syzbot

 sign-in | mailing list | source | docs
🐞 Open [1462]
Subsystems
🐞 Fixed [6857]
🐞 Invalid [17785]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

INFO: task hung in netlink_dump (7)

Status: auto-obsoleted due to no activity on 2026/01/04 01:58
Subsystems: net
[Documentation on labels]
First crash: 100d, last: 100d
Similar bugs (12)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in netlink_dump (5) net 1 123 478d 537d 0/29 auto-obsoleted due to no activity on 2024/12/01 23:22
upstream INFO: task hung in netlink_dump (2) net 1 2 1418d 1418d 0/29 auto-closed as invalid on 2022/05/26 21:32
upstream INFO: task hung in netlink_dump net 1 1 1589d 1589d 0/29 auto-closed as invalid on 2021/12/07 11:04
linux-6.1 INFO: task hung in netlink_dump 1 3 684d 702d 0/3 auto-obsoleted due to no activity on 2024/06/09 02:46
upstream INFO: task hung in netlink_dump (3) net 1 78 702d 859d 0/29 closed as invalid on 2024/02/12 15:10
linux-5.15 INFO: task hung in netlink_dump 1 3 576d 582d 0/3 auto-obsoleted due to no activity on 2024/09/25 04:53
linux-6.1 INFO: task hung in netlink_dump (3) 1 1 412d 412d 0/3 auto-obsoleted due to no activity on 2025/03/08 04:08
linux-6.1 INFO: task hung in netlink_dump (4) 1 2 245d 284d 0/3 auto-obsoleted due to no activity on 2025/08/22 04:23
linux-6.1 INFO: task hung in netlink_dump (2) 1 1 580d 580d 0/3 auto-obsoleted due to no activity on 2024/09/21 04:37
upstream INFO: task hung in netlink_dump (6) net 1 1 359d 359d 0/29 auto-obsoleted due to no activity on 2025/04/20 06:11
linux-6.6 INFO: task hung in netlink_dump 1 1 19d 19d 0/2 upstream: reported on 2025/12/26 05:43
upstream INFO: task hung in netlink_dump (4) net 1 72 646d 686d 25/29 fixed on 2024/04/12 18:02

Sample crash report:
INFO: task syz.7.3481:18181 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.3481      state:D stack:26824 pid:18181 tgid:18180 ppid:9120   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6929
 __schedule_loop kernel/sched/core.c:7011 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7026
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
 __mutex_lock_common kernel/locking/mutex.c:676 [inline]
 __mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:760
 netlink_dump+0xbd/0xe90 net/netlink/af_netlink.c:2269
 netlink_recvmsg+0x676/0xa30 net/netlink/af_netlink.c:1978
 sock_recvmsg_nosec net/socket.c:1078 [inline]
 sock_recvmsg+0x229/0x270 net/socket.c:1100
 __sys_recvfrom+0x1f6/0x340 net/socket.c:2294
 __do_sys_recvfrom net/socket.c:2309 [inline]
 __se_sys_recvfrom net/socket.c:2305 [inline]
 __x64_sys_recvfrom+0xde/0x100 net/socket.c:2305
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4effb90c94
RSP: 002b:00007f4f00a9fed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
RAX: ffffffffffffffda RBX: 00007f4f00a9ffc0 RCX: 00007f4effb90c94
RDX: 0000000000001000 RSI: 00007f4f00aa0010 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
R13: 00007f4f00a9ff68 R14: 00007f4f00aa0010 R15: 0000000000000000
 </TASK>
INFO: task syz.7.3481:18184 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.3481      state:D stack:26120 pid:18184 tgid:18180 ppid:9120   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6929
 __schedule_loop kernel/sched/core.c:7011 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7026
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
 __mutex_lock_common kernel/locking/mutex.c:676 [inline]
 __mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:760
 nfsd_nl_rpc_status_get_dumpit+0xdf/0x1290 fs/nfsd/nfsctl.c:1516
 genl_dumpit+0x10b/0x1b0 net/netlink/genetlink.c:1027
 netlink_dump+0x6e4/0xe90 net/netlink/af_netlink.c:2327
 __netlink_dump_start+0x5cb/0x7e0 net/netlink/af_netlink.c:2442
 genl_family_rcv_msg_dumpit+0x1e7/0x2c0 net/netlink/genetlink.c:1076
 genl_family_rcv_msg net/netlink/genetlink.c:1192 [inline]
 genl_rcv_msg+0x5da/0x790 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x82c/0x9e0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:742
 ____sys_sendmsg+0x505/0x830 net/socket.c:2630
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2684
 __sys_sendmsg net/socket.c:2716 [inline]
 __do_sys_sendmsg net/socket.c:2721 [inline]
 __se_sys_sendmsg net/socket.c:2719 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2719
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4effb8eec9
RSP: 002b:00007f4f00a80038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f4effde6090 RCX: 00007f4effb8eec9
RDX: 0000000000004000 RSI: 0000200000000180 RDI: 0000000000000005
RBP: 00007f4effc11f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f4effde6128 R14: 00007f4effde6090 R15: 00007ffe7d620228
 </TASK>
INFO: task syz.6.3530:18354 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.3530      state:D stack:27144 pid:18354 tgid:18342 ppid:9123   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6929
 __schedule_loop kernel/sched/core.c:7011 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7026
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
 __mutex_lock_common kernel/locking/mutex.c:676 [inline]
 __mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:760
 nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1919
 genl_family_rcv_msg_doit+0x212/0x300 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x82c/0x9e0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:742
 ____sys_sendmsg+0x505/0x830 net/socket.c:2630
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2684
 __sys_sendmsg net/socket.c:2716 [inline]
 __do_sys_sendmsg net/socket.c:2721 [inline]
 __se_sys_sendmsg net/socket.c:2719 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2719
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7faef278eec9
RSP: 002b:00007faef360e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007faef29e6180 RCX: 00007faef278eec9
RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000007
RBP: 00007faef2811f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007faef29e6218 R14: 00007faef29e6180 R15: 00007fff22536258
 </TASK>
INFO: task syz.2.3620:18672 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.3620      state:D stack:27144 pid:18672 tgid:18670 ppid:16214  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6929
 __schedule_loop kernel/sched/core.c:7011 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7026
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
 __mutex_lock_common kernel/locking/mutex.c:676 [inline]
 __mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:760
 nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1919
 genl_family_rcv_msg_doit+0x212/0x300 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x82c/0x9e0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:742
 ____sys_sendmsg+0x505/0x830 net/socket.c:2630
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2684
 __sys_sendmsg net/socket.c:2716 [inline]
 __do_sys_sendmsg net/socket.c:2721 [inline]
 __se_sys_sendmsg net/socket.c:2719 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2719
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe38ab8eec9
RSP: 002b:00007fe38ba87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fe38ade6090 RCX: 00007fe38ab8eec9
RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
RBP: 00007fe38ac11f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe38ade6128 R14: 00007fe38ade6090 R15: 00007ffe33c41b28
 </TASK>

Showing all locks held in the system:
1 lock held by rcu_exp_gp_kthr/18:
2 locks held by ksoftirqd/1/23:
 #0: ffff8880b8939fd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:638
 #1: ffff8880b8924048 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:933
1 lock held by khungtaskd/31:
 #0: ffffffff8dd3a860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8dd3a860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8dd3a860 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by getty/5602:
 #0: ffff88814d7e10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc900036c32f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
3 locks held by kworker/1:9/13343:
 #0: ffff88801a081148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3238 [inline]
 #0: ffff88801a081148 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3346
 #1: ffffc9001b9b7bc0 (free_ipc_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3239 [inline]
 #1: ffffc9001b9b7bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3346
 #2: ffffffff8dd402f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
 #2: ffffffff8dd402f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:957
5 locks held by kworker/1:10/13344:
 #0: ffff8880b8939fd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:638
 #1: ffff8880b8924048 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:933
 #2: ffffffff8dd3a8c0 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #2: ffffffff8dd3a8c0 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:892 [inline]
 #2: ffffffff8dd3a8c0 (rcu_read_lock_bh){....}-{1:3}, at: keep_key_fresh drivers/net/wireguard/send.c:129 [inline]
 #2: ffffffff8dd3a8c0 (rcu_read_lock_bh){....}-{1:3}, at: wg_packet_create_data_done drivers/net/wireguard/send.c:259 [inline]
 #2: ffffffff8dd3a8c0 (rcu_read_lock_bh){....}-{1:3}, at: wg_packet_tx_worker+0x24a/0x7c0 drivers/net/wireguard/send.c:276
 #3: ffffffff8dd3a860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #3: ffffffff8dd3a860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #3: ffffffff8dd3a860 (rcu_read_lock){....}-{1:3}, at: ip6_input+0x23/0x270 net/ipv6/ip6_input.c:499
 #4: ffffffff8dd3a8c0 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #4: ffffffff8dd3a8c0 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:892 [inline]
 #4: ffffffff8dd3a8c0 (rcu_read_lock_bh){....}-{1:3}, at: wg_packet_consume_data drivers/net/wireguard/receive.c:515 [inline]
 #4: ffffffff8dd3a8c0 (rcu_read_lock_bh){....}-{1:3}, at: wg_packet_receive+0x11e9/0x25b0 drivers/net/wireguard/receive.c:576
2 locks held by syz.5.3085/16816:
 #0: ffffffff8f12a5d0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8e01edc8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1919
1 lock held by syz.7.3481/18181:
 #0: ffff88803233d6e0 (nlk_cb_mutex-GENERIC){+.+.}-{4:4}, at: netlink_dump+0xbd/0xe90 net/netlink/af_netlink.c:2269
3 locks held by syz.7.3481/18184:
 #0: ffffffff8f12a5d0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffff88803233d6e0 (nlk_cb_mutex-GENERIC){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0 net/netlink/af_netlink.c:2406
 #2: ffffffff8e01edc8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_rpc_status_get_dumpit+0xdf/0x1290 fs/nfsd/nfsctl.c:1516
2 locks held by syz.6.3530/18354:
 #0: ffffffff8f12a5d0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8e01edc8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1919
2 locks held by syz.2.3620/18672:
 #0: ffffffff8f12a5d0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8e01edc8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1919
2 locks held by syz-executor/18873:
 #0: ffff888027adcdc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff888027adcdc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff888027adc0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5291
2 locks held by syz.0.4114/20387:
 #0: ffffffff8f12a5d0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8e01edc8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1919
2 locks held by syz.4.4479/21643:
 #0: ffffffff8f12a5d0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8e01edc8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1919
2 locks held by syz.3.4785/22693:
 #0: ffffffff8f12a5d0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8e01edc8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1919
4 locks held by syz-executor/23391:
 #0: ffff888044cf0dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff888044cf0dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff888044cf00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5291
 #2: ffffffff8f2299e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2118 [inline]
 #2: ffffffff8f2299e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2602
 #3: ffff888055c16338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 net/bluetooth/l2cap_core.c:1762
2 locks held by syz.8.5112/23796:
 #0: ffffffff8f12a5d0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8e01edc8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_get_doit+0x1b6/0x6f0 fs/nfsd/nfsctl.c:1711
2 locks held by syz.5.5142/23908:
 #0: ffffffff8f12a5d0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8e01edc8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1919
3 locks held by syz-executor/24540:
 #0: ffff888020748dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff888020748dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff8880207480b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5291
 #2: ffffffff8f2299e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2118 [inline]
 #2: ffffffff8f2299e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2602
3 locks held by syz.2.5605/25511:
 #0: ffff88803350cdc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff88803350cdc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff88803350c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5291
 #2: ffffffff8f2299e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2118 [inline]
 #2: ffffffff8f2299e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2602
3 locks held by syz.1.5606/25512:
 #0: ffff888053d70dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff888053d70dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff888053d700b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5291
 #2: ffffffff8f2299e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2118 [inline]
 #2: ffffffff8f2299e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2602

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
 watchdog+0xf93/0xfe0 kernel/hung_task.c:491
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x436/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:82
Code: 13 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 c9 15 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
RAX: bd9f15399ef4e800 RBX: ffffffff81953917 RCX: bd9f15399ef4e800
RDX: 0000000000000001 RSI: ffffffff8d50d356 RDI: ffffffff8b9ec4e0
RBP: ffffc90000197f20 R08: ffff8880b8932fdb R09: 1ffff110171265fb
R10: dffffc0000000000 R11: ffffed10171265fc R12: ffffffff8f5b8630
R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003956b58
FS:  0000000000000000(0000) GS:ffff88812649b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc7841dfbc CR3: 000000000db36000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:757
 default_idle_call+0x73/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:190 [inline]
 do_idle+0x1e7/0x510 kernel/sched/idle.c:330
 cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:428
 start_secondary+0x101/0x110 arch/x86/kernel/smpboot.c:315
 common_startup_64+0x13e/0x147
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/06 01:48 net 1b54b0756f05 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce INFO: task hung in netlink_dump
* Struck through repros no longer work on HEAD.