INFO: task syz.2.757:8336 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.757       state:D stack:24296 pid:8336  tgid:8335  ppid:5837   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x16f5/0x4d00
 schedule+0x165/0x360
 schedule_timeout+0x9a/0x270
 wait_for_completion+0x2bf/0x5d0
 __flush_workqueue+0x6f7/0x14b0
 nbd_disconnect_and_put+0x9e/0x2a0
 nbd_genl_disconnect+0x485/0x570
 genl_family_rcv_msg_doit+0x215/0x300
 genl_rcv_msg+0x60e/0x790
 netlink_rcv_skb+0x208/0x470
 genl_rcv+0x28/0x40
 netlink_unicast+0x75c/0x8e0
 netlink_sendmsg+0x805/0xb30
 __sock_sendmsg+0x21c/0x270
 ____sys_sendmsg+0x505/0x830
 ___sys_sendmsg+0x21f/0x2a0
 __x64_sys_sendmsg+0x19b/0x260
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcccb38e929
RSP: 002b:00007fcccc269038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fcccb5b5fa0 RCX: 00007fcccb38e929
RDX: 00000000000000c0 RSI: 0000200000000280 RDI: 0000000000000006
RBP: 00007fcccb410b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fcccb5b5fa0 R15: 00007ffdf849daa8
 </TASK>
INFO: task syz.2.757:8337 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.757       state:D stack:27240 pid:8337  tgid:8335  ppid:5837   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x16f5/0x4d00
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x724/0xe80
 genl_rcv_msg+0x10d/0x790
 netlink_rcv_skb+0x208/0x470
 genl_rcv+0x28/0x40
 netlink_unicast+0x75c/0x8e0
 netlink_sendmsg+0x805/0xb30
 __sock_sendmsg+0x21c/0x270
 __sys_sendto+0x3bd/0x520
 __x64_sys_sendto+0xde/0x100
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcccb3907bc
RSP: 002b:00007fcccc246ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fcccc246fc0 RCX: 00007fcccb3907bc
RDX: 0000000000000020 RSI: 00007fcccc247010 RDI: 000000000000000c
RBP: 0000000000000000 R08: 00007fcccc246f14 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000c
R13: 00007fcccc246f68 R14: 00007fcccc247010 R15: 0000000000000000
 </TASK>
INFO: task syz.1.759:8345 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.759       state:D stack:28312 pid:8345  tgid:8344  ppid:5831   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x16f5/0x4d00
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x724/0xe80
 genl_rcv_msg+0x10d/0x790
 netlink_rcv_skb+0x208/0x470
 genl_rcv+0x28/0x40
 netlink_unicast+0x75c/0x8e0
 netlink_sendmsg+0x805/0xb30
 __sock_sendmsg+0x21c/0x270
 __sys_sendto+0x3bd/0x520
 __x64_sys_sendto+0xde/0x100
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38f1b907bc
RSP: 002b:00007f38f2ac9ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f38f2ac9fc0 RCX: 00007f38f1b907bc
RDX: 0000000000000020 RSI: 00007f38f2aca010 RDI: 0000000000000004
RBP: 0000000000000000 R08: 00007f38f2ac9f14 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
R13: 00007f38f2ac9f68 R14: 00007f38f2aca010 R15: 0000000000000000
 </TASK>
INFO: task syz.1.759:8346 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.759       state:D stack:28072 pid:8346  tgid:8344  ppid:5831   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x16f5/0x4d00
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x724/0xe80
 genl_rcv_msg+0x10d/0x790
 netlink_rcv_skb+0x208/0x470
 genl_rcv+0x28/0x40
 netlink_unicast+0x75c/0x8e0
 netlink_sendmsg+0x805/0xb30
 __sock_sendmsg+0x21c/0x270
 ____sys_sendmsg+0x505/0x830
 ___sys_sendmsg+0x21f/0x2a0
 __x64_sys_sendmsg+0x19b/0x260
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38f1b8e929
RSP: 002b:00007f38f2aaa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f38f1db6080 RCX: 00007f38f1b8e929
RDX: 0000000020008840 RSI: 0000200000000000 RDI: 0000000000000005
RBP: 00007f38f1c10b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f38f1db6080 R15: 00007ffd2a3012f8
 </TASK>
INFO: task syz.0.761:8350 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.761       state:D stack:27624 pid:8350  tgid:8349  ppid:5836   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x16f5/0x4d00
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x724/0xe80
 genl_rcv_msg+0x10d/0x790
 netlink_rcv_skb+0x208/0x470
 genl_rcv+0x28/0x40
 netlink_unicast+0x75c/0x8e0
 netlink_sendmsg+0x805/0xb30
 __sock_sendmsg+0x21c/0x270
 __sys_sendto+0x3bd/0x520
 __x64_sys_sendto+0xde/0x100
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f47625907bc
RSP: 002b:00007f476340eec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f476340efc0 RCX: 00007f47625907bc
RDX: 0000000000000020 RSI: 00007f476340f010 RDI: 0000000000000007
RBP: 0000000000000000 R08: 00007f476340ef14 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000007
R13: 00007f476340ef68 R14: 00007f476340f010 R15: 0000000000000000
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/34:
 #0: ffffffff8e13f160 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
2 locks held by kworker/u12:0/55:
 #0: ffff888022583948 ((wq_completion)nbd1-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900007dfbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u13:0/56:
 #0: ffff888022662148 ((wq_completion)nbd2-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900007efbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by getty/5654:
 #0: ffff88810877a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
 #1: ffffc900029062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
2 locks held by kworker/u13:1/5940:
 #0: ffff8880227bb148 ((wq_completion)nbd6-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000410fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:1/5959:
 #0: ffff888022891948 ((wq_completion)nbd7-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900040afbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u13:2/6002:
 #0: ffff888022993148 ((wq_completion)nbd10-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000403fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:2/6138:
 #0: ffff88801e89d148 ((wq_completion)nbd14-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000462fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u13:3/6247:
 #0: ffff888022999948 ((wq_completion)nbd11-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900066afbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u13:4/6273:
 #0: ffff88811beaf148 ((wq_completion)nbd20-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900069a7bc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u13:5/6284:
 #0: ffff888022bfd948 ((wq_completion)nbd26-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000693fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:3/6347:
 #0: ffff888022a63148 ((wq_completion)nbd15-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90006e87bc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:4/6379:
 #0: ffff88803ad38148 ((wq_completion)nbd17-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90007027bc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:5/6621:
 #0: ffff88803c16a148 ((wq_completion)nbd22-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000467fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u13:6/6842:
 #0: ffff88803b903148 ((wq_completion)nbd29-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000332fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:6/6858:
 #0: ffff88801219a948 ((wq_completion)nbd27-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000459fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:7/7032:
 #0: ffff88803ad3c148 ((wq_completion)nbd28-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000445fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:8/7265:
 #0: ffff88802449b148 ((wq_completion)nbd30-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900026afbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:9/7330:
 #0: ffff88803b5d9148 ((wq_completion)nbd32-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000343fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:10/7610:
 #0: ffff88803b645948 ((wq_completion)nbd35-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90008267bc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:11/8065:
 #0: ffff888022bfc948 ((wq_completion)nbd36-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000448fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
2 locks held by kworker/u12:12/8080:
 #0: ffff88803b642148 ((wq_completion)nbd37-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90008d0fbc0 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
3 locks held by syz.2.757/8336:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
 #2: ffff888022586230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_disconnect_and_put+0x2f/0x2a0
2 locks held by syz.2.757/8337:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz.1.759/8345:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz.1.759/8346:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz.0.761/8350:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz-executor/8354:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz-executor/8356:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz-executor/8371:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz-executor/8381:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz-executor/8383:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz-executor/8398:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz-executor/8412:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz-executor/8414:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
2 locks held by syz-executor/8429:
 #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
 #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250
 nmi_cpu_backtrace+0x39e/0x3d0
 nmi_trigger_cpumask_backtrace+0x17a/0x300
 watchdog+0xfee/0x1030
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 5846 Comm: kworker/u8:2 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: bat_events batadv_nc_worker
RIP: 0010:check_preemption_disabled+0x5c/0x120
Code: fd 30 07 48 3b 4c 24 08 0f 85 cc 00 00 00 48 83 c4 10 5b 41 5e 41 5f 5d e9 51 c0 02 00 cc 48 c7 04 24 00 00 00 00 9c 8f 04 24 <f7> 04 24 00 02 00 00 74 c8 65 4c 8b 3c 25 08 50 a0 92 41 f6 47 2f
RSP: 0018:ffffc90003ddf980 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000202 RCX: 0000000080000000
RDX: 0000000000000000 RSI: ffffffff8d9ac3d0 RDI: ffffffff8be29dc0
RBP: fffffffffffffe38 R08: 0000000000000000 R09: ffffffff8b3cf902
R10: dffffc0000000000 R11: ffffffff8b3cf830 R12: dffffc0000000000
R13: ffffffff8b3cf902 R14: ffffffff8e13f160 R15: ffff888106ee0000
FS:  0000000000000000(0000) GS:ffff8880b861b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055cf9f1232a8 CR3: 000000000df38000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 lock_release+0xbc/0x3e0
 batadv_nc_worker+0x28c/0x610
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30
 </TASK>
