syzbot

INFO: task syz-executor:8113 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:22504 pid:8113  tgid:8113  ppid:1      task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1480/0x50a0 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7241
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2a8/0x6b0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:534 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:552
 add_one_compat_dev+0xf0/0x650 drivers/infiniband/core/device.c:979
 rdma_dev_init_net+0x238/0x2f0 drivers/infiniband/core/device.c:1221
 ops_init+0x35c/0x5c0 net/core/net_namespace.c:137
 setup_net+0x110/0x330 net/core/net_namespace.c:446
 copy_net_ns+0x3e3/0x570 net/core/net_namespace.c:581
 create_new_namespaces+0x3e7/0x6a0 kernel/nsproxy.c:130
 unshare_nsproxy_namespaces+0x11c/0x170 kernel/nsproxy.c:226
 ksys_unshare+0x4c8/0x8c0 kernel/fork.c:3171
 __do_sys_unshare kernel/fork.c:3242 [inline]
 __se_sys_unshare kernel/fork.c:3240 [inline]
 __x64_sys_unshare+0x38/0x50 kernel/fork.c:3240
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9cf35b0f47
RSP: 002b:00007ffdc97fc138 EFLAGS: 00000202 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f9cf3805f40 RCX: 00007f9cf35b0f47
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00007f9cf38067b8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
R13: 0000000000000003 R14: 00007ffdc97fc408 R15: 0000000000000000
 </TASK>

Showing all locks held in the system:
5 locks held by kworker/u8:0/12:
1 lock held by ktimers/1/29:
 #0: ffff8880b883b6d8 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 kernel/sched/core.c:647
2 locks held by kworker/1:0/31:
1 lock held by khungtaskd/38:
 #0: ffffffff8d5ae880 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8d5ae880 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8d5ae880 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
4 locks held by kworker/u8:2/44:
3 locks held by kworker/u8:3/45:
6 locks held by kworker/u8:4/69:
3 locks held by kworker/u8:5/152:
3 locks held by kworker/0:2/191:
7 locks held by kworker/u8:6/1008:
3 locks held by kworker/u8:7/1053:
2 locks held by kworker/u8:8/1163:
6 locks held by kworker/u8:10/1510:
 #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
 #1: ffffc9000534fb80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc9000534fb80 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
 #2: ffffffff8e88e320 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x7b0 net/core/net_namespace.c:670
 #3: ffff88802ecb30d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #3: ffff88802ecb30d8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
 #3: ffff88802ecb30d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 net/devlink/core.c:506
 #4: ffff88802ecb4300 (&devlink->lock_key){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
 #4: ffff88802ecb4300 (&devlink->lock_key){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
 #4: ffff88802ecb4300 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 net/devlink/core.c:506
 #5: ffffffff8e89b438 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0xed/0x680 drivers/net/netdevsim/netdev.c:1175
3 locks held by kworker/u8:12/2221:
 #0: ffff88814d96b138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88814d96b138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
 #1: ffffc900058efb80 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc900058efb80 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
 #2: ffffffff8e89b438 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8e89b438 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4734
1 lock held by syslogd/5147:
5 locks held by udevd/5165:
 #0: ffffffff8d66d4d0 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm kernel/fork.c:1528 [inline]
 #0: ffffffff8d66d4d0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x131/0x4b0 kernel/fork.c:1581
 #1: ffff8880365f1070 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:353 [inline]
 #1: ffff8880365f1070 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x125/0x1b40 mm/mmap.c:1726
 #2: ffff8880339e7670 (&mm->mmap_lock/1){+.+.}-{4:4}, at: mmap_write_lock_nested include/linux/mmap_lock.h:343 [inline]
 #2: ffff8880339e7670 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x20d/0x1b40 mm/mmap.c:1733
 #3: ffff88802fa313c0 (&mapping->i_mmap_rwsem){++++}-{4:4}, at: raw_spin_rq_lock_nested+0xad/0x140 kernel/sched/core.c:647
 #4: ffff8880b8943808 (&s->lock_key#135){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #4: ffff8880b8943808 (&s->lock_key#135){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x1400 mm/slub.c:4516
3 locks held by dhcpcd/5460:
2 locks held by getty/5551:
 #0: ffff8880340650a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x44f/0x1460 drivers/tty/n_tty.c:2211
2 locks held by syz-executor/5804:
3 locks held by kworker/u8:15/6019:
 #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
 #1: ffffc900052efb80 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc900052efb80 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
 #2: ffffffff8e89b438 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:303
4 locks held by kworker/u8:16/6163:
2 locks held by kworker/0:10/6213:
5 locks held by kworker/1:11/6459:
2 locks held by kworker/u8:17/6583:
2 locks held by kworker/0:13/7520:
2 locks held by kworker/0:15/7801:
 #0: ffff8880b883b6d8 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 kernel/sched/core.c:647
 #1: ffff8880b8824688 (psi_seq){-...}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffff8880b8824688 (psi_seq){-...}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
5 locks held by syz.2.785/8059:
1 lock held by syz.3.793/8084:
6 locks held by kworker/u8:18/8103:
4 locks held by syz-executor/8113:
 #0: ffffffff8e88e320 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 net/core/net_namespace.c:577
 #1: ffffffff8e5ff040 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1f5/0x2f0 drivers/infiniband/core/device.c:1215
 #2: ffffffff8e5ff280 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x22d/0x2f0 drivers/infiniband/core/device.c:1220
 #3: ffff888038c91118 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0xf0/0x650 drivers/infiniband/core/device.c:979
1 lock held by syz-executor/8116:
4 locks held by syz-executor/8117:
 #0: ffffffff8e88e320 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 net/core/net_namespace.c:577
 #1: ffffffff8e5ff040 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1f5/0x2f0 drivers/infiniband/core/device.c:1215
 #2: ffffffff8e5ff280 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x22d/0x2f0 drivers/infiniband/core/device.c:1220
 #3: ffff888038c91118 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0xf0/0x650 drivers/infiniband/core/device.c:979
3 locks held by kworker/u8:19/8132:
4 locks held by syz-executor/8140:
1 lock held by syz-executor/8144:
4 locks held by syz-executor/8148:
2 locks held by syz-executor/8153:
1 lock held by dhcpcd/8155:
2 locks held by kworker/u8:21/8157:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xf95/0xfe0 kernel/hung_task.c:515
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:_raw_spin_unlock_irqrestore+0xc/0x110 kernel/locking/spinlock.c:193
Code: 3d 00 00 cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 41 57 41 56 <41> 54 53 48 83 e4 e0 48 83 ec 60 48 89 f3 49 89 fe 65 48 8b 05 9b
RSP: 0000:ffffc90000157a00 EFLAGS: 00000002
RAX: 0000000000000002 RBX: ffffc90000157a68 RCX: ffffffff98bc1403
RDX: 0000000000000001 RSI: 0000000000000a06 RDI: ffff8880b88285e0
RBP: ffffc90000157a10 R08: ffff8880b8828637 R09: 1ffff110171050c6
R10: dffffc0000000000 R11: ffffed10171050c7 R12: 1ffff9200002af4d
R13: 0000000000000a06 R14: ffff8880b88285e0 R15: ffffc90000157a60
FS:  0000000000000000(0000) GS:ffff888126d12000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007face9a94028 CR3: 0000000035d80000 CR4: 00000000003526f0
 <TASK>
 raw_spin_unlock_irqrestore_wake include/linux/sched/wake_q.h:94 [inline]
 rtlock_slowlock kernel/locking/rtmutex.c:1896 [inline]
 rtlock_lock kernel/locking/spinlock_rt.c:43 [inline]
 __rt_spin_lock kernel/locking/spinlock_rt.c:49 [inline]
 rt_spin_lock+0x16d/0x3e0 kernel/locking/spinlock_rt.c:57
 spin_lock include/linux/spinlock_rt.h:44 [inline]
 hrtimer_cpu_base_lock_expiry kernel/time/hrtimer.c:1376 [inline]
 hrtimer_run_softirq+0x7c/0x2e0 kernel/time/hrtimer.c:1854
 handle_softirqs+0x226/0x6d0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 run_ktimerd+0xcf/0x190 kernel/softirq.c:1138
 smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>