Re: [PATCH v10 5/5] ext4: prevent deadlock from duplicate EA inode references on corrupted fs

From: Jan Kara

Date: Mon Jun 29 2026 - 04:27:57 EST


On Sun 28-06-26 16:35:10, Zhou, Yun wrote:
>
>
> On 6/27/26 01:23, Jan Kara wrote:
> > On Thu 25-06-26 23:29:41, Yun Zhou wrote:
> > > On a corrupted filesystem, multiple xattr entries may reference the same
> > > EA inode. When ext4_xattr_inode_dec_ref_all() processes such entries, it
> > > can dec_ref the EA inode (setting nlink=0) and queue it for deferred iput.
> > > If the deferred worker runs before the loop processes the duplicate entry,
> > > the second iget() may block on I_FREEING while the worker's eviction waits
> > > for the caller's transaction to commit -- classic ABBA deadlock.
> >
> > Hum, this looks possible but it isn't a new thing this patch set
> > introduces. Even before if you had corrupted filesystem,
> > ext4_xattr_inode_array_free() from ext4_evict_inode() could deadlock in a
> > similar way against say ext4_xattr_inode_dec_ref_all() (but practially
> > anything calling ext4_xattr_inode_iget() while holding a transaction
> > handle). So please leave this alone for now. We can look into that once
> > other EA inode settle.
>
> Mainly because sashiko-bot always flags this issue every time.

Yes, I can see how that's annoying.

> I've further improved the patch and believe I've thoroughly plugged this
> loophole. I will include it in v11, and please take a look when you have
> a chance. If it still has issues, or if you think it's redundant or
> inelegant, we can just drop it.

I can check it. But unless the fix is really simple I still think it
belongs to a separate series.

Honza
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR