======================================================
WARNING: possible circular locking dependency detected
6.1.143-syzkaller #0 Not tainted
------------------------------------------------------
syz.2.958/8264 is trying to acquire lock:
ffff0000f62b2c20 (&sb->s_type->i_mutex_key#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
ffff0000f62b2c20 (&sb->s_type->i_mutex_key#9/1){+.+.}-{3:3}, at: ext4_xattr_inode_create fs/ext4/xattr.c:1474 [inline]
ffff0000f62b2c20 (&sb->s_type->i_mutex_key#9/1){+.+.}-{3:3}, at: ext4_xattr_inode_lookup_create+0x126c/0x18c4 fs/ext4/xattr.c:1556

but task is already holding lock:
ffff0000f6370288 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_map_blocks+0x7c4/0x1770 fs/ext4/inode.c:672

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&ei->i_data_sem/3){++++}-{3:3}:
       down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
       ext4_update_i_disksize fs/ext4/ext4.h:3385 [inline]
       ext4_xattr_inode_write fs/ext4/xattr.c:1412 [inline]
       ext4_xattr_inode_lookup_create+0x1198/0x18c4 fs/ext4/xattr.c:1562
       ext4_xattr_ibody_set+0x1b4/0x600 fs/ext4/xattr.c:2224
       ext4_xattr_set_handle+0x900/0x102c fs/ext4/xattr.c:2401
       ext4_xattr_set+0x1e0/0x2b4 fs/ext4/xattr.c:2515
       ext4_xattr_security_set+0x4c/0x64 fs/ext4/xattr_security.c:31
       __vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
       __vfs_setxattr_noperm+0x120/0x564 fs/xattr.c:216
       __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
       vfs_setxattr+0x158/0x2ac fs/xattr.c:309
       do_setxattr fs/xattr.c:594 [inline]
       setxattr+0x228/0x28c fs/xattr.c:617
       path_setxattr+0x12c/0x25c fs/xattr.c:636
       __do_sys_setxattr fs/xattr.c:652 [inline]
       __se_sys_setxattr fs/xattr.c:648 [inline]
       __arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:648
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
       do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
       el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

-> #0 (&sb->s_type->i_mutex_key#9/1){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3090 [inline]
       check_prevs_add kernel/locking/lockdep.c:3209 [inline]
       validate_chain kernel/locking/lockdep.c:3825 [inline]
       __lock_acquire+0x293c/0x6544 kernel/locking/lockdep.c:5049
       lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
       down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
       inode_lock include/linux/fs.h:758 [inline]
       ext4_xattr_inode_create fs/ext4/xattr.c:1474 [inline]
       ext4_xattr_inode_lookup_create+0x126c/0x18c4 fs/ext4/xattr.c:1556
       ext4_xattr_block_set+0x1b4/0x2810 fs/ext4/xattr.c:1876
       ext4_xattr_move_to_block fs/ext4/xattr.c:2625 [inline]
       ext4_xattr_make_inode_space fs/ext4/xattr.c:2700 [inline]
       ext4_expand_extra_isize_ea+0xcb8/0x15cc fs/ext4/xattr.c:2792
       __ext4_expand_extra_isize+0x298/0x358 fs/ext4/inode.c:5966
       ext4_try_to_expand_extra_isize fs/ext4/inode.c:6009 [inline]
       __ext4_mark_inode_dirty+0x3e4/0x790 fs/ext4/inode.c:6087
       ext4_dirty_inode+0xd0/0x100 fs/ext4/inode.c:6119
       __mark_inode_dirty+0x2e8/0x12a0 fs/fs-writeback.c:2433
       mark_inode_dirty include/linux/fs.h:2546 [inline]
       dquot_alloc_space include/linux/quotaops.h:320 [inline]
       dquot_alloc_block include/linux/quotaops.h:337 [inline]
       ext4_mb_new_blocks+0x23e0/0x435c fs/ext4/mballoc.c:5727
       ext4_new_meta_blocks+0x134/0x32c fs/ext4/balloc.c:739
       ext4_alloc_branch fs/ext4/indirect.c:342 [inline]
       ext4_ind_map_blocks+0xc4c/0x1c50 fs/ext4/indirect.c:635
       ext4_map_blocks+0x80c/0x1770 fs/ext4/inode.c:681
       _ext4_get_block+0x194/0x4c8 fs/ext4/inode.c:822
       ext4_get_block+0x4c/0x60 fs/ext4/inode.c:839
       ext4_block_write_begin+0x508/0x10f8 fs/ext4/inode.c:1124
       ext4_write_begin+0x5ec/0x133c fs/ext4/ext4_jbd2.h:-1
       generic_perform_write+0x230/0x4b0 mm/filemap.c:3846
       ext4_buffered_write_iter+0x2c4/0x530 fs/ext4/file.c:285
       ext4_file_write_iter+0x188/0x152c fs/ext4/file.c:-1
       call_write_iter include/linux/fs.h:2265 [inline]
       new_sync_write fs/read_write.c:491 [inline]
       vfs_write+0x5ac/0x7c4 fs/read_write.c:584
       ksys_pwrite64 fs/read_write.c:699 [inline]
       __do_sys_pwrite64 fs/read_write.c:709 [inline]
       __se_sys_pwrite64 fs/read_write.c:706 [inline]
       __arm64_sys_pwrite64+0x170/0x200 fs/read_write.c:706
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
       do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
       el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ei->i_data_sem/3);
                               lock(&sb->s_type->i_mutex_key#9/1);
                               lock(&ei->i_data_sem/3);
  lock(&sb->s_type->i_mutex_key#9/1);

 *** DEADLOCK ***

4 locks held by syz.2.958/8264:
 #0: ffff0000d9946460 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x23c/0x7c4 fs/read_write.c:580
 #1: ffff0000f6370400 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff0000f6370400 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0x98/0x530 fs/ext4/file.c:279
 #2: ffff0000f6370288 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_map_blocks+0x7c4/0x1770 fs/ext4/inode.c:672
 #3: ffff0000f63700c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_trylock_xattr fs/ext4/xattr.h:162 [inline]
 #3: ffff0000f63700c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_to_expand_extra_isize fs/ext4/inode.c:6006 [inline]
 #3: ffff0000f63700c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 fs/ext4/inode.c:6087

stack backtrace:
CPU: 1 PID: 8264 Comm: syz.2.958 Not tainted 6.1.143-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 print_circular_bug+0x148/0x1b0 kernel/locking/lockdep.c:2048
 check_noncircular+0x240/0x2d4 kernel/locking/lockdep.c:2170
 check_prev_add kernel/locking/lockdep.c:3090 [inline]
 check_prevs_add kernel/locking/lockdep.c:3209 [inline]
 validate_chain kernel/locking/lockdep.c:3825 [inline]
 __lock_acquire+0x293c/0x6544 kernel/locking/lockdep.c:5049
 lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
 down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
 inode_lock include/linux/fs.h:758 [inline]
 ext4_xattr_inode_create fs/ext4/xattr.c:1474 [inline]
 ext4_xattr_inode_lookup_create+0x126c/0x18c4 fs/ext4/xattr.c:1556
 ext4_xattr_block_set+0x1b4/0x2810 fs/ext4/xattr.c:1876
 ext4_xattr_move_to_block fs/ext4/xattr.c:2625 [inline]
 ext4_xattr_make_inode_space fs/ext4/xattr.c:2700 [inline]
 ext4_expand_extra_isize_ea+0xcb8/0x15cc fs/ext4/xattr.c:2792
 __ext4_expand_extra_isize+0x298/0x358 fs/ext4/inode.c:5966
 ext4_try_to_expand_extra_isize fs/ext4/inode.c:6009 [inline]
 __ext4_mark_inode_dirty+0x3e4/0x790 fs/ext4/inode.c:6087
 ext4_dirty_inode+0xd0/0x100 fs/ext4/inode.c:6119
 __mark_inode_dirty+0x2e8/0x12a0 fs/fs-writeback.c:2433
 mark_inode_dirty include/linux/fs.h:2546 [inline]
 dquot_alloc_space include/linux/quotaops.h:320 [inline]
 dquot_alloc_block include/linux/quotaops.h:337 [inline]
 ext4_mb_new_blocks+0x23e0/0x435c fs/ext4/mballoc.c:5727
 ext4_new_meta_blocks+0x134/0x32c fs/ext4/balloc.c:739
 ext4_alloc_branch fs/ext4/indirect.c:342 [inline]
 ext4_ind_map_blocks+0xc4c/0x1c50 fs/ext4/indirect.c:635
 ext4_map_blocks+0x80c/0x1770 fs/ext4/inode.c:681
 _ext4_get_block+0x194/0x4c8 fs/ext4/inode.c:822
 ext4_get_block+0x4c/0x60 fs/ext4/inode.c:839
 ext4_block_write_begin+0x508/0x10f8 fs/ext4/inode.c:1124
 ext4_write_begin+0x5ec/0x133c fs/ext4/ext4_jbd2.h:-1
 generic_perform_write+0x230/0x4b0 mm/filemap.c:3846
 ext4_buffered_write_iter+0x2c4/0x530 fs/ext4/file.c:285
 ext4_file_write_iter+0x188/0x152c fs/ext4/file.c:-1
 call_write_iter include/linux/fs.h:2265 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x5ac/0x7c4 fs/read_write.c:584
 ksys_pwrite64 fs/read_write.c:699 [inline]
 __do_sys_pwrite64 fs/read_write.c:709 [inline]
 __se_sys_pwrite64 fs/read_write.c:706 [inline]
 __arm64_sys_pwrite64+0x170/0x200 fs/read_write.c:706
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585