INFO: task syz.5.986:9747 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.986       state:D stack:24736 pid:9747  tgid:9745  ppid:9147   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x16f5/0x4d00 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6878
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x724/0xe80 kernel/locking/mutex.c:747
 nfsd_nl_rpc_status_get_dumpit+0xd9/0x1280 fs/nfsd/nfsctl.c:1516
 genl_dumpit+0x108/0x1b0 net/netlink/genetlink.c:1027
 netlink_dump+0x62a/0xe20 net/netlink/af_netlink.c:2309
 __netlink_dump_start+0x5cb/0x7e0 net/netlink/af_netlink.c:2424
 genl_family_rcv_msg_dumpit+0x1e7/0x2c0 net/netlink/genetlink.c:1076
 genl_family_rcv_msg net/netlink/genetlink.c:1192 [inline]
 genl_rcv_msg+0x5da/0x790 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2534
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 ____sys_sendmsg+0x505/0x830 net/socket.c:2614
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668
 __sys_sendmsg net/socket.c:2700 [inline]
 __do_sys_sendmsg net/socket.c:2705 [inline]
 __se_sys_sendmsg net/socket.c:2703 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbce7f8e929
RSP: 002b:00007fbce8de5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fbce81b5fa0 RCX: 00007fbce7f8e929
RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000007
RBP: 00007fbce8010b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fbce81b5fa0 R15: 00007fff97a532c8
 </TASK>
INFO: task syz.0.1071:10034 blocked for more than 144 seconds.
      Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.1071      state:D stack:22600 pid:10034 tgid:10033 ppid:5848   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x16f5/0x4d00 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6878
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x724/0xe80 kernel/locking/mutex.c:747
 nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1918
 genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2534
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 ____sys_sendmsg+0x505/0x830 net/socket.c:2614
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668
 __sys_sendmsg net/socket.c:2700 [inline]
 __do_sys_sendmsg net/socket.c:2705 [inline]
 __se_sys_sendmsg net/socket.c:2703 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7306d8e929
RSP: 002b:00007f7307b7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f7306fb5fa0 RCX: 00007f7306d8e929
RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
RBP: 00007f7306e10b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f7306fb5fa0 R15: 00007ffd1b90a198
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6770
3 locks held by kworker/u8:3/48:
 #0: ffff88801b2fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801b2fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3321
 #1: ffffc90000b87bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc90000b87bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3321
 #2: ffffffff8e144800 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 kernel/rcu/tree.c:3786
2 locks held by kworker/u8:8/1116:
2 locks held by getty/5610:
 #0: ffff888030ade0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
3 locks held by kworker/u9:3/5858:
 #0: ffff88806a480948 ((wq_completion)hci7){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88806a480948 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3321
 #1: ffffc9000417fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc9000417fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3321
 #2: ffff88807bbecdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 net/bluetooth/hci_sync.c:331
3 locks held by kworker/1:14/6878:
 #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3321
 #1: ffffc900034e7bc0 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc900034e7bc0 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3321
 #2: ffffffff8e144800 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 kernel/rcu/tree.c:3786
2 locks held by syz.3.653/8545:
 #0: ffffffff8f583db0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8e41ce08 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1918
3 locks held by syz.5.986/9747:
 #0: ffffffff8f583db0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffff88807f5056d0 (nlk_cb_mutex-GENERIC){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0 net/netlink/af_netlink.c:2388
 #2: ffffffff8e41ce08 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_rpc_status_get_dumpit+0xd9/0x1280 fs/nfsd/nfsctl.c:1516
2 locks held by syz.0.1071/10034:
 #0: ffffffff8f583db0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff8e41ce08 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690 fs/nfsd/nfsctl.c:1918
8 locks held by syz-executor/14346:
 #0: ffff888023b18428 (sb_writers#7){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3096 [inline]
 #0: ffff888023b18428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 fs/read_write.c:682
 #1: ffff888057fa1088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 fs/kernfs/file.c:325
 #2: ffff888027262c38 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 fs/kernfs/file.c:326
 #3: ffffffff8edacce8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 drivers/net/netdevsim/bus.c:216
 #4: ffff88807504f0e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline]
 #4: ffff88807504f0e8 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1094 [inline]
 #4: ffff88807504f0e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0 drivers/base/dd.c:1292
 #5: ffff88807504a250 (&devlink->lock_key#14){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x160 drivers/net/netdevsim/dev.c:1718
 #6: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0x103/0x6a0 drivers/net/netdevsim/netdev.c:1054
 #7: ffffffff8e144938 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:304 [inline]
 #7: ffffffff8e144938 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 kernel/rcu/tree_exp.h:998

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:307 [inline]
 watchdog+0xfee/0x1030 kernel/hung_task.c:470
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 14637 Comm: dhcpcd-run-hook Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:rcu_note_context_switch+0xd8/0x1140 kernel/rcu/tree_plugin.h:331
Code: 48 c7 c0 80 6f a2 92 49 03 06 48 89 44 24 48 48 8b 3d 14 f6 f9 0d e8 27 6e ff ff 48 c7 c0 30 3c a2 8f 48 c1 e8 03 0f b6 04 18 <84> c0 0f 85 eb 0d 00 00 83 3d b9 73 fa 0d 00 74 1a 65 8b 05 c0 37
RSP: 0018:ffffc90003b5eda0 EFLAGS: 00000802
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 816a5ad5bebaca00
RDX: 0000000000000000 RSI: ffffffff8be28f60 RDI: ffffffff8be28f20
RBP: ffffc90003b5ef10 R08: ffffffff8fa20af7 R09: 1ffffffff1f4415e
R10: dffffc0000000000 R11: fffffbfff1f4415f R12: ffff8880222ebc00
R13: 0000000000000001 R14: ffffffff8dbc2c68 R15: 1ffff9200076bdd0
FS:  0000000000000000(0000) GS:ffff888125d14000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7f56b85fe8 CR3: 00000000396d0000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __schedule+0x326/0x4d00 kernel/sched/core.c:6690
 preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7108
 irqentry_exit+0x6f/0x90 kernel/entry/common.c:307
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:mas_wr_walk lib/maple_tree.c:3545 [inline]
RIP: 0010:mas_wr_store_type+0x2bf/0x1a30 lib/maple_tree.c:4235
Code: 83 fc ff 0f 94 c0 08 d8 0f 84 b1 08 00 00 e8 c8 74 58 f6 49 bd 00 00 00 00 00 fc ff df 48 8b 84 24 b0 00 00 00 42 80 3c 28 00 <48> 8b 9c 24 b8 00 00 00 74 08 48 89 df e8 0f f5 bb f6 4c 8b 3b 48
RSP: 0018:ffffc90003b5f2b8 EFLAGS: 00000246
RAX: 1ffff9200076be8b RBX: ffff888053461780 RCX: ffff8880222ebc00
RDX: 0000000000000000 RSI: 00007f7f56b82fff RDI: 00007f7f56b77fff
RBP: ffffc90003b5f420 R08: ffff8880222ebc00 R09: 0000000000000004
R10: 0000000000000003 R11: 0000000000000000 R12: 00007f7f56b77fff
R13: dffffc0000000000 R14: 00007f7f56b75fff R15: ffffc90003b5f8b0
 mas_preallocate+0x247/0x6f0 lib/maple_tree.c:5527
 vma_iter_prealloc mm/vma.h:463 [inline]
 commit_merge+0x1fd/0x700 mm/vma.c:750
 vma_expand+0x41c/0x7d0 mm/vma.c:1153
 vma_merge_new_range+0x5dc/0x7a0 mm/vma.c:1091
 __mmap_region mm/vma.c:2617 [inline]
 mmap_region+0xc4f/0x1f30 mm/vma.c:2692
 do_mmap+0xc45/0x10d0 mm/mmap.c:561
 vm_mmap_pgoff+0x31b/0x4c0 mm/util.c:579
 ksys_mmap_pgoff+0x51f/0x760 mm/mmap.c:607
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7f56e57242
Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 46 40 01 00 16 00
RSP: 002b:00007ffc95fa17d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f7f56b75000 RCX: 00007f7f56e57242
RDX: 0000000000000001 RSI: 0000000000001000 RDI: 00007f7f56b75000
RBP: 0000000000000812 R08: 0000000000000003 R09: 0000000000004000
R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffc95fa1860
R13: 00007f7f56e2c050 R14: 00007ffc95fa1c10 R15: 00000fff92bf42fe
 </TASK>