INFO: task kworker/u8:7:1148 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:7    state:D stack:21800 pid:1148  tgid:1148  ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5257 [inline]
 __schedule+0x14bc/0x5000 kernel/sched/core.c:6864
 __schedule_loop kernel/sched/core.c:6946 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6961
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7018
 __mutex_lock_common kernel/locking/mutex.c:686 [inline]
 __mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:770
 rdma_dev_change_netns+0x39/0x300 drivers/infiniband/core/device.c:1703
 rdma_dev_exit_net+0x203/0x340 drivers/infiniband/core/device.c:1181
 ops_exit_list net/core/net_namespace.c:199 [inline]
 ops_undo_list+0x49a/0x990 net/core/net_namespace.c:252
 cleanup_net+0x4d8/0x7a0 net/core/net_namespace.c:696
 process_one_work+0x93a/0x15a0 kernel/workqueue.c:3261
 process_scheduled_works kernel/workqueue.c:3344 [inline]
 worker_thread+0x9b0/0xee0 kernel/workqueue.c:3425
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
INFO: task syz.8.2991:15680 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.2991      state:D stack:22688 pid:15680 tgid:15677 ppid:14688  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5257 [inline]
 __schedule+0x14bc/0x5000 kernel/sched/core.c:6864
 __schedule_loop kernel/sched/core.c:6946 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6961
 schedule_timeout+0x9a/0x270 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:100 [inline]
 __wait_for_common kernel/sched/completion.c:121 [inline]
 wait_for_common kernel/sched/completion.c:132 [inline]
 wait_for_completion+0x2bf/0x5d0 kernel/sched/completion.c:153
 disable_device+0x1c6/0x320 drivers/infiniband/core/device.c:1325
 __ib_unregister_device+0x2cb/0x3f0 drivers/infiniband/core/device.c:1555
 ib_unregister_device_and_put+0xb8/0xf0 drivers/infiniband/core/device.c:1620
 nldev_dellink+0x2d1/0x320 drivers/infiniband/core/nldev.c:1827
 rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:-1 [inline]
 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
 rdma_nl_rcv+0x6ae/0x980 drivers/infiniband/core/netlink.c:259
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:728
 __sock_sendmsg net/socket.c:743 [inline]
 ____sys_sendmsg+0x577/0x880 net/socket.c:2626
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2680
 __sys_sendmsg net/socket.c:2712 [inline]
 __do_sys_sendmsg net/socket.c:2717 [inline]
 __se_sys_sendmsg net/socket.c:2715 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2715
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fca56b8f749
RSP: 002b:00007fca57a72038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fca56de6180 RCX: 00007fca56b8f749
RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 000000000000000a
RBP: 00007fca56c13f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fca56de6218 R14: 00007fca56de6180 R15: 00007ffeed1af618
 </TASK>

Showing all locks held in the system:
1 lock held by ksoftirqd/1/23:
1 lock held by khungtaskd/31:
 #0: ffffffff8e33d820 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e33d820 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8e33d820 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
4 locks held by kworker/u8:7/1148:
 #0: ffff88801badf148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3236
 #1: ffffc90003f7fb80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3237
 #2: ffffffff8f6e8970 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x7a0 net/core/net_namespace.c:670
 #3: ffff888030ba0700 (&device->unregistration_lock){+.+.}-{4:4}, at: rdma_dev_change_netns+0x39/0x300 drivers/infiniband/core/device.c:1703
2 locks held by getty/5580:
 #0: ffff88814e0600a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460 drivers/tty/n_tty.c:2211
6 locks held by kworker/1:5/5909:
 #0: ffff8881422f1d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3236
 #1: ffffc900044efb80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3237
 #2: ffff888143791198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #2: ffff888143791198 (&dev->mutex){....}-{4:4}, at: hub_event+0x187/0x4ef0 drivers/usb/core/hub.c:5899
 #3: ffff8880547fe198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #3: ffff8880547fe198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x430 drivers/base/dd.c:1006
 #4: ffff88803e371160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #4: ffff88803e371160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x430 drivers/base/dd.c:1006
 #5: ffffffff8e1e2ed0 (umhelper_sem){++++}-{4:4}, at: usermodehelper_read_trylock+0xf0/0x2b0 kernel/umh.c:214
5 locks held by kworker/1:9/5920:
 #0: ffff8881422f1d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3236
 #1: ffffc900045efb80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3237
 #2: ffff8880294d8198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #2: ffff8880294d8198 (&dev->mutex){....}-{4:4}, at: hub_event+0x187/0x4ef0 drivers/usb/core/hub.c:5899
 #3: ffff8881426b6198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #3: ffff8881426b6198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x430 drivers/base/dd.c:1006
 #4: ffff8881446ad160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #4: ffff8881446ad160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x430 drivers/base/dd.c:1006
2 locks held by syz.8.2991/15680:
 #0: ffffffff9a063f98 (&rdma_nl_types[idx].sem){.+.+}-{4:4}, at: rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:164 [inline]
 #0: ffffffff9a063f98 (&rdma_nl_types[idx].sem){.+.+}-{4:4}, at: rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
 #0: ffffffff9a063f98 (&rdma_nl_types[idx].sem){.+.+}-{4:4}, at: rdma_nl_rcv+0x302/0x980 drivers/infiniband/core/netlink.c:259
 #1: ffff888030ba0700 (&device->unregistration_lock){+.+.}-{4:4}, at: __ib_unregister_device+0x284/0x3f0 drivers/infiniband/core/device.c:1551
2 locks held by syz-executor/15928:
5 locks held by kworker/1:4/19413:
 #0: ffff8881422f1d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3236
 #1: ffffc90003837b80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3237
 #2: ffff8881437a1198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #2: ffff8881437a1198 (&dev->mutex){....}-{4:4}, at: hub_event+0x187/0x4ef0 drivers/usb/core/hub.c:5899
 #3: ffff888141eb6198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #3: ffff888141eb6198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x430 drivers/base/dd.c:1006
 #4: ffff888061572160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #4: ffff888061572160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x430 drivers/base/dd.c:1006
2 locks held by rm/22436:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xf95/0xfe0 kernel/hung_task.c:515
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 22438 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:ma_slots lib/maple_tree.c:708 [inline]
RIP: 0010:mas_get_slot lib/maple_tree.c:6632 [inline]
RIP: 0010:mas_validate_gaps lib/maple_tree.c:6900 [inline]
RIP: 0010:mt_validate+0x23d1/0x4390 lib/maple_tree.c:7176
Code: f6 e9 d8 01 00 00 e8 0e b2 66 f6 48 8b 5c 24 38 4c 8b bc 24 38 01 00 00 4d 89 fc 49 81 e4 00 ff ff ff 41 c1 ef 03 41 83 e7 0f <4c> 89 ff 48 c7 c6 40 8d a6 8f e8 60 b7 66 f6 41 83 ff 01 7f 12 45
RSP: 0018:ffffc90003e7f2a0 EFLAGS: 00000202
RAX: ffffffff8b5b2df2 RBX: ffffffff8cb721e1 RCX: ffff88802f7e8000
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000000f
RBP: ffffc90003e7f490 R08: ffff88802f7e8000 R09: 0000000000000004
R10: 0000000000000003 R11: 0000000000000000 R12: ffff8880418baa00
R13: 0000000000000000 R14: 00007fc438cb7fff R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff888125b3e000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc4389c7eb8 CR3: 000000004489a000 CR4: 00000000003526f0
DR0: 0000000000000008 DR1: 0000000000000002 DR2: 0000000000000404
DR3: ffffffffefffff18 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 validate_mm+0xae/0x4a0 mm/vma.c:644
 vms_complete_munmap_vmas+0x6aa/0x8a0 mm/vma.c:1299
 __mmap_complete+0x7b/0x610 mm/vma.c:2540
 __mmap_region mm/vma.c:2717 [inline]
 mmap_region+0x11e3/0x1d10 mm/vma.c:2786
 do_mmap+0xc45/0x10d0 mm/mmap.c:558
 vm_mmap_pgoff+0x2a6/0x4d0 mm/util.c:581
 ksys_mmap_pgoff+0x51f/0x760 mm/mmap.c:604
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc438cb2242
Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 46 40 01 00 16 00
RSP: 002b:00007ffef3f09dc8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007fc4389af000 RCX: 00007fc438cb2242
RDX: 0000000000000001 RSI: 0000000000008000 RDI: 00007fc4389af000
RBP: 0000000000000812 R08: 0000000000000003 R09: 0000000000024000
R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffef3f09e50
R13: 00007fc438c87ab0 R14: 00007ffef3f0a240 R15: 00000fffde7e13bc
 </TASK>