possible deadlock in ext4

Kernel	Title	Rank 🛈	Repro	Cause bisect	Count	Last	Reported	Patched	Status
upstream	possible deadlock in ext4_writepages ext4	4			1	1126d	1122d	0/29	auto-obsoleted due to no activity on 2022/12/11 07:00
upstream	possible deadlock in ext4_writepages (2) ext4	4	C	unreliable	49	1h56m	328d	0/29	upstream: reported C repro on 2024/10/19 20:27
linux-6.6	possible deadlock in ext4_writepages	4	syz		9	17m	13h40m	0/2	upstream: reported syz repro on 2025/09/12 16:06
linux-5.15	possible deadlock in ext4_writepages	4			2	863d	864d	0/3	auto-obsoleted due to no activity on 2023/08/23 09:09
linux-5.15	possible deadlock in ext4_writepages (2)	4	syz		2	2d09h	2d10h	0/3	upstream: reported syz repro on 2025/09/10 19:34

loop0: detected capacity change from 0 to 512 ====================================================== WARNING: possible circular locking dependency detected syzkaller #0 Not tainted ------------------------------------------------------ syz.0.17/4491 is trying to acquire lock: ffff0000d3538b98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x188/0x284c fs/ext4/inode.c:2715 but task is already holding lock: ffff0000e9dadb10 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_trylock_xattr fs/ext4/xattr.h:162 [inline] ffff0000e9dadb10 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_to_expand_extra_isize fs/ext4/inode.c:6006 [inline] ffff0000e9dadb10 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 fs/ext4/inode.c:6087 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&ei->xattr_sem){++++}-{3:3}: down_read+0x64/0x304 kernel/locking/rwsem.c:1520 ext4_setattr+0x7c4/0x150c fs/ext4/inode.c:5501 notify_change+0xb0c/0xdcc fs/attr.c:499 chown_common+0x414/0x574 fs/open.c:736 do_fchownat+0x158/0x268 fs/open.c:767 __do_sys_fchownat fs/open.c:782 [inline] __se_sys_fchownat fs/open.c:779 [inline] __arm64_sys_fchownat+0xb8/0xd4 fs/open.c:779 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 -> #1 (jbd2_handle){++++}-{0:0}: start_this_handle+0xfe0/0x122c fs/jbd2/transaction.c:463 jbd2__journal_start+0x288/0x51c fs/jbd2/transaction.c:520 __ext4_journal_start_sb+0x2fc/0x674 fs/ext4/ext4_jbd2.c:105 __ext4_journal_start fs/ext4/ext4_jbd2.h:326 [inline] ext4_writepages+0xa28/0x284c fs/ext4/inode.c:2838 do_writepages+0x2c0/0x4fc mm/page-writeback.c:2491 __writeback_single_inode+0x164/0x157c fs/fs-writeback.c:1612 writeback_sb_inodes+0x824/0x1404 fs/fs-writeback.c:1903 __writeback_inodes_wb+0x110/0x394 fs/fs-writeback.c:1974 wb_writeback+0x414/0xfb0 fs/fs-writeback.c:2079 wb_check_background_flush fs/fs-writeback.c:2145 [inline] wb_do_writeback fs/fs-writeback.c:2233 [inline] wb_workfn+0xac0/0xd98 fs/fs-writeback.c:2260 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850 -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: check_prev_add kernel/locking/lockdep.c:3090 [inline] check_prevs_add kernel/locking/lockdep.c:3209 [inline] validate_chain kernel/locking/lockdep.c:3825 [inline] __lock_acquire+0x293c/0x6544 kernel/locking/lockdep.c:5049 lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662 percpu_down_read+0x70/0x2a8 include/linux/percpu-rwsem.h:51 ext4_writepages+0x188/0x284c fs/ext4/inode.c:2715 do_writepages+0x2c0/0x4fc mm/page-writeback.c:2491 __writeback_single_inode+0x164/0x157c fs/fs-writeback.c:1612 writeback_single_inode+0x1c0/0x720 fs/fs-writeback.c:1733 write_inode_now+0x144/0x1b0 fs/fs-writeback.c:2770 iput_final fs/inode.c:1821 [inline] iput+0x5cc/0x7f4 fs/inode.c:1860 ext4_xattr_block_set+0x17a4/0x2810 fs/ext4/xattr.c:2157 ext4_xattr_move_to_block fs/ext4/xattr.c:2625 [inline] ext4_xattr_make_inode_space fs/ext4/xattr.c:2700 [inline] ext4_expand_extra_isize_ea+0xcb8/0x15cc fs/ext4/xattr.c:2792 __ext4_expand_extra_isize+0x298/0x358 fs/ext4/inode.c:5966 ext4_try_to_expand_extra_isize fs/ext4/inode.c:6009 [inline] __ext4_mark_inode_dirty+0x3e4/0x790 fs/ext4/inode.c:6087 ext4_evict_inode+0xb58/0x1270 fs/ext4/inode.c:279 evict+0x3c8/0x810 fs/inode.c:705 iput_final fs/inode.c:1834 [inline] iput+0x764/0x7f4 fs/inode.c:1860 ext4_process_orphan+0x240/0x2b4 fs/ext4/orphan.c:360 ext4_orphan_cleanup+0x908/0x104c fs/ext4/orphan.c:474 __ext4_fill_super fs/ext4/super.c:5537 [inline] ext4_fill_super+0x6920/0x6e34 fs/ext4/super.c:5668 get_tree_bdev+0x358/0x544 fs/super.c:1366 ext4_get_tree+0x28/0x38 fs/ext4/super.c:5698 vfs_get_tree+0x90/0x274 fs/super.c:1573 do_new_mount+0x228/0x810 fs/namespace.c:3069 path_mount+0x5b4/0xe78 fs/namespace.c:3399 do_mount fs/namespace.c:3412 [inline] __do_sys_mount fs/namespace.c:3620 [inline] __se_sys_mount fs/namespace.c:3597 [inline] __arm64_sys_mount+0x49c/0x584 fs/namespace.c:3597 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 other info that might help us debug this: Chain exists of: &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->xattr_sem); lock(jbd2_handle); lock(&ei->xattr_sem); lock(&sbi->s_writepages_rwsem); *** DEADLOCK *** 3 locks held by syz.0.17/4491: #0: ffff0000d353a0e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 fs/super.c:228 #1: ffff0000d353a650 (sb_internal){.+.+}-{0:0}, at: __sb_start_write include/linux/fs.h:1891 [inline] #1: ffff0000d353a650 (sb_internal){.+.+}-{0:0}, at: sb_start_intwrite include/linux/fs.h:2013 [inline] #1: ffff0000d353a650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 fs/ext4/inode.c:240 #2: ffff0000e9dadb10 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_trylock_xattr fs/ext4/xattr.h:162 [inline] #2: ffff0000e9dadb10 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_to_expand_extra_isize fs/ext4/inode.c:6006 [inline] #2: ffff0000e9dadb10 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 fs/ext4/inode.c:6087 stack backtrace: CPU: 1 PID: 4491 Comm: syz.0.17 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack+0x30/0x40 lib/dump_stack.c:88 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106 dump_stack+0x1c/0x5c lib/dump_stack.c:113 print_circular_bug+0x148/0x1b0 kernel/locking/lockdep.c:2048 check_noncircular+0x240/0x2d4 kernel/locking/lockdep.c:2170 check_prev_add kernel/locking/lockdep.c:3090 [inline] check_prevs_add kernel/locking/lockdep.c:3209 [inline] validate_chain kernel/locking/lockdep.c:3825 [inline] __lock_acquire+0x293c/0x6544 kernel/locking/lockdep.c:5049 lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662 percpu_down_read+0x70/0x2a8 include/linux/percpu-rwsem.h:51 ext4_writepages+0x188/0x284c fs/ext4/inode.c:2715 do_writepages+0x2c0/0x4fc mm/page-writeback.c:2491 __writeback_single_inode+0x164/0x157c fs/fs-writeback.c:1612 writeback_single_inode+0x1c0/0x720 fs/fs-writeback.c:1733 write_inode_now+0x144/0x1b0 fs/fs-writeback.c:2770 iput_final fs/inode.c:1821 [inline] iput+0x5cc/0x7f4 fs/inode.c:1860 ext4_xattr_block_set+0x17a4/0x2810 fs/ext4/xattr.c:2157 ext4_xattr_move_to_block fs/ext4/xattr.c:2625 [inline] ext4_xattr_make_inode_space fs/ext4/xattr.c:2700 [inline] ext4_expand_extra_isize_ea+0xcb8/0x15cc fs/ext4/xattr.c:2792 __ext4_expand_extra_isize+0x298/0x358 fs/ext4/inode.c:5966 ext4_try_to_expand_extra_isize fs/ext4/inode.c:6009 [inline] __ext4_mark_inode_dirty+0x3e4/0x790 fs/ext4/inode.c:6087 ext4_evict_inode+0xb58/0x1270 fs/ext4/inode.c:279 evict+0x3c8/0x810 fs/inode.c:705 iput_final fs/inode.c:1834 [inline] iput+0x764/0x7f4 fs/inode.c:1860 ext4_process_orphan+0x240/0x2b4 fs/ext4/orphan.c:360 ext4_orphan_cleanup+0x908/0x104c fs/ext4/orphan.c:474 __ext4_fill_super fs/ext4/super.c:5537 [inline] ext4_fill_super+0x6920/0x6e34 fs/ext4/super.c:5668 get_tree_bdev+0x358/0x544 fs/super.c:1366 ext4_get_tree+0x28/0x38 fs/ext4/super.c:5698 vfs_get_tree+0x90/0x274 fs/super.c:1573 do_new_mount+0x228/0x810 fs/namespace.c:3069 path_mount+0x5b4/0xe78 fs/namespace.c:3399 do_mount fs/namespace.c:3412 [inline] __do_sys_mount fs/namespace.c:3620 [inline] __se_sys_mount fs/namespace.c:3597 [inline] __arm64_sys_mount+0x49c/0x584 fs/namespace.c:3597 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 ------------[ cut here ]------------ EA inode 11 i_nlink=2 WARNING: CPU: 0 PID: 4491 at fs/ext4/xattr.c:1021 ext4_xattr_inode_update_ref+0x468/0x4ac fs/ext4/xattr.c:-1 Modules linked in: CPU: 0 PID: 4491 Comm: syz.0.17 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : ext4_xattr_inode_update_ref+0x468/0x4ac fs/ext4/xattr.c:-1 lr : ext4_xattr_inode_update_ref+0x464/0x4ac fs/ext4/xattr.c:1019 sp : ffff800021556e80 x29: ffff800021556f00 x28: 0000000000000000 x27: dfff800000000000 x26: 1fffe0001d3a9e60 x25: ffff7000042aadd0 x24: 0000000000000000 x23: ffff800017a8b000 x22: ffff800021556e80 x21: 0000000000000002 x20: 0000000000000001 x19: ffff0000e9d4f108 x18: ffff800011abbcc0 x17: 0000000000000000 x16: ffff800008042c8c x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 x11: ff00800008191ca8 x10: 0000000000000000 x9 : 33938078b585b800 x8 : 33938078b585b800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff800021556918 x4 : ffff8000151a4820 x3 : ffff80000852e404 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: ext4_xattr_inode_update_ref+0x468/0x4ac fs/ext4/xattr.c:-1 ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1044 [inline] ext4_xattr_set_entry+0x918/0x15ac fs/ext4/xattr.c:1682 ext4_xattr_ibody_set+0x204/0x600 fs/ext4/xattr.c:2229 ext4_xattr_move_to_block fs/ext4/xattr.c:2632 [inline] ext4_xattr_make_inode_space fs/ext4/xattr.c:2700 [inline] ext4_expand_extra_isize_ea+0xd00/0x15cc fs/ext4/xattr.c:2792 __ext4_expand_extra_isize+0x298/0x358 fs/ext4/inode.c:5966 ext4_try_to_expand_extra_isize fs/ext4/inode.c:6009 [inline] __ext4_mark_inode_dirty+0x3e4/0x790 fs/ext4/inode.c:6087 ext4_evict_inode+0xb58/0x1270 fs/ext4/inode.c:279 evict+0x3c8/0x810 fs/inode.c:705 iput_final fs/inode.c:1834 [inline] iput+0x764/0x7f4 fs/inode.c:1860 ext4_process_orphan+0x240/0x2b4 fs/ext4/orphan.c:360 ext4_orphan_cleanup+0x908/0x104c fs/ext4/orphan.c:474 __ext4_fill_super fs/ext4/super.c:5537 [inline] ext4_fill_super+0x6920/0x6e34 fs/ext4/super.c:5668 get_tree_bdev+0x358/0x544 fs/super.c:1366 ext4_get_tree+0x28/0x38 fs/ext4/super.c:5698 vfs_get_tree+0x90/0x274 fs/super.c:1573 do_new_mount+0x228/0x810 fs/namespace.c:3069 path_mount+0x5b4/0xe78 fs/namespace.c:3399 do_mount fs/namespace.c:3412 [inline] __do_sys_mount fs/namespace.c:3620 [inline] __se_sys_mount fs/namespace.c:3597 [inline] __arm64_sys_mount+0x49c/0x584 fs/namespace.c:3597 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 irq event stamp: 5499 hardirqs last enabled at (5499): [<ffff800011a43014>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] hardirqs last enabled at (5499): [<ffff800011a43014>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194 hardirqs last disabled at (5498): [<ffff800011a42e30>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (5498): [<ffff800011a42e30>] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162 softirqs last enabled at (4232): [<ffff80000803092c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32 softirqs last disabled at (4230): [<ffff8000080308f8>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 ---[ end trace 0000000000000000 ]--- EXT4-fs (loop0): 1 orphan inode deleted EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.

Crashes (10):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	VM info	Assets (help?)	Manager	Title
2025/09/13 03:53	linux-6.1.y	3db754f56897	e2beed91	.config	console log	report	syz / log		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-6-1-kasan-arm64	possible deadlock in ext4_writepages
2025/09/12 08:58	linux-6.1.y	3db754f56897	e2beed91	.config	console log	report	syz / log		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-6-1-kasan-arm64	possible deadlock in ext4_writepages
2025/09/12 08:40	linux-6.1.y	3db754f56897	e2beed91	.config	console log	report	syz / log		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-6-1-kasan-arm64	possible deadlock in ext4_writepages
2025/09/10 22:58	linux-6.1.y	f97f1002271b	fdeaa69b	.config	console log	report	syz / log		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-6-1-kasan-arm64	possible deadlock in ext4_writepages
2025/09/10 22:38	linux-6.1.y	f97f1002271b	fdeaa69b	.config	console log	report	syz / log		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-6-1-kasan-arm64	possible deadlock in ext4_writepages
2025/09/13 05:12	linux-6.1.y	3db754f56897	e2beed91	.config	console log	report		info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	possible deadlock in ext4_writepages
2025/09/13 03:40	linux-6.1.y	3db754f56897	e2beed91	.config	console log	report		info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	possible deadlock in ext4_writepages
2025/09/12 05:31	linux-6.1.y	3db754f56897	e2beed91	.config	console log	report		info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	possible deadlock in ext4_writepages
2025/09/12 05:31	linux-6.1.y	3db754f56897	e2beed91	.config	console log	report		info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	possible deadlock in ext4_writepages
2025/09/10 22:17	linux-6.1.y	f97f1002271b	fdeaa69b	.config	console log	report		info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	possible deadlock in ext4_writepages

Crashes (10):

Assets (help?)