INFO: task syz.4.9065:6607 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.9065 state:D stack:26472 pid:6607 tgid:6603 ppid:4859 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0x1585/0x5340 kernel/sched/core.c:6907
__schedule_loop kernel/sched/core.c:6989 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7004
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
nfsd_nl_version_set_doit+0xcd/0x7a0 fs/nfsd/nfsctl.c:1743
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
____sys_sendmsg+0xa68/0xad0 net/socket.c:2592
___sys_sendmsg+0x2a5/0x360 net/socket.c:2646
__sys_sendmsg net/socket.c:2678 [inline]
__do_sys_sendmsg net/socket.c:2683 [inline]
__se_sys_sendmsg net/socket.c:2681 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2681
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f09ad39c629
RSP: 002b:00007f09ae307028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f09ad616090 RCX: 00007f09ad39c629
RDX: 0000000004008090 RSI: 0000200000000140 RDI: 0000000000000006
RBP: 00007f09ad432b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f09ad616128 R14: 00007f09ad616090 R15: 00007ffdd99812d8
Showing all locks held in the system:
1 lock held by khungtaskd/30:
#0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
#0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
#0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by klogd/5183:
2 locks held by dhcpcd/5489:
#0: ffff88808d09e6f0 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0 net/netlink/af_netlink.c:2404
#1: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#1: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x92/0x200 net/core/rtnetlink.c:6826
2 locks held by getty/5583:
#0: ffff8880320640a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
3 locks held by kworker/u8:34/11714:
#0: ffff888031a53948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
#0: ffff888031a53948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
#1: ffffc9000477fc40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
#1: ffffc9000477fc40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
#2: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#2: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x11e/0x14c0 net/ipv6/addrconf.c:4199
3 locks held by kworker/u8:35/11715:
#0: ffff88813fe4c148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
#0: ffff88813fe4c148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
#1: ffffc9000476fc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
#1: ffffc9000476fc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
#2: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:313
2 locks held by kworker/u9:2/28137:
#0: ffff888026c9f148 ((wq_completion)nbd5-recv){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
#0: ffff888026c9f148 ((wq_completion)nbd5-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
#1: ffffc900043cfc40 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
#1: ffffc900043cfc40 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
3 locks held by kworker/u8:24/700:
#0: ffff888034fc7948 ((wq_completion)udp_tunnel_nic){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
#0: ffff888034fc7948 ((wq_completion)udp_tunnel_nic){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
#1: ffffc90004aefc40 ((work_completion)(&utn->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
#1: ffffc90004aefc40 ((work_completion)(&utn->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
#2: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: udp_tunnel_nic_device_sync_work+0x29/0xa10 net/ipv4/udp_tunnel_nic.c:736
2 locks held by syz.2.8787/5617:
#0: ffffffff8fc39470 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
#1: ffffffff8ea86928 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x141/0x16c0 fs/nfsd/nfsctl.c:1893
2 locks held by syz.4.9065/6607:
#0: ffffffff8fc39470 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
#1: ffffffff8ea86928 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_set_doit+0xcd/0x7a0 fs/nfsd/nfsctl.c:1743
2 locks held by syz.7.10553/12000:
#0: ffffffff8fc39470 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
#1: ffffffff8ea86928 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x141/0x16c0 fs/nfsd/nfsctl.c:1893
2 locks held by syz.0.11088/13936:
#0: ffffffff8fbbcff0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x4f7/0x730 net/core/net_namespace.c:577
#1: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2d7/0x840 net/ipv4/ip_tunnel.c:1146
6 locks held by syz.5.11102/13978:
#0: ffffffff8fbbcff0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x4f7/0x730 net/core/net_namespace.c:577
#1: ffffffff8f923c30 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x200/0x2f0 drivers/infiniband/core/device.c:1187
#2: ffffffff8f923df0 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x238/0x2f0 drivers/infiniband/core/device.c:1192
#3: ffff888058a90fb0 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0xf0/0x650 drivers/infiniband/core/device.c:951
#4: ffff888058a912a8 (&rxe->usdev_lock){+.+.}-{4:4}, at: rxe_query_port+0x7e/0x3d0 drivers/infiniband/sw/rxe/rxe_verbs.c:61
#5: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: ib_get_eth_speed+0x173/0x7f0 drivers/infiniband/core/verbs.c:2053
1 lock held by syz.5.11102/13990:
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x722/0xbe0 net/core/rtnetlink.c:6964
1 lock held by syz.5.11102/13994:
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
1 lock held by syz.6.11103/13979:
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 drivers/net/tun.c:3436
1 lock held by syz.6.11103/13980:
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x32b/0x1b30 net/ipv4/devinet.c:1120
1 lock held by syz.6.11103/13984:
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x722/0xbe0 net/core/rtnetlink.c:6964
1 lock held by syz.6.11103/13992:
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
3 locks held by syz.8.11104/13988:
#0: ffffffff9011b3c8 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
#0: ffffffff9011b3c8 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
#0: ffffffff9011b3c8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 net/core/rtnetlink.c:570
#1: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#1: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
#1: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
#2: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline]
#2: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770 kernel/rcu/tree_exp.h:961
6 locks held by syz.3.11105/13987:
#0: ffffffff8fc39470 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
#1: ffffffff8fc39288 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
#1: ffffffff8fc39288 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
#1: ffffffff8fc39288 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10b/0x7a0 net/netlink/genetlink.c:1209
#2: ffff888026c37a78 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_start_device+0x189/0xb10 drivers/block/nbd.c:1490
#3: ffff888026ce3ff0 (&q->limits_lock){+.+.}-{4:4}, at: queue_limits_start_update include/linux/blkdev.h:1088 [inline]
#3: ffff888026ce3ff0 (&q->limits_lock){+.+.}-{4:4}, at: nbd_set_size+0x263/0x680 drivers/block/nbd.c:354
#4: ffff888026ce3990 (&q->q_usage_counter(io)#54){++++}-{0:0}, at: blk_mq_freeze_queue include/linux/blk-mq.h:956 [inline]
#4: ffff888026ce3990 (&q->q_usage_counter(io)#54){++++}-{0:0}, at: queue_limits_commit_update_frozen+0x55/0xd0 block/blk-settings.c:603
#5: ffff888026ce39c8 (&q->q_usage_counter(queue)#38){+.+.}-{0:0}, at: blk_mq_freeze_queue include/linux/blk-mq.h:956 [inline]
#5: ffff888026ce39c8 (&q->q_usage_counter(queue)#38){+.+.}-{0:0}, at: queue_limits_commit_update_frozen+0x55/0xd0 block/blk-settings.c:603
1 lock held by syz.3.11105/13989:
#0: ffffffff8fbcb808 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x3bc/0x1e10 drivers/net/tun.c:3078
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xfd9/0x1030 kernel/hung_task.c:515
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 700 Comm: kworker/u8:24 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
RIP: 0010:io_serial_in+0x77/0xc0 drivers/tty/serial/8250/8250_port.c:400
Code: e8 ee bf 85 fc 44 89 f9 d3 e3 49 83 c6 40 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 bf e8 ef fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f e9 4a 2c 70 06 cc 44 89 f9 80 e1 07
RSP: 0018:ffffc90004aef030 EFLAGS: 00000002
RAX: 1ffffffff34b9100 RBX: 00000000000003fd RCX: 0000000000000000
RDX: 00000000000003fd RSI: 0000000000000000 RDI: 0000000000000020
RBP: ffffffff9a5c8af0 R08: ffff888141280237 R09: 1ffff11028250046
R10: dffffc0000000000 R11: ffffffff853fcc50 R12: dffffc0000000000
R13: 0000000000000000 R14: ffffffff9a5c8860 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888125466000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558b1ebec000 CR3: 00000000759d0000 CR4: 00000000003526f0
Call Trace:
serial_in drivers/tty/serial/8250/8250.h:128 [inline]
serial_lsr_in drivers/tty/serial/8250/8250.h:150 [inline]
wait_for_lsr+0x1a1/0x2f0 drivers/tty/serial/8250/8250_port.c:1961
fifo_wait_for_lsr drivers/tty/serial/8250/8250_port.c:3234 [inline]
serial8250_console_fifo_write drivers/tty/serial/8250/8250_port.c:3257 [inline]
serial8250_console_write+0x1348/0x1ba0 drivers/tty/serial/8250/8250_port.c:3342
console_emit_next_record kernel/printk/printk.c:3183 [inline]
console_flush_one_record kernel/printk/printk.c:3269 [inline]
console_flush_all+0x718/0xb20 kernel/printk/printk.c:3343
__console_flush_and_unlock kernel/printk/printk.c:3373 [inline]
console_unlock+0xd1/0x1c0 kernel/printk/printk.c:3413
vprintk_emit+0x485/0x560 kernel/printk/printk.c:2479
dev_vprintk_emit+0x355/0x420 drivers/base/core.c:4913
dev_printk_emit+0xee/0x140 drivers/base/core.c:4924
__netdev_printk+0x3e1/0x480 net/core/dev.c:12923
netdev_info+0x11e/0x180 net/core/dev.c:12978
nsim_udp_tunnel_set_port+0x268/0x3e0 drivers/net/netdevsim/udp_tunnels.c:31
udp_tunnel_nic_device_sync_one net/ipv4/udp_tunnel_nic.c:-1 [inline]
udp_tunnel_nic_device_sync_by_port net/ipv4/udp_tunnel_nic.c:249 [inline]
__udp_tunnel_nic_device_sync+0xb9f/0x1580 net/ipv4/udp_tunnel_nic.c:292
udp_tunnel_nic_device_sync_work+0x97/0xa10 net/ipv4/udp_tunnel_nic.c:740
process_one_work kernel/workqueue.c:3275 [inline]
process_scheduled_works+0xb02/0x1830 kernel/workqueue.c:3358
worker_thread+0xa50/0xfc0 kernel/workqueue.c:3439
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245