journal_seq=36028797018963972
hash_seed=905a6979b4722d63
hash_type=siphash
bi_size=10
bi_sectors=8
bi_version=0
bi_atime=2740995251
bi_ctime=2740995251
bi_mtime=2740995251
bi_otime=2740995251
bi_uid=0
bi_gid=0
bi_nlink=0
bi_generation=0
bi_dev=0
bi_data_checksum=0
bi_compression=0
bi_project=0
bi_background_compression=0
bi_data_replicas=0
bi_promote_target=0
bi_foreground_target=0
bi_background_target=0
bi_erasure_code=0
bi_fields_set=0
bi_dir=4096
bi_dir_offset=8276054212886994144
bi_subvol=0
bi_parent_subvol=0
bi_nocow=0
bi_depth=0
bi_inodes_32bit=0, fixing
done
bcachefs (loop0): check_dirents...
directory 4096:4294967295 with wrong i_size: got 0, should be 352, fixing
done
bcachefs (loop0): resume_logged_ops... done
bcachefs (loop0): delete_dead_inodes... done
bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean
bcachefs (loop0): check_alloc_info... done
bcachefs (loop0): check_lrus... done
bcachefs (loop0): check_btree_backpointers... done
bcachefs (loop0): check_backpointers_to_extents... done
bcachefs (loop0): check_extents_to_backpointers... done
bcachefs (loop0): check_inodes... done
bcachefs (loop0): check_dirents... done
bcachefs (loop0): resume_logged_ops... done
bcachefs (loop0): delete_dead_inodes... done
bcachefs (loop0): done starting filesystem
======================================================
WARNING: possible circular locking dependency detected
6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 Not tainted
------------------------------------------------------
syz.0.0/5323 is trying to acquire lock:
ffff888053301c68 (&bc->lock){+.+.}-{4:4}, at: bch2_btree_cache_scan+0x184/0xec0 fs/bcachefs/btree_cache.c:482
but task is already holding lock:
ffffffff8ec3a200 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
ffffffff8ec3a200 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xd4/0x3c0 mm/page_alloc.c:3951
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (fs_reclaim){+.+.}-{0:0}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__fs_reclaim_acquire mm/page_alloc.c:3853 [inline]
fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3867
might_alloc include/linux/sched/mm.h:318 [inline]
slab_pre_alloc_hook mm/slub.c:4066 [inline]
slab_alloc_node mm/slub.c:4144 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0xae/0x4c0 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
kzalloc_noprof include/linux/slab.h:1037 [inline]
pcpu_mem_zalloc mm/percpu.c:510 [inline]
pcpu_alloc_chunk mm/percpu.c:1430 [inline]
pcpu_create_chunk+0x57/0xbc0 mm/percpu-vm.c:338
pcpu_balance_populated mm/percpu.c:2063 [inline]
pcpu_balance_workfn+0xc4d/0xd40 mm/percpu.c:2200
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #1 (pcpu_alloc_mutex){+.+.}-{4:4}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
pcpu_alloc_noprof+0x293/0x1760 mm/percpu.c:1782
__six_lock_init+0x104/0x150 fs/bcachefs/six.c:876
bch2_btree_lock_init+0x38/0x100 fs/bcachefs/btree_locking.c:12
bch2_btree_node_mem_alloc+0x5b7/0x1780 fs/bcachefs/btree_cache.c:807
__bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:304 [inline]
bch2_btree_reserve_get+0x308/0x19a0 fs/bcachefs/btree_update_interior.c:532
bch2_btree_update_start+0xe92/0x1540 fs/bcachefs/btree_update_interior.c:1232
bch2_btree_split_leaf+0x121/0x880 fs/bcachefs/btree_update_interior.c:1853
bch2_trans_commit_error+0x212/0x1380 fs/bcachefs/btree_trans_commit.c:908
__bch2_trans_commit+0x8105/0x9790 fs/bcachefs/btree_trans_commit.c:1089
bch2_trans_commit fs/bcachefs/btree_update.h:183 [inline]
bch2_journal_replay+0x1ab1/0x2b10 fs/bcachefs/recovery.c:373
bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:226
bch2_run_recovery_passes+0x2ad/0xa90 fs/bcachefs/recovery_passes.c:291
bch2_fs_recovery+0x265a/0x3de0 fs/bcachefs/recovery.c:936
bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1041
bch2_fs_get_tree+0xdb7/0x17a0 fs/bcachefs/fs.c:2203
vfs_get_tree+0x90/0x2b0 fs/super.c:1814
do_new_mount+0x2be/0xb40 fs/namespace.c:3560
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4088
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&bc->lock){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
bch2_btree_cache_scan+0x184/0xec0 fs/bcachefs/btree_cache.c:482
do_shrink_slab+0x72d/0x1160 mm/shrinker.c:437
shrink_slab+0x1093/0x14d0 mm/shrinker.c:664
shrink_one+0x43b/0x850 mm/vmscan.c:4868
shrink_many mm/vmscan.c:4929 [inline]
lru_gen_shrink_node mm/vmscan.c:5007 [inline]
shrink_node+0x379b/0x3e20 mm/vmscan.c:5978
shrink_zones mm/vmscan.c:6237 [inline]
do_try_to_free_pages+0x78c/0x1cf0 mm/vmscan.c:6299
try_to_free_pages+0x47c/0x1050 mm/vmscan.c:6549
__perform_reclaim mm/page_alloc.c:3929 [inline]
__alloc_pages_direct_reclaim+0x178/0x3c0 mm/page_alloc.c:3951
__alloc_pages_slowpath+0x811/0x10b0 mm/page_alloc.c:4382
__alloc_frozen_pages_noprof+0x49b/0x710 mm/page_alloc.c:4752
alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270
folio_alloc_mpol_noprof+0x36/0x70 mm/mempolicy.c:2289
shmem_alloc_folio mm/shmem.c:1863 [inline]
shmem_alloc_and_add_folio+0x4a0/0x1090 mm/shmem.c:1902
shmem_get_folio_gfp+0x621/0x1840 mm/shmem.c:2522
shmem_fault+0x220/0x5b0 mm/shmem.c:2723
__do_fault+0x135/0x390 mm/memory.c:4988
do_read_fault mm/memory.c:5403 [inline]
do_fault mm/memory.c:5537 [inline]
do_pte_missing mm/memory.c:4058 [inline]
handle_pte_fault mm/memory.c:5900 [inline]
__handle_mm_fault+0x4c44/0x70f0 mm/memory.c:6043
handle_mm_fault+0x3e5/0x8d0 mm/memory.c:6212
faultin_page mm/gup.c:1196 [inline]
__get_user_pages+0x1a92/0x4140 mm/gup.c:1491
populate_vma_page_range+0x264/0x330 mm/gup.c:1929
__mm_populate+0x27a/0x460 mm/gup.c:2032
mm_populate include/linux/mm.h:3386 [inline]
vm_mmap_pgoff+0x303/0x430 mm/util.c:580
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
&bc->lock --> pcpu_alloc_mutex --> fs_reclaim
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(fs_reclaim);
lock(pcpu_alloc_mutex);
lock(fs_reclaim);
lock(&bc->lock);
*** DEADLOCK ***
2 locks held by syz.0.0/5323:
#0: ffff888012bdbde0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:190 [inline]
#0: ffff888012bdbde0 (&mm->mmap_lock){++++}-{4:4}, at: __mm_populate+0x1b0/0x460 mm/gup.c:2011
#1: ffffffff8ec3a200 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
#1: ffffffff8ec3a200 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xd4/0x3c0 mm/page_alloc.c:3951
stack backtrace:
CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
bch2_btree_cache_scan+0x184/0xec0 fs/bcachefs/btree_cache.c:482
do_shrink_slab+0x72d/0x1160 mm/shrinker.c:437
shrink_slab+0x1093/0x14d0 mm/shrinker.c:664
shrink_one+0x43b/0x850 mm/vmscan.c:4868
shrink_many mm/vmscan.c:4929 [inline]
lru_gen_shrink_node mm/vmscan.c:5007 [inline]
shrink_node+0x379b/0x3e20 mm/vmscan.c:5978
shrink_zones mm/vmscan.c:6237 [inline]
do_try_to_free_pages+0x78c/0x1cf0 mm/vmscan.c:6299
try_to_free_pages+0x47c/0x1050 mm/vmscan.c:6549
__perform_reclaim mm/page_alloc.c:3929 [inline]
__alloc_pages_direct_reclaim+0x178/0x3c0 mm/page_alloc.c:3951
__alloc_pages_slowpath+0x811/0x10b0 mm/page_alloc.c:4382
__alloc_frozen_pages_noprof+0x49b/0x710 mm/page_alloc.c:4752
alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270
folio_alloc_mpol_noprof+0x36/0x70 mm/mempolicy.c:2289
shmem_alloc_folio mm/shmem.c:1863 [inline]
shmem_alloc_and_add_folio+0x4a0/0x1090 mm/shmem.c:1902
shmem_get_folio_gfp+0x621/0x1840 mm/shmem.c:2522
shmem_fault+0x220/0x5b0 mm/shmem.c:2723
__do_fault+0x135/0x390 mm/memory.c:4988
do_read_fault mm/memory.c:5403 [inline]
do_fault mm/memory.c:5537 [inline]
do_pte_missing mm/memory.c:4058 [inline]
handle_pte_fault mm/memory.c:5900 [inline]
__handle_mm_fault+0x4c44/0x70f0 mm/memory.c:6043
handle_mm_fault+0x3e5/0x8d0 mm/memory.c:6212
faultin_page mm/gup.c:1196 [inline]
__get_user_pages+0x1a92/0x4140 mm/gup.c:1491
populate_vma_page_range+0x264/0x330 mm/gup.c:1929
__mm_populate+0x27a/0x460 mm/gup.c:2032
mm_populate include/linux/mm.h:3386 [inline]
vm_mmap_pgoff+0x303/0x430 mm/util.c:580
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1ad178d169
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1ad2659038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f1ad19a5fa0 RCX: 00007f1ad178d169
RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000400000000000
RBP: 00007f1ad180e2a0 R08: ffffffffffffffff R09: 0000000000000000
R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f1ad19a5fa0 R15: 00007ffe22e2ff48
syz.0.0 invoked oom-killer: gfp_mask=0x140cc2(GFP_HIGHUSER|__GFP_COMP), order=0, oom_score_adj=1000
CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
dump_header+0xdb/0x6e0 mm/oom_kill.c:467
oom_kill_process+0x3b8/0x950 mm/oom_kill.c:1040
out_of_memory+0x1016/0x12f0 mm/oom_kill.c:1160
__alloc_pages_may_oom+0x286/0x430 mm/page_alloc.c:3644
__alloc_pages_slowpath+0x968/0x10b0 mm/page_alloc.c:4431
__alloc_frozen_pages_noprof+0x49b/0x710 mm/page_alloc.c:4752
alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270
folio_alloc_mpol_noprof+0x36/0x70 mm/mempolicy.c:2289
shmem_alloc_folio mm/shmem.c:1863 [inline]
shmem_alloc_and_add_folio+0x4a0/0x1090 mm/shmem.c:1902
shmem_get_folio_gfp+0x621/0x1840 mm/shmem.c:2522
shmem_fault+0x220/0x5b0 mm/shmem.c:2723
__do_fault+0x135/0x390 mm/memory.c:4988
do_shared_fault mm/memory.c:5467 [inline]
do_fault mm/memory.c:5541 [inline]
do_pte_missing mm/memory.c:4058 [inline]
handle_pte_fault mm/memory.c:5900 [inline]
__handle_mm_fault+0x220a/0x70f0 mm/memory.c:6043
handle_mm_fault+0x3e5/0x8d0 mm/memory.c:6212
faultin_page mm/gup.c:1196 [inline]
__get_user_pages+0x1a92/0x4140 mm/gup.c:1491
__get_user_pages_locked mm/gup.c:1757 [inline]
__gup_longterm_locked+0x8b3/0x17f0 mm/gup.c:2528
gup_fast_fallback+0x2266/0x29c0 mm/gup.c:3424
pin_user_pages_fast+0xcc/0x160 mm/gup.c:3530
pfn_reader_user_pin+0xff3/0x1400 drivers/iommu/iommufd/pages.c:909
iopt_pages_fill drivers/iommu/iommufd/pages.c:1828 [inline]
iopt_pages_fill_xarray+0x81f/0x14b0 drivers/iommu/iommufd/pages.c:1895
iopt_area_add_access+0x22a/0x430 drivers/iommu/iommufd/pages.c:2141
iommufd_access_pin_pages+0x786/0xd40 drivers/iommu/iommufd/device.c:1079
iommufd_test_access_pages drivers/iommu/iommufd/selftest.c:1406 [inline]
iommufd_test+0x2fc8/0x4270 drivers/iommu/iommufd/selftest.c:1652
iommufd_fops_ioctl+0x4f9/0x5e0 drivers/iommu/iommufd/main.c:407
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1ad178d169
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1ad2659038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f1ad19a5fa0 RCX: 00007f1ad178d169
RDX: 0000400000000240 RSI: 0000000000003ba0 RDI: 0000000000000004
RBP: 00007f1ad180e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f1ad19a5fa0 R15: 00007ffe22e2ff48
Mem-Info:
active_anon:3209 inactive_anon:470 isolated_anon:0
active_file:541 inactive_file:36661 isolated_file:0
unevictable:1768 dirty:8 writeback:0
slab_reclaimable:7175 slab_unreclaimable:35015
mapped:9562 shmem:3157 pagetables:513
sec_pagetables:284 bounce:0
kernel_misc_reclaimable:0
free:23210 free_pcp:162 free_cma:0
Node 0 active_anon:1740kB inactive_anon:4kB active_file:0kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:4kB writeback:0kB shmem:1740kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3096kB pagetables:588kB sec_pagetables:1088kB all_unreclaimable? yes
Node 0 DMA free:276kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:600kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:212kB local_pcp:212kB free_cma:0kB
lowmem_reserve[]: 0 110 0 0 0
Node 0 DMA32 free:1880kB boost:0kB min:4180kB low:5224kB high:6268kB reserved_highatomic:0KB active_anon:1140kB inactive_anon:4kB active_file:0kB inactive_file:20kB unevictable:0kB writepending:4kB present:770052kB managed:113468kB mlocked:0kB bounce:0kB free_pcp:436kB local_pcp:436kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 17*16kB (U) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 276kB
Node 0 DMA32: 4*4kB (M) 3*8kB (ME) 5*16kB (ME) 9*32kB (ME) 9*64kB (UME) 5*128kB (M) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 1880kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
40439 total pagecache pages
70 pages in swap cache
Free swap = 109228kB
Total swap = 124996kB
393083 pages RAM
0 pages HighMem/MovableOnly
188157 pages reserved
0 pages cma reserved
oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz0,task=syz.0.0,pid=5323,uid=0
Out of memory (oom_kill_allocating_task): Killed process 5322 (syz.0.0) total-vm:91604kB, anon-rss:1164kB, file-rss:33956kB, shmem-rss:128kB, UID:0 pgtables:184kB oom_score_adj:1000
syz.0.0 (5323) used greatest stack depth: 10224 bytes left