INFO: task syz-executor.0:2093 blocked for more than 140 seconds. Not tainted 4.19.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D11872 2093 1638 0x00080006 Call Trace: context_switch kernel/sched/core.c:2825 [inline] __schedule+0x2dc/0x860 kernel/sched/core.c:3473 schedule+0x27/0x80 kernel/sched/core.c:3517 io_schedule+0x11/0x40 kernel/sched/core.c:5140 bit_wait_io+0xc/0x50 kernel/sched/wait_bit.c:207 __wait_on_bit_lock+0x5e/0xc0 kernel/sched/wait_bit.c:89 out_of_line_wait_on_bit_lock+0x8b/0xb0 kernel/sched/wait_bit.c:116 wait_on_bit_lock_io include/linux/wait_bit.h:208 [inline] __lock_buffer+0x24/0x30 fs/buffer.c:65 lock_buffer include/linux/buffer_head.h:366 [inline] ext4_quota_write+0x193/0x200 fs/ext4/super.c:5837 qtree_write_dquot+0xc7/0x1a0 fs/quota/quota_tree.c:395 v2_write_dquot+0x8a/0xa0 fs/quota/quota_v2.c:334 dquot_commit+0x62/0xe0 fs/quota/dquot.c:475 ext4_write_dquot+0x70/0xa0 fs/ext4/super.c:5469 ext4_mark_dquot_dirty+0x3a/0x50 fs/ext4/super.c:5520 mark_dquot_dirty fs/quota/dquot.c:341 [inline] mark_all_dquot_dirty fs/quota/dquot.c:379 [inline] dquot_alloc_inode+0x107/0x1d0 fs/quota/dquot.c:1746 ext4_xattr_inode_alloc_quota fs/ext4/xattr.c:870 [inline] ext4_xattr_set_entry+0x1e4/0x1330 fs/ext4/xattr.c:1659 ext4_xattr_block_set+0x121/0xdc0 fs/ext4/xattr.c:1887 ext4_xattr_set_handle+0x47c/0x5a0 fs/ext4/xattr.c:2404 ext4_xattr_set+0xb8/0x140 fs/ext4/xattr.c:2504 ext4_xattr_user_set+0x2f/0x40 fs/ext4/xattr_user.c:40 __vfs_setxattr+0x64/0x80 fs/xattr.c:149 cgroup: fork rejected by pids controller in __vfs_setxattr_noperm+0x6d/0x1a0 fs/xattr.c:180 vfs_setxattr+0x88/0xb0 fs/xattr.c:223 setxattr+0x14f/0x1f0 fs/xattr.c:450 /syz0 path_setxattr+0xb8/0xd0 fs/xattr.c:469 __do_sys_setxattr fs/xattr.c:484 [inline] __se_sys_setxattr fs/xattr.c:480 [inline] __x64_sys_setxattr+0x26/0x30 fs/xattr.c:480 do_syscall_64+0x63/0x160 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f14597cace9 Code: Bad RIP value. RSP: 002b:00007f145934d0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc RAX: ffffffffffffffda RBX: 00007f14598e9f80 RCX: 00007f14597cace9 RDX: 0000000020000380 RSI: 0000000020000340 RDI: 00000000200002c0 RBP: 00007f145981747a R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000ffed R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000006 R14: 00007f14598e9f80 R15: 00007ffec17ca4e8 Showing all locks held in the system: 2 locks held by kworker/0:0/5: #0: 00000000226b06d9 ((wq_completion)"rcu_gp"){....}, at: wake_up_worker kernel/workqueue.c:838 [inline] #0: 00000000226b06d9 ((wq_completion)"rcu_gp"){....}, at: process_one_work+0x1b1/0x480 kernel/workqueue.c:2116 #1: 0000000039926b46 ((work_completion)(&rew.rew_work)){....}, at: wake_up_worker kernel/workqueue.c:838 [inline] #1: 0000000039926b46 ((work_completion)(&rew.rew_work)){....}, at: process_one_work+0x1b1/0x480 kernel/workqueue.c:2116 1 lock held by khungtaskd/314: #0: 00000000752c59d1 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x103 kernel/locking/lockdep.c:4435 2 locks held by getty/1015: #0: 000000003f67b987 (&tty->ldisc_sem){....}, at: ldsem_down_read+0xe/0x10 drivers/tty/tty_ldsem.c:353 #1: 00000000ca111367 (&ldata->atomic_read_lock){....}, at: n_tty_read+0xbc/0x860 drivers/tty/n_tty.c:2140 6 locks held by syz-executor.0/2093: #0: 00000000117e03ec (sb_writers#3){....}, at: sb_start_write include/linux/fs.h:1566 [inline] #0: 00000000117e03ec (sb_writers#3){....}, at: mnt_want_write+0x1f/0x50 fs/namespace.c:360 #1: 000000002ccbbfb2 (&type->i_mutex_dir_key#3){....}, at: inode_lock include/linux/fs.h:738 [inline] #1: 000000002ccbbfb2 (&type->i_mutex_dir_key#3){....}, at: vfs_setxattr+0x58/0xb0 fs/xattr.c:218 #2: 00000000a9f34a1b (&ei->xattr_sem){....}, at: ext4_write_lock_xattr fs/ext4/xattr.h:141 [inline] #2: 00000000a9f34a1b (&ei->xattr_sem){....}, at: ext4_xattr_set_handle+0xb1/0x5a0 fs/ext4/xattr.c:2322 #3: 00000000734e653d (dquot_srcu){....}, at: dquot_alloc_inode+0x50/0x1d0 fs/quota/dquot.c:1718 #4: 000000006ddef68a (&dquot->dq_lock){....}, at: dquot_commit+0x23/0xe0 fs/quota/dquot.c:469 #5: 00000000c3d370c5 (&s->s_dquot.dqio_sem){....}, at: v2_write_dquot+0x65/0xa0 fs/quota/quota_v2.c:332 1 lock held by syz-executor.0/2098: #0: 00000000ce916ec2 (rcu_sched_state.exp_mutex){....}, at: exp_funnel_lock kernel/rcu/tree_exp.h:297 [inline] #0: 00000000ce916ec2 (rcu_sched_state.exp_mutex){....}, at: _synchronize_rcu_expedited.constprop.56+0x29b/0x350 kernel/rcu/tree_exp.h:667 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 314 Comm: khungtaskd Not tainted 4.19.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x87/0xba lib/dump_stack.c:113 nmi_cpu_backtrace.cold.0+0x14/0x53 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x9c/0x9e lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline] watchdog+0x2b0/0x3c0 kernel/hung_task.c:265 kthread+0x119/0x130 kernel/kthread.c:246 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:413 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:57