INFO: task kworker/u8:2:5742 blocked for more than 146 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:2    state:D stack:22328 pid:5742  tgid:5742  ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1350
 wg_netns_pre_exit+0x1c/0x1d0
 ops_undo_list+0x187/0x990
 cleanup_net+0x4d8/0x820
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x4bc/0x870
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task syz.7.1566:11993 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.1566      state:D stack:24880 pid:11993 tgid:11993 ppid:8228   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1350
 tun_chr_close+0x3e/0x1c0
 __fput+0x44c/0xa70
 task_work_run+0x1d4/0x260
 exit_to_user_mode_loop+0xe9/0x130
 do_syscall_64+0x2bd/0xfa0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f578c18ec29
RSP: 002b:00007ffef7406a78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f578c3d7da0 RCX: 00007f578c18ec29
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f578c3d7da0 R08: 0000000000014bec R09: 0000001ef7406d6f
R10: 00007f578c3d7cb0 R11: 0000000000000246 R12: 0000000000046fdc
R13: 00007f578c3d6360 R14: ffffffffffffffff R15: 00007ffef7406b90
 </TASK>
INFO: task syz.7.1566:11997 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.1566      state:D stack:28016 pid:11997 tgid:11993 ppid:8228   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1350
 dev_ioctl+0x7a4/0x1150
 sock_do_ioctl+0x22c/0x300
 sock_ioctl+0x576/0x790
 __se_sys_ioctl+0xfc/0x170
 do_syscall_64+0xfa/0xfa0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f578c18ec29
RSP: 002b:00007f578cf81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f578c3d6270 RCX: 00007f578c18ec29
RDX: 0000200000000080 RSI: 0000000000008914 RDI: 000000000000000b
RBP: 00007f578c211e41 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f578c3d6308 R14: 00007f578c3d6270 R15: 00007ffef7406918
 </TASK>

Showing all locks held in the system:
1 lock held by kthreadd/2:
 #0: ffffffff8e374b10 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: copy_process+0x2154/0x3c20
1 lock held by kworker/1:0/24:
 #0: ffffffff8e374b10 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: do_exit+0x352/0x2300
1 lock held by khungtaskd/34:
 #0: ffffffff8e33d360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
2 locks held by kworker/u10:2/40:
 #0: ffff88801ac89948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900006efba0 ((work_completion)(&pool->idle_cull_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u10:3/54:
 #0: ffff88801ac89948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900007efba0 ((work_completion)(&pool->idle_cull_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
1 lock held by kswapd0/91:
 #0: ffff88804b03a018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
2 locks held by kworker/u9:2/493:
 #0: ffff88801ac89948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900038e7ba0 ((work_completion)(&pool->idle_cull_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u9:9/1209:
 #0: ffff88801ac89948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffffff8e33d360 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x19c/0x4a0
1 lock held by klogd/5284:
5 locks held by udevd/5295:
1 lock held by dhcpcd/5591:
2 locks held by getty/5674:
 #0: ffff8880203380a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
 #1: ffffc9000290e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
4 locks held by kworker/u8:2/5742:
 #0: ffff88801baff148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90002ea7ba0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f730f10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x820
 #3: ffffffff8f73e048 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0
3 locks held by syz-executor/5854:
3 locks held by kworker/u8:5/6153:
 #0: ffff8881092de148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90003337ba0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f73e048 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
3 locks held by kworker/0:11/6746:
 #0: ffff88801ac75948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90002ff7ba0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f73e048 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
3 locks held by kworker/0:12/6747:
 #0: ffff88801ac76948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90003017ba0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f73e048 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0xa1/0xf40
2 locks held by syz.5.1562/11982:
 #0: ffffffff8f73e048 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
 #1: ffffffff8e342df8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
1 lock held by syz.7.1566/11993:
 #0: ffffffff8f73e048 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
1 lock held by syz.7.1566/11997:
 #0: ffffffff8f73e048 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x7a4/0x1150
2 locks held by syz-executor/12009:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250
 nmi_cpu_backtrace+0x39e/0x3d0
 nmi_trigger_cpumask_backtrace+0x17a/0x300
 watchdog+0xf60/0xfa0
 kthread+0x711/0x8a0
 ret_from_fork+0x4bc/0x870
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 5785 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:lock_release+0x12/0x3e0
Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 41 57 41 56 41 55 41 54 53 48 83 ec 30 <49> 89 f5 49 89 fe 65 48 8b 05 c0 c1 23 11 48 89 44 24 28 0f 1f 44
RSP: 0018:ffffc90002f97150 EFLAGS: 00000286
RAX: 0000000000000001 RBX: 00007fbd1c22e301 RCX: d1d49a5174c65a00
RDX: ffffffff904a8000 RSI: ffffffff81742d25 RDI: ffffffff8e33d360
RBP: dffffc0000000000 R08: 0000000000000022 R09: ffffffff81742d25
R10: ffffc90002f972d8 R11: ffffffff81acd5c0 R12: 00007ffcab35dc58
R13: ffffc90002f90000 R14: ffffc90002f97288 R15: ffffffff81742d25
FS:  000055558fb2f500(0000) GS:ffff8881a3a03000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056334fc2600c CR3: 000000000e138000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <TASK>
 unwind_next_frame+0x19a9/0x2390
 arch_stack_walk+0x11c/0x150
 stack_trace_save+0x9c/0xe0
 save_stack+0xf5/0x1f0
 __reset_page_owner+0x71/0x1f0
 free_unref_folios+0xdb3/0x14f0
 folios_put_refs+0x584/0x670
 free_pages_and_swap_cache+0x277/0x520
 tlb_flush_mmu+0x3a0/0x680
 tlb_finish_mmu+0xc3/0x1d0
 exit_mmap+0x444/0xb40
 __mmput+0x118/0x430
 exit_mm+0x1da/0x2c0
 do_exit+0x648/0x2300
 do_group_exit+0x21c/0x2d0
 __x64_sys_exit_group+0x3f/0x40
 x64_sys_call+0x21f7/0x2200
 do_syscall_64+0xfa/0xfa0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbd1c18ec29
Code: Unable to access opcode bytes at 0x7fbd1c18ebff.
RSP: 002b:00007ffcab35dc58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fbd1c22e3d7 RCX: 00007fbd1c18ec29
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 00007fbd1c22e3f5 R08: 00007ffcab35b9f7 R09: 0000000000000004
R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000009
R13: 0000000000000004 R14: 00007ffcab35dd7c R15: 00007ffcab35de10
 </TASK>
