syzbot

INFO: task syz.0.1183:11358 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.1183      state:D stack:27368 pid:11358 tgid:11343 ppid:5832   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0xfee/0x60e0 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7004
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
 nfsd_nl_version_get_doit+0x18c/0x7f0 fs/nfsd/nfsctl.c:1818
 genl_family_rcv_msg_doit+0x214/0x300 net/netlink/genetlink.c:1114
 genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
 genl_rcv_msg+0x560/0x800 net/netlink/genetlink.c:1209
 netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1218
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0xa54/0xc30 net/socket.c:2592
 ___sys_sendmsg+0x190/0x1e0 net/socket.c:2646
 __sys_sendmsg+0x170/0x220 net/socket.c:2678
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f12fe99c629
RSP: 002b:00007f12ff83c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f12fec16270 RCX: 00007f12fe99c629
RDX: 0000000020008040 RSI: 00002000000000c0 RDI: 000000000000000a
RBP: 00007f12fea32b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f12fec16308 R14: 00007f12fec16270 R15: 00007ffd06042448
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/30:
 #0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
2 locks held by getty/5583:
 #0: ffff888034fcd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 drivers/tty/n_tty.c:2211
2 locks held by syz-executor/5834:
 #0: ffff88807b6540e0 (&type->s_umount_key#56){+.+.}-{4:4}, at: __super_lock fs/super.c:58 [inline]
 #0: ffff88807b6540e0 (&type->s_umount_key#56){+.+.}-{4:4}, at: __super_lock_excl fs/super.c:73 [inline]
 #0: ffff88807b6540e0 (&type->s_umount_key#56){+.+.}-{4:4}, at: deactivate_super fs/super.c:508 [inline]
 #0: ffff88807b6540e0 (&type->s_umount_key#56){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 fs/super.c:505
 #1: ffffffff8ec58388 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 fs/nfsd/nfssvc.c:575
2 locks held by syz-executor/5835:
3 locks held by kworker/1:3/5913:
 #0: 
ffff88813fe63548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
 #1: ffffc900043c7d08 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
 #2: ffffffff8e7f4d00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 kernel/rcu/tree.c:3828
2 locks held by syz.3.1116/11084:
 #0: ffffffff906be0b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
 #1: ffffffff8ec58388 (nfsd_mutex){+.+.}-{4:4}
, at: nfsd_nl_listener_set_doit+0xd5/0x1b20 fs/nfsd/nfsctl.c:1893
4 locks held by syz.2.1143/11194:
2 locks held by syz.0.1183/11358:
 #0: ffffffff906be0b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
 #1: ffffffff8ec58388 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_get_doit+0x18c/0x7f0 fs/nfsd/nfsctl.c:1818
7 locks held by kworker/u10:0/11421:
2 locks held by kworker/u10:4/11429:
1 lock held by syz-executor/11511:
5 locks held by kworker/u10:6/11519:
1 lock held by syz.2.1498/12944:
2 locks held by syz.2.1498/12949:
2 locks held by syz.2.1514/13018:
2 locks held by syz.6.1531/13074:
 #0: ffff888044b0e3c8
 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline]
 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: __sock_release+0x86/0x260 net/socket.c:661
 #1: ffff888020ff5060 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #1: ffff888020ff5060 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_unhash+0x1c/0x370 net/phonet/pep.c:1326
2 locks held by syz.6.1533/13079:
 #0: ffffffff905f95d0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 net/core/net_namespace.c:577
 #1: ffffffff8e7f4e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343
1 lock held by syz.2.1532/13084:
 #0: ffffffff905f95d0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 net/core/net_namespace.c:577
1 lock held by syz.4.1536/13105:
 #0: ffffffff905f95d0 (pernet_ops_rwsem){++++}-{4:4}
, at: copy_net_ns+0x451/0x7c0 net/core/net_namespace.c:577
1 lock held by syz.5.1538/13113:
 #0: ffffffff8e7f4e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x141/0x190 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xd25/0x1050 kernel/hung_task.c:515
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 12944 Comm: syz.2.1498 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:lookup_page_ext+0x69/0x100 mm/page_ext.c:258
Code: ef 0f e8 3a fa ff ff 48 ba 00 00 00 00 00 fc ff df 48 8d 78 10 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 84 00 00 00 48 8b 68 10 <e8> e2 b4 6b ff 31 ff 41 89 c4 89 c6 e8 e6 d4 87 ff 45 85 e4 74 4e
RSP: 0018:ffffc90004b9f1b8 EFLAGS: 00000246
RAX: ffff88813ff1e200 RBX: 000000000008012c RCX: 1ffff11027fe3c42
RDX: dffffc0000000000 RSI: ffffffff82801bba RDI: ffff88813ff1e210
RBP: ffff88801d000000 R08: 0000000000000006 R09: 0000000000001000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffea0002004b00
R13: 000000847848e26d R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888124351000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563f2a214f40 CR3: 000000002a130000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 page_ext_get+0x58/0x1a0 mm/page_ext.c:532
 __reset_page_owner+0x2b/0x190 mm/page_owner.c:306
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1433 [inline]
 free_unref_folios+0xaea/0x1790 mm/page_alloc.c:3040
 folios_put_refs+0x53c/0x840 mm/swap.c:1002
 folio_batch_release include/linux/pagevec.h:101 [inline]
 shmem_undo_range+0x5e5/0x1570 mm/shmem.c:1149
 shmem_truncate_range mm/shmem.c:1277 [inline]
 shmem_evict_inode+0x39e/0xbd0 mm/shmem.c:1407
 evict+0x3c2/0xad0 fs/inode.c:846
 iput_final fs/inode.c:1966 [inline]
 iput.part.0+0x605/0xf50 fs/inode.c:2015
 iput+0x35/0x40 fs/inode.c:1981
 dentry_unlink_inode+0x2a1/0x490 fs/dcache.c:467
 __dentry_kill+0x1d0/0x600 fs/dcache.c:670
 finish_dput+0x76/0x480 fs/dcache.c:879
 dput.part.0+0x456/0x570 fs/dcache.c:928
 dput+0x1f/0x30 fs/dcache.c:920
 __fput+0x519/0xb40 fs/file_table.c:477
 task_work_run+0x150/0x240 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x829/0x2aa0 kernel/exit.c:971
 do_group_exit+0xd5/0x2a0 kernel/exit.c:1112
 get_signal+0x1ec7/0x21e0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x91/0x770 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:98 [inline]
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:270 [inline]
 irqentry_exit_to_user_mode include/linux/irq-entry-common.h:339 [inline]
 irqentry_exit+0x1f8/0x670 kernel/entry/common.c:219
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7feb03b9c631
Code: Unable to access opcode bytes at 0x7feb03b9c607.
RSP: 002b:0000000080000007 EFLAGS: 00010217
RAX: 0000000000000000 RBX: 00007feb03e15fa0 RCX: 00007feb03b9c629
RDX: 9999999999999999 RSI: 0000000080000007 RDI: 0000000000000021
RBP: 00007feb03c32b39 R08: 0000000000000006 R09: 0000000000000000
R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007feb03e16038 R14: 00007feb03e15fa0 R15: 00007ffeb75d6848
 </TASK>