INFO: task syz.4.2216:11869 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.2216      state:D stack:24824 pid:11869 tgid:11869 ppid:9669   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x169e/0x54f0 kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 rt_mutex_schedule+0x76/0xf0 kernel/sched/core.c:7564
 rt_mutex_slowlock_block kernel/locking/rtmutex.c:1662 [inline]
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1739 [inline]
 __rt_mutex_slowlock_locked+0x1f28/0x2550 kernel/locking/rtmutex.c:1779
 __rwbase_read_lock+0xc3/0x180 kernel/locking/rwbase_rt.c:114
 rwbase_read_lock kernel/locking/rwbase_rt.c:147 [inline]
 __down_read kernel/locking/rwsem.c:1496 [inline]
 down_read+0x132/0x200 kernel/locking/rwsem.c:1570
 filemap_invalidate_lock_shared include/linux/fs.h:1094 [inline]
 do_page_cache_ra mm/readahead.c:335 [inline]
 page_cache_ra_order+0x2bc/0x4b0 mm/readahead.c:542
 do_sync_mmap_readahead+0x698/0x7b0 mm/filemap.c:3409
 filemap_fault+0x790/0x13a0 mm/filemap.c:3559
 __do_fault+0x138/0x2a0 mm/memory.c:5476
 do_shared_fault mm/memory.c:5975 [inline]
 do_fault mm/memory.c:6049 [inline]
 do_pte_missing+0x65b/0x2940 mm/memory.c:4566
 handle_pte_fault mm/memory.c:6430 [inline]
 __handle_mm_fault mm/memory.c:6568 [inline]
 handle_mm_fault+0xdb5/0x14c0 mm/memory.c:6737
 do_user_addr_fault+0xa73/0x1340 arch/x86/mm/fault.c:1334
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x6a/0xc0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:595
RIP: 0033:0x7f4e6ba2bc98
RSP: 002b:00007fff1385f7d8 EFLAGS: 00010206
RAX: 0000200000000000 RBX: 0000000000000004 RCX: 00746174732e7463
RDX: 000000000000000d RSI: 2e74636361757063 RDI: 0000200000000000
RBP: fffffffffffffffe R08: 0000001b2fc20000 R09: 0000000000000001
R10: 7ffffffffffffff2 R11: 0000000000000009 R12: 00007fff1385f900
R13: 00007f4e6bcd5fac R14: 0000000000062da3 R15: 00007fff1385f8e0
 </TASK>
INFO: task syz.4.2216:11870 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.2216      state:D stack:24536 pid:11870 tgid:11869 ppid:9669   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x169e/0x54f0 kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 rt_mutex_schedule+0x76/0xf0 kernel/sched/core.c:7564
 rt_mutex_slowlock_block kernel/locking/rtmutex.c:1662 [inline]
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1739 [inline]
 __rt_mutex_slowlock_locked+0x1f28/0x2550 kernel/locking/rtmutex.c:1779
 __rwbase_read_lock+0xc3/0x180 kernel/locking/rwbase_rt.c:114
 rwbase_read_lock kernel/locking/rwbase_rt.c:147 [inline]
 __down_read kernel/locking/rwsem.c:1496 [inline]
 down_read+0x132/0x200 kernel/locking/rwsem.c:1570
 filemap_invalidate_lock_shared include/linux/fs.h:1094 [inline]
 do_page_cache_ra mm/readahead.c:335 [inline]
 page_cache_ra_order+0x2bc/0x4b0 mm/readahead.c:542
 do_sync_mmap_readahead+0x698/0x7b0 mm/filemap.c:3409
 filemap_fault+0x790/0x13a0 mm/filemap.c:3559
 __do_fault+0x138/0x2a0 mm/memory.c:5476
 do_read_fault mm/memory.c:5911 [inline]
 do_fault mm/memory.c:6045 [inline]
 do_pte_missing+0x179c/0x2940 mm/memory.c:4566
 handle_pte_fault mm/memory.c:6430 [inline]
 __handle_mm_fault mm/memory.c:6568 [inline]
 handle_mm_fault+0xdb5/0x14c0 mm/memory.c:6737
 faultin_page mm/gup.c:1126 [inline]
 __get_user_pages+0x168f/0x2570 mm/gup.c:1428
 populate_vma_page_range+0x2be/0x3c0 mm/gup.c:1860
 __mm_populate+0x25f/0x390 mm/gup.c:1963
 mm_populate include/linux/mm.h:4127 [inline]
 vm_mmap_pgoff+0x3ad/0x4f0 mm/util.c:586
 ksys_mmap_pgoff+0x4e8/0x720 mm/mmap.c:606
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4e6ba5cdd9
RSP: 002b:00007f4e69cb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f4e6bcd5fa0 RCX: 00007f4e6ba5cdd9
RDX: 0000000001000006 RSI: 0000000000b36000 RDI: 0000200000000000
RBP: 00007f4e6baf2d69 R08: 0000000000000006 R09: 0000000003554000
R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f4e6bcd6038 R14: 00007f4e6bcd5fa0 R15: 00007fff1385f678
 </TASK>

Showing all locks held in the system:
9 locks held by kworker/u8:0/12:
 #0: ffff888032a6f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 kernel/workqueue.c:3284
 #1: ffffc90000117c40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 kernel/workqueue.c:3285
 #2: ffffffff8f5915b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8f5915b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x124/0x1680 net/ipv6/addrconf.c:4206
 #3: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #3: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x215/0x1670 net/ipv6/ndisc.c:482
 #4: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #4: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #4: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x126/0x550 net/ipv6/ip6_output.c:234
 #5: ffffffff8e05f380 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #6: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #7: ffff88804eda90a8 (&n->lock){++..}-{3:3}, at: write_lock_bh include/linux/rwlock_rt.h:109 [inline]
 #7: ffff88804eda90a8 (&n->lock){++..}-{3:3}, at: neigh_hh_init net/core/neighbour.c:1586 [inline]
 #7: ffff88804eda90a8 (&n->lock){++..}-{3:3}, at: neigh_resolve_output+0x239/0x780 net/core/neighbour.c:1609
 #8: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #8: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #8: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rt_write_lock+0x86/0x220 kernel/locking/spinlock_rt.c:244
6 locks held by kworker/1:1/37:
 #0: ffff88801bab9d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 kernel/workqueue.c:3284
 #1: ffffc90000ac7c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 kernel/workqueue.c:3285
 #2: ffff888029fbe210 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1038 [inline]
 #2: ffff888029fbe210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60 drivers/usb/core/hub.c:5899
 #3: ffff888029b45658 (&port_dev->status_lock){+.+.}-{4:4}, at: usb_lock_port drivers/usb/core/hub.c:3252 [inline]
 #3: ffff888029b45658 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_port_connect drivers/usb/core/hub.c:5464 [inline]
 #3: ffff888029b45658 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 #3: ffff888029b45658 (&port_dev->status_lock){+.+.}-{4:4}, at: port_event drivers/usb/core/hub.c:5871 [inline]
 #3: ffff888029b45658 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b0/0x4f60 drivers/usb/core/hub.c:5953
 #4: ffff88801ebfd658 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_port_connect drivers/usb/core/hub.c:5465 [inline]
 #4: ffff88801ebfd658 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 #4: ffff88801ebfd658 (hcd->address0_mutex){+.+.}-{4:4}, at: port_event drivers/usb/core/hub.c:5871 [inline]
 #4: ffff88801ebfd658 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e0/0x4f60 drivers/usb/core/hub.c:5953
 #5: ffffffff8ee3a1a0 (ehci_cf_port_reset_rwsem){.+.+}-{4:4}, at: hub_port_reset+0x14e/0x1820 drivers/usb/core/hub.c:3067
1 lock held by khungtaskd/39:
 #0: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6777
9 locks held by kworker/u8:13/2374:
 #0: ffff88803bb61138 ((wq_completion)wg-kex-wg2#19){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 kernel/workqueue.c:3284
 #1: ffffc90007017c40 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 kernel/workqueue.c:3285
 #2: ffff8880344cd6f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x12f/0x830 drivers/net/wireguard/noise.c:529
 #3: ffff88806da363e0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x140/0x830 drivers/net/wireguard/noise.c:530
 #4: ffffffff8e05f380 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #5: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #6: ffffffff8e1c8260 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #6: ffffffff8e1c8260 (rcu_read_lock_bh){....}-{1:3}, at: spin_lock_bh include/linux/spinlock_rt.h:89 [inline]
 #6: ffffffff8e1c8260 (rcu_read_lock_bh){....}-{1:3}, at: wg_index_hashtable_insert+0x35/0x8c0 drivers/net/wireguard/peerlookup.c:124
 #7: ffff88802c07c870 (&p->pi_lock){-...}-{2:2}, at: _task_rq_lock+0x5b/0x470 kernel/sched/core.c:745
 #8: ffff8880b863b9a0 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 kernel/sched/core.c:652
5 locks held by kworker/u8:14/2375:
 #0: ffff88803bb61138 ((wq_completion)wg-kex-wg2#19){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 kernel/workqueue.c:3284
 #1: ffffc90007037c40 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 kernel/workqueue.c:3285
 #2: ffff8880344cd6f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x12f/0x830 drivers/net/wireguard/noise.c:529
 #3: ffff88806da35938 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x140/0x830 drivers/net/wireguard/noise.c:530
 #4: ffff8880b8636f90 ((crngs.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #4: ffff8880b8636f90 ((crngs.lock)){+.+.}-{3:3}, at: crng_make_state+0x162/0x5d0 drivers/char/random.c:358
2 locks held by getty/5370:
 #0: ffff88803672a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90003cb62e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 drivers/tty/n_tty.c:2211
6 locks held by kworker/0:5/5621:
 #0: ffff88803a811538 ((wq_completion)wg-kex-wg0#20){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 kernel/workqueue.c:3284
 #1: ffffc90004cffc40 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))))((unsigned long)((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))) + (((__per_cpu_offset[(cpu)]))))); })->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 kernel/workqueue.c:3285
 #2: ffffffff8e05f380 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #3: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #4: ffffffff8e1c8260 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #4: ffffffff8e1c8260 (rcu_read_lock_bh){....}-{1:3}, at: spin_lock_bh include/linux/spinlock_rt.h:89 [inline]
 #4: ffffffff8e1c8260 (rcu_read_lock_bh){....}-{1:3}, at: wg_packet_send_staged_packets+0x12a/0x1520 drivers/net/wireguard/send.c:350
 #5: ffffffff8e05f380 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
2 locks held by syz.1.1463/9408:
 #0: ffff888026f0d8c8 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1029 [inline]
 #0: ffff888026f0d8c8 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:907
 #1: ffff888026f0da98 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock include/linux/fs.h:1084 [inline]
 #1: ffff888026f0da98 (mapping.invalidate_lock){++++}-{4:4}, at: blkdev_fallocate+0x294/0x550 block/fops.c:908
1 lock held by kworker/0:8/11536:
 #0: ffff88806dba7938 ((wq_completion)wg-kex-wg2#20){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 kernel/workqueue.c:3284
1 lock held by syz.4.2216/11869:
 #0: ffff888026f0da98 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1094 [inline]
 #0: ffff888026f0da98 (mapping.invalidate_lock){++++}-{4:4}, at: do_page_cache_ra mm/readahead.c:335 [inline]
 #0: ffff888026f0da98 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x2bc/0x4b0 mm/readahead.c:542
1 lock held by syz.4.2216/11870:
 #0: ffff888026f0da98 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1094 [inline]
 #0: ffff888026f0da98 (mapping.invalidate_lock){++++}-{4:4}, at: do_page_cache_ra mm/readahead.c:335 [inline]
 #0: ffff888026f0da98 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x2bc/0x4b0 mm/readahead.c:542
11 locks held by syz-executor/13282:
 #0: ffffffff8f6012c0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
 #1: ffffffff8f6010d8 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
 #1: ffffffff8f6010d8 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
 #1: ffffffff8f6010d8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10b/0x7a0 net/netlink/genetlink.c:1208
 #2: ffffffff8f89d7d8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x9e0 net/rfkill/core.c:1085
 #3: ffffffff8f935198 (uevent_sock_mutex){+.+.}-{4:4}, at: uevent_net_broadcast_untagged lib/kobject_uevent.c:317 [inline]
 #3: ffffffff8f935198 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast+0x281/0x560 lib/kobject_uevent.c:410
 #4: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #4: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #4: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: sock_def_readable+0xae/0x550 net/core/sock.c:3611
 #5: ffff888029275898 (&si->socket.wq.wait){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #5: ffff888029275898 (&si->socket.wq.wait){+.+.}-{3:3}, at: __wake_up_common_lock+0x2f/0x1e0 kernel/sched/wait.c:124
 #6: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #6: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #6: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #6: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
 #7: ffff888038ae9208 (&ep->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #7: ffff888038ae9208 (&ep->lock){+.+.}-{3:3}, at: ep_poll_callback+0x79/0x800 fs/eventpoll.c:1243
 #8: ffff8880b863b9a0 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 kernel/sched/core.c:652
 #9: ffff8880b86246c8 (psi_seq){-...}-{0:0}, at: psi_task_change+0xd4/0x340 kernel/sched/psi.c:919
 #10: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #10: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #10: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #10: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
3 locks held by syz.3.2636/13426:
 #0: ffff88803b8b6060 (&newdev->mutex){+.+.}-{4:4}, at: uinput_ioctl_handler+0xf5/0x14a0 drivers/input/misc/uinput.c:921
 #1: ffff8880b863a288 ((lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #1: ffff8880b863a288 ((lock)){+.+.}-{3:3}, at: __radix_tree_preload+0x141/0x870 lib/radix-tree.c:334
 #2: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #2: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #2: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #2: ffffffff8e1c8200 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
 watchdog+0xfd3/0x1030 kernel/hung_task.c:561
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 17 Comm: pr/legacy Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:io_serial_in+0x77/0xc0 drivers/tty/serial/8250/8250_port.c:401
Code: e8 fe 62 7c fc 44 89 f9 d3 e3 49 83 ee 80 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 df fa e5 fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f c3 cc cc cc cc cc 44 89 f9 80 e1 07
RSP: 0018:ffffc900001679d0 EFLAGS: 00000202
RAX: 1ffffffff33b8700 RBX: 00000000000003fd RCX: 0000000000000000
RDX: 00000000000003fd RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffffff99dc3c50 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffffff854897b0 R12: dffffc0000000000
R13: 0000000000000000 R14: ffffffff99dc39c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125dcd000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c3bf9ac CR3: 000000000dfb6000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 serial_in drivers/tty/serial/8250/8250.h:128 [inline]
 serial_lsr_in drivers/tty/serial/8250/8250.h:150 [inline]
 wait_for_lsr+0x1aa/0x2f0 drivers/tty/serial/8250/8250_port.c:1970
 serial8250_fifo_wait_for_lsr_thre drivers/tty/serial/8250/8250_port.c:3207 [inline]
 serial8250_console_fifo_write drivers/tty/serial/8250/8250_port.c:3290 [inline]
 serial8250_console_write+0x1391/0x1b90 drivers/tty/serial/8250/8250_port.c:3357
 console_emit_next_record kernel/printk/printk.c:3163 [inline]
 console_flush_one_record+0x68b/0xb90 kernel/printk/printk.c:3269
 legacy_kthread_func+0x1b6/0x250 kernel/printk/printk.c:3712
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>