bucket 0:21 gen 0 has wrong data_type: got free, should be sb, fixing bucket 0:21 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:22 gen 0 has wrong data_type: got free, should be sb, fixing bucket 0:22 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:23 gen 0 has wrong data_type: got free, should be sb, fixing bucket 0:23 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:24 gen 0 has wrong data_type: got free, should be journal, fixing bucket 0:24 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:27 gen 0 has wrong data_type: got free, should be btree, fixing bucket 0:27 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:28 gen 0 has wrong data_type: got free, should be btree, fixing bucket 0:28 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:29 gen 0 has wrong data_type: got free, should be btree, fixing bucket 0:29 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:31 gen 0 has wrong data_type: got free, should be btree, fixing bucket 0:31 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:32 gen 0 has wrong data_type: got free, should be btree, fixing bucket 0:32 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:34 gen 0 has wrong data_type: got free, should be user, fixing bucket 0:34 gen 0 data type user has wrong dirty_sectors: got 0, should be 16, fixing bucket 0:35 gen 0 has wrong data_type: got free, should be btree, fixing bucket 0:35 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:37 gen 0 has wrong data_type: got free, should be btree, fixing bucket 0:37 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:38 gen 0 has wrong data_type: got free, should be btree, fixing bucket 0:38 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:41 gen 0 has wrong data_type: got free, should be btree, fixing bucket 0:41 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:42 gen 0 has wrong data_type: got free, should be btree, fixing bucket 0:42 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:120 gen 0 has wrong data_type: got free, should be sb, fixing bucket 0:120 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:121 gen 0 has wrong data_type: got free, should be sb, fixing bucket 0:121 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:122 gen 0 has wrong data_type: got free, should be sb, fixing bucket 0:122 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:123 gen 0 has wrong data_type: got free, should be sb, fixing bucket 0:123 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:124 gen 0 has wrong data_type: got free, should be sb, fixing bucket 0:124 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:125 gen 0 has wrong data_type: got free, should be sb, fixing bucket 0:125 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:126 gen 0 has wrong data_type: got free, should be sb, fixing bucket 0:126 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing bucket 0:127 gen 0 has wrong data_type: got free, should be sb, fixing bucket 0:127 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing done bcachefs (loop0): going read-write bcachefs (loop0): journal_replay... ====================================================== WARNING: possible circular locking dependency detected 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 Not tainted ------------------------------------------------------ syz.0.0/5322 is trying to acquire lock: ffffffff8ea18368 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x293/0x1760 mm/percpu.c:1795 but task is already holding lock: ffff888053081c50 (&bc->lock){+.+.}-{4:4}, at: bch2_btree_node_mem_alloc+0x8a/0x16f0 fs/bcachefs/btree_cache.c:783 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&bc->lock){+.+.}-{4:4}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735 bch2_btree_cache_scan+0x184/0xec0 fs/bcachefs/btree_cache.c:480 do_shrink_slab+0x72d/0x1160 mm/shrinker.c:437 shrink_slab+0x1093/0x14d0 mm/shrinker.c:664 shrink_one+0x43b/0x850 mm/vmscan.c:4836 shrink_many mm/vmscan.c:4897 [inline] lru_gen_shrink_node mm/vmscan.c:4975 [inline] shrink_node+0x37c5/0x3e50 mm/vmscan.c:5956 kswapd_shrink_node mm/vmscan.c:6785 [inline] balance_pgdat mm/vmscan.c:6977 [inline] kswapd+0x1ca9/0x36f0 mm/vmscan.c:7246 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #1 (fs_reclaim){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __fs_reclaim_acquire mm/page_alloc.c:3853 [inline] fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3867 might_alloc include/linux/sched/mm.h:318 [inline] slab_pre_alloc_hook mm/slub.c:4070 [inline] slab_alloc_node mm/slub.c:4148 [inline] __do_kmalloc_node mm/slub.c:4297 [inline] __kmalloc_noprof+0xae/0x4c0 mm/slub.c:4310 kmalloc_noprof include/linux/slab.h:905 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] pcpu_mem_zalloc mm/percpu.c:510 [inline] pcpu_alloc_chunk mm/percpu.c:1443 [inline] pcpu_create_chunk+0x57/0xbc0 mm/percpu-vm.c:338 pcpu_balance_populated mm/percpu.c:2076 [inline] pcpu_balance_workfn+0xc4d/0xd40 mm/percpu.c:2213 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735 pcpu_alloc_noprof+0x293/0x1760 mm/percpu.c:1795 __six_lock_init+0x104/0x150 fs/bcachefs/six.c:869 bch2_btree_lock_init+0x38/0x100 fs/bcachefs/btree_locking.c:12 bch2_btree_node_mem_alloc+0x565/0x16f0 fs/bcachefs/btree_cache.c:805 __bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:321 [inline] bch2_btree_reserve_get+0x2df/0x1890 fs/bcachefs/btree_update_interior.c:549 bch2_btree_update_start+0x115d/0x14e0 fs/bcachefs/btree_update_interior.c:1266 bch2_btree_split_leaf+0x123/0x840 fs/bcachefs/btree_update_interior.c:1856 bch2_trans_commit_error+0x212/0x1380 fs/bcachefs/btree_trans_commit.c:942 __bch2_trans_commit+0x7ead/0x93c0 fs/bcachefs/btree_trans_commit.c:1140 bch2_trans_commit fs/bcachefs/btree_update.h:184 [inline] bch2_journal_replay+0x1a3a/0x2a40 fs/bcachefs/recovery.c:317 bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:191 bch2_run_recovery_passes+0x3a7/0x880 fs/bcachefs/recovery_passes.c:244 bch2_fs_recovery+0x25cc/0x39d0 fs/bcachefs/recovery.c:861 bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037 bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2170 vfs_get_tree+0x90/0x2b0 fs/super.c:1814 do_new_mount+0x2be/0xb40 fs/namespace.c:3507 do_mount fs/namespace.c:3847 [inline] __do_sys_mount fs/namespace.c:4057 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: pcpu_alloc_mutex --> fs_reclaim --> &bc->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&bc->lock); lock(fs_reclaim); lock(&bc->lock); lock(pcpu_alloc_mutex); *** DEADLOCK *** 4 locks held by syz.0.0/5322: #0: ffff888053080278 (&c->state_lock){+.+.}-{4:4}, at: bch2_fs_start+0x45/0x5b0 fs/bcachefs/super.c:1007 #1: ffff888053084398 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:158 [inline] #1: ffff888053084398 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:249 [inline] #1: ffff888053084398 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x7e1/0xd30 fs/bcachefs/btree_iter.c:3228 #2: ffff8880530a66d0 (&c->gc_lock){++++}-{4:4}, at: bch2_btree_update_start+0x682/0x14e0 fs/bcachefs/btree_update_interior.c:1197 #3: ffff888053081c50 (&bc->lock){+.+.}-{4:4}, at: bch2_btree_node_mem_alloc+0x8a/0x16f0 fs/bcachefs/btree_cache.c:783 stack backtrace: CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735 pcpu_alloc_noprof+0x293/0x1760 mm/percpu.c:1795 __six_lock_init+0x104/0x150 fs/bcachefs/six.c:869 bch2_btree_lock_init+0x38/0x100 fs/bcachefs/btree_locking.c:12 bch2_btree_node_mem_alloc+0x565/0x16f0 fs/bcachefs/btree_cache.c:805 __bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:321 [inline] bch2_btree_reserve_get+0x2df/0x1890 fs/bcachefs/btree_update_interior.c:549 bch2_btree_update_start+0x115d/0x14e0 fs/bcachefs/btree_update_interior.c:1266 bch2_btree_split_leaf+0x123/0x840 fs/bcachefs/btree_update_interior.c:1856 bch2_trans_commit_error+0x212/0x1380 fs/bcachefs/btree_trans_commit.c:942 __bch2_trans_commit+0x7ead/0x93c0 fs/bcachefs/btree_trans_commit.c:1140 bch2_trans_commit fs/bcachefs/btree_update.h:184 [inline] bch2_journal_replay+0x1a3a/0x2a40 fs/bcachefs/recovery.c:317 bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:191 bch2_run_recovery_passes+0x3a7/0x880 fs/bcachefs/recovery_passes.c:244 bch2_fs_recovery+0x25cc/0x39d0 fs/bcachefs/recovery.c:861 bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037 bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2170 vfs_get_tree+0x90/0x2b0 fs/super.c:1814 do_new_mount+0x2be/0xb40 fs/namespace.c:3507 do_mount fs/namespace.c:3847 [inline] __do_sys_mount fs/namespace.c:4057 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f0c1a5874ca Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0c1b3a9e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f0c1b3a9ef0 RCX: 00007f0c1a5874ca RDX: 00000000200058c0 RSI: 0000000020005900 RDI: 00007f0c1b3a9eb0 RBP: 00000000200058c0 R08: 00007f0c1b3a9ef0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020005900 R13: 00007f0c1b3a9eb0 R14: 00000000000059cf R15: 00000000200001c0 done bcachefs (loop0): check_alloc_info... hole in alloc btree missing in freespace btree device 0 buckets 26-27, fixing incorrect key in freespace btree (got set should be deleted) u64s 13 type alloc_v4 0:28:0 len 0 ver 0: gen 0 oldest_gen 0 data_type btree journal_seq 0 need_discard 0 need_inc_gen 0 dirty_sectors 256 stripe_sectors 0 cached_sectors 0 stripe 0 stripe_redundancy 0 io_time[READ] 0 io_time[WRITE] 0 fragmentation 0 bp_start 8 , fixing incorrect key in freespace btree (got set should be deleted) u64s 13 type alloc_v4 0:28:0 len 0 ver 0: gen 0 oldest_gen 0 data_type btree journal_seq 0 need_discard 0 need_inc_gen 0 dirty_sectors 256 stripe_sectors 0 cached_sectors 0 stripe 0 stripe_redundancy 0 io_time[READ] 0 io_time[WRITE] 0 fragmentation 0 bp_start 8 , fixing incorrect key in freespace btree (got set should be deleted) u64s 13 type alloc_v4 0:34:0 len 0 ver 0: gen 0 oldest_gen 0 data_type user journal_seq 0 need_discard 0 need_inc_gen 0 dirty_sectors 16 stripe_sectors 0 cached_sectors 0 stripe 0 stripe_redundancy 0 io_time[READ] 0 io_time[WRITE] 0 fragmentation 134217728 bp_start 8 , fixing incorrect key in freespace btree (got set should be deleted) u64s 13 type alloc_v4 0:34:0 len 0 ver 0: gen 0 oldest_gen 0 data_type user journal_seq 0 need_discard 0 need_inc_gen 0 dirty_sectors 16 stripe_sectors 0 cached_sectors 0 stripe 0 stripe_redundancy 0 io_time[READ] 0 io_time[WRITE] 0 fragmentation 134217728 bp_start 8 , fixing incorrect key in freespace btree (got set should be deleted) u64s 13 type alloc_v4 0:37:0 len 0 ver 0: gen 0 oldest_gen 0 data_type btree journal_seq 0 need_discard 0 need_inc_gen 0 dirty_sectors 256 stripe_sectors 0 cached_sectors 0 stripe 0 stripe_redundancy 0 io_time[READ] 0 io_time[WRITE] 0 fragmentation 0 bp_start 8 , fixing incorrect key in freespace btree (got set should be deleted) u64s 13 type alloc_v4 0:42:0 len 0 ver 0: gen 0 oldest_gen 0 data_type btree journal_seq 0 need_discard 0 need_inc_gen 0 dirty_sectors 256 stripe_sectors 0 cached_sectors 0 stripe 0 stripe_redundancy 0 io_time[READ] 0 io_time[WRITE] 0 fragmentation 0 bp_start 8 , fixing done bcachefs (loop0): check_lrus... done bcachefs (loop0): check_extents_to_backpointers... missing backpointer for btree=dirents l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 got: u64s 5 type deleted 0:10747904:0 len 0 ver 0 want: u64s 9 type backpointer 0:10747904:0 len 0 ver 0: bucket=0:41:0 btree=dirents l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing missing backpointer for btree=subvolumes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0 got: u64s 5 type deleted 0:9175040:0 len 0 ver 0 want: u64s 9 type backpointer 0:9175040:0 len 0 ver 0: bucket=0:35:0 btree=subvolumes l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing missing backpointer for btree=snapshots l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 got: u64s 5 type deleted 0:8388608:0 len 0 ver 0 want: u64s 9 type backpointer 0:8388608:0 len 0 ver 0: bucket=0:32:0 btree=snapshots l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing done bcachefs (loop0): check_alloc_to_lru_refs... done bcachefs (loop0): check_inodes... inode 16781312:4294967295 points to subvol 1, but subvol points to 4096:4294967295, fixing done bcachefs (loop0): resume_logged_ops... done bcachefs (loop0): delete_dead_inodes... done bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean bcachefs (loop0): check_alloc_info... done bcachefs (loop0): check_lrus... done bcachefs (loop0): check_extents_to_backpointers... done bcachefs (loop0): check_alloc_to_lru_refs... done bcachefs (loop0): check_inodes... done bcachefs (loop0): resume_logged_ops... done bcachefs (loop0): delete_dead_inodes... done bcachefs (loop0): done starting filesystem