syzbot

INFO: task syz.4.52:6933 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.52        state:D stack:0     pid:6933  tgid:6929  ppid:6599   task_flags:0x400140 flags:0x00000001
Call trace:
 __switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1250/0x2a7c kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0xb4/0x230 kernel/sched/core.c:6960
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
 rwsem_down_write_slowpath+0x6b4/0x10f4 kernel/locking/rwsem.c:1185
 __down_write_common kernel/locking/rwsem.c:1317 [inline]
 __down_write kernel/locking/rwsem.c:1326 [inline]
 down_write+0xb4/0xc0 kernel/locking/rwsem.c:1591
 inode_lock include/linux/fs.h:1027 [inline]
 vfs_removexattr+0x6c/0x18c fs/xattr.c:574
 removexattr fs/xattr.c:1023 [inline]
 filename_removexattr fs/xattr.c:1052 [inline]
 path_removexattrat+0x304/0x600 fs/xattr.c:1088
 __do_sys_removexattr fs/xattr.c:1100 [inline]
 __se_sys_removexattr fs/xattr.c:1097 [inline]
 __arm64_sys_removexattr+0x64/0x7c fs/xattr.c:1097
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
INFO: task syz.4.52:6934 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.52        state:D stack:0     pid:6934  tgid:6929  ppid:6599   task_flags:0x400040 flags:0x00000011
Call trace:
 __switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1250/0x2a7c kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0xb4/0x230 kernel/sched/core.c:6960
 io_schedule+0x84/0xf4 kernel/sched/core.c:7789
 folio_wait_bit_common+0x56c/0x9e0 mm/filemap.c:1323
 __folio_lock+0x2c/0x3c mm/filemap.c:1699
 folio_lock include/linux/pagemap.h:1159 [inline]
 release_metapage+0x130/0xa3c fs/jfs/jfs_metapage.c:870
 discard_metapage fs/jfs/jfs_metapage.h:88 [inline]
 __get_metapage+0x920/0xe90 fs/jfs/jfs_metapage.c:753
 ea_read+0x244/0x56c fs/jfs/xattr.c:396
 ea_get+0x360/0xec4 fs/jfs/xattr.c:498
 __jfs_setxattr+0xe0/0xf84 fs/jfs/xattr.c:680
 __jfs_xattr_set+0xe0/0x178 fs/jfs/xattr.c:941
 jfs_xattr_set+0x58/0x70 fs/jfs/xattr.c:965
 __vfs_removexattr+0x3bc/0x3e4 fs/xattr.c:518
 __vfs_removexattr_locked+0x1cc/0x204 fs/xattr.c:553
 vfs_removexattr+0x80/0x18c fs/xattr.c:575
 removexattr fs/xattr.c:1023 [inline]
 filename_removexattr fs/xattr.c:1052 [inline]
 path_removexattrat+0x304/0x600 fs/xattr.c:1088
 __do_sys_removexattr fs/xattr.c:1100 [inline]
 __se_sys_removexattr fs/xattr.c:1097 [inline]
 __arm64_sys_removexattr+0x64/0x7c fs/xattr.c:1097
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

Showing all locks held in the system:
1 lock held by khungtaskd/32:
 #0: ffff80008fa5b520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 include/linux/rcupdate.h:330
2 locks held by pr/ttyAMA-1/43:
3 locks held by kworker/u8:4/76:
1 lock held by klogd/6201:
2 locks held by getty/6354:
 #0: ffff0000cebe20a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff800099f1e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x34c/0xfc8 drivers/tty/n_tty.c:2211
2 locks held by syz.4.52/6933:
 #0: ffff0000e0e86420 (sb_writers#21){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:499
 #1: ffff0000e2294590 (&type->i_mutex_dir_key#14){++++}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff0000e2294590 (&type->i_mutex_dir_key#14){++++}-{4:4}, at: vfs_removexattr+0x6c/0x18c fs/xattr.c:574
4 locks held by syz.4.52/6934:
 #0: ffff0000e0e86420 (sb_writers#21){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:499
 #1: ffff0000e2294590 (&type->i_mutex_dir_key#14){++++}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff0000e2294590 (&type->i_mutex_dir_key#14){++++}-{4:4}, at: vfs_removexattr+0x6c/0x18c fs/xattr.c:574
 #2: ffff0000e22941e0 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: __jfs_xattr_set+0xc4/0x178 fs/jfs/xattr.c:940
 #3: ffff0000e2294278 (&jfs_ip->xattr_sem){++++}-{4:4}, at: __jfs_setxattr+0xd0/0xf84 fs/jfs/xattr.c:678

=============================================