sec_pagetables:284 bounce:0 kernel_misc_reclaimable:0 free:29716 free_pcp:27 free_cma:0 Node 0 active_anon:12kB inactive_anon:8kB active_file:384kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:120kB dirty:0kB writeback:0kB shmem:0kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3036kB pagetables:476kB sec_pagetables:1088kB all_unreclaimable? no Node 0 DMA free:1116kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 84 0 0 0 Node 0 DMA32 free:6500kB boost:0kB min:4292kB low:5364kB high:6436kB reserved_highatomic:0KB active_anon:84kB inactive_anon:8kB active_file:1344kB inactive_file:8kB unevictable:0kB writepending:0kB present:770052kB managed:114360kB mlocked:0kB bounce:0kB free_pcp:116kB local_pcp:116kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 3*4kB (UE) 2*8kB (UE) 4*16kB (UE) 2*32kB (UE) 1*64kB (E) 1*128kB (E) 1*256kB (E) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 1116kB Node 0 DMA32: 9*4kB (ME) 0*8kB 2*16kB (E) 37*32kB (UE) 15*64kB (UE) 13*128kB (UME) 5*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 5668kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB 39338 total pagecache pages 163 pages in swap cache Free swap = 107260kB Total swap = 124996kB 393083 pages RAM 0 pages HighMem/MovableOnly 187934 pages reserved 0 pages cma reserved Tasks state (memory values in pages): [ pid ] uid tgid total_vm rss rss_anon rss_file rss_shmem pgtables_bytes swapents oom_score_adj name [ 4725] 0 4725 899 188 32 156 0 45056 32 0 syslogd [ 4728] 0 4728 572 13 0 13 0 45056 32 0 acpid [ 4732] 0 4732 899 216 0 216 0 45056 32 0 klogd [ 4743] 0 4743 4405 559 527 32 0 61440 192 -1000 udevd [ 5023] 100 5023 1036 146 37 109 0 49152 0 0 dbus-daemon [ 5038] 101 5038 989 487 391 96 0 45056 0 0 dhcpcd [ 5039] 0 5039 849 220 103 117 0 49152 0 0 dhcpcd [ 5040] 101 5040 671 118 39 79 0 45056 0 0 dhcpcd [ 5041] 101 5041 670 86 39 47 0 45056 0 0 dhcpcd [ 5119] 0 5119 1799 380 124 256 0 61440 0 -1000 sshd [ 5122] 0 5122 899 58 32 26 0 49152 0 0 getty [ 5175] 101 5175 849 182 100 82 0 49152 0 0 dhcpcd [ 5200] 101 5200 849 182 100 82 0 49152 0 0 dhcpcd [ 5201] 101 5201 849 182 100 82 0 49152 0 0 dhcpcd [ 5203] 101 5203 849 182 100 82 0 49152 0 0 dhcpcd [ 5205] 101 5205 849 182 100 82 0 49152 0 0 dhcpcd [ 5211] 101 5211 849 182 100 82 0 49152 0 0 dhcpcd [ 5217] 101 5217 849 182 100 82 0 49152 0 0 dhcpcd [ 5225] 101 5225 849 182 100 82 0 49152 0 0 dhcpcd [ 5227] 101 5227 849 182 100 82 0 49152 0 0 dhcpcd [ 5268] 0 5268 20675 8763 160 8603 0 159744 0 0 syz-executor [ 5315] 0 5315 4405 647 575 72 0 57344 128 0 udevd [ 5317] 0 5317 4405 539 511 28 0 57344 160 0 udevd [ 5318] 0 5318 22724 8673 155 8518 0 159744 0 0 syz-executor [ 5332] 0 5332 22790 8694 207 8487 0 176128 0 1000 syz.0.0 oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz.0.0,pid=5332,uid=0 Out of memory: Killed process 5332 (syz.0.0) total-vm:91160kB, anon-rss:828kB, file-rss:33948kB, shmem-rss:0kB, UID:0 pgtables:172kB oom_score_adj:1000 ====================================================== WARNING: possible circular locking dependency detected 6.12.0-syzkaller-09567-g7eef7e306d3c #0 Not tainted ------------------------------------------------------ syz.0.0/5333 is trying to acquire lock: ffffffff8ea1f408 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x293/0x1750 mm/percpu.c:1795 but task is already holding lock: ffff888052e01c50 (&bc->lock){+.+.}-{4:4}, at: bch2_btree_node_mem_alloc+0x559/0x1710 fs/bcachefs/btree_cache.c:802 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&bc->lock){+.+.}-{4:4}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735 bch2_btree_cache_scan+0x184/0xed0 fs/bcachefs/btree_cache.c:480 do_shrink_slab+0x701/0x1160 mm/shrinker.c:437 shrink_slab+0x1093/0x14d0 mm/shrinker.c:664 shrink_one+0x43b/0x850 mm/vmscan.c:4836 shrink_many mm/vmscan.c:4897 [inline] lru_gen_shrink_node mm/vmscan.c:4975 [inline] shrink_node+0x37c5/0x3e50 mm/vmscan.c:5956 kswapd_shrink_node mm/vmscan.c:6785 [inline] balance_pgdat mm/vmscan.c:6977 [inline] kswapd+0x1ca9/0x3700 mm/vmscan.c:7246 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #1 (fs_reclaim){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __fs_reclaim_acquire mm/page_alloc.c:3851 [inline] fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3865 might_alloc include/linux/sched/mm.h:318 [inline] slab_pre_alloc_hook mm/slub.c:4055 [inline] slab_alloc_node mm/slub.c:4133 [inline] __do_kmalloc_node mm/slub.c:4282 [inline] __kmalloc_noprof+0xae/0x4c0 mm/slub.c:4295 kmalloc_noprof include/linux/slab.h:905 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] pcpu_mem_zalloc mm/percpu.c:510 [inline] pcpu_alloc_chunk mm/percpu.c:1443 [inline] pcpu_create_chunk+0x57/0xbc0 mm/percpu-vm.c:338 pcpu_balance_populated mm/percpu.c:2076 [inline] pcpu_balance_workfn+0xc4d/0xd40 mm/percpu.c:2213 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735 pcpu_alloc_noprof+0x293/0x1750 mm/percpu.c:1795 __six_lock_init+0x104/0x150 fs/bcachefs/six.c:869 bch2_btree_lock_init+0x38/0x100 fs/bcachefs/btree_locking.c:12 bch2_btree_node_mem_alloc+0x565/0x1710 fs/bcachefs/btree_cache.c:805 __bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:321 [inline] bch2_btree_reserve_get+0x2df/0x1890 fs/bcachefs/btree_update_interior.c:549 bch2_btree_update_start+0x115d/0x14e0 fs/bcachefs/btree_update_interior.c:1266 bch2_btree_split_leaf+0x123/0x840 fs/bcachefs/btree_update_interior.c:1856 bch2_trans_commit_error+0x212/0x1390 fs/bcachefs/btree_trans_commit.c:942 __bch2_trans_commit+0x7ead/0x93c0 fs/bcachefs/btree_trans_commit.c:1140 wb_flush_one fs/bcachefs/btree_write_buffer.c:183 [inline] bch2_btree_write_buffer_flush_locked+0x2af9/0x5a20 fs/bcachefs/btree_write_buffer.c:379 btree_write_buffer_flush_seq+0x1b23/0x1cc0 fs/bcachefs/btree_write_buffer.c:517 bch2_btree_write_buffer_journal_flush+0xc7/0x150 fs/bcachefs/btree_write_buffer.c:533 journal_flush_pins+0x5f7/0xb20 fs/bcachefs/journal_reclaim.c:565 journal_flush_done+0x8e/0x260 fs/bcachefs/journal_reclaim.c:819 bch2_journal_flush_pins+0x18a/0x3a0 fs/bcachefs/journal_reclaim.c:852 bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline] bch2_journal_replay+0x270f/0x2a40 fs/bcachefs/recovery.c:383 bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:191 bch2_run_recovery_passes+0x3a7/0x880 fs/bcachefs/recovery_passes.c:244 bch2_fs_recovery+0x25cc/0x39d0 fs/bcachefs/recovery.c:861 bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037 bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2170 vfs_get_tree+0x90/0x2b0 fs/super.c:1814 do_new_mount+0x2be/0xb40 fs/namespace.c:3507 do_mount fs/namespace.c:3847 [inline] __do_sys_mount fs/namespace.c:4057 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: pcpu_alloc_mutex --> fs_reclaim --> &bc->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&bc->lock); lock(fs_reclaim); lock(&bc->lock); lock(pcpu_alloc_mutex); *** DEADLOCK *** 6 locks held by syz.0.0/5333: #0: ffff888052e00278 (&c->state_lock){+.+.}-{4:4}, at: bch2_fs_start+0x45/0x5b0 fs/bcachefs/super.c:1007 #1: ffff888052e4b0a8 (&j->reclaim_lock){+.+.}-{4:4}, at: journal_flush_done+0x79/0x260 fs/bcachefs/journal_reclaim.c:817 #2: ffff888052e04398 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:158 [inline] #2: ffff888052e04398 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:249 [inline] #2: ffff888052e04398 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x7e1/0xd30 fs/bcachefs/btree_iter.c:3228 #3: ffff888052e04740 (&wb->flushing.lock){+.+.}-{4:4}, at: btree_write_buffer_flush_seq+0x1b19/0x1cc0 fs/bcachefs/btree_write_buffer.c:516 #4: ffff888052e266d0 (&c->gc_lock){++++}-{4:4}, at: bch2_btree_update_start+0x682/0x14e0 fs/bcachefs/btree_update_interior.c:1197 #5: ffff888052e01c50 (&bc->lock){+.+.}-{4:4}, at: bch2_btree_node_mem_alloc+0x559/0x1710 fs/bcachefs/btree_cache.c:802 stack backtrace: CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735 pcpu_alloc_noprof+0x293/0x1750 mm/percpu.c:1795 __six_lock_init+0x104/0x150 fs/bcachefs/six.c:869 bch2_btree_lock_init+0x38/0x100 fs/bcachefs/btree_locking.c:12 bch2_btree_node_mem_alloc+0x565/0x1710 fs/bcachefs/btree_cache.c:805 __bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:321 [inline] bch2_btree_reserve_get+0x2df/0x1890 fs/bcachefs/btree_update_interior.c:549 bch2_btree_update_start+0x115d/0x14e0 fs/bcachefs/btree_update_interior.c:1266 bch2_btree_split_leaf+0x123/0x840 fs/bcachefs/btree_update_interior.c:1856 bch2_trans_commit_error+0x212/0x1390 fs/bcachefs/btree_trans_commit.c:942 __bch2_trans_commit+0x7ead/0x93c0 fs/bcachefs/btree_trans_commit.c:1140 wb_flush_one fs/bcachefs/btree_write_buffer.c:183 [inline] bch2_btree_write_buffer_flush_locked+0x2af9/0x5a20 fs/bcachefs/btree_write_buffer.c:379 btree_write_buffer_flush_seq+0x1b23/0x1cc0 fs/bcachefs/btree_write_buffer.c:517 bch2_btree_write_buffer_journal_flush+0xc7/0x150 fs/bcachefs/btree_write_buffer.c:533 journal_flush_pins+0x5f7/0xb20 fs/bcachefs/journal_reclaim.c:565 journal_flush_done+0x8e/0x260 fs/bcachefs/journal_reclaim.c:819 bch2_journal_flush_pins+0x18a/0x3a0 fs/bcachefs/journal_reclaim.c:852 bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline] bch2_journal_replay+0x270f/0x2a40 fs/bcachefs/recovery.c:383 bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:191 bch2_run_recovery_passes+0x3a7/0x880 fs/bcachefs/recovery_passes.c:244 bch2_fs_recovery+0x25cc/0x39d0 fs/bcachefs/recovery.c:861 bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037 bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2170 vfs_get_tree+0x90/0x2b0 fs/super.c:1814 do_new_mount+0x2be/0xb40 fs/namespace.c:3507 do_mount fs/namespace.c:3847 [inline] __do_sys_mount fs/namespace.c:4057 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4fd7b800ba Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4fd8a27e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f4fd8a27ef0 RCX: 00007f4fd7b800ba RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 00007f4fd8a27eb0 RBP: 00000000200000c0 R08: 00007f4fd8a27ef0 R09: 0000000000800000 R10: 0000000000800000 R11: 0000000000000246 R12: 0000000020000000 R13: 00007f4fd8a27eb0 R14: 0000000000005903 R15: 0000000020000200 done bcachefs (loop0): check_alloc_info... done bcachefs (loop0): check_lrus... done bcachefs (loop0): check_btree_backpointers... done bcachefs (loop0): check_backpointers_to_extents... done bcachefs (loop0): check_extents_to_backpointers... done bcachefs (loop0): check_alloc_to_lru_refs... done bcachefs (loop0): bucket_gens_init... done bcachefs (loop0): check_snapshot_trees... done bcachefs (loop0): check_snapshots... snapshot points to missing/incorrect tree: u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: is_subvol 1 deleted 0 parent 0 children 0 0 subvol 1 tree 0, fixing done bcachefs (loop0): check_subvols... done bcachefs (loop0): check_subvol_children... done bcachefs (loop0): delete_dead_snapshots... done bcachefs (loop0): check_inodes... done bcachefs (loop0): check_extents... done bcachefs (loop0): check_indirect_extents... done bcachefs (loop0): check_dirents... done bcachefs (loop0): check_xattrs... done bcachefs (loop0): check_root... done bcachefs (loop0): check_unreachable_inodes... done bcachefs (loop0): check_subvolume_structure... done bcachefs (loop0): check_directory_structure... done bcachefs (loop0): check_nlinks... inode 536870914 type reg has wrong i_nlink (2780562353, should be 1), fixing done bcachefs (loop0): resume_logged_ops... done bcachefs (loop0): delete_dead_inodes... done bcachefs (loop0): set_fs_needs_rebalance... done bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean bcachefs (loop0): check_alloc_info... done bcachefs (loop0): check_lrus... done bcachefs (loop0): check_btree_backpointers... done bcachefs (loop0): check_backpointers_to_extents... done bcachefs (loop0): check_extents_to_backpointers... done bcachefs (loop0): check_alloc_to_lru_refs... done bcachefs (loop0): bucket_gens_init... done bcachefs (loop0): check_snapshot_trees... done bcachefs (loop0): check_snapshots... done bcachefs (loop0): check_subvols... done bcachefs (loop0): check_subvol_children... done bcachefs (loop0): delete_dead_snapshots... done bcachefs (loop0): check_inodes... done bcachefs (loop0): check_extents... done bcachefs (loop0): check_indirect_extents... done bcachefs (loop0): check_dirents... done bcachefs (loop0): check_xattrs... done bcachefs (loop0): check_root... done bcachefs (loop0): check_unreachable_inodes... done bcachefs (loop0): check_subvolume_structure... done bcachefs (loop0): check_directory_structure... done bcachefs (loop0): check_nlinks... done bcachefs (loop0): resume_logged_ops... done bcachefs (loop0): delete_dead_inodes... done bcachefs (loop0): set_fs_needs_rebalance... done bcachefs (loop0): done starting filesystem bcachefs (loop0): shutting down bcachefs (loop0): going read-only bcachefs (loop0): finished waiting for writes to stop bcachefs (loop0): flushing journal and stopping allocators, journal seq 39 bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 40 bcachefs (loop0): shutdown complete, journal seq 41 bcachefs (loop0): marking filesystem clean bcachefs (loop0): shutdown complete syz.0.0 (5333) used greatest stack depth: 4656 bytes left