syzbot

======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.2.1434/12202 is trying to acquire lock:
ffff88804f36cd48 (&ei->xattr_sem){++++}-{4:4}, at: ext4_write_lock_xattr fs/ext4/xattr.h:157 [inline]
ffff88804f36cd48 (&ei->xattr_sem){++++}-{4:4}, at: ext4_destroy_inline_data+0x28/0xe0 fs/ext4/inline.c:1787

but task is already holding lock:
ffff8880315b0b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: percpu_down_read include/linux/percpu-rwsem.h:77 [inline]
ffff8880315b0b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages_down_read fs/ext4/ext4.h:1796 [inline]
ffff8880315b0b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1cc/0x350 fs/ext4/inode.c:3024

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}:
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       percpu_down_read_internal+0x48/0x1c0 include/linux/percpu-rwsem.h:53
       percpu_down_read include/linux/percpu-rwsem.h:77 [inline]
       ext4_writepages_down_read fs/ext4/ext4.h:1796 [inline]
       ext4_writepages+0x1cc/0x350 fs/ext4/inode.c:3024
       do_writepages+0x32e/0x550 mm/page-writeback.c:2604
       __writeback_single_inode+0x145/0xff0 fs/fs-writeback.c:1719
       writeback_single_inode+0x1f9/0x6a0 fs/fs-writeback.c:1840
       write_inode_now+0x160/0x1d0 fs/fs-writeback.c:2903
       iput_final fs/inode.c:1901 [inline]
       iput+0x830/0xc50 fs/inode.c:1966
       ext4_xattr_block_set+0x1fce/0x2ac0 fs/ext4/xattr.c:2199
       ext4_xattr_move_to_block fs/ext4/xattr.c:2664 [inline]
       ext4_xattr_make_inode_space fs/ext4/xattr.c:2739 [inline]
       ext4_expand_extra_isize_ea+0x12da/0x1ea0 fs/ext4/xattr.c:2827
       __ext4_expand_extra_isize+0x30d/0x400 fs/ext4/inode.c:6364
       ext4_try_to_expand_extra_isize fs/ext4/inode.c:6407 [inline]
       __ext4_mark_inode_dirty+0x46c/0x700 fs/ext4/inode.c:6485
       ext4_evict_inode+0x80d/0xee0 fs/ext4/inode.c:254
       evict+0x504/0x9c0 fs/inode.c:810
       ext4_orphan_cleanup+0xc20/0x1460 fs/ext4/orphan.c:470
       __ext4_fill_super fs/ext4/super.c:5617 [inline]
       ext4_fill_super+0x5920/0x61e0 fs/ext4/super.c:5736
       get_tree_bdev_flags+0x40e/0x4d0 fs/super.c:1691
       vfs_get_tree+0x92/0x2b0 fs/super.c:1751
       fc_mount fs/namespace.c:1208 [inline]
       do_new_mount_fc fs/namespace.c:3651 [inline]
       do_new_mount+0x302/0xa10 fs/namespace.c:3727
       do_mount fs/namespace.c:4050 [inline]
       __do_sys_mount fs/namespace.c:4238 [inline]
       __se_sys_mount+0x313/0x410 fs/namespace.c:4215
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&ei->xattr_sem){++++}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3165 [inline]
       check_prevs_add kernel/locking/lockdep.c:3284 [inline]
       validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
       __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590
       ext4_write_lock_xattr fs/ext4/xattr.h:157 [inline]
       ext4_destroy_inline_data+0x28/0xe0 fs/ext4/inline.c:1787
       ext4_do_writepages+0x526/0x4610 fs/ext4/inode.c:2810
       ext4_writepages+0x205/0x350 fs/ext4/inode.c:3025
       do_writepages+0x32e/0x550 mm/page-writeback.c:2604
       filemap_fdatawrite_wbc mm/filemap.c:389 [inline]
       __filemap_fdatawrite_range mm/filemap.c:422 [inline]
       __filemap_fdatawrite mm/filemap.c:428 [inline]
       filemap_flush+0x191/0x230 mm/filemap.c:473
       ext4_convert_inline_data+0x180/0x5e0 fs/ext4/inline.c:1954
       ext4_page_mkwrite+0x22c/0x1190 fs/ext4/inode.c:6687
       do_page_mkwrite+0x14d/0x310 mm/memory.c:3488
       wp_page_shared mm/memory.c:3889 [inline]
       do_wp_page+0x268d/0x5800 mm/memory.c:4108
       handle_pte_fault mm/memory.c:6193 [inline]
       __handle_mm_fault+0x1033/0x5400 mm/memory.c:6318
       handle_mm_fault+0x40a/0x8e0 mm/memory.c:6487
       do_user_addr_fault+0xa7c/0x1380 arch/x86/mm/fault.c:1336
       handle_page_fault arch/x86/mm/fault.c:1476 [inline]
       exc_page_fault+0x82/0x100 arch/x86/mm/fault.c:1532
       asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  rlock(&sbi->s_writepages_rwsem);
                               lock(&ei->xattr_sem);
                               lock(&sbi->s_writepages_rwsem);
  lock(&ei->xattr_sem);

 *** DEADLOCK ***

4 locks held by syz.2.1434/12202:
 #0: ffff88806524a588 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1a3/0x450 mm/mmap_lock.c:238
 #1: ffff888026346518 (sb_pagefaults){.+.+}-{0:0}, at: percpu_down_read_freezable include/linux/percpu-rwsem.h:83 [inline]
 #1: ffff888026346518 (sb_pagefaults){.+.+}-{0:0}, at: __sb_start_write include/linux/fs.h:1916 [inline]
 #1: ffff888026346518 (sb_pagefaults){.+.+}-{0:0}, at: sb_start_pagefault include/linux/fs.h:2081 [inline]
 #1: ffff888026346518 (sb_pagefaults){.+.+}-{0:0}, at: ext4_page_mkwrite+0x1f6/0x1190 fs/ext4/inode.c:6682
 #2: ffff88804f36d200 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1045 [inline]
 #2: ffff88804f36d200 (mapping.invalidate_lock#2){++++}-{4:4}, at: ext4_page_mkwrite+0x21f/0x1190 fs/ext4/inode.c:6685
 #3: ffff8880315b0b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: percpu_down_read include/linux/percpu-rwsem.h:77 [inline]
 #3: ffff8880315b0b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages_down_read fs/ext4/ext4.h:1796 [inline]
 #3: ffff8880315b0b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1cc/0x350 fs/ext4/inode.c:3024

stack backtrace:
CPU: 1 UID: 0 PID: 12202 Comm: syz.2.1434 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_circular_bug+0x2ee/0x310 kernel/locking/lockdep.c:2043
 check_noncircular+0x134/0x160 kernel/locking/lockdep.c:2175
 check_prev_add kernel/locking/lockdep.c:3165 [inline]
 check_prevs_add kernel/locking/lockdep.c:3284 [inline]
 validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
 down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590
 ext4_write_lock_xattr fs/ext4/xattr.h:157 [inline]
 ext4_destroy_inline_data+0x28/0xe0 fs/ext4/inline.c:1787
 ext4_do_writepages+0x526/0x4610 fs/ext4/inode.c:2810
 ext4_writepages+0x205/0x350 fs/ext4/inode.c:3025
 do_writepages+0x32e/0x550 mm/page-writeback.c:2604
 filemap_fdatawrite_wbc mm/filemap.c:389 [inline]
 __filemap_fdatawrite_range mm/filemap.c:422 [inline]
 __filemap_fdatawrite mm/filemap.c:428 [inline]
 filemap_flush+0x191/0x230 mm/filemap.c:473
 ext4_convert_inline_data+0x180/0x5e0 fs/ext4/inline.c:1954
 ext4_page_mkwrite+0x22c/0x1190 fs/ext4/inode.c:6687
 do_page_mkwrite+0x14d/0x310 mm/memory.c:3488
 wp_page_shared mm/memory.c:3889 [inline]
 do_wp_page+0x268d/0x5800 mm/memory.c:4108
 handle_pte_fault mm/memory.c:6193 [inline]
 __handle_mm_fault+0x1033/0x5400 mm/memory.c:6318
 handle_mm_fault+0x40a/0x8e0 mm/memory.c:6487
 do_user_addr_fault+0xa7c/0x1380 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x82/0x100 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f6131756b88
Code: fc 89 37 c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 66 0f 1f 84 00 00 00 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 c5 fe 6f 54 16 e0 c5 fe 6f 5c 16 c0 c5
RSP: 002b:00007ffd4db6df48 EFLAGS: 00010246
RAX: 0000200000000380 RBX: 0000000000000004 RCX: 00303636396f7369
RDX: 0000000000000008 RSI: 00303636396f7369 RDI: 0000200000000380
RBP: 00007f61319e7da0 R08: 0000001b2ff20000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000009 R12: 00007f61319e5fac
R13: 00007f61319e5fa0 R14: fffffffffffffffe R15: 00007ffd4db6e060
 </TASK>
EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
EXT4-fs (loop2): This should not happen!! Data will be lost

EXT4-fs (loop2): Total free blocks count 0
EXT4-fs (loop2): Free/Dirty block details
EXT4-fs (loop2): free_blocks=2415919104
EXT4-fs (loop2): dirty_blocks=16
EXT4-fs (loop2): Block reservation details
EXT4-fs (loop2): i_reserved_data_blocks=1