syzbot

INFO: task syz.1.3255:23585 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.3255      state:D stack:27528 pid:23585 tgid:23584 ppid:18359  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1295/0x67a0 kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0xced/0x1b10 kernel/locking/mutex.c:820
 nfsd_nl_version_set_doit+0xc4/0x7a0 fs/nfsd/nfsctl.c:1798
 genl_family_rcv_msg_doit+0x214/0x300 net/netlink/genetlink.c:1114
 genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
 genl_rcv_msg+0x560/0x800 net/netlink/genetlink.c:1209
 netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2555
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1218
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x585/0x850 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1899
 sock_sendmsg_nosec net/socket.c:787 [inline]
 __sock_sendmsg net/socket.c:802 [inline]
 ____sys_sendmsg+0x9e1/0xb70 net/socket.c:2698
 ___sys_sendmsg+0x190/0x1e0 net/socket.c:2752
 __sys_sendmsg+0x170/0x220 net/socket.c:2784
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x115/0x840 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdf86f9ce59
RSP: 002b:00007fdf87e9e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fdf87215fa0 RCX: 00007fdf86f9ce59
RDX: 0000000004004840 RSI: 00002000000004c0 RDI: 0000000000000003
RBP: 00007fdf87032d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fdf87216038 R14: 00007fdf87215fa0 R15: 00007ffe6daa1588
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8e7e5360 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff8e7e5360 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff8e7e5360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
2 locks held by getty/7066:
 #0: ffff888032d480a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc90005d4b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0 drivers/tty/n_tty.c:2211
3 locks held by kworker/0:8/18694:
 #0: ffff88813fe57140 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3289
 #1: ffffc90003a3fd08 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3290
 #2: ffff888020f30250 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1b8/0x63b0 drivers/net/netdevsim/fib.c:1490
2 locks held by syz-executor/18712:
 #0: ffff88807ef580d8 (&type->s_umount_key#54){++++}-{4:4}, at: __super_lock fs/super.c:58 [inline]
 #0: ffff88807ef580d8 (&type->s_umount_key#54){++++}-{4:4}, at: __super_lock_excl fs/super.c:73 [inline]
 #0: ffff88807ef580d8 (&type->s_umount_key#54){++++}-{4:4}, at: deactivate_super fs/super.c:508 [inline]
 #0: ffff88807ef580d8 (&type->s_umount_key#54){++++}-{4:4}, at: deactivate_super+0xdf/0x110 fs/super.c:505
 #1: ffffffff8ec624a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 fs/nfsd/nfssvc.c:576
1 lock held by dhcpcd/21738:
 #0: ffff888036251f00 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1029 [inline]
 #0: ffff888036251f00 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x86/0x260 net/socket.c:721
2 locks held by syz.8.3248/23543:
 #0: ffffffff906b5128 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
 #1: ffffffff8ec624a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x8c8/0x1100 fs/nfsd/nfsctl.c:1644
2 locks held by syz.1.3255/23585:
 #0: ffffffff906b5128 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
 #1: ffffffff8ec624a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_set_doit+0xc4/0x7a0 fs/nfsd/nfsctl.c:1798
2 locks held by syz-executor/23820:
 #0: ffff8880b19a40d8 (&type->s_umount_key#54){++++}-{4:4}, at: __super_lock fs/super.c:58 [inline]
 #0: ffff8880b19a40d8 (&type->s_umount_key#54){++++}-{4:4}, at: __super_lock_excl fs/super.c:73 [inline]
 #0: ffff8880b19a40d8 (&type->s_umount_key#54){++++}-{4:4}, at: deactivate_super fs/super.c:508 [inline]
 #0: ffff8880b19a40d8 (&type->s_umount_key#54){++++}-{4:4}, at: deactivate_super+0xdf/0x110 fs/super.c:505
 #1: ffffffff8ec624a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 fs/nfsd/nfssvc.c:576
2 locks held by syz-executor/23871:
 #0: ffff88803668c0d8 (&type->s_umount_key#54){++++}-{4:4}, at: __super_lock fs/super.c:58 [inline]
 #0: ffff88803668c0d8 (&type->s_umount_key#54){++++}-{4:4}, at: __super_lock_excl fs/super.c:73 [inline]
 #0: ffff88803668c0d8 (&type->s_umount_key#54){++++}-{4:4}, at: deactivate_super fs/super.c:508 [inline]
 #0: ffff88803668c0d8 (&type->s_umount_key#54){++++}-{4:4}, at: deactivate_super+0xdf/0x110 fs/super.c:505
 #1: ffffffff8ec624a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 fs/nfsd/nfssvc.c:576
2 locks held by syz.7.3364/24405:
 #0: ffffffff906b5128 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
 #1: ffffffff8ec624a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x8c8/0x1100 fs/nfsd/nfsctl.c:1644
2 locks held by syz-executor/24814:
 #0: ffff88807c8160d8 (&type->s_umount_key#54){++++}-{4:4}, at: __super_lock fs/super.c:58 [inline]
 #0: ffff88807c8160d8 (&type->s_umount_key#54){++++}-{4:4}, at: __super_lock_excl fs/super.c:73 [inline]
 #0: ffff88807c8160d8 (&type->s_umount_key#54){++++}-{4:4}, at: deactivate_super fs/super.c:508 [inline]
 #0: ffff88807c8160d8 (&type->s_umount_key#54){++++}-{4:4}, at: deactivate_super+0xdf/0x110 fs/super.c:505
 #1: ffffffff8ec624a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 fs/nfsd/nfssvc.c:576
1 lock held by syz-executor/25635:
 #0: ffff888052edcea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 net/bluetooth/hci_core.c:500
1 lock held by syz-executor/25830:
 #0: ffffffff8e7f0ea8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 kernel/rcu/tree_exp.h:311
1 lock held by syz-executor/25877:
 #0: ffffffff8e7f0ea8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343
4 locks held by cmp/26068:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x141/0x190 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
 watchdog+0xcb1/0x1030 kernel/hung_task.c:561
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>