INFO: task syz.9.4261:22289 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.4261      state:D stack:25128 pid:22289 tgid:22289 ppid:20568  task_flags:0x440040 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7058
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
 rwsem_down_read_slowpath+0x5fd/0x8f0 kernel/locking/rwsem.c:1086
 __down_read_common kernel/locking/rwsem.c:1261 [inline]
 __down_read kernel/locking/rwsem.c:1274 [inline]
 down_read+0x98/0x2e0 kernel/locking/rwsem.c:1539
 filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
 do_sync_mmap_readahead+0x25e/0x7a0 mm/filemap.c:-1
 filemap_fault+0x62c/0x1200 mm/filemap.c:3445
 __do_fault+0x135/0x390 mm/memory.c:5152
 do_shared_fault mm/memory.c:5637 [inline]
 do_fault mm/memory.c:5711 [inline]
 do_pte_missing mm/memory.c:4234 [inline]
 handle_pte_fault mm/memory.c:6052 [inline]
 __handle_mm_fault+0x1847/0x5440 mm/memory.c:6195
 handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364
 do_user_addr_fault+0xa81/0x1390 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f6c6ad5689d
RSP: 002b:00007f6c6b0ffb88 EFLAGS: 00010287
RAX: 0000200000000040 RBX: 0000000000000004 RCX: ffffffffffffffc5
RDX: 000000000000003a RSI: 0000001b308200a6 RDI: 0000200000000040
RBP: 00007f6c6afd7da0 R08: 0000001b30c20000 R09: 0000000000000074
R10: 0000000000000000 R11: 0000000000000000 R12: 00007f6c6afd5fac
R13: 00007f6c6afd5fa0 R14: fffffffffffffffe R15: 00007f6c6b0ffca0
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:0/9:
1 lock held by khungtaskd/31:
 #0: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by getty/5626:
 #0: ffff888033b8a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
3 locks held by kworker/u8:16/18191:
2 locks held by syz.7.4217/22168:
 #0: ffff888148f907a8 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: inode_lock include/linux/fs.h:870 [inline]
 #0: ffff888148f907a8 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:904
 #1: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock include/linux/fs.h:925 [inline]
 #1: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: blkdev_fallocate+0x290/0x530 block/fops.c:905
1 lock held by syz.9.4261/22289:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
1 lock held by syz.5.4322/22486:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
1 lock held by syz.5.4322/22487:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
1 lock held by syz.1.4417/22939:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
1 lock held by syz.2.4459/23133:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
1 lock held by syz.2.4459/23134:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
1 lock held by syz.2.4459/23136:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
1 lock held by syz.3.4462/23146:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
1 lock held by syz.3.4462/23149:
 #0: ffff888148f907a8 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: inode_lock include/linux/fs.h:870 [inline]
 #0: ffff888148f907a8 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blk_ioctl_zeroout block/ioctl.c:244 [inline]
 #0: ffff888148f907a8 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_common_ioctl+0x1ab6/0x2550 block/ioctl.c:580
1 lock held by syz.3.4462/23151:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
1 lock held by syz.6.4477/23267:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
1 lock held by syz.6.4477/23272:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
1 lock held by syz.6.4477/23275:
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline]
 #0: ffff888148f90948 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x318/0xd40 mm/readahead.c:488
3 locks held by kworker/u8:3/24063:
1 lock held by syz.9.4641/24239:
 #0: ffffffff8e13fb78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
 #0: ffffffff8e13fb78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:957
2 locks held by syz.7.4646/24252:
4 locks held by syz.8.4649/24260:
 #0: ffff8880366f8dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff8880366f8dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff8880366f80b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8f69eea8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8f69eea8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
 #3: ffff8880659bbb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 net/bluetooth/l2cap_core.c:1762

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
 watchdog+0xf93/0xfe0 kernel/hung_task.c:491
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 1306 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:io_serial_in+0x77/0xc0 drivers/tty/serial/8250/8250_port.c:400
Code: e8 1e 06 70 fc 44 89 f9 d3 e3 49 83 c6 40 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 6f 83 d3 fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f c3 cc cc cc cc cc 44 89 f9 80 e1 07
RSP: 0018:ffffc9000428ee58 EFLAGS: 00000006
RAX: 1ffffffff33bee05 RBX: 00000000000003f9 RCX: 0000000000000000
RDX: 00000000000003f9 RSI: 0000000000000000 RDI: 0000000000000020
RBP: ffffc9000428f030 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: ffffffff854fa720 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffffffff99df7480 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125d13000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000340030 CR3: 000000000df36000 CR4: 00000000003526f0
DR0: 0000000000000007 DR1: 0000000000104e69 DR2: 00000000000007ff
DR3: 0000000100000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 serial_port_in include/linux/serial_core.h:793 [inline]
 serial8250_console_write+0x581/0x1ba0 drivers/tty/serial/8250/8250_port.c:3360
 console_emit_next_record kernel/printk/printk.c:3138 [inline]
 console_flush_all+0x725/0xc40 kernel/printk/printk.c:3226
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0xc4/0x270 kernel/printk/printk.c:3325
 vprintk_emit+0x5b7/0x7a0 kernel/printk/printk.c:2450
 dev_vprintk_emit+0x337/0x3f0 drivers/base/core.c:4914
 dev_printk_emit+0xe0/0x130 drivers/base/core.c:4925
 __netdev_printk+0x3d7/0x4d0 net/core/dev.c:12598
 netdev_warn+0x10a/0x160 net/core/dev.c:12651
 ieee802154_subif_start_xmit+0x136/0x190 net/mac802154/tx.c:232
 __netdev_start_xmit include/linux/netdevice.h:5222 [inline]
 netdev_start_xmit include/linux/netdevice.h:5231 [inline]
 xmit_one net/core/dev.c:3839 [inline]
 dev_hard_start_xmit+0x2d7/0x830 net/core/dev.c:3855
 sch_direct_xmit+0x241/0x4b0 net/sched/sch_generic.c:344
 __dev_xmit_skb net/core/dev.c:4114 [inline]
 __dev_queue_xmit+0x1857/0x3b50 net/core/dev.c:4691
 dev_queue_xmit include/linux/netdevice.h:3361 [inline]
 tx+0x6b/0x190 drivers/block/aoe/aoenet.c:62
 kthread+0x1cd/0x3e0 drivers/block/aoe/aoecmd.c:1241
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>