INFO: task syz.0.41:6653 blocked for more than 143 seconds.
      Not tainted syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.41        state:D stack:26136 pid:6653  tgid:6652  ppid:6386   task_flags:0x400548 flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5360 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6964
 __schedule_loop kernel/sched/core.c:7046 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7061
 schedule_timeout+0x9a/0x270 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:100 [inline]
 __wait_for_common kernel/sched/completion.c:121 [inline]
 wait_for_common kernel/sched/completion.c:132 [inline]
 wait_for_completion+0x2bf/0x5d0 kernel/sched/completion.c:153
 io_wq_exit_workers io_uring/io-wq.c:1327 [inline]
 io_wq_put_and_exit+0x316/0x650 io_uring/io-wq.c:1355
 io_uring_clean_tctx+0x11f/0x1a0 io_uring/tctx.c:203
 io_uring_cancel_generic+0x6ca/0x7d0 io_uring/io_uring.c:3329
 io_uring_files_cancel include/linux/io_uring.h:19 [inline]
 do_exit+0x345/0x2300 kernel/exit.c:912
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1107
 get_signal+0x1286/0x1340 kernel/signal.c:3034
 arch_do_signal_or_restart+0x9a/0x750 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x75/0x130 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1357d8ebe9
RSP: 002b:00007f1358cc1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
RAX: 0000000000001000 RBX: 00007f1357fb5fa0 RCX: 00007f1357d8ebe9
RDX: 000000000000079c RSI: 00000000000847ba RDI: 0000000000000003
RBP: 00007f1357e11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1357fb6038 R14: 00007f1357fb5fa0 R15: 00007ffe74dba0b8
 </TASK>
INFO: task syz.3.97:6827 blocked for more than 146 seconds.
      Not tainted syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.97        state:D stack:25864 pid:6827  tgid:6824  ppid:6391   task_flags:0x400548 flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5360 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6964
 __schedule_loop kernel/sched/core.c:7046 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7061
 schedule_timeout+0x9a/0x270 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:100 [inline]
 __wait_for_common kernel/sched/completion.c:121 [inline]
 wait_for_common kernel/sched/completion.c:132 [inline]
 wait_for_completion+0x2bf/0x5d0 kernel/sched/completion.c:153
 io_wq_exit_workers io_uring/io-wq.c:1327 [inline]
 io_wq_put_and_exit+0x316/0x650 io_uring/io-wq.c:1355
 io_uring_clean_tctx+0x11f/0x1a0 io_uring/tctx.c:203
 io_uring_cancel_generic+0x6ca/0x7d0 io_uring/io_uring.c:3329
 io_uring_files_cancel include/linux/io_uring.h:19 [inline]
 do_exit+0x345/0x2300 kernel/exit.c:912
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1107
 get_signal+0x1286/0x1340 kernel/signal.c:3034
 arch_do_signal_or_restart+0x9a/0x750 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x75/0x130 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa125b8ebe9
RSP: 002b:00007fa126a4a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
RAX: 0000000000001000 RBX: 00007fa125db6090 RCX: 00007fa125b8ebe9
RDX: 000000000000079c RSI: 00000000000847ba RDI: 0000000000000003
RBP: 00007fa125c11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa125db6128 R14: 00007fa125db6090 R15: 00007fff8212b378
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8e33c820 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e33c820 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e33c820 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
8 locks held by kworker/u8:2/36:
 #0: ffff88801b6fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3238 [inline]
 #0: ffff88801b6fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3346
 #1: ffffc90000ac7ba0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3239 [inline]
 #1: ffffc90000ac7ba0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3346
 #2: ffffffff8f733bb0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 net/core/net_namespace.c:658
 #3: ffff888027eb20e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:914 [inline]
 #3: ffff888027eb20e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
 #3: ffff888027eb20e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 net/devlink/core.c:506
 #4: ffff888027eb3250 (&devlink->lock_key#10){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
 #4: ffff888027eb3250 (&devlink->lock_key#10){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
 #4: ffff888027eb3250 (&devlink->lock_key#10){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 net/devlink/core.c:506
 #5: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0xe5/0x670 drivers/net/netdevsim/netdev.c:1135
 #6: ffff888026df4d30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: netdev_lock include/linux/netdevice.h:2761 [inline]
 #6: ffff888026df4d30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: netdev_lock_ops include/net/netdev_lock.h:42 [inline]
 #6: ffff888026df4d30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xdf5/0x1ff0 net/core/dev.c:12202
 #7: ffffffff8e3422b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline]
 #7: ffffffff8e3422b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 kernel/rcu/tree_exp.h:957
2 locks held by kworker/u8:7/1156:
 #0: ffff88801ef3f948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3238 [inline]
 #0: ffff88801ef3f948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3346
 #1: ffffc9000400fba0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3239 [inline]
 #1: ffffc9000400fba0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3346
3 locks held by kworker/u8:8/1170:
1 lock held by dhcpcd/5528:
 #0: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x323/0x1b50 net/ipv4/devinet.c:1120
2 locks held by getty/5624:
 #0: ffff88814cbfc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
3 locks held by kworker/u8:10/6609:
 #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3238 [inline]
 #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3346
 #1: ffffc90003dbfba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3239 [inline]
 #1: ffffc90003dbfba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3346
 #2: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:303
5 locks held by kworker/u8:11/6885:
2 locks held by syz-executor/7281:
 #0: ffffffff8fc5abd0 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8fc5abd0 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8fc5abd0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 net/core/rtnetlink.c:570
 #1: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #1: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #1: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
2 locks held by syz-executor/7388:
 #0: ffffffff8eebce80 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8eebce80 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8eebce80 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 net/core/rtnetlink.c:570
 #1: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #1: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #1: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
2 locks held by syz-executor/7460:
 #0: ffffffff8f733bb0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 net/core/net_namespace.c:566
 #1: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock_killable include/linux/rtnetlink.h:145 [inline]
 #1: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdev+0x18/0x60 net/core/dev.c:11368
1 lock held by syz-executor/7503:
 #0: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8f740a48 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
2 locks held by syz.1.269/7518:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:332 [inline]
 watchdog+0xf60/0xfa0 kernel/hung_task.c:495
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 5233 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:hlock_class kernel/locking/lockdep.c:234 [inline]
RIP: 0010:__lock_acquire+0x893/0xd20 kernel/locking/lockdep.c:5233
Code: 83 3d 24 bb 26 0e 00 0f 85 36 02 00 00 48 83 7c 24 28 00 0f 84 bc 01 00 00 41 8b 46 f8 25 ff 1f 00 00 48 0f a3 05 8d db 2d 12 <0f> 83 5a 01 00 00 48 69 c0 c8 00 00 00 48 8d 80 30 43 6c 93 e9 87
RSP: 0018:ffffc900031f7988 EFLAGS: 00000003
RAX: 0000000000000007 RBX: 0000000000000001 RCX: 000000007fd78d51
RDX: 00000000f6ec5b19 RSI: 00000000011a5a56 RDI: ffff88807b6c8000
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff84c7c3b8
R10: ffff8880337b81e0 R11: ffff8880756a82f0 R12: 00000000f53f2add
R13: ffff88807b6c8b30 R14: ffff88807b6c8b58 R15: 210804827fd78d51
FS:  00007f31b4009880(0000) GS:ffff888125ae8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000ac2000 CR3: 000000007ba2e000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 lockref_get_not_dead+0x28/0xc0 lib/lockref.c:155
 __legitimize_path fs/namei.c:777 [inline]
 legitimize_path fs/namei.c:787 [inline]
 try_to_unlazy+0x12a/0x580 fs/namei.c:848
 complete_walk+0x125/0x370 fs/namei.c:958
 path_lookupat+0x237/0x430 fs/namei.c:2669
 filename_lookup+0x212/0x570 fs/namei.c:2691
 do_readlinkat+0xd9/0x500 fs/stat.c:576
 __do_sys_readlink fs/stat.c:613 [inline]
 __se_sys_readlink fs/stat.c:610 [inline]
 __x64_sys_readlink+0x7f/0x90 fs/stat.c:610
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f31b39153a7
Code: 00 00 90 48 83 ec 10 48 63 ff 45 31 c9 45 31 c0 6a 00 31 c9 e8 8a 20 f9 ff 48 83 c4 18 c3 0f 1f 44 00 00 b8 59 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 21 ba 0d 00 f7 d8 64 89 02 48
RSP: 002b:00007fff9b472688 EFLAGS: 00000206 ORIG_RAX: 0000000000000059
RAX: ffffffffffffffda RBX: 00007fff9b472890 RCX: 00007f31b39153a7
RDX: 0000000000000200 RSI: 00007fff9b472690 RDI: 00007fff9b472890
RBP: 0000555a87274910 R08: 0000000000000064 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 00007fff9b472690
R13: 0000555a8539d100 R14: 0000000000000001 R15: 00007fff9b472eb0
 </TASK>