INFO: task kworker/1:20:7318 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:20    state:D stack:21592 pid: 7318 ppid:     2 flags:0x00004000
Workqueue: gfs_recovery gfs2_recover_func
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11ef/0x43c0 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 io_schedule+0x7c/0xd0 kernel/sched/core.c:8503
 wait_on_page_bit_common+0x83b/0xe50 mm/filemap.c:1356
 wait_on_page_locked include/linux/pagemap.h:688 [inline]
 gfs2_jhead_process_page+0x252/0xbf0 fs/gfs2/lops.c:476
 gfs2_find_jhead+0xa90/0x1000 fs/gfs2/lops.c:586
 gfs2_recover_func+0x73a/0x1cf0 fs/gfs2/recovery.c:462
 process_one_work+0x85f/0x1010 kernel/workqueue.c:2310
 worker_thread+0xaa6/0x1290 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
INFO: task syz.8.659:7397 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.659       state:D stack:20888 pid: 7397 ppid:  6703 flags:0x00104004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11ef/0x43c0 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 bit_wait+0xd/0xc0 kernel/sched/wait_bit.c:199
 __wait_on_bit kernel/sched/wait_bit.c:49 [inline]
 out_of_line_wait_on_bit+0x173/0x230 kernel/sched/wait_bit.c:64
 wait_on_bit include/linux/wait_bit.h:76 [inline]
 gfs2_recover_journal+0x104/0x150 fs/gfs2/recovery.c:579
 init_journal+0x1779/0x22f0 fs/gfs2/ops_fstype.c:837
 init_inodes+0xdb/0x320 fs/gfs2/ops_fstype.c:891
 gfs2_fill_super+0x16b2/0x1f00 fs/gfs2/ops_fstype.c:1249
 get_tree_bdev+0x3f1/0x610 fs/super.c:1325
 gfs2_get_tree+0x4d/0x1e0 fs/gfs2/ops_fstype.c:1332
 vfs_get_tree+0x88/0x270 fs/super.c:1530
 do_new_mount+0x24a/0xa40 fs/namespace.c:3034
 do_mount fs/namespace.c:3377 [inline]
 __do_sys_mount fs/namespace.c:3585 [inline]
 __se_sys_mount+0x2e3/0x3d0 fs/namespace.c:3562
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f2d0ebe7a8a
RSP: 002b:00007f2d0ce3fe58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f2d0ce3fee0 RCX: 00007f2d0ebe7a8a
RDX: 0000200000037f40 RSI: 0000200000037f80 RDI: 00007f2d0ce3fea0
RBP: 0000200000037f40 R08: 00007f2d0ce3fee0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000037f80
R13: 00007f2d0ce3fea0 R14: 0000000000037f19 R15: 0000200000000240
 </TASK>

Showing all locks held in the system:
2 locks held by init/1:
 #0: ffff88802bf16a28 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88802bf16a28 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1296
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x10e8/0x28b0 mm/page_alloc.c:5128
1 lock held by khungtaskd/27:
 #0: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
3 locks held by kworker/u4:1/144:
1 lock held by kswapd1/255:
 #0: ffff8880b903a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
4 locks held by syslogd/3542:
2 locks held by udevd/3560:
2 locks held by dhcpcd/3853:
 #0: ffff8880241f8128 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff8880241f8128 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1296
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x10e8/0x28b0 mm/page_alloc.c:5128
2 locks held by dhcpcd/3854:
 #0: ffff8880241fc728 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff8880241fc728 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1296
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x10e8/0x28b0 mm/page_alloc.c:5128
3 locks held by dhcpcd/3855:
2 locks held by crond/3927:
2 locks held by getty/3945:
 #0: ffff88802bf77098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc90002cf62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5df/0x1a70 drivers/tty/n_tty.c:2158
3 locks held by sshd-session/4168:
2 locks held by syz-executor/4185:
2 locks held by syz-executor/4186:
3 locks held by kworker/u4:7/4255:
4 locks held by kworker/u4:8/4558:
2 locks held by kworker/u4:9/4600:
4 locks held by syz-executor/5398:
3 locks held by syz-executor/6703:
2 locks held by syz.6.602/7041:
2 locks held by kworker/1:20/7318:
 #0: ffff888146427d38 ((wq_completion)gfs_recovery){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 kernel/workqueue.c:-1
 #1: ffffc9000343fd00 ((work_completion)(&jd->jd_work)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 kernel/workqueue.c:2285
1 lock held by syz.8.659/7397:
 #0: ffff88807bd600e0
 (&type->s_umount_key
#115
/1
){+.+.}-{3:3}, at: alloc_super+0x201/0x950 fs/super.c:229
3 locks held by syz-executor/7406:
 #0: 
ffffffff8d430c50
 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x32e/0x5b0 net/core/net_namespace.c:499
 #1: ffffffff8c93bfc8
 (uevent_sock_mutex){+.+.}-{3:3}, at: kobject_uevent_env+0x4f6/0x890 lib/kobject_uevent.c:601
 #2: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #2: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #2: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x10e8/0x28b0 mm/page_alloc.c:5128
2 locks held by syz.4.661/7415:
 #0: ffff888074029980 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:842 [inline]
 #0: ffff888074029980 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0x83b/0x1370 mm/filemap.c:3096
 #1: ffffffff8c3de9c0
 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x10e8/0x28b0 mm/page_alloc.c:5128
2 locks held by syz.4.661/7416:
 #0: ffff88807e2fdc28 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff88807e2fdc28 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2b9/0xc80 arch/x86/mm/fault.c:1296
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4654 [inline]
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4678 [inline]
 #1: ffffffff8c3de9c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0x10e8/0x28b0 mm/page_alloc.c:5128

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x3a2/0x3d0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x163/0x280 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
 watchdog+0xe0f/0xe50 kernel/hung_task.c:369
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4168 Comm: sshd-session Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:format_decode+0x1dd/0x1300 lib/vsprintf.c:2557
Code: 04 18 84 c0 0f 85 0a 0e 00 00 4d 21 f5 48 8b 44 24 18 0f b6 04 18 84 c0 0f 85 18 0e 00 00 48 8b 04 24 4c 89 28 4c 8b 64 24 38 <49> ff c4 48 bd 00 00 00 00 10 00 00 00 4d 89 e6 4d 89 e5 49 c1 ed
RSP: 0000:ffffc9000304e490 EFLAGS: 00000246
RAX: ffffc9000304e558 RBX: dffffc0000000000 RCX: ffff888076dad940
RDX: 0000000000000000 RSI: 0000000000000025 RDI: 0000000000000000
RBP: 0000000000000025 R08: ffff888076dad940 R09: 0000000000000002
R10: 0000000000000025 R11: 0000000000000000 R12: ffffffff8a2bde06
R13: ffff0a0000000500 R14: ffffff00ffffff00 R15: 0000000000000025
FS:  00007feb1d166300(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055557d4197e0 CR3: 000000001ef6e000 CR4: 00000000003506f0
DR0: 0000000000000008 DR1: 0000000000000002 DR2: 0000000000000081
DR3: ffffffffefffff14 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 vsnprintf+0xef/0x1c20 lib/vsprintf.c:2763
 sprintf+0xe4/0x140 lib/vsprintf.c:3013
 print_time kernel/printk/printk.c:1274 [inline]
 info_print_prefix+0x168/0x360 kernel/printk/printk.c:1300
 record_print_text kernel/printk/printk.c:1349 [inline]
 console_unlock+0x66e/0x1120 kernel/printk/printk.c:2725
 vprintk_emit+0xc0/0x150 kernel/printk/printk.c:2274
 _printk+0xda/0x130 kernel/printk/printk.c:2299
 dump_unreclaimable_slab+0x10e/0x140 mm/slab_common.c:1156
 dump_header+0x359/0x770 mm/oom_kill.c:476
 oom_kill_process+0x20e/0x3d0 mm/oom_kill.c:1016
 out_of_memory+0xedc/0x1180 mm/oom_kill.c:1135
 __alloc_pages_may_oom mm/page_alloc.c:4359 [inline]
 __alloc_pages_slowpath+0x1dc5/0x28b0 mm/page_alloc.c:5177
 __alloc_pages+0x340/0x480 mm/page_alloc.c:5514
 alloc_pages_vma+0x393/0x7c0 mm/mempolicy.c:2146
 __read_swap_cache_async+0x1b5/0xa70 mm/swap_state.c:459
 read_swap_cache_async mm/swap_state.c:525 [inline]
 swap_cluster_readahead+0x6a3/0x7c0 mm/swap_state.c:661
 swapin_readahead+0xf1/0xac0 mm/swap_state.c:854
 do_swap_page+0x4b6/0x1f40 mm/memory.c:3622
 handle_pte_fault mm/memory.c:4654 [inline]
 __handle_mm_fault mm/memory.c:4785 [inline]
 handle_mm_fault+0x1b16/0x4410 mm/memory.c:4883
 do_user_addr_fault+0x489/0xc80 arch/x86/mm/fault.c:1355
 handle_page_fault arch/x86/mm/fault.c:1443 [inline]
 exc_page_fault+0x60/0x100 arch/x86/mm/fault.c:1496
 asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:606
RIP: 0010:do_sys_poll+0xf56/0x11a0 fs/select.c:1025
Code: 8b 74 24 30 4c 8d 76 12 48 8b 54 24 68 48 83 c2 06 45 31 ff 4c 89 f0 48 c1 e8 03 42 0f b6 04 28 84 c0 75 2b 42 0f b7 44 fe 12 <66> 89 02 49 89 d4 44 39 fb 74 3b e8 0a f3 aa ff 49 ff c7 49 83 c6
RSP: 0000:ffffc9000304f860 EFLAGS: 00050246
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffff888076dad940
RDX: 000055b8cf269186 RSI: ffffc9000304fc70 RDI: 0000000000000000
RBP: ffffc9000304fe10 R08: ffff88807854147f R09: 1ffff1100f0a828f
R10: dffffc0000000000 R11: ffffed100f0a8290 R12: 000055b8cf2691a0
R13: dffffc0000000000 R14: ffffc9000304fc82 R15: 0000000000000000
 __do_sys_ppoll fs/select.c:1120 [inline]
 __se_sys_ppoll+0x206/0x2a0 fs/select.c:1100
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7feb1d25a407
Code: Unable to access opcode bytes at RIP 0x7feb1d25a3dd.
RSP: 002b:00007ffec9b6ea20 EFLAGS: 00000202 ORIG_RAX: 000000000000010f
RAX: ffffffffffffffda RBX: 00007feb1d166300 RCX: 00007feb1d25a407
RDX: 00007ffec9b6ea60 RSI: 0000000000000004 RDI: 000055b8cf269180
RBP: 00007ffec9b6ead0 R08: 0000000000000008 R09: 0000000000000000
R10: 00007ffec9b6eb60 R11: 0000000000000202 R12: 0000000000000001
R13: 00007ffec9b6eb60 R14: 0000000000000037 R15: 0000000000000004
 </TASK>