INFO: task kworker/1:5:5742 blocked in I/O wait for more than 143 seconds.
      Not tainted syzkall[  344.861236][   T38]       Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:5     state:D stack:21096 pid:5742  tgid:5742  ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: gfs2_recovery gfs2_recover_func
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x169e/0x54f0 kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7283
 io_schedule+0x7f/0xd0 kernel/sched/core.c:8110
 folio_wait_bit_common+0x6dd/0xbc0 mm/filemap.c:1324
 folio_wait_locked include/linux/pagemap.h:1234 [inline]
 gfs2_jhead_process_page+0x175/0x670 fs/gfs2/lops.c:470
 gfs2_find_jhead+0xbd2/0xd30 fs/gfs2/lops.c:586
 gfs2_recover_func+0x6cf/0x1f60 fs/gfs2/recovery.c:459
 process_one_work+0x9a3/0x1710 kernel/workqueue.c:3312
 process_scheduled_works kernel/workqueue.c:3403 [inline]
 worker_thread+0xba8/0x11e0 kernel/workqueue.c:3489
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz.3.53:6752 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.53        state:D stack:24664 pid:6752  tgid:6751  ppid:6140   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x169e/0x54f0 kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7283
 bit_wait+0x11/0xd0 kernel/sched/wait_bit.c:240
 __wait_on_bit+0xb9/0x300 kernel/sched/wait_bit.c:52
 out_of_line_wait_on_bit+0x13b/0x190 kernel/sched/wait_bit.c:67
 wait_on_bit include/linux/wait_bit.h:77 [inline]
 gfs2_recover_journal+0xda/0x140 fs/gfs2/recovery.c:579
 init_journal+0x16ad/0x2280 fs/gfs2/ops_fstype.c:794
 init_inodes+0xdb/0x320 fs/gfs2/ops_fstype.c:844
 gfs2_fill_super+0x1a92/0x2220 fs/gfs2/ops_fstype.c:1250
 get_tree_bdev_flags+0x431/0x4f0 fs/super.c:1694
 gfs2_get_tree+0x51/0x1e0 fs/gfs2/ops_fstype.c:1332
 vfs_get_tree+0x92/0x2a0 fs/super.c:1754
 fc_mount fs/namespace.c:1193 [inline]
 do_new_mount_fc fs/namespace.c:3758 [inline]
 do_new_mount+0x341/0xd30 fs/namespace.c:3834
 do_mount fs/namespace.c:4167 [inline]
 __do_sys_mount fs/namespace.c:4383 [inline]
 __se_sys_mount+0x31d/0x420 fs/namespace.c:4360
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc5142cb5ca
RSP: 002b:00007fc51392de58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fc51392dee0 RCX: 00007fc5142cb5ca
RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fc51392dea0
RBP: 000020000001f680 R08: 00007fc51392dee0 R09: 0000000000000084
R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040
R13: 00007fc51392dea0 R14: 000000000001f790 R15: 00002000000001c0
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/38:
 #0: ffffffff8dfc8180 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff8dfc8180 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff8dfc8180 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6777
2 locks held by getty/5364:
 #0: ffff888032a310a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90003cc62e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 drivers/tty/n_tty.c:2211
2 locks held by kworker/1:5/5742:
 #0: ffff88801bf40d38 ((wq_completion)gfs2_recovery){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 kernel/workqueue.c:3284
 #1: ffffc90003e9fc40 ((work_completion)(&jd->jd_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 kernel/workqueue.c:3285
1 lock held by syz.3.53/6752:
 #0: ffff88805bf100d0 (&type->s_umount_key#54/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xac0 fs/super.c:345
1 lock held by syz.2.282/7690:
 #0: ffff8880373090b0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_downgrade include/linux/mmap_lock.h:586 [inline]
 #0: ffff8880373090b0 (&mm->mmap_lock){++++}-{4:4}, at: vms_complete_munmap_vmas+0x247/0xc60 mm/vma.c:1340
2 locks held by syz.0.283/7696:
 #0: ffff88801b6b2480 (sb_writers#5){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2724 [inline]
 #0: ffff88801b6b2480 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 fs/read_write.c:684
 #1: ffff88803bc7fb08 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1029 [inline]
 #1: ffff88803bc7fb08 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: shmem_file_write_iter+0x82/0x120 mm/shmem.c:3465
2 locks held by syz.5.285/7698:
 #0: ffff88801b6b2480 (sb_writers#5){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2724 [inline]
 #0: ffff88801b6b2480 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 fs/read_write.c:684
 #1: ffff888035418388 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1029 [inline]
 #1: ffff888035418388 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: shmem_file_write_iter+0x82/0x120 mm/shmem.c:3465
2 locks held by syz.4.284/7702:
 #0: ffff88801b6b2480 (sb_writers#5){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2724 [inline]
 #0: ffff88801b6b2480 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 fs/read_write.c:684
 #1: ffff888035ce37d0 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1029 [inline]
 #1: ffff888035ce37d0 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: shmem_file_write_iter+0x82/0x120 mm/shmem.c:3465
4 locks held by syz.1.286/7701:
 #0: ffff88801b6b2480 (sb_writers#5){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2724 [inline]
 #0: ffff88801b6b2480 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 fs/read_write.c:684
 #1: ffff888035ce6c18 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1029 [inline]
 #1: ffff888035ce6c18 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: shmem_file_write_iter+0x82/0x120 mm/shmem.c:3465
 #2: ffffffff8dfc8180 (rcu_read_lock){....}-{1:3}, at: spin_lock_irq include/linux/spinlock_rt.h:96 [inline]
 #2: ffffffff8dfc8180 (rcu_read_lock){....}-{1:3}, at: shmem_add_to_page_cache+0x74a/0xbf0 mm/shmem.c:904
 #3: ffffffff8dfc8180 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8dfc8180 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #3: ffffffff8dfc8180 (rcu_read_lock){....}-{1:3}, at: __rt_spin_trylock kernel/locking/spinlock_rt.c:110 [inline]
 #3: ffffffff8dfc8180 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x10c/0x2b0 kernel/locking/spinlock_rt.c:118

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
 watchdog+0xfd3/0x1030 kernel/hung_task.c:561
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 7696 Comm: syz.0.283 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:__lock_acquire+0x110/0x2d10 kernel/locking/lockdep.c:-1
Code: 40 01 00 00 44 8b a4 24 30 01 00 00 89 d5 48 c7 c1 30 23 18 93 48 29 c8 48 c1 f8 03 48 be 29 5c 8f c2 f5 28 5c 8f 48 0f af f0 <85> db 0f 85 52 01 00 00 85 ed 0f 84 4a 01 00 00 83 fd 31 0f 83 09
RSP: 0018:ffffc90006806f90 EFLAGS: 00000803
RAX: 0000000000000113 RBX: 0000000000000000 RCX: ffffffff93182330
RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff8dfc8180
RBP: 0000000000000002 R08: 0000000000000000 R09: ffffffff8dfc8180
R10: ffffc90006807298 R11: ffffffff81afb320 R12: 0000000000000000
R13: 0000000000000002 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fa659b3e6c0(0000) GS:ffff88812602a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa3d3d7d000 CR3: 0000000038550000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5870
 rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 rcu_read_lock include/linux/rcupdate.h:838 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1181 [inline]
 unwind_next_frame+0xc3/0x2550 arch/x86/kernel/unwind_orc.c:495
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 save_stack+0x122/0x230 mm/page_owner.c:165
 __set_page_owner+0x8d/0x4c0 mm/page_owner.c:341
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f9/0x250 mm/page_alloc.c:1853
 prep_new_page mm/page_alloc.c:1861 [inline]
 get_page_from_freelist+0x27d6/0x2850 mm/page_alloc.c:3941
 __alloc_frozen_pages_noprof+0x18d/0x380 mm/page_alloc.c:5249
 alloc_pages_mpol+0xd1/0x380 mm/mempolicy.c:2490
 folio_alloc_mpol_noprof+0x3b/0x1e0 mm/mempolicy.c:2509
 shmem_alloc_folio mm/shmem.c:1933 [inline]
 shmem_alloc_and_add_folio mm/shmem.c:1975 [inline]
 shmem_get_folio_gfp+0x644/0x1a80 mm/shmem.c:2564
 shmem_get_folio mm/shmem.c:2670 [inline]
 shmem_write_begin+0x166/0x320 mm/shmem.c:3300
 generic_perform_write+0x2af/0x8b0 mm/filemap.c:4325
 shmem_file_write_iter+0xfb/0x120 mm/shmem.c:3475
 new_sync_write fs/read_write.c:595 [inline]
 vfs_write+0x629/0xba0 fs/read_write.c:688
 ksys_write+0x156/0x270 fs/read_write.c:740
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa65a49ac0e
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007fa659b3dda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fa659b3e6c0 RCX: 00007fa65a49ac0e
RDX: 0000000001000000 RSI: 00007fa65171e000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 00007fa659b3dee0 R14: 00007fa659b3dea0 R15: 00007fa65171e000
 </TASK>