INFO: task syz.0.15:6474 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.15        state:D stack:26776 pid:6474  tgid:6448  ppid:6266   task_flags:0x440140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x14bc/0x5000 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6960
 xfs_ail_push_all_sync+0x1cd/0x2a0 fs/xfs/xfs_trans_ail.c:721
 xfs_log_quiesce+0xdf/0x5d0 fs/xfs/xfs_log.c:977
 xfs_fs_freeze+0x7f/0x160 fs/xfs/xfs_super.c:1035
 freeze_super+0x905/0x1130 fs/super.c:2133
 fs_bdev_freeze+0x1a3/0x310 fs/super.c:1539
 bdev_freeze+0xd8/0x220 block/bdev.c:315
 xfs_fs_goingdown+0xc5/0x150 fs/xfs/xfs_fsops.c:465
 xfs_file_ioctl+0x11a0/0x17f0 fs/xfs/xfs_ioctl.c:1371
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f521e180809
RSP: 002b:00007f521f00d058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f521e346080 RCX: 00007f521e180809
RDX: 0000000020000080 RSI: 000000008004587d RDI: 0000000000000004
RBP: 00007f521e1f393e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f521e346080 R15: 00007ffe39d8b8e8
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8df419e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8df419e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8df419e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
3 locks held by kworker/u8:6/1163:
 #0: ffff88813fe69948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3236
 #1: ffffc9000437fb80 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3237
 #2: ffffffff8f310348 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:303
3 locks held by kworker/u9:1/5149:
 #0: ffff888032671948 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3236
 #1: ffffc9000ef4fb80 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3237
 #2: ffff888057260ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
1 lock held by dhcpcd/5494:
 #0: ffffffff8f310348 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8f310348 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x323/0x1b20 net/ipv4/devinet.c:1120
2 locks held by getty/5584:
 #0: ffff888030d4d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460 drivers/tty/n_tty.c:2211
5 locks held by syz.0.15/6474:
 #0: ffff8880231b3b30 (&bdev->bd_fsfreeze_mutex){+.+.}-{4:4}, at: bdev_freeze+0x2a/0x220 block/bdev.c:306
 #1: ffff8880330ce420 (sb_writers#12){++++}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #1: ffff8880330ce420 (sb_writers#12){++++}-{0:0}, at: freeze_super+0x4db/0x1130 fs/super.c:2111
 #2: ffff8880330ce0e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: __super_lock fs/super.c:57 [inline]
 #2: ffff8880330ce0e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: __super_lock_excl fs/super.c:72 [inline]
 #2: ffff8880330ce0e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: freeze_super+0x4e3/0x1130 fs/super.c:2112
 #3: ffff8880330ce518 (sb_pagefaults#2){+.+.}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #3: ffff8880330ce518 (sb_pagefaults#2){+.+.}-{0:0}, at: freeze_super+0x50a/0x1130 fs/super.c:2116
 #4: ffff8880330ce610 (sb_internal#2){++++}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #4: ffff8880330ce610 (sb_internal#2){++++}-{0:0}, at: freeze_super+0x8b7/0x1130 fs/super.c:2130
5 locks held by syz.5.22/6885:
 #0: ffff8880231b74b0 (&bdev->bd_fsfreeze_mutex){+.+.}-{4:4}, at: bdev_freeze+0x2a/0x220 block/bdev.c:306
 #1: ffff88801c36a420 (sb_writers#12){++++}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #1: ffff88801c36a420 (sb_writers#12){++++}-{0:0}, at: freeze_super+0x4db/0x1130 fs/super.c:2111
 #2: ffff88801c36a0e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: __super_lock fs/super.c:57 [inline]
 #2: ffff88801c36a0e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: __super_lock_excl fs/super.c:72 [inline]
 #2: ffff88801c36a0e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: freeze_super+0x4e3/0x1130 fs/super.c:2112
 #3: ffff88801c36a518 (sb_pagefaults#2){+.+.}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #3: ffff88801c36a518 (sb_pagefaults#2){+.+.}-{0:0}, at: freeze_super+0x50a/0x1130 fs/super.c:2116
 #4: ffff88801c36a610 (sb_internal#2){++++}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #4: ffff88801c36a610 (sb_internal#2){++++}-{0:0}, at: freeze_super+0x8b7/0x1130 fs/super.c:2130
5 locks held by syz.2.34/7189:
 #0: ffff8880231b5230 (&bdev->bd_fsfreeze_mutex){+.+.}-{4:4}, at: bdev_freeze+0x2a/0x220 block/bdev.c:306
 #1: ffff88807d216420 (sb_writers#12){++++}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #1: ffff88807d216420 (sb_writers#12){++++}-{0:0}, at: freeze_super+0x4db/0x1130 fs/super.c:2111
 #2: ffff88807d2160e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: __super_lock fs/super.c:57 [inline]
 #2: ffff88807d2160e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: __super_lock_excl fs/super.c:72 [inline]
 #2: ffff88807d2160e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: freeze_super+0x4e3/0x1130 fs/super.c:2112
 #3: ffff88807d216518 (sb_pagefaults#2){+.+.}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #3: ffff88807d216518 (sb_pagefaults#2){+.+.}-{0:0}, at: freeze_super+0x50a/0x1130 fs/super.c:2116
 #4: ffff88807d216610 (sb_internal#2){++++}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #4: ffff88807d216610 (sb_internal#2){++++}-{0:0}, at: freeze_super+0x8b7/0x1130 fs/super.c:2130
5 locks held by syz.8.51/7527:
 #0: ffff8880231b98b0 (&bdev->bd_fsfreeze_mutex){+.+.}-{4:4}, at: bdev_freeze+0x2a/0x220 block/bdev.c:306
 #1: ffff888053658420 (sb_writers#12){++++}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #1: ffff888053658420 (sb_writers#12){++++}-{0:0}, at: freeze_super+0x4db/0x1130 fs/super.c:2111
 #2: ffff8880536580e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: __super_lock fs/super.c:57 [inline]
 #2: ffff8880536580e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: __super_lock_excl fs/super.c:72 [inline]
 #2: ffff8880536580e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: freeze_super+0x4e3/0x1130 fs/super.c:2112
 #3: ffff888053658518 (sb_pagefaults#2){+.+.}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #3: ffff888053658518 (sb_pagefaults#2){+.+.}-{0:0}, at: freeze_super+0x50a/0x1130 fs/super.c:2116
 #4: ffff888053658610 (sb_internal#2){++++}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #4: ffff888053658610 (sb_internal#2){++++}-{0:0}, at: freeze_super+0x8b7/0x1130 fs/super.c:2130
5 locks held by syz.1.89/8179:
 #0: ffff8880231b46b0 (&bdev->bd_fsfreeze_mutex){+.+.}-{4:4}, at: bdev_freeze+0x2a/0x220 block/bdev.c:306
 #1: ffff8880288c2420 (sb_writers#12){++++}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #1: ffff8880288c2420 (sb_writers#12){++++}-{0:0}, at: freeze_super+0x4db/0x1130 fs/super.c:2111
 #2: ffff8880288c20e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: __super_lock fs/super.c:57 [inline]
 #2: ffff8880288c20e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: __super_lock_excl fs/super.c:72 [inline]
 #2: ffff8880288c20e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: freeze_super+0x4e3/0x1130 fs/super.c:2112
 #3: ffff8880288c2518 (sb_pagefaults#2){+.+.}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #3: ffff8880288c2518 (sb_pagefaults#2){+.+.}-{0:0}, at: freeze_super+0x50a/0x1130 fs/super.c:2116
 #4: ffff8880288c2610 (sb_internal#2){++++}-{0:0}, at: sb_wait_write fs/super.c:1847 [inline]
 #4: ffff8880288c2610 (sb_internal#2){++++}-{0:0}, at: freeze_super+0x8b7/0x1130 fs/super.c:2130
5 locks held by kworker/u8:24/8182:
 #0: ffff88801b2df148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3236
 #1: ffffc9000c837b80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3237
 #2: ffffffff8f302d30 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x7a0 net/core/net_namespace.c:670
 #3: ffffffff8f310348 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xdc/0x9e0 net/core/dev.c:13041
 #4: ffffffff8df47538 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline]
 #4: ffffffff8df47538 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 kernel/rcu/tree_exp.h:956
2 locks held by syz-executor/8940:
 #0: ffffffff8f823d30 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8f823d30 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8f823d30 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 net/core/rtnetlink.c:570
 #1: ffffffff8f310348 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #1: ffffffff8f310348 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #1: ffffffff8f310348 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8ec/0x1c90 net/core/rtnetlink.c:4071
3 locks held by syz.8.293/8996:
 #0: ffff88802537d448 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0xa2/0xd60 drivers/block/loop.c:1235
 #1: ffff888141f76938 (&q->q_usage_counter(io)#25){++++}-{0:0}, at: blk_mq_freeze_queue include/linux/blk-mq.h:954 [inline]
 #1: ffff888141f76938 (&q->q_usage_counter(io)#25){++++}-{0:0}, at: loop_set_status+0x2e4/0xd60 drivers/block/loop.c:1251
 #2: ffff888141f76970 (&q->q_usage_counter(queue)#9){+.+.}-{0:0}, at: blk_mq_freeze_queue include/linux/blk-mq.h:954 [inline]
 #2: ffff888141f76970 (&q->q_usage_counter(queue)#9){+.+.}-{0:0}, at: loop_set_status+0x2e4/0xd60 drivers/block/loop.c:1251
3 locks held by syz.5.294/9001:
 #0: ffff88802535c448 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0xa2/0xd60 drivers/block/loop.c:1235
 #1: ffff888141f74ca0 (&q->q_usage_counter(io)#22){++++}-{0:0}, at: blk_mq_freeze_queue include/linux/blk-mq.h:954 [inline]
 #1: ffff888141f74ca0 (&q->q_usage_counter(io)#22){++++}-{0:0}, at: loop_set_status+0x2e4/0xd60 drivers/block/loop.c:1251
 #2: ffff888141f74cd8 (&q->q_usage_counter(queue)#6){+.+.}-{0:0}, at: blk_mq_freeze_queue include/linux/blk-mq.h:954 [inline]
 #2: ffff888141f74cd8 (&q->q_usage_counter(queue)#6){+.+.}-{0:0}, at: loop_set_status+0x2e4/0xd60 drivers/block/loop.c:1251
3 locks held by syz.0.295/9007:
 #0: ffff88802525d448 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0xa2/0xd60 drivers/block/loop.c:1235
 #1: ffff888141f71cf8 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: blk_mq_freeze_queue include/linux/blk-mq.h:954 [inline]
 #1: ffff888141f71cf8 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: loop_set_status+0x2e4/0xd60 drivers/block/loop.c:1251
 #2: ffff888141f71d30 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: blk_mq_freeze_queue include/linux/blk-mq.h:954 [inline]
 #2: ffff888141f71d30 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: loop_set_status+0x2e4/0xd60 drivers/block/loop.c:1251
3 locks held by syz.2.296/9009:
 #0: ffff88802528b448 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0xa2/0xd60 drivers/block/loop.c:1235
 #1: ffff888141f73008 (&q->q_usage_counter(io)#19){++++}-{0:0}, at: blk_mq_freeze_queue include/linux/blk-mq.h:954 [inline]
 #1: ffff888141f73008 (&q->q_usage_counter(io)#19){++++}-{0:0}, at: loop_set_status+0x2e4/0xd60 drivers/block/loop.c:1251
 #2: ffff888141f73040 (&q->q_usage_counter(queue)#3){+.+.}-{0:0}, at: blk_mq_freeze_queue include/linux/blk-mq.h:954 [inline]
 #2: ffff888141f73040 (&q->q_usage_counter(queue)#3){+.+.}-{0:0}, at: loop_set_status+0x2e4/0xd60 drivers/block/loop.c:1251

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xf95/0xfe0 kernel/hung_task.c:515
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 9015 Comm: syz.0.297 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0033:0x7fd481441966
Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01
RSP: 002b:00007fd4824094c0 EFLAGS: 00000202
RAX: 00000000009c2f84 RBX: 00007fd482409560 RCX: 000000000000002b
RDX: 0000000000000015 RSI: 0000000000000001 RDI: 00007fd482409600
RBP: 0000000000000102 R08: 00007fd478200000 R09: 00000000009c2f83
R10: 0000000000000000 R11: 00007fd482409570 R12: 0000000000000001
R13: 00007fd4816082a0 R14: 0000000000000000 R15: 00007fd482409600
FS:  00007fd48240a6c0 GS:  0000000000000000