INFO: task syz.4.1474:13249 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.1474      state:D stack:23520 pid:13249 tgid:13247 ppid:11468  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5258 [inline]
 __schedule+0x150e/0x5070 kernel/sched/core.c:6866
 __schedule_loop kernel/sched/core.c:6948 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6963
 schedule_timeout+0x9a/0x270 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:100 [inline]
 __wait_for_common kernel/sched/completion.c:121 [inline]
 wait_for_common kernel/sched/completion.c:132 [inline]
 wait_for_completion+0x2bf/0x5d0 kernel/sched/completion.c:153
 disable_device+0x1cb/0x320 drivers/infiniband/core/device.c:1326
 __ib_unregister_device+0x2cb/0x3f0 drivers/infiniband/core/device.c:1581
 ib_unregister_device_and_put+0xb8/0xf0 drivers/infiniband/core/device.c:1646
 nldev_dellink+0x2d1/0x320 drivers/infiniband/core/nldev.c:1827
 rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:-1 [inline]
 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
 rdma_nl_rcv+0x6ae/0x980 drivers/infiniband/core/netlink.c:259
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
 __sock_sendmsg net/socket.c:752 [inline]
 ____sys_sendmsg+0x577/0x880 net/socket.c:2610
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2664
 __sys_sendmsg net/socket.c:2696 [inline]
 __do_sys_sendmsg net/socket.c:2701 [inline]
 __se_sys_sendmsg net/socket.c:2699 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2699
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8cd6f8f749
RSP: 002b:00007f8cd7db1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f8cd71e6090 RCX: 00007f8cd6f8f749
RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000006
RBP: 00007f8cd7013f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8cd71e6128 R14: 00007f8cd71e6090 R15: 00007ffe8a27aaf8
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8e13f2e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e13f2e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8e13f2e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
4 locks held by kworker/u8:7/1164:
 #0: ffff88801baa7148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3254
 #1: ffffc90003c7fb80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3255
 #2: ffffffff8f504e10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x7a0 net/core/net_namespace.c:670
 #3: ffff888033ae4700 (&device->unregistration_lock){+.+.}-{4:4}, at: rdma_dev_change_netns+0x39/0x310 drivers/infiniband/core/device.c:1733
3 locks held by acpid/5184:
 #0: ffff88807f1f6160 (&mousedev->mutex#2){+.+.}-{4:4}, at: mousedev_close_device+0x2e/0xd0 drivers/input/mousedev.c:441
 #1: ffff8880778872c0 (&dev->mutex#2){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #1: ffff8880778872c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_close_device+0x4c/0x280 drivers/input/input.c:646
 #2: ffffffff8e144e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
 #2: ffffffff8e144e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:956
2 locks held by getty/5583:
 #0: ffff88814dcdb0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460 drivers/tty/n_tty.c:2211
5 locks held by kworker/1:10/6622:
 #0: ffff88813fe15948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3254
 #1: ffffc9000b4ffb80 ((work_completion)(&intf->reset_ws)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3255
 #2: ffff88804a19f198 (&dev->mutex){....}-{4:4}, at: device_trylock include/linux/device.h:905 [inline]
 #2: ffff88804a19f198 (&dev->mutex){....}-{4:4}, at: usb_lock_device_for_reset+0x123/0x340 drivers/usb/core/usb.c:907
 #3: ffff8881443ec518 (&port_dev->status_lock){+.+.}-{4:4}, at: usb_lock_port drivers/usb/core/hub.c:3252 [inline]
 #3: ffff8881443ec518 (&port_dev->status_lock){+.+.}-{4:4}, at: usb_reset_device+0x549/0xb50 drivers/usb/core/hub.c:6409
 #4: ffff888144357d68 (hcd->address0_mutex){+.+.}-{4:4}, at: usb_reset_and_verify_device+0x372/0x1ad0 drivers/usb/core/hub.c:6204
2 locks held by syz.4.1474/13249:
 #0: ffffffff99eb9ef8 (&rdma_nl_types[idx].sem){.+.+}-{4:4}, at: rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:164 [inline]
 #0: ffffffff99eb9ef8 (&rdma_nl_types[idx].sem){.+.+}-{4:4}, at: rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
 #0: ffffffff99eb9ef8 (&rdma_nl_types[idx].sem){.+.+}-{4:4}, at: rdma_nl_rcv+0x302/0x980 drivers/infiniband/core/netlink.c:259
 #1: ffff888033ae4700 (&device->unregistration_lock){+.+.}-{4:4}, at: __ib_unregister_device+0x284/0x3f0 drivers/infiniband/core/device.c:1577
2 locks held by syz.2.1638/14058:
 #0: ffffffff8f504e10 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 net/core/net_namespace.c:577
 #1: ffff888033ae4700 (&device->unregistration_lock){+.+.}-{4:4}, at: rdma_dev_change_netns+0x39/0x310 drivers/infiniband/core/device.c:1733
2 locks held by syz.7.1695/14242:
 #0: ffffffff8f504e10 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 net/core/net_namespace.c:577
 #1: ffff888033ae4700 (&device->unregistration_lock){+.+.}-{4:4}, at: rdma_dev_change_netns+0x39/0x310 drivers/infiniband/core/device.c:1733
2 locks held by kworker/u8:14/15307:
 #0: ffff8881442a1148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3254
 #1: ffffc9000d86fb80 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3255
1 lock held by syz-executor/15748:
 #0: ffffffff8e144e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
 #0: ffffffff8e144e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:956
2 locks held by syz.8.2023/16063:
 #0: ffff8880946cf118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_close_device drivers/input/evdev.c:402 [inline]
 #0: ffff8880946cf118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_release+0x706/0x800 drivers/input/evdev.c:447
 #1: ffff8880778872c0 (&dev->mutex#2){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #1: ffff8880778872c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_close_device+0x4c/0x280 drivers/input/input.c:646
4 locks held by kworker/1:13/16111:
 #0: ffff88814229b548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3254
 #1: ffffc9000b67fb80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3255
 #2: ffff8881443e9198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #2: ffff8881443e9198 (&dev->mutex){....}-{4:4}, at: hub_event+0x187/0x4ef0 drivers/usb/core/hub.c:5899
 #3: ffff8881443ec518 (&port_dev->status_lock){+.+.}-{4:4}, at: usb_lock_port drivers/usb/core/hub.c:3252 [inline]
 #3: ffff8881443ec518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x639/0x4ef0 drivers/usb/core/hub.c:5952
3 locks held by dhcpcd-run-hook/16150:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:363 [inline]
 watchdog+0xe40/0xe90 kernel/hung_task.c:557
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 15535 Comm: kworker/1:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: rcu_gp process_srcu
RIP: 0010:make_kuid+0x0/0x680 kernel/user_namespace.c:423
Code: 80 c1 03 38 c1 0f 8c 2f fe ff ff 4c 89 e7 e8 67 2c 6b 00 e9 22 fe ff ff 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48
RSP: 0018:ffffc90000a08258 EFLAGS: 00000246
RAX: 1ffff110124e701e RBX: 0000000000000000 RCX: dffffc0000000000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffffffff8dfe0f80
RBP: ffffc90000a083b0 R08: ffff88807d6b1e80 R09: 0000000000000002
R10: 0000000000000029 R11: 0000000000000100 R12: ffff8880927380f0
R13: 0000000000000600 R14: ffff888032872108 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125d25000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055699ab41660 CR3: 0000000032e4a000 CR4: 00000000003526f0
DR0: 000016000005fd01 DR1: fffffffffffffff7 DR2: 0000000000000000
DR3: 000000000000000a DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 sock_net_uid include/net/sock.h:2148 [inline]
 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1392 [inline]
 ip6_tnl_start_xmit+0xa7c/0x1150 net/ipv6/ip6_tunnel.c:1448
 __netdev_start_xmit include/linux/netdevice.h:5288 [inline]
 netdev_start_xmit include/linux/netdevice.h:5297 [inline]
 xmit_one net/core/dev.c:3854 [inline]
 dev_hard_start_xmit+0x2cd/0x800 net/core/dev.c:3870
 __dev_queue_xmit+0x1493/0x3140 net/core/dev.c:4818
 neigh_output include/net/neighbour.h:556 [inline]
 ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ndisc_send_skb+0xbce/0x1510 net/ipv6/ndisc.c:512
 addrconf_rs_timer+0x369/0x6a0 net/ipv6/addrconf.c:4037
 call_timer_fn+0x16e/0x590 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x61a/0x860 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2404
 handle_softirqs+0x27d/0x850 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:727
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:delay_tsc+0x5b/0xc0 arch/x86/lib/delay.c:79
Code: 90 49 89 d7 49 c1 e7 20 49 09 c7 4d 29 f7 49 39 df 73 53 bf 01 00 00 00 e8 e2 b3 34 f6 65 8b 05 3b 59 43 07 85 c0 74 1c f3 90 <bf> 01 00 00 00 e8 2b b2 34 f6 e8 16 77 01 00 39 c5 75 0e 0f 01 f9
RSP: 0018:ffffc90004c6f8b0 EFLAGS: 00000286
RAX: 0000000080000000 RBX: 0000000000002afa RCX: 0000000000000000
RDX: 000000000000015f RSI: ffffffff8be07940 RDI: 00000000ffffffff
RBP: 0000000000000001 R08: ffff8880b8734b87 R09: 1ffff110170e6970
R10: dffffc0000000000 R11: ffffffff8b5c56a0 R12: 0000000000000001
R13: 000000000000188e R14: 0000015fed45b0da R15: 0000000000001c76
 udelay include/asm-generic/delay.h:64 [inline]
 try_check_zero+0x412/0x470 kernel/rcu/srcutree.c:1182
 srcu_advance_state kernel/rcu/srcutree.c:1886 [inline]
 process_srcu+0x2d3/0x1220 kernel/rcu/srcutree.c:1995
 process_one_work+0x93a/0x15a0 kernel/workqueue.c:3279
 process_scheduled_works kernel/workqueue.c:3362 [inline]
 worker_thread+0x9b0/0xee0 kernel/workqueue.c:3443
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>