INFO: task syz.3.1777:13399 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.1777      state:D stack:24568 pid:13399 tgid:13396 ppid:5841   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1139/0x6150 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6960
 kvm_swap_active_memslots+0x2ea/0x7d0 virt/kvm/kvm_main.c:1643
 kvm_activate_memslot virt/kvm/kvm_main.c:1787 [inline]
 kvm_create_memslot virt/kvm/kvm_main.c:1853 [inline]
 kvm_set_memslot+0xd84/0x1450 virt/kvm/kvm_main.c:1965
 kvm_set_memory_region+0xe4a/0x15e0 virt/kvm/kvm_main.c:2121
 kvm_set_internal_memslot+0x9f/0xe0 virt/kvm/kvm_main.c:2144
 __x86_set_memory_region+0x2f6/0x740 arch/x86/kvm/x86.c:13278
 kvm_alloc_apic_access_page+0xc5/0x140 arch/x86/kvm/lapic.c:2806
 vmx_vcpu_create+0x503/0xbd0 arch/x86/kvm/vmx/vmx.c:7646
 kvm_arch_vcpu_create+0x688/0xb20 arch/x86/kvm/x86.c:12726
 kvm_vm_ioctl_create_vcpu virt/kvm/kvm_main.c:4208 [inline]
 kvm_vm_ioctl+0x105e/0x4090 virt/kvm/kvm_main.c:5165
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl fs/ioctl.c:583 [inline]
 __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f760f58f7c9
RSP: 002b:00007f76104dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f760f7e5fa0 RCX: 00007f760f58f7c9
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000003
RBP: 00007f760f613f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f760f7e6038 R14: 00007f760f7e5fa0 R15: 00007ffdfd303d98
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
1 lock held by klogd/5191:
 #0: ffff8880b843add8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:647 [inline]
 #0: ffff8880b843add8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 kernel/sched/core.c:632
1 lock held by dhcpcd/5497:
 #0: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x26d/0x1f30 net/ipv4/devinet.c:1120
1 lock held by kworker/1:4/5895:
 #0: ffff8880b843add8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:647 [inline]
 #0: ffff8880b843add8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 kernel/sched/core.c:632
5 locks held by kworker/u10:17/10502:
 #0: ffff88801badf148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
 #1: ffffc90003677c90 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
 #2: ffffffff90123410 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x830 net/core/net_namespace.c:670
 #3: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0x90/0xc80 net/core/dev.c:13022
 #4: ffffffff8e3d4bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0 kernel/rcu/tree_exp.h:311
3 locks held by kworker/u10:25/10510:
 #0: ffff88813ff69948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
 #1: ffffc900043efc90 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
 #2: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 net/core/link_watch.c:303
2 locks held by syz.3.1777/13399:
 #0: ffff88801cf9c0a8 (&kvm->slots_lock){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffff88801cf9c0a8 (&kvm->slots_lock){+.+.}-{4:4}, at: kvm_alloc_apic_access_page+0x27/0x140 arch/x86/kvm/lapic.c:2800
 #1: ffff88801cf9c138 (&kvm->slots_arch_lock){+.+.}-{4:4}, at: kvm_set_memslot+0x34/0x1450 virt/kvm/kvm_main.c:1916
2 locks held by kworker/u10:59/14601:
 #0: ffff888144edd948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
 #1: ffffc90003047c90 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
3 locks held by kworker/u10:61/14604:
 #0: ffff88803138a948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
 #1: ffffc900025efc90 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
 #2: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4734
1 lock held by syz-executor/15670:
 #0: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x5f6/0x1f50 net/core/rtnetlink.c:4071
3 locks held by syz.4.2281/15772:
 #0: ffffffff901e0090 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:57 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800 net/netlink/genetlink.c:1209
 #2: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: tipc_nl_net_set+0x16/0x40 net/tipc/net.c:286
2 locks held by syz.4.2281/15777:
 #0: ffffffff901e0090 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:57 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800 net/netlink/genetlink.c:1209
2 locks held by syz.4.2281/15779:
 #0: ffffffff8f55db48 (ppp_mutex){+.+.}-{4:4}, at: ppp_ioctl+0xc2/0x2880 drivers/net/ppp/ppp_generic.c:734
 #1: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: ppp_create_interface drivers/net/ppp/ppp_generic.c:3372 [inline]
 #1: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: ppp_unattached_ioctl drivers/net/ppp/ppp_generic.c:1065 [inline]
 #1: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: ppp_ioctl+0x16fb/0x2880 drivers/net/ppp/ppp_generic.c:738
1 lock held by syz.4.2281/15781:
 #0: ffffffff8f55db48 (ppp_mutex){+.+.}-{4:4}, at: ppp_ioctl+0xc2/0x2880 drivers/net/ppp/ppp_generic.c:734
2 locks held by syz.4.2281/15782:
 #0: ffffffff901e0090 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:57 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800 net/netlink/genetlink.c:1209
2 locks held by syz.0.2282/15780:
 #0: ffffffff901e0090 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:57 [inline]
 #1: ffffffff901e0148 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800 net/netlink/genetlink.c:1209
1 lock held by syz.2.2283/15791:
 #0: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
 #0: ffffffff90139be8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3436

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x133/0x180 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xe66/0x1180 kernel/hung_task.c:515
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: 36 62 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 73 f7 15 00 fb f4 <e9> cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6
RAX: 0000000000360793 RBX: 0000000000000001 RCX: ffffffff8b7466d9
RDX: 0000000000000000 RSI: ffffffff8dabe919 RDI: ffffffff8bf23c80
RBP: ffffed1003b57b70 R08: 0000000000000001 R09: ffffed10170a673d
R10: ffff8880b85339eb R11: ffff88801dabe6b0 R12: 0000000000000001
R13: ffff88801dabdb80 R14: ffffffff90882ed0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888124a0e000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a347fbba48 CR3: 00000000359f4000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:767
 default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:191 [inline]
 do_idle+0x38d/0x510 kernel/sched/idle.c:332
 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430
 start_secondary+0x21d/0x2d0 arch/x86/kernel/smpboot.c:312
 common_startup_64+0x13e/0x148
 </TASK>