syzbot

EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,max_dir_size_kb=0x0000000000000004,norecovery,,errors=continue. Quota mode: none.
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.1.41/4480 is trying to acquire lock:
ffff888062eb28a8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:158 [inline]
ffff888062eb28a8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_destroy_inline_data+0x24/0xe0 fs/ext4/inline.c:1900

but task is already holding lock:
ffff8880239eec58 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x213/0x2d40 fs/ext4/inode.c:2691

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&sbi->s_writepages_rwsem){.+.+}-{0:0}:
       percpu_down_read+0x46/0x1b0 include/linux/percpu-rwsem.h:51
       ext4_writepages+0x213/0x2d40 fs/ext4/inode.c:2691
       do_writepages+0x493/0x700 mm/page-writeback.c:2386
       __writeback_single_inode+0x153/0xda0 fs/fs-writeback.c:1657
       writeback_single_inode+0x3d2/0x8e0 fs/fs-writeback.c:1770
       write_inode_now+0x23b/0x2c0 fs/fs-writeback.c:2817
       iput_final fs/inode.c:1756 [inline]
       iput+0x599/0x880 fs/inode.c:1795
       ext4_xattr_set_entry+0x1d76/0x3f70 fs/ext4/xattr.c:1827
       ext4_xattr_block_set+0x8a7/0x2ce0 fs/ext4/xattr.c:1995
       ext4_xattr_move_to_block fs/ext4/xattr.c:2620 [inline]
       ext4_xattr_make_inode_space fs/ext4/xattr.c:2695 [inline]
       ext4_expand_extra_isize_ea+0xebe/0x18e0 fs/ext4/xattr.c:2783
       __ext4_expand_extra_isize+0x301/0x3e0 fs/ext4/inode.c:5924
       ext4_try_to_expand_extra_isize fs/ext4/inode.c:5967 [inline]
       __ext4_mark_inode_dirty+0x444/0x6c0 fs/ext4/inode.c:6045
       ext4_evict_inode+0xa55/0x1050 fs/ext4/inode.c:284
       evict+0x4b6/0x8b0 fs/inode.c:647
       ext4_orphan_cleanup+0xad8/0x1320 fs/ext4/orphan.c:472
       ext4_fill_super+0x8c65/0x93f0 fs/ext4/super.c:5006
       mount_bdev+0x28a/0x3c0 fs/super.c:1400
       legacy_get_tree+0xe6/0x180 fs/fs_context.c:611
       vfs_get_tree+0x88/0x270 fs/super.c:1530
       do_new_mount+0x247/0xa40 fs/namespace.c:3034
       do_mount fs/namespace.c:3377 [inline]
       __do_sys_mount fs/namespace.c:3585 [inline]
       __se_sys_mount+0x2e3/0x3d0 fs/namespace.c:3562
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> #0 (&ei->xattr_sem){++++}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3053 [inline]
       check_prevs_add kernel/locking/lockdep.c:3172 [inline]
       validate_chain kernel/locking/lockdep.c:3788 [inline]
       __lock_acquire+0x2c66/0x7b50 kernel/locking/lockdep.c:5012
       lock_acquire+0x19e/0x400 kernel/locking/lockdep.c:5623
       down_write+0x38/0x60 kernel/locking/rwsem.c:1551
       ext4_write_lock_xattr fs/ext4/xattr.h:158 [inline]
       ext4_destroy_inline_data+0x24/0xe0 fs/ext4/inline.c:1900
       ext4_writepages+0x599/0x2d40 fs/ext4/inode.c:2737
       do_writepages+0x493/0x700 mm/page-writeback.c:2386
       filemap_fdatawrite_wbc+0x1eb/0x240 mm/filemap.c:400
       __filemap_fdatawrite_range mm/filemap.c:433 [inline]
       __filemap_fdatawrite mm/filemap.c:439 [inline]
       filemap_flush+0xd4/0x130 mm/filemap.c:466
       ext4_release_file+0x7e/0x310 fs/ext4/file.c:141
       __fput+0x212/0x8c0 fs/file_table.c:311
       task_work_run+0x125/0x1a0 kernel/task_work.c:188
       tracehook_notify_resume include/linux/tracehook.h:189 [inline]
       exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
       exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
       __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
       syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
       do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sbi->s_writepages_rwsem);
                               lock(&ei->xattr_sem);
                               lock(&sbi->s_writepages_rwsem);
  lock(&ei->xattr_sem);

 *** DEADLOCK ***

1 lock held by syz.1.41/4480:
 #0: ffff8880239eec58 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x213/0x2d40 fs/ext4/inode.c:2691

stack backtrace:
CPU: 1 PID: 4480 Comm: syz.1.41 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
 check_noncircular+0x296/0x330 kernel/locking/lockdep.c:2133
 check_prev_add kernel/locking/lockdep.c:3053 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire+0x2c66/0x7b50 kernel/locking/lockdep.c:5012
 lock_acquire+0x19e/0x400 kernel/locking/lockdep.c:5623
 down_write+0x38/0x60 kernel/locking/rwsem.c:1551
 ext4_write_lock_xattr fs/ext4/xattr.h:158 [inline]
 ext4_destroy_inline_data+0x24/0xe0 fs/ext4/inline.c:1900
 ext4_writepages+0x599/0x2d40 fs/ext4/inode.c:2737
 do_writepages+0x493/0x700 mm/page-writeback.c:2386
 filemap_fdatawrite_wbc+0x1eb/0x240 mm/filemap.c:400
 __filemap_fdatawrite_range mm/filemap.c:433 [inline]
 __filemap_fdatawrite mm/filemap.c:439 [inline]
 filemap_flush+0xd4/0x130 mm/filemap.c:466
 ext4_release_file+0x7e/0x310 fs/ext4/file.c:141
 __fput+0x212/0x8c0 fs/file_table.c:311
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f5128286e59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff9eab4208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007fff9eab42f0 RCX: 00007f5128286e59
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 0000000000018c70 R08: 0000000000000001 R09: 0000000000000000
R10: 0000001b30520000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f51284fffac R14: 00007f51284fffa8 R15: 00007f51284fffa0
 </TASK>
EXT4-fs error (device loop1): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
EXT4-fs (loop1): This should not happen!! Data will be lost

EXT4-fs (loop1): Total free blocks count 0
EXT4-fs (loop1): Free/Dirty block details
EXT4-fs (loop1): free_blocks=2415919104
EXT4-fs (loop1): dirty_blocks=16
EXT4-fs (loop1): Block reservation details
EXT4-fs (loop1): i_reserved_data_blocks=1