possible deadlock in ext4_xattr

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-6.6	possible deadlock in ext4_xattr_get	4				1	28d	28d	0/2	upstream: reported on 2025/11/14 21:22
linux-6.1	possible deadlock in ext4_xattr_get	4				1	2d07h	2d07h	0/3	upstream: reported on 2025/12/11 02:47
upstream	possible deadlock in ext4_xattr_get (2) ext4	4				7	9d11h	34d	0/29	upstream: reported on 2025/11/08 13:32
linux-5.15	possible deadlock in ext4_xattr_get	4				1	4d09h	4d09h	0/3	upstream: reported on 2025/12/09 00:14
upstream	possible deadlock in ext4_xattr_get ext4	4	C	inconclusive		3	950d	1223d	22/29	fixed on 2023/07/01 16:05
linux-4.19	possible deadlock in ext4_xattr_get	4	C		error	1	1326d	1326d	0/1	upstream: reported C repro on 2022/04/27 05:09

Created	Duration	User	Patch	Repo	Result
2023/02/27 00:32	14m	retest repro		linux-4.14.y	report log
2022/11/08 14:30	10m	retest repro		linux-4.14.y	report log

Created

Duration

User

Patch

Repo

Result

2023/02/27 00:32

14m

retest repro

linux-4.14.y

report log

2022/11/08 14:30

10m

retest repro

linux-4.14.y

report log

EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue ====================================================== WARNING: possible circular locking dependency detected 4.14.276-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor197/7982 is trying to acquire lock: (&ei->xattr_sem){++++}, at: [<ffffffff81c810e7>] ext4_xattr_get+0x107/0x8b0 fs/ext4/xattr.c:647 but task is already holding lock: (&ea_inode->i_rwsem#10/1){+.+.}, at: [<ffffffff81863712>] inode_lock include/linux/fs.h:719 [inline] (&ea_inode->i_rwsem#10/1){+.+.}, at: [<ffffffff81863712>] chown_common+0x272/0x4b0 fs/open.c:628 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&ea_inode->i_rwsem#10/1){+.+.}: down_write+0x34/0x90 kernel/locking/rwsem.c:54 inode_lock include/linux/fs.h:719 [inline] ext4_xattr_inode_create fs/ext4/xattr.c:1458 [inline] ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1541 [inline] ext4_xattr_set_entry+0x258a/0x3180 fs/ext4/xattr.c:1669 ext4_xattr_ibody_set+0x73/0x280 fs/ext4/xattr.c:2245 ext4_xattr_set_handle+0x518/0xda0 fs/ext4/xattr.c:2402 ext4_xattr_set+0x118/0x230 fs/ext4/xattr.c:2514 __vfs_setxattr+0xdc/0x130 fs/xattr.c:150 __vfs_setxattr_noperm+0xfd/0x3d0 fs/xattr.c:181 __vfs_setxattr_locked+0x14d/0x250 fs/xattr.c:239 vfs_setxattr+0xcf/0x230 fs/xattr.c:256 setxattr+0x1a9/0x300 fs/xattr.c:523 path_setxattr+0x118/0x130 fs/xattr.c:542 SYSC_setxattr fs/xattr.c:557 [inline] SyS_setxattr+0x36/0x50 fs/xattr.c:553 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (&ei->xattr_sem){++++}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_read+0x36/0x80 kernel/locking/rwsem.c:24 ext4_xattr_get+0x107/0x8b0 fs/ext4/xattr.c:647 __vfs_getxattr+0xb9/0x100 fs/xattr.c:349 cap_inode_need_killpriv+0x3c/0x50 security/commoncap.c:307 security_inode_need_killpriv+0x66/0xa0 security/security.c:791 notify_change+0x7d7/0xd10 fs/attr.c:250 chown_common+0x40b/0x4b0 fs/open.c:631 SYSC_fchownat fs/open.c:661 [inline] SyS_fchownat+0xf6/0x190 fs/open.c:641 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ea_inode->i_rwsem#10/1); lock(&ei->xattr_sem); lock(&ea_inode->i_rwsem#10/1); lock(&ei->xattr_sem); *** DEADLOCK *** 2 locks held by syz-executor197/7982: #0: (sb_writers#3){.+.+}, at: [<ffffffff818df99a>] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#3){.+.+}, at: [<ffffffff818df99a>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&ea_inode->i_rwsem#10/1){+.+.}, at: [<ffffffff81863712>] inode_lock include/linux/fs.h:719 [inline] #1: (&ea_inode->i_rwsem#10/1){+.+.}, at: [<ffffffff81863712>] chown_common+0x272/0x4b0 fs/open.c:628 stack backtrace: CPU: 1 PID: 7982 Comm: syz-executor197 Not tainted 4.14.276-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_read+0x36/0x80 kernel/locking/rwsem.c:24 ext4_xattr_get+0x107/0x8b0 fs/ext4/xattr.c:647 __vfs_getxattr+0xb9/0x100 fs/xattr.c:349 cap_inode_need_killpriv+0x3c/0x50 security/commoncap.c:307 security_inode_need_killpriv+0x66/0xa0 security/security.c:791 notify_change+0x7d7/0xd10 fs/attr.c:250 chown_common+0x40b/0x4b0 fs/open.c:631 SYSC_fchownat fs/open.c:661 [inline] SyS_fchownat+0xf6/0x190 fs/open.c:641 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f5d23e20109 RSP: 002b:00007fff191c3c98 EFLAGS: 00000246 ORIG_RAX: 0000000000000104