:
 #0: ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_detach_from_pool+0x85/0x2f0 kernel/workqueue.c:2729
1 lock held by kworker/R-wg-cr/10799:
 #0: 
ffffffff8e1deb68
 (
wq_pool_attach_mutex
){+.+.}-{3:3}
, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/10801:
 #0: ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/10802:
 #0: 
ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}
, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/10823:
 #0: 
ffffffff8e1deb68
 (
wq_pool_attach_mutex
){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/10824:
 #0: ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by kworker/R-wg-cr/10825:
 #0: ffffffff8e1deb68 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x31/0x390 kernel/workqueue.c:2690
1 lock held by syz-executor/10834:
 #0: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3500
3 locks held by kworker/0:6/10861:
 #0: ffff888015079948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff888015079948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: 
ffffc90003e17d00
 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: 
ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x91/0xea0 net/wireless/reg.c:2478
1 lock held by syz-executor/10883:
 #0: 
ffffffff8f5e6e08
 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline]
 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3500
2 locks held by kworker/1:7/10910:
2 locks held by syz-executor/10946:
 #0: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 drivers/net/tun.c:3500
 #1: ffffffff8e3392f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:291 [inline]
 #1: ffffffff8e3392f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 kernel/rcu/tree_exp.h:939
2 locks held by kworker/1:8/11051:
1 lock held by syz.4.1599/11065:
 #0: 
ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}
, at: wext_ioctl_dispatch+0x106/0x640 net/wireless/wext-core.c:1015
1 lock held by syz.5.1601/11075:
 #0: 
ffff88802480a468
 (
&pipe->mutex){+.+.}-{3:3}
, at: pipe_write+0xd60/0x1a40 fs/pipe.c:580
2 locks held by syz.5.1601/11076:
 #0: ffff88802480a468 (&pipe->mutex){+.+.}-{3:3}, at: splice_to_socket+0xee/0x10b0 fs/splice.c:809
 #1: 
ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/11078:
 #0: 
ffffffff8f5e6e08
 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/11082:
 #0: ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/11084:
 #0: ffffffff8f5e6e08
 (
rtnl_mutex
){+.+.}-{3:3}
, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/11087:
 #0: ffffffff8f5e6e08
 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/11090:
 #0: 
ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/11093:
 #0: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #0: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/11096:
 #0: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}
, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/11100:
 #0: 
ffffffff8f5e6e08
 (
rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
1 lock held by syz-executor/11102:
 #0: ffffffff8f5e6e08