syzbot

======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
kworker/u8:9/3438 is trying to acquire lock:
ffff888033f66950 (jbd2_handle){++++}-{0:0}, at: wait_transaction_locked+0x17c/0x230 fs/jbd2/transaction.c:151

but task is already holding lock:
ffff888033f64b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x27a/0x600 mm/page-writeback.c:2598

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&sbi->s_writepages_rwsem){++++}-{0:0}:
       percpu_down_read_internal include/linux/percpu-rwsem.h:53 [inline]
       percpu_down_read include/linux/percpu-rwsem.h:77 [inline]
       ext4_writepages_down_read fs/ext4/ext4.h:1820 [inline]
       ext4_writepages+0x224/0x7d0 fs/ext4/inode.c:3025
       do_writepages+0x27a/0x600 mm/page-writeback.c:2598
       __writeback_single_inode+0x168/0x14a0 fs/fs-writeback.c:1737
       writeback_single_inode+0x425/0x10f0 fs/fs-writeback.c:1858
       write_inode_now+0x170/0x1e0 fs/fs-writeback.c:2924
       iput_final fs/inode.c:1941 [inline]
       iput.part.0+0x815/0x1190 fs/inode.c:2003
       iput+0x35/0x40 fs/inode.c:1966
       ext4_xattr_block_set+0x67c/0x3640 fs/ext4/xattr.c:2203
       ext4_xattr_move_to_block fs/ext4/xattr.c:2668 [inline]
       ext4_xattr_make_inode_space fs/ext4/xattr.c:2743 [inline]
       ext4_expand_extra_isize_ea+0x1442/0x1ab0 fs/ext4/xattr.c:2831
       __ext4_expand_extra_isize+0x346/0x480 fs/ext4/inode.c:6349
       ext4_try_to_expand_extra_isize fs/ext4/inode.c:6392 [inline]
       __ext4_mark_inode_dirty+0x544/0x840 fs/ext4/inode.c:6470
       ext4_evict_inode+0x713/0x1730 fs/ext4/inode.c:253
       evict+0x3c2/0xad0 fs/inode.c:837
       iput_final fs/inode.c:1951 [inline]
       iput.part.0+0x621/0x1190 fs/inode.c:2003
       iput+0x35/0x40 fs/inode.c:1966
       ext4_orphan_cleanup+0x731/0x11e0 fs/ext4/orphan.c:472
       __ext4_fill_super fs/ext4/super.c:5658 [inline]
       ext4_fill_super+0x7ec1/0xb570 fs/ext4/super.c:5777
       get_tree_bdev_flags+0x38c/0x620 fs/super.c:1691
       vfs_get_tree+0x8e/0x330 fs/super.c:1751
       fc_mount fs/namespace.c:1199 [inline]
       do_new_mount_fc fs/namespace.c:3636 [inline]
       do_new_mount fs/namespace.c:3712 [inline]
       path_mount+0x7bf/0x23a0 fs/namespace.c:4022
       do_mount fs/namespace.c:4035 [inline]
       __do_sys_mount fs/namespace.c:4224 [inline]
       __se_sys_mount fs/namespace.c:4201 [inline]
       __x64_sys_mount+0x293/0x310 fs/namespace.c:4201
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (&ei->xattr_sem){++++}-{4:4}:
       down_read+0x9b/0x460 kernel/locking/rwsem.c:1537
       ext4_setattr+0x869/0x28e0 fs/ext4/inode.c:5865
       notify_change+0x6d2/0x1290 fs/attr.c:546
       chown_common+0x549/0x680 fs/open.c:788
       do_fchownat+0x1a7/0x200 fs/open.c:819
       __do_sys_chown fs/open.c:839 [inline]
       __se_sys_chown fs/open.c:837 [inline]
       __x64_sys_chown+0x7b/0xc0 fs/open.c:837
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (jbd2_handle){++++}-{0:0}:
       check_prev_add kernel/locking/lockdep.c:3165 [inline]
       check_prevs_add kernel/locking/lockdep.c:3284 [inline]
       validate_chain kernel/locking/lockdep.c:3908 [inline]
       __lock_acquire+0x1669/0x2890 kernel/locking/lockdep.c:5237
       lock_acquire kernel/locking/lockdep.c:5868 [inline]
       lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825
       wait_transaction_locked+0x191/0x230 fs/jbd2/transaction.c:151
       add_transaction_credits+0x110/0xe60 fs/jbd2/transaction.c:222
       start_this_handle+0x3e7/0x1410 fs/jbd2/transaction.c:403
       jbd2__journal_start+0x394/0x6a0 fs/jbd2/transaction.c:501
       __ext4_journal_start_sb+0x195/0x640 fs/ext4/ext4_jbd2.c:114
       __ext4_journal_start fs/ext4/ext4_jbd2.h:242 [inline]
       ext4_do_writepages+0xc23/0x3c80 fs/ext4/inode.c:2914
       ext4_writepages+0x37a/0x7d0 fs/ext4/inode.c:3026
       do_writepages+0x27a/0x600 mm/page-writeback.c:2598
       __writeback_single_inode+0x168/0x14a0 fs/fs-writeback.c:1737
       writeback_sb_inodes+0x72e/0x1ce0 fs/fs-writeback.c:2030
       __writeback_inodes_wb+0xf8/0x2d0 fs/fs-writeback.c:2107
       wb_writeback+0x799/0xae0 fs/fs-writeback.c:2218
       wb_check_old_data_flush fs/fs-writeback.c:2322 [inline]
       wb_do_writeback fs/fs-writeback.c:2375 [inline]
       wb_workfn+0x8a0/0xbb0 fs/fs-writeback.c:2403
       process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257
       process_scheduled_works kernel/workqueue.c:3340 [inline]
       worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421
       kthread+0x3c5/0x780 kernel/kthread.c:463
       ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

other info that might help us debug this:

Chain exists of:
  jbd2_handle --> &ei->xattr_sem --> &sbi->s_writepages_rwsem

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  rlock(&sbi->s_writepages_rwsem);
                               lock(&ei->xattr_sem);
                               lock(&sbi->s_writepages_rwsem);
  lock(jbd2_handle);

 *** DEADLOCK ***

4 locks held by kworker/u8:9/3438:
 #0: ffff8881412d4148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232
 #1: ffffc9000be97c90 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233
 #2: ffff888033f620e0 (&type->s_umount_key#31){++++}-{4:4}, at: super_trylock_shared+0x1e/0xf0 fs/super.c:563
 #3: ffff888033f64b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x27a/0x600 mm/page-writeback.c:2598

stack backtrace:
CPU: 0 UID: 0 PID: 3438 Comm: kworker/u8:9 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_circular_bug+0x275/0x340 kernel/locking/lockdep.c:2043
 check_noncircular+0x146/0x160 kernel/locking/lockdep.c:2175
 check_prev_add kernel/locking/lockdep.c:3165 [inline]
 check_prevs_add kernel/locking/lockdep.c:3284 [inline]
 validate_chain kernel/locking/lockdep.c:3908 [inline]
 __lock_acquire+0x1669/0x2890 kernel/locking/lockdep.c:5237
 lock_acquire kernel/locking/lockdep.c:5868 [inline]
 lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825
 wait_transaction_locked+0x191/0x230 fs/jbd2/transaction.c:151
 add_transaction_credits+0x110/0xe60 fs/jbd2/transaction.c:222
 start_this_handle+0x3e7/0x1410 fs/jbd2/transaction.c:403
 jbd2__journal_start+0x394/0x6a0 fs/jbd2/transaction.c:501
 __ext4_journal_start_sb+0x195/0x640 fs/ext4/ext4_jbd2.c:114
 __ext4_journal_start fs/ext4/ext4_jbd2.h:242 [inline]
 ext4_do_writepages+0xc23/0x3c80 fs/ext4/inode.c:2914
 ext4_writepages+0x37a/0x7d0 fs/ext4/inode.c:3026
 do_writepages+0x27a/0x600 mm/page-writeback.c:2598
 __writeback_single_inode+0x168/0x14a0 fs/fs-writeback.c:1737
 writeback_sb_inodes+0x72e/0x1ce0 fs/fs-writeback.c:2030
 __writeback_inodes_wb+0xf8/0x2d0 fs/fs-writeback.c:2107
 wb_writeback+0x799/0xae0 fs/fs-writeback.c:2218
 wb_check_old_data_flush fs/fs-writeback.c:2322 [inline]
 wb_do_writeback fs/fs-writeback.c:2375 [inline]
 wb_workfn+0x8a0/0xbb0 fs/fs-writeback.c:2403
 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>