syzbot

INFO: task syz.1.1558:11593 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.1558      state:D stack:27280 pid:11593 tgid:11584 ppid:5806   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0xfee/0x6120 kernel/sched/core.c:6911
 __schedule_loop kernel/sched/core.c:6993 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7008
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
 nfsd_nl_rpc_status_get_dumpit+0xb7/0x1200 fs/nfsd/nfsctl.c:1494
 genl_dumpit+0x125/0x230 net/netlink/genetlink.c:1026
 netlink_dump+0x539/0xd30 net/netlink/af_netlink.c:2325
 __netlink_dump_start+0x6d6/0x990 net/netlink/af_netlink.c:2440
 genl_family_rcv_msg_dumpit+0x1e2/0x2e0 net/netlink/genetlink.c:1075
 genl_family_rcv_msg net/netlink/genetlink.c:1191 [inline]
 genl_rcv_msg+0x471/0x800 net/netlink/genetlink.c:1209
 netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1218
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:792 [inline]
 __sock_sendmsg net/socket.c:807 [inline]
 ____sys_sendmsg+0x9e1/0xb70 net/socket.c:2657
 ___sys_sendmsg+0x190/0x1e0 net/socket.c:2711
 __sys_sendmsg+0x170/0x220 net/socket.c:2743
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a9779c819
RSP: 002b:00007f0a98689028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f0a97a16090 RCX: 00007f0a9779c819
RDX: 0000000000000800 RSI: 0000200000000180 RDI: 0000000000000006
RBP: 00007f0a97832c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0a97a16128 R14: 00007f0a97a16090 R15: 00007ffc32686d68
 </TASK>

Showing all locks held in the system:
2 locks held by kworker/1:0/24:
 #0: ffff88813fe67148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 kernel/workqueue.c:3263
 #1: ffffc900001e7d08 ((work_completion)(&m->mpeg_thread)){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 kernel/workqueue.c:3264
1 lock held by khungtaskd/30:
 #0: ffffffff8e7e6b20 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:309 [inline]
 #0: ffffffff8e7e6b20 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:847 [inline]
 #0: ffffffff8e7e6b20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
2 locks held by kworker/1:1/53:
2 locks held by getty/5565:
 #0: ffff8880394fb0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 drivers/tty/n_tty.c:2211
2 locks held by kworker/1:6/5918:
3 locks held by kworker/0:7/5928:
1 lock held by syz.2.650/8260:
 #0: ffffffff906190e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
 #0: ffffffff906190e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 drivers/net/tun.c:3436
2 locks held by syz.4.970/9368:
 #0: ffffffff906c5430 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
 #1: ffffffff8ec5a4c8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xd5/0x1a80 fs/nfsd/nfsctl.c:1903
3 locks held by kworker/0:9/11346:
 #0: ffff88813fe67148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 kernel/workqueue.c:3263
 #1: ffffc90006a37d08 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 kernel/workqueue.c:3264
 #2: ffffffff8e7f2678 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343
3 locks held by syz.1.1558/11593:
 #0: ffffffff906c5430 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
 #1: ffff8880372e26f0 (nlk_cb_mutex-GENERIC){+.+.}-{4:4}, at: __netlink_dump_start+0x150/0x990 net/netlink/af_netlink.c:2404
 #2: ffffffff8ec5a4c8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_rpc_status_get_dumpit+0xb7/0x1200 fs/nfsd/nfsctl.c:1494
3 locks held by syz.8.2084/13804:
 #0: ffff88804d364ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 net/bluetooth/hci_core.c:500
 #1: ffff88804d3640c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x35c/0x1240 net/bluetooth/hci_sync.c:5356
 #2: ffffffff908b25c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2151 [inline]
 #2: ffffffff908b25c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x280 net/bluetooth/hci_conn.c:2650
4 locks held by syz.7.2122/13813:
 #0: ffff88807b7acec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 net/bluetooth/hci_core.c:500
 #1: ffff88807b7ac0c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x35c/0x1240 net/bluetooth/hci_sync.c:5356
 #2: ffffffff908b25c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2151 [inline]
 #2: ffffffff908b25c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x280 net/bluetooth/hci_conn.c:2650
 #3: ffff888054cedb00 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x95/0x710 net/bluetooth/l2cap_core.c:1777
1 lock held by syz.5.2124/13819:
 #0: ffffffff906190e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
 #0: ffffffff906190e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 drivers/net/tun.c:3436
2 locks held by dhcpcd/13848:
 #0: ffff88804d04a260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff88804d04a260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf50 net/packet/af_packet.c:3198
 #1: ffffffff8e7f2678 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343
1 lock held by dhcpcd/13849:
 #0: ffff888026828260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff888026828260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf50 net/packet/af_packet.c:3198

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x141/0x190 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xd25/0x1050 kernel/hung_task.c:515
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:63
Code: f7 80 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 1f 19 00 fb f4 <e9> cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffffff8e407e00 EFLAGS: 00000246
RAX: 0000000002ed3bb7 RBX: ffffffff8e4975c0 RCX: ffffffff8b926d45
RDX: 0000000000000000 RSI: ffffffff8de8208a RDI: ffffffff8c1b62a0
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed101708679d
R10: ffff8880b8433ceb R11: 0000000000000000 R12: 0000000000000000
R13: fffffbfff1c92eb8 R14: 0000000000000000 R15: ffffffff90da2a10
FS:  0000000000000000(0000) GS:ffff88812432b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff2bd305f0 CR3: 000000000e598000 CR4: 00000000003526f0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/include/asm/paravirt.h:73 [inline]
 default_idle+0x9/0x10 arch/x86/kernel/process.c:767
 default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:199 [inline]
 do_idle+0x464/0x590 kernel/sched/idle.c:352
 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:451
 rest_init+0x251/0x260 init/main.c:761
 start_kernel+0x47f/0x480 init/main.c:1218
 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
 x86_64_start_kernel+0x12b/0x130 arch/x86/kernel/head64.c:291
 common_startup_64+0x13e/0x148
 </TASK>