INFO: task syz.2.19:6932 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19        state:D
 stack:25544 pid:6932  ppid:6628   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_timeout+0x9b/0x280 kernel/time/timer.c:2143
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x2bd/0x590 kernel/sched/completion.c:148
 __flush_work+0x895/0x9f0 kernel/workqueue.c:3430
 __cancel_work_timer+0x3b0/0x520 kernel/workqueue.c:3517
 uhid_dev_destroy drivers/hid/uhid.c:585 [inline]
 uhid_char_release+0xaf/0x600 drivers/hid/uhid.c:663
 __fput+0x234/0x970 fs/file_table.c:384
 task_work_run+0x1ce/0x250 kernel/task_work.c:239
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xf6/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f3e6f58eba9
RSP: 002b:00007ffc26da6b38 EFLAGS: 00000246
 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 000000000001e4e0 RCX: 00007f3e6f58eba9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f3e6f7d7da0 R08: 0000000000000001 R09: 0000000226da6e2f
R10: 0000001b31c20000 R11: 0000000000000246 R12: 00007f3e6f7d5fac
R13: 00007f3e6f7d5fa0 R14: ffffffffffffffff R15: 00007ffc26da6c50
 </TASK>
INFO: task syz.1.18:6936 blocked for more than 148 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18        state:D stack:25544 pid:6936  ppid:6625   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_timeout+0x9b/0x280 kernel/time/timer.c:2143
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x2bd/0x590 kernel/sched/completion.c:148
 __flush_work+0x895/0x9f0 kernel/workqueue.c:3430
 __cancel_work_timer+0x3b0/0x520 kernel/workqueue.c:3517
 uhid_dev_destroy drivers/hid/uhid.c:585 [inline]
 uhid_char_release+0xaf/0x600 drivers/hid/uhid.c:663
 __fput+0x234/0x970 fs/file_table.c:384
 task_work_run+0x1ce/0x250 kernel/task_work.c:239
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xf6/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fde2518eba9
RSP: 002b:00007fff7d56c978 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 000000000001e57c RCX: 00007fde2518eba9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fde253d7da0 R08: 0000000000000001 R09: 000000027d56cc6f
R10: 0000001b31a20000 R11: 0000000000000246 R12: 00007fde253d5fac
R13: 00007fde253d5fa0 R14: ffffffffffffffff R15: 00007fff7d56ca90
 </TASK>

Showing all locks held in the system:
6 locks held by kworker/0:1/9:
1 lock held by khungtaskd/29:
 #0: ffffffff8cd2fe20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #0: ffffffff8cd2fe20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #0: ffffffff8cd2fe20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 kernel/locking/lockdep.c:6633
5 locks held by kworker/u4:2/42:
 #0: ffff888017873938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #0: ffff888017873938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
 #1: ffffc90000b2fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #1: ffffc90000b2fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
 #2: ffffffff8dfafad0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x136/0xb90 net/core/net_namespace.c:606
 #3: ffffffff8dfbc908 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_delete_nets+0xcc/0x360 net/ipv4/ip_tunnel.c:1166
 #4: ffffffff8cd35df8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:292 [inline]
 #4: ffffffff8cd35df8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x448/0x830 kernel/rcu/tree_exp.h:1004
3 locks held by kworker/u4:4/61:
 #0: ffff88802be62138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #0: ffff88802be62138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
 #1: ffffc900015c7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #1: ffffc900015c7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
 #2: ffffffff8dfbc908 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x14e0 net/ipv6/addrconf.c:4158
3 locks held by kworker/0:3/966:
2 locks held by kworker/u4:7/1334:
3 locks held by kworker/1:2/2131:
2 locks held by getty/5554:
 #0: 
ffff88814c5190a0
 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x425/0x1380 drivers/tty/n_tty.c:2217
2 locks held by kworker/0:4/5826:
 #0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
 #1: ffffc9000458fd00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #1: ffffc9000458fd00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
3 locks held by kworker/1:3/5856:
3 locks held by kworker/0:5/5915:
3 locks held by kworker/1:5/6960:
3 locks held by kworker/0:7/7209:
8 locks held by kworker/0:8/7216:
3 locks held by kworker/1:7/7298:
3 locks held by kworker/1:10/7576:
1 lock held by syz-executor/7586:
 #0: ffffffff8dfbc908 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
 #0: ffffffff8dfbc908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10 net/core/rtnetlink.c:6472
1 lock held by syz-executor/7605:
1 lock held by syz-executor/7613:
 #0: ffffffff8dfbc908 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x3b9/0x1fd0 drivers/net/tun.c:3121
2 locks held by syz-executor/7623:
 #0: 
ffffffff8dfafad0
 (
pernet_ops_rwsem
){++++}-{3:3}