loop0: detected capacity change from 0 to 32768
bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
bcachefs (loop0): recovering from clean shutdown, journal seq 10
bcachefs (loop0): Version upgrade required:
Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
Doing incompatible version upgrade from 0.24: unwritten_extents to 1.20: directory_size
running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
bcachefs (loop0): accounting_read... done
bcachefs (loop0): alloc_read... done
bcachefs (loop0): stripes_read... done
bcachefs (loop0): snapshots_read... done
bcachefs (loop0): check_allocations... done
bcachefs (loop0): going read-write
bcachefs (loop0): journal_replay...
======================================================
WARNING: possible circular locking dependency detected
6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 Not tainted
------------------------------------------------------
syz.0.0/5320 is trying to acquire lock:
ffffffff8ea195c8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x293/0x1760 mm/percpu.c:1782
but task is already holding lock:
ffff888053001c68 (&bc->lock){+.+.}-{4:4}, at: bch2_btree_node_mem_alloc+0x559/0x16f0 fs/bcachefs/btree_cache.c:804
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&bc->lock){+.+.}-{4:4}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
bch2_btree_cache_scan+0x184/0xec0 fs/bcachefs/btree_cache.c:482
do_shrink_slab+0x72d/0x1160 mm/shrinker.c:437
shrink_slab+0x1093/0x14d0 mm/shrinker.c:664
shrink_one+0x43b/0x850 mm/vmscan.c:4868
shrink_many mm/vmscan.c:4929 [inline]
lru_gen_shrink_node mm/vmscan.c:5007 [inline]
shrink_node+0x37c5/0x3e50 mm/vmscan.c:5978
kswapd_shrink_node mm/vmscan.c:6807 [inline]
balance_pgdat mm/vmscan.c:6999 [inline]
kswapd+0x20f3/0x3b10 mm/vmscan.c:7264
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #1 (fs_reclaim){+.+.}-{0:0}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__fs_reclaim_acquire mm/page_alloc.c:3853 [inline]
fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3867
might_alloc include/linux/sched/mm.h:318 [inline]
slab_pre_alloc_hook mm/slub.c:4066 [inline]
slab_alloc_node mm/slub.c:4144 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0xae/0x4c0 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
kzalloc_noprof include/linux/slab.h:1037 [inline]
pcpu_mem_zalloc mm/percpu.c:510 [inline]
pcpu_alloc_chunk mm/percpu.c:1430 [inline]
pcpu_create_chunk+0x57/0xbc0 mm/percpu-vm.c:338
pcpu_balance_populated mm/percpu.c:2063 [inline]
pcpu_balance_workfn+0xc4d/0xd40 mm/percpu.c:2200
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (pcpu_alloc_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
pcpu_alloc_noprof+0x293/0x1760 mm/percpu.c:1782
__six_lock_init+0x104/0x150 fs/bcachefs/six.c:876
bch2_btree_lock_init+0x38/0x100 fs/bcachefs/btree_locking.c:12
bch2_btree_node_mem_alloc+0x565/0x16f0 fs/bcachefs/btree_cache.c:807
__bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:304 [inline]
bch2_btree_reserve_get+0x2df/0x1890 fs/bcachefs/btree_update_interior.c:532
bch2_btree_update_start+0xe56/0x14e0 fs/bcachefs/btree_update_interior.c:1230
bch2_btree_split_leaf+0x121/0x880 fs/bcachefs/btree_update_interior.c:1851
bch2_trans_commit_error+0x212/0x1380 fs/bcachefs/btree_trans_commit.c:908
__bch2_trans_commit+0x812b/0x97a0 fs/bcachefs/btree_trans_commit.c:1085
wb_flush_one fs/bcachefs/btree_write_buffer.c:181 [inline]
bch2_btree_write_buffer_flush_locked+0x2c8c/0x5b10 fs/bcachefs/btree_write_buffer.c:379
btree_write_buffer_flush_seq+0x1c49/0x1e10 fs/bcachefs/btree_write_buffer.c:551
bch2_btree_write_buffer_journal_flush+0xc7/0x150 fs/bcachefs/btree_write_buffer.c:567
journal_flush_pins+0x649/0xbb0 fs/bcachefs/journal_reclaim.c:585
journal_flush_pins_or_still_flushing+0x2f/0x390 fs/bcachefs/journal_reclaim.c:857
journal_flush_done+0x8b/0x400 fs/bcachefs/journal_reclaim.c:872
bch2_journal_flush_pins+0x225/0x3a0 fs/bcachefs/journal_reclaim.c:912
bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline]
bch2_journal_replay+0x2744/0x2a70 fs/bcachefs/recovery.c:442
bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:226
bch2_run_recovery_passes+0x2ad/0xa90 fs/bcachefs/recovery_passes.c:291
bch2_fs_recovery+0x265a/0x3de0 fs/bcachefs/recovery.c:936
bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1030
bch2_fs_get_tree+0xd8d/0x1740 fs/bcachefs/fs.c:2203
vfs_get_tree+0x90/0x2b0 fs/super.c:1814
do_new_mount+0x2be/0xb40 fs/namespace.c:3560
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4088
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
pcpu_alloc_mutex --> fs_reclaim --> &bc->lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&bc->lock);
lock(fs_reclaim);
lock(&bc->lock);
lock(pcpu_alloc_mutex);
*** DEADLOCK ***
6 locks held by syz.0.0/5320:
#0: ffff888053000278 (&c->state_lock){+.+.}-{4:4}, at: bch2_fs_start+0x45/0x610 fs/bcachefs/super.c:999
#1: ffff88805304b028 (&j->reclaim_lock){+.+.}-{4:4}, at: journal_flush_done+0x7b/0x400 fs/bcachefs/journal_reclaim.c:870
#2: ffff888053004378 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:164 [inline]
#2: ffff888053004378 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:256 [inline]
#2: ffff888053004378 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x7e4/0xd30 fs/bcachefs/btree_iter.c:3377
#3: ffff888053004720 (&wb->flushing.lock){+.+.}-{4:4}, at: btree_write_buffer_flush_seq+0x1c3f/0x1e10 fs/bcachefs/btree_write_buffer.c:550
#4: ffff8880530266d0 (&c->gc_lock){++++}-{4:4}, at: bch2_btree_update_start+0x682/0x14e0 fs/bcachefs/btree_update_interior.c:1180
#5: ffff888053001c68 (&bc->lock){+.+.}-{4:4}, at: bch2_btree_node_mem_alloc+0x559/0x16f0 fs/bcachefs/btree_cache.c:804
stack backtrace:
CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
pcpu_alloc_noprof+0x293/0x1760 mm/percpu.c:1782
__six_lock_init+0x104/0x150 fs/bcachefs/six.c:876
bch2_btree_lock_init+0x38/0x100 fs/bcachefs/btree_locking.c:12
bch2_btree_node_mem_alloc+0x565/0x16f0 fs/bcachefs/btree_cache.c:807
__bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:304 [inline]
bch2_btree_reserve_get+0x2df/0x1890 fs/bcachefs/btree_update_interior.c:532
bch2_btree_update_start+0xe56/0x14e0 fs/bcachefs/btree_update_interior.c:1230
bch2_btree_split_leaf+0x121/0x880 fs/bcachefs/btree_update_interior.c:1851
bch2_trans_commit_error+0x212/0x1380 fs/bcachefs/btree_trans_commit.c:908
__bch2_trans_commit+0x812b/0x97a0 fs/bcachefs/btree_trans_commit.c:1085
wb_flush_one fs/bcachefs/btree_write_buffer.c:181 [inline]
bch2_btree_write_buffer_flush_locked+0x2c8c/0x5b10 fs/bcachefs/btree_write_buffer.c:379
btree_write_buffer_flush_seq+0x1c49/0x1e10 fs/bcachefs/btree_write_buffer.c:551
bch2_btree_write_buffer_journal_flush+0xc7/0x150 fs/bcachefs/btree_write_buffer.c:567
journal_flush_pins+0x649/0xbb0 fs/bcachefs/journal_reclaim.c:585
journal_flush_pins_or_still_flushing+0x2f/0x390 fs/bcachefs/journal_reclaim.c:857
journal_flush_done+0x8b/0x400 fs/bcachefs/journal_reclaim.c:872
bch2_journal_flush_pins+0x225/0x3a0 fs/bcachefs/journal_reclaim.c:912
bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline]
bch2_journal_replay+0x2744/0x2a70 fs/bcachefs/recovery.c:442
bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:226
bch2_run_recovery_passes+0x2ad/0xa90 fs/bcachefs/recovery_passes.c:291
bch2_fs_recovery+0x265a/0x3de0 fs/bcachefs/recovery.c:936
bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1030
bch2_fs_get_tree+0xd8d/0x1740 fs/bcachefs/fs.c:2203
vfs_get_tree+0x90/0x2b0 fs/super.c:1814
do_new_mount+0x2be/0xb40 fs/namespace.c:3560
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4088
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa2a618e54a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa2a7068e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fa2a7068ef0 RCX: 00007fa2a618e54a
RDX: 0000000020000300 RSI: 0000000020004640 RDI: 00007fa2a7068eb0
RBP: 0000000020000300 R08: 00007fa2a7068ef0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020004640
R13: 00007fa2a7068eb0 R14: 00000000000058af R15: 0000000020000000
</TASK>
done
bcachefs (loop0): check_alloc_info... done
bcachefs (loop0): check_lrus... done
bcachefs (loop0): check_btree_backpointers... done
bcachefs (loop0): check_backpointers_to_extents... done
bcachefs (loop0): check_extents_to_backpointers...
bcachefs (loop0): scanning for missing backpointers in 6/128 buckets
done
bcachefs (loop0): check_alloc_to_lru_refs... done
bcachefs (loop0): bucket_gens_init... done
bcachefs (loop0): check_snapshot_trees... done
bcachefs (loop0): check_snapshots...
snapshot points to missing/incorrect tree:
u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: is_subvol 1 deleted 0 parent 0 children 0 0 subvol 1 tree 0, fixing
snapshot points to missing/incorrect tree:
u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: is_subvol 1 deleted 0 parent 0 children 0 0 subvol 1 tree 0, fixing
done
bcachefs (loop0): check_subvols... done
bcachefs (loop0): check_subvol_children... done
bcachefs (loop0): delete_dead_snapshots... done
bcachefs (loop0): check_inodes... done
bcachefs (loop0): check_extents... done
bcachefs (loop0): check_indirect_extents... done
bcachefs (loop0): check_dirents... done
bcachefs (loop0): check_xattrs... done
bcachefs (loop0): check_root... done
bcachefs (loop0): check_unreachable_inodes... done
bcachefs (loop0): check_subvolume_structure... done
bcachefs (loop0): check_directory_structure... done
bcachefs (loop0): check_nlinks... done
bcachefs (loop0): resume_logged_ops... done
bcachefs (loop0): delete_dead_inodes... done
bcachefs (loop0): set_fs_needs_rebalance... done
bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean
bcachefs (loop0): check_alloc_info... done
bcachefs (loop0): check_lrus... done
bcachefs (loop0): check_btree_backpointers... done
bcachefs (loop0): check_backpointers_to_extents... done
bcachefs (loop0): check_extents_to_backpointers...
bcachefs (loop0): scanning for missing backpointers in 1/128 buckets
done
bcachefs (loop0): check_alloc_to_lru_refs... done
bcachefs (loop0): bucket_gens_init... done
bcachefs (loop0): check_snapshot_trees... done
bcachefs (loop0): check_snapshots... done
bcachefs (loop0): check_subvols... done
bcachefs (loop0): check_subvol_children... done
bcachefs (loop0): delete_dead_snapshots... done
bcachefs (loop0): check_inodes... done
bcachefs (loop0): check_extents... done
bcachefs (loop0): check_indirect_extents... done
bcachefs (loop0): check_dirents... done
bcachefs (loop0): check_xattrs... done
bcachefs (loop0): check_root... done
bcachefs (loop0): check_unreachable_inodes... done
bcachefs (loop0): check_subvolume_structure... done
bcachefs (loop0): check_directory_structure... done
bcachefs (loop0): check_nlinks... done
bcachefs (loop0): resume_logged_ops... done
bcachefs (loop0): delete_dead_inodes... done
bcachefs (loop0): set_fs_needs_rebalance... done
bcachefs (loop0): done starting filesystem
bcachefs (loop0): going read-only
bcachefs (loop0): finished waiting for writes to stop
bcachefs (loop0): flushing journal and stopping allocators, journal seq 28
bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 28
bcachefs (loop0): clean shutdown complete, journal seq 29
bcachefs (loop0): marking filesystem clean
syz.0.0 (5320) used greatest stack depth: 10096 bytes left