| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [ext4?] possible deadlock in wait_transaction_locked (3) | 0 (1) | 2025/12/30 11:48 |
syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [ext4?] possible deadlock in wait_transaction_locked (3) | 0 (1) | 2025/12/30 11:48 |
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
kworker/u8:1/13 is trying to acquire lock:
ffff888033968950 (jbd2_handle){++++}-{0:0}, at: wait_transaction_locked+0x19d/0x270 fs/jbd2/transaction.c:151
but task is already holding lock:
ffff88814dbfeb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: percpu_down_read include/linux/percpu-rwsem.h:77 [inline]
ffff88814dbfeb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages_down_read fs/ext4/ext4.h:1820 [inline]
ffff88814dbfeb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1ca/0x350 fs/ext4/inode.c:3025
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&sbi->s_writepages_rwsem){++++}-{0:0}:
percpu_down_read_internal+0x48/0x1c0 include/linux/percpu-rwsem.h:53
percpu_down_read include/linux/percpu-rwsem.h:77 [inline]
ext4_writepages_down_read fs/ext4/ext4.h:1820 [inline]
ext4_writepages+0x1ca/0x350 fs/ext4/inode.c:3025
do_writepages+0x32e/0x550 mm/page-writeback.c:2598
__writeback_single_inode+0x133/0x1240 fs/fs-writeback.c:1737
writeback_single_inode+0x493/0xc70 fs/fs-writeback.c:1858
write_inode_now+0x160/0x1d0 fs/fs-writeback.c:2924
iput_final fs/inode.c:1944 [inline]
iput+0xa77/0x1030 fs/inode.c:2006
ext4_xattr_block_set+0x1fce/0x2ac0 fs/ext4/xattr.c:2203
ext4_xattr_move_to_block fs/ext4/xattr.c:2668 [inline]
ext4_xattr_make_inode_space fs/ext4/xattr.c:2743 [inline]
ext4_expand_extra_isize_ea+0x12da/0x1ea0 fs/ext4/xattr.c:2831
__ext4_expand_extra_isize+0x30d/0x400 fs/ext4/inode.c:6349
ext4_try_to_expand_extra_isize fs/ext4/inode.c:6392 [inline]
__ext4_mark_inode_dirty+0x45c/0x6e0 fs/ext4/inode.c:6470
ext4_evict_inode+0x79c/0xe60 fs/ext4/inode.c:253
evict+0x5f4/0xae0 fs/inode.c:837
ext4_orphan_cleanup+0xc20/0x1460 fs/ext4/orphan.c:472
__ext4_fill_super fs/ext4/super.c:5658 [inline]
ext4_fill_super+0x58a1/0x6160 fs/ext4/super.c:5777
get_tree_bdev_flags+0x40e/0x4d0 fs/super.c:1691
vfs_get_tree+0x92/0x2a0 fs/super.c:1751
fc_mount fs/namespace.c:1199 [inline]
do_new_mount_fc fs/namespace.c:3636 [inline]
do_new_mount+0x302/0xa10 fs/namespace.c:3712
do_mount fs/namespace.c:4035 [inline]
__do_sys_mount fs/namespace.c:4224 [inline]
__se_sys_mount+0x313/0x410 fs/namespace.c:4201
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (&ei->xattr_sem){++++}-{4:4}:
down_read+0x47/0x2e0 kernel/locking/rwsem.c:1537
ext4_setattr+0x855/0x1bc0 fs/ext4/inode.c:5865
notify_change+0xc1a/0xf40 fs/attr.c:546
chown_common+0x40c/0x5b0 fs/open.c:788
do_fchownat+0x161/0x270 fs/open.c:819
__do_sys_chown fs/open.c:839 [inline]
__se_sys_chown fs/open.c:837 [inline]
__x64_sys_chown+0x82/0xa0 fs/open.c:837
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (jbd2_handle){++++}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x15a6/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
wait_transaction_locked+0x1b6/0x270 fs/jbd2/transaction.c:151
add_transaction_credits fs/jbd2/transaction.c:222 [inline]
start_this_handle+0x77d/0x21c0 fs/jbd2/transaction.c:403
jbd2__journal_start+0x2c1/0x5b0 fs/jbd2/transaction.c:501
__ext4_journal_start_sb+0x203/0x580 fs/ext4/ext4_jbd2.c:114
__ext4_journal_start fs/ext4/ext4_jbd2.h:242 [inline]
ext4_do_writepages+0xf3e/0x4500 fs/ext4/inode.c:2914
ext4_writepages+0x203/0x350 fs/ext4/inode.c:3026
do_writepages+0x32e/0x550 mm/page-writeback.c:2598
__writeback_single_inode+0x133/0x1240 fs/fs-writeback.c:1737
writeback_sb_inodes+0x93a/0x1870 fs/fs-writeback.c:2030
__writeback_inodes_wb+0x111/0x240 fs/fs-writeback.c:2107
wb_writeback+0x43f/0xaa0 fs/fs-writeback.c:2218
wb_check_old_data_flush fs/fs-writeback.c:2322 [inline]
wb_do_writeback fs/fs-writeback.c:2375 [inline]
wb_workfn+0xad2/0xed0 fs/fs-writeback.c:2403
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
other info that might help us debug this:
Chain exists of:
jbd2_handle --> &ei->xattr_sem --> &sbi->s_writepages_rwsem
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
rlock(&sbi->s_writepages_rwsem);
lock(&ei->xattr_sem);
lock(&sbi->s_writepages_rwsem);
lock(jbd2_handle);
*** DEADLOCK ***
4 locks held by kworker/u8:1/13:
#0: ffff888141a99148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff888141a99148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
#1: ffffc90000127bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc90000127bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
#2: ffff88814dbfc0e0 (&type->s_umount_key#32){++++}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
#3: ffff88814dbfeb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: percpu_down_read include/linux/percpu-rwsem.h:77 [inline]
#3: ffff88814dbfeb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages_down_read fs/ext4/ext4.h:1820 [inline]
#3: ffff88814dbfeb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1ca/0x350 fs/ext4/inode.c:3025
stack backtrace:
CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_circular_bug+0x2e2/0x300 kernel/locking/lockdep.c:2043
check_noncircular+0x12e/0x150 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x15a6/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
wait_transaction_locked+0x1b6/0x270 fs/jbd2/transaction.c:151
add_transaction_credits fs/jbd2/transaction.c:222 [inline]
start_this_handle+0x77d/0x21c0 fs/jbd2/transaction.c:403
jbd2__journal_start+0x2c1/0x5b0 fs/jbd2/transaction.c:501
__ext4_journal_start_sb+0x203/0x580 fs/ext4/ext4_jbd2.c:114
__ext4_journal_start fs/ext4/ext4_jbd2.h:242 [inline]
ext4_do_writepages+0xf3e/0x4500 fs/ext4/inode.c:2914
ext4_writepages+0x203/0x350 fs/ext4/inode.c:3026
do_writepages+0x32e/0x550 mm/page-writeback.c:2598
__writeback_single_inode+0x133/0x1240 fs/fs-writeback.c:1737
writeback_sb_inodes+0x93a/0x1870 fs/fs-writeback.c:2030
__writeback_inodes_wb+0x111/0x240 fs/fs-writeback.c:2107
wb_writeback+0x43f/0xaa0 fs/fs-writeback.c:2218
wb_check_old_data_flush fs/fs-writeback.c:2322 [inline]
wb_do_writeback fs/fs-writeback.c:2375 [inline]
wb_workfn+0xad2/0xed0 fs/fs-writeback.c:2403
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/01/11 01:28 | upstream | 97313d6113ab | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in wait_transaction_locked | ||
| 2026/01/10 02:29 | upstream | 372800cb95a3 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | possible deadlock in wait_transaction_locked | ||
| 2026/01/04 17:47 | upstream | 54e82e93ca93 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in wait_transaction_locked | ||
| 2026/01/04 16:59 | upstream | 54e82e93ca93 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in wait_transaction_locked | ||
| 2026/01/03 10:35 | upstream | 805f9a061372 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in wait_transaction_locked | ||
| 2026/01/02 21:12 | upstream | 9b0436804460 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in wait_transaction_locked | ||
| 2025/12/30 01:22 | upstream | 8640b74557fc | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in wait_transaction_locked | ||
| 2026/01/06 03:46 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 9ace4753a520 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | possible deadlock in wait_transaction_locked | ||
| 2026/01/05 16:57 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 9ace4753a520 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | possible deadlock in wait_transaction_locked | ||
| 2026/01/01 23:46 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 8f0b4cce4481 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | possible deadlock in wait_transaction_locked | ||
| 2025/12/30 06:42 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 8f0b4cce4481 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | possible deadlock in wait_transaction_locked | ||
| 2025/12/26 11:41 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 8f0b4cce4481 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | possible deadlock in wait_transaction_locked |