INFO: task kworker/u8:3:16611 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:3    state:D stack:25608 pid:16611 tgid:16611 ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5397 [inline]
 __schedule+0x116a/0x5de0 kernel/sched/core.c:6786
 __schedule_loop kernel/sched/core.c:6864 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6879
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6936
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:747
 rdma_dev_change_netns+0x30/0x320 drivers/infiniband/core/device.c:1666
 rdma_dev_exit_net+0x2dd/0x590 drivers/infiniband/core/device.c:1144
 ops_exit_list net/core/net_namespace.c:200 [inline]
 ops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253
 cleanup_net+0x408/0x890 net/core/net_namespace.c:686
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz.6.3272:18194 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.3272      state:D stack:24632 pid:18194 tgid:18185 ppid:11712  task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5397 [inline]
 __schedule+0x116a/0x5de0 kernel/sched/core.c:6786
 __schedule_loop kernel/sched/core.c:6864 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6879
 schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common+0x2ff/0x4e0 kernel/sched/completion.c:116
 disable_device+0x16f/0x280 drivers/infiniband/core/device.c:1288
 __ib_unregister_device+0x2b4/0x480 drivers/infiniband/core/device.c:1518
 ib_unregister_device_and_put+0x5a/0x80 drivers/infiniband/core/device.c:1583
 nldev_dellink+0x21f/0x320 drivers/infiniband/core/nldev.c:1826
 rdma_nl_rcv_msg+0x38a/0x6e0 drivers/infiniband/core/netlink.c:195
 rdma_nl_rcv_skb.constprop.0.isra.0+0x2d0/0x430 drivers/infiniband/core/netlink.c:239
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x58a/0x850 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg net/socket.c:727 [inline]
 ____sys_sendmsg+0xa98/0xc70 net/socket.c:2566
 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620
 __sys_sendmsg+0x16d/0x220 net/socket.c:2652
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f26f5d8e9a9
RSP: 002b:00007f26f6b2b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f26f5fb6080 RCX: 00007f26f5d8e9a9
RDX: 0000000000040004 RSI: 00002000000004c0 RDI: 0000000000000005
RBP: 00007f26f5e10d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f26f5fb6080 R15: 00007ffd12f72368
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/u8:1/13:
 #0: ffff88814c6b6148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc90000127d10 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffffffff9035eca8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff9035eca8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4733
1 lock held by khungtaskd/31:
 #0: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6770
2 locks held by getty/5598:
 #0: ffff8880329e50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc900036cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
4 locks held by kworker/u8:3/16611:
 #0: ffff88801c6f3948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc9000ceefd10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffffffff90348c50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 net/core/net_namespace.c:662
 #3: ffff888034a546d0 (&device->unregistration_lock){+.+.}-{4:4}, at: rdma_dev_change_netns+0x30/0x320 drivers/infiniband/core/device.c:1666
2 locks held by syz.6.3272/18194:
 #0: ffffffff9b146678 (&rdma_nl_types[idx].sem){.+.+}-{4:4}, at: rdma_nl_rcv_msg+0x169/0x6e0 drivers/infiniband/core/netlink.c:164
 #1: ffff888034a546d0 (&device->unregistration_lock){+.+.}-{4:4}, at: __ib_unregister_device+0x23b/0x480 drivers/infiniband/core/device.c:1514
2 locks held by syz.8.3358/18564:
 #0: ffffffff90348c50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:570
 #1: ffff888034a546d0 (&device->unregistration_lock){+.+.}-{4:4}, at: rdma_dev_change_netns+0x30/0x320 drivers/infiniband/core/device.c:1666
2 locks held by syz.3.3793/20528:
 #0: ffffffff9035eca8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff9035eca8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x371/0xe90 net/core/rtnetlink.c:6950
 #1: ffffffff8e5d03f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:336
1 lock held by syz.7.3792/20533:
 #0: ffffffff9035eca8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff9035eca8 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x212/0x10e0 net/core/dev_ioctl.c:822
1 lock held by syz.2.3794/20531:
 #0: ffff888036ebc468 (&pipe->mutex){+.+.}-{4:4}, at: pipe_release+0x44/0x320 fs/pipe.c:727
1 lock held by syz.2.3794/20538:
 #0: ffff888036ebc468 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock fs/pipe.c:91 [inline]
 #0: ffff888036ebc468 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80 fs/pipe.c:88
1 lock held by syz.4.3795/20544:
 #0: ffffffff9035eca8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff9035eca8 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x1a1/0x10e0 net/core/dev_ioctl.c:849
2 locks held by dhcpcd/20547:
 #0: ffff88807d765c08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:869 [inline]
 #0: ffff88807d765c08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270 net/socket.c:646
 #1: ffffffff8e5d03f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:336

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:307 [inline]
 watchdog+0xf70/0x12c0 kernel/hung_task.c:470
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 20547 Comm: dhcpcd Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:task_wait_context kernel/locking/lockdep.c:4793 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4878 [inline]
RIP: 0010:__lock_acquire+0x72a/0x1c90 kernel/locking/lockdep.c:5190
Code: 37 12 0f 85 74 0f 00 00 48 83 c4 68 5b 5d 41 5c 41 5d 41 5e 41 5f e9 85 f7 f0 09 83 bd d4 0a 00 00 01 19 d2 83 e2 02 83 c2 03 <e9> ad fb ff ff 45 31 f6 e9 78 fb ff ff 8b 0c 24 85 c9 0f 85 54 fc
RSP: 0018:ffffc90004787308 EFLAGS: 00000006
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000005 RSI: 0000000000000001 RDI: ffff88807ad7af58
RBP: ffff88807ad7a440 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000028 R11: 0000000000000001 R12: ffff88807ad7af30
R13: ffff88807ad7af58 R14: 0000000000000000 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff888124820000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055c5673d5660 CR3: 000000000e382000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 lock_acquire kernel/locking/lockdep.c:5871 [inline]
 lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xd1/0x20a0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 save_stack+0x160/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x84/0x1a0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1248 [inline]
 free_unref_folios+0xa65/0x1800 mm/page_alloc.c:2763
 folios_put_refs+0x56f/0x740 mm/swap.c:992
 free_pages_and_swap_cache+0x245/0x4a0 mm/swap_state.c:264
 __tlb_batch_free_encoded_pages+0xf9/0x290 mm/mmu_gather.c:136
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:397 [inline]
 tlb_flush_mmu mm/mmu_gather.c:404 [inline]
 tlb_finish_mmu+0x168/0x7c0 mm/mmu_gather.c:497
 exit_mmap+0x403/0xb90 mm/mmap.c:1297
 __mmput+0x12a/0x410 kernel/fork.c:1121
 mmput+0x62/0x70 kernel/fork.c:1144
 exit_mm kernel/exit.c:581 [inline]
 do_exit+0x7c4/0x2bd0 kernel/exit.c:952
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1105
 __do_sys_exit_group kernel/exit.c:1116 [inline]
 __se_sys_exit_group kernel/exit.c:1114 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1114
 x64_sys_call+0x1530/0x1730 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd3f03f36c5
Code: Unable to access opcode bytes at 0x7fd3f03f369b.
RSP: 002b:00007ffd39474e88 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd3f03f36c5
RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000001
RBP: 00007ffd39475498 R08: 000055c5890d82c0 R09: 0000000000000002
R10: 00000000000000e0 R11: 0000000000000206 R12: 00007ffd39474ed0
R13: 000055c5890d9950 R14: 00007ffd39475110 R15: 00007ffd39474ec0
 </TASK>