CVE-2026-46061

In the Linux kernel, the following vulnerability has been resolved:

jbd2: fix deadlock in jbd2 journal cancel revoke()

Commit f76d4c28a46a ("fs/jbd2: use sleeping version of find get block()") changed jbd2 journal cancel revoke() to use find get block nonatomic() which holds the folio lock instead of i private lock. This breaks the lock ordering (folio -> buffer) and causes an ABBA deadlock when the filesystem blocksize < pagesize:

T1 T2 ext4 mkdir() ext4 init new dir() ext4 append() ext4 getblk() lock buffer() <- A sync blockdev() blkdev writepages() writeback iter() writeback get folio() folio lock() <- B ext4 journal get create access() jbd2 journal cancel revoke() find get block nonatomic() folio lock() <- B block write full folio() lock buffer() <- A

This can occasionally cause generic/013 to hang.

Fix by only calling find get block nonatomic() when the passed buffer head doesn't belong to the bdev, which is the only case that we need to look up its bdev alias. Otherwise, the lookup is redundant since the found buffer head is equal to the one we passed in.