INFO: task syz-executor.1:6454 blocked for more than 143 seconds. Not tainted 6.9.0-rc3-syzkaller-gb5d2afe8745b #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:0 pid:6454 tgid:6448 ppid:6253 flags:0x0000000d Call trace: __switch_to+0x314/0x560 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5409 [inline] __schedule+0x14bc/0x24ec kernel/sched/core.c:6746 __schedule_loop kernel/sched/core.c:6823 [inline] schedule+0xbc/0x238 kernel/sched/core.c:6838 xlog_grant_head_wait+0x3a8/0xaf0 fs/xfs/xfs_log.c:307 xlog_grant_head_check+0x218/0x3d8 xfs_log_reserve+0x39c/0xc28 fs/xfs/xfs_log.c:486 xfs_trans_reserve+0x1f4/0x5e0 fs/xfs/xfs_trans.c:195 xfs_trans_alloc+0x410/0x950 fs/xfs/xfs_trans.c:284 xfs_trans_alloc_inode+0x170/0x4f4 fs/xfs/xfs_trans.c:1203 xfs_attr_set+0x8e8/0x13d0 fs/xfs/libxfs/xfs_attr.c:983 xfs_attr_change fs/xfs/xfs_xattr.c:117 [inline] xfs_xattr_set+0x1a8/0x30c fs/xfs/xfs_xattr.c:165 __vfs_setxattr+0x3d8/0x400 fs/xattr.c:200 __vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:234 __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:295 vfs_setxattr+0x1a8/0x344 fs/xattr.c:321 do_setxattr fs/xattr.c:629 [inline] setxattr+0x208/0x29c fs/xattr.c:652 path_setxattr+0x17c/0x258 fs/xattr.c:671 __do_sys_lsetxattr fs/xattr.c:694 [inline] __se_sys_lsetxattr fs/xattr.c:690 [inline] __arm64_sys_lsetxattr+0xbc/0xd8 fs/xattr.c:690 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 INFO: task syz-executor.1:6500 blocked for more than 143 seconds. Not tainted 6.9.0-rc3-syzkaller-gb5d2afe8745b #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:0 pid:6500 tgid:6448 ppid:6253 flags:0x0000000d Call trace: __switch_to+0x314/0x560 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5409 [inline] __schedule+0x14bc/0x24ec kernel/sched/core.c:6746 __schedule_loop kernel/sched/core.c:6823 [inline] schedule+0xbc/0x238 kernel/sched/core.c:6838 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6895 rwsem_down_write_slowpath+0xd10/0x14c8 kernel/locking/rwsem.c:1178 __down_write_common kernel/locking/rwsem.c:1306 [inline] __down_write kernel/locking/rwsem.c:1315 [inline] down_write+0xb4/0xc0 kernel/locking/rwsem.c:1580 inode_lock include/linux/fs.h:795 [inline] do_lock_mount+0xf8/0x324 fs/namespace.c:2460 lock_mount fs/namespace.c:2502 [inline] do_new_mount_fc fs/namespace.c:3289 [inline] do_new_mount+0x3c8/0x900 fs/namespace.c:3354 path_mount+0x590/0xe04 fs/namespace.c:3679 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount fs/namespace.c:3875 [inline] __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3875 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 INFO: task syz-executor.1:6502 blocked for more than 143 seconds. Not tainted 6.9.0-rc3-syzkaller-gb5d2afe8745b #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:0 pid:6502 tgid:6448 ppid:6253 flags:0x00000005 Call trace: __switch_to+0x314/0x560 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5409 [inline] __schedule+0x14bc/0x24ec kernel/sched/core.c:6746 __schedule_loop kernel/sched/core.c:6823 [inline] schedule+0xbc/0x238 kernel/sched/core.c:6838 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6895 rwsem_down_write_slowpath+0xd10/0x14c8 kernel/locking/rwsem.c:1178 __down_write_common kernel/locking/rwsem.c:1306 [inline] __down_write kernel/locking/rwsem.c:1315 [inline] down_write+0xb4/0xc0 kernel/locking/rwsem.c:1580 inode_lock include/linux/fs.h:795 [inline] open_last_lookups fs/namei.c:3563 [inline] path_openat+0x5f0/0x2830 fs/namei.c:3796 do_filp_open+0x1bc/0x3cc fs/namei.c:3826 do_sys_openat2+0x124/0x1b8 fs/open.c:1406 do_sys_open fs/open.c:1421 [inline] __do_sys_openat fs/open.c:1437 [inline] __se_sys_openat fs/open.c:1432 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1432 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 INFO: task syz-executor.1:6503 blocked for more than 143 seconds. Not tainted 6.9.0-rc3-syzkaller-gb5d2afe8745b #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:0 pid:6503 tgid:6448 ppid:6253 flags:0x00000005 Call trace: __switch_to+0x314/0x560 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5409 [inline] __schedule+0x14bc/0x24ec kernel/sched/core.c:6746 __schedule_loop kernel/sched/core.c:6823 [inline] schedule+0xbc/0x238 kernel/sched/core.c:6838 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6895 rwsem_down_write_slowpath+0xd10/0x14c8 kernel/locking/rwsem.c:1178 __down_write_common kernel/locking/rwsem.c:1306 [inline] __down_write kernel/locking/rwsem.c:1315 [inline] down_write_nested+0xc0/0xcc kernel/locking/rwsem.c:1696 inode_lock_nested include/linux/fs.h:830 [inline] filename_create+0x204/0x468 fs/namei.c:3892 do_mknodat+0x188/0x564 fs/namei.c:4038 __do_sys_mknodat fs/namei.c:4079 [inline] __se_sys_mknodat fs/namei.c:4076 [inline] __arm64_sys_mknodat+0xb0/0xcc fs/namei.c:4076 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 INFO: task syz-executor.1:6504 blocked for more than 143 seconds. Not tainted 6.9.0-rc3-syzkaller-gb5d2afe8745b #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:0 pid:6504 tgid:6448 ppid:6253 flags:0x00000005 Call trace: __switch_to+0x314/0x560 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5409 [inline] __schedule+0x14bc/0x24ec kernel/sched/core.c:6746 __schedule_loop kernel/sched/core.c:6823 [inline] schedule+0xbc/0x238 kernel/sched/core.c:6838 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6895 rwsem_down_read_slowpath+0x534/0x858 kernel/locking/rwsem.c:1086 __down_read_common kernel/locking/rwsem.c:1250 [inline] __down_read kernel/locking/rwsem.c:1263 [inline] down_read+0xa0/0x2fc kernel/locking/rwsem.c:1528 inode_lock_shared include/linux/fs.h:805 [inline] lookup_slow+0x50/0x84 fs/namei.c:1708 walk_component+0x280/0x36c fs/namei.c:2004 lookup_last fs/namei.c:2461 [inline] path_lookupat+0x13c/0x3d0 fs/namei.c:2485 filename_lookup+0x1d4/0x4e0 fs/namei.c:2514 user_path_at_empty+0x5c/0x84 fs/namei.c:2921 user_path_at include/linux/namei.h:57 [inline] do_mount fs/namespace.c:3689 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount fs/namespace.c:3875 [inline] __arm64_sys_mount+0x428/0x594 fs/namespace.c:3875 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Showing all locks held in the system: 1 lock held by khungtaskd/30: #0: ffff80008f057880 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:328 3 locks held by kworker/u8:8/2026: #0: ffff0001b3de2c98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:559 [inline] #0: ffff0001b3de2c98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1385 [inline] #0: ffff0001b3de2c98 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1699 [inline] #0: ffff0001b3de2c98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2e0/0x24ec kernel/sched/core.c:6654 #1: ffff0001b3dccc88 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x3c0/0x618 kernel/sched/psi.c:988 #2: ffff0001b3dcea58 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x230 kernel/time/timer.c:1052 2 locks held by getty/6000: #0: ffff0000c194b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340 #1: ffff800097b9b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x41c/0x1228 drivers/tty/n_tty.c:2201 5 locks held by kworker/0:4/6266: #0: ffff0000c2b85948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x668/0x15d4 kernel/workqueue.c:3228 #1: ffff800097d67c20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x6b4/0x15d4 kernel/workqueue.c:3228 #2: ffff0000cd5de190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:990 [inline] #2: ffff0000cd5de190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1bc/0x4280 drivers/usb/core/hub.c:5849 #3: ffff0000edf5f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:990 [inline] #3: ffff0000edf5f190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0xec/0x808 drivers/usb/core/hub.c:2296 #4: ffff0000cca88160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:990 [inline] #4: ffff0000cca88160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1093 [inline] #4: ffff0000cca88160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xbc/0x6a0 drivers/base/dd.c:1290 3 locks held by kworker/1:3/6304: #0: ffff0000c0028948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x668/0x15d4 kernel/workqueue.c:3228 #1: ffff800097bf7c20 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x6b4/0x15d4 kernel/workqueue.c:3228 #2: ffff80008ef033d0 (umhelper_sem){++++}-{3:3}, at: usermodehelper_read_lock_wait+0x138/0x244 kernel/umh.c:247 3 locks held by syz-executor.1/6454: #0: ffff0000c5c06420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:409 #1: ffff0000efa9c138 (&inode->i_sb->s_type->i_mutex_dir_key){++++}-{3:3}, at: inode_lock include/linux/fs.h:795 [inline] #1: ffff0000efa9c138 (&inode->i_sb->s_type->i_mutex_dir_key){++++}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:320 #2: ffff0000c5c06610 (sb_internal#2){.+.+}-{0:0}, at: xfs_trans_alloc_inode+0x170/0x4f4 fs/xfs/xfs_trans.c:1203 1 lock held by syz-executor.1/6500: #0: ffff0000efa9c138 (&inode->i_sb->s_type->i_mutex_dir_key){++++}-{3:3}, at: inode_lock include/linux/fs.h:795 [inline] #0: ffff0000efa9c138 (&inode->i_sb->s_type->i_mutex_dir_key){++++}-{3:3}, at: do_lock_mount+0xf8/0x324 fs/namespace.c:2460 2 locks held by syz-executor.1/6502: #0: ffff0000c5c06420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:409 #1: ffff0000efa9c138 (&inode->i_sb->s_type->i_mutex_dir_key){++++}-{3:3}, at: inode_lock include/linux/fs.h:795 [inline] #1: ffff0000efa9c138 (&inode->i_sb->s_type->i_mutex_dir_key){++++}-{3:3}, at: open_last_lookups fs/namei.c:3563 [inline] #1: ffff0000efa9c138 (&inode->i_sb->s_type->i_mutex_dir_key){++++}-{3:3}, at: path_openat+0x5f0/0x2830 fs/namei.c:3796 2 locks held by syz-executor.1/6503: #0: ffff0000c5c06420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:409 #1: ffff0000efa9c138 (&inode->i_sb->s_type->i_mutex_dir_key/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:830 [inline] #1: ffff0000efa9c138 (&inode->i_sb->s_type->i_mutex_dir_key/1){+.+.}-{3:3}, at: filename_create+0x204/0x468 fs/namei.c:3892 1 lock held by syz-executor.1/6504: #0: ffff0000efa9c138 (&inode->i_sb->s_type->i_mutex_dir_key){++++}-{3:3}, at: inode_lock_shared include/linux/fs.h:805 [inline] #0: ffff0000efa9c138 (&inode->i_sb->s_type->i_mutex_dir_key){++++}-{3:3}, at: lookup_slow+0x50/0x84 fs/namei.c:1708 1 lock held by syz-executor.0/8495: #0: ffff0000cd5de190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:990 [inline] #0: ffff0000cd5de190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x69c drivers/usb/core/devio.c:1051 1 lock held by syz-executor.2/9151: #0: ffff0000cd5de190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:990 [inline] #0: ffff0000cd5de190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x69c drivers/usb/core/devio.c:1051 =============================================