bp_start 8 incorrectly set at freespace:0:34:0 (free 0, genbits 0 should be 0), fixing ============================================ WARNING: possible recursive locking detected 6.12.0-next-20241120-syzkaller #0 Not tainted -------------------------------------------- syz.0.18/5994 is trying to acquire lock: ffff88806a59dc38 (&wp->lock){+.+.}-{4:4}, at: bch2_trans_mutex_lock_norelock fs/bcachefs/alloc_foreground.c:43 [inline] ffff88806a59dc38 (&wp->lock){+.+.}-{4:4}, at: writepoint_find fs/bcachefs/alloc_foreground.c:1229 [inline] ffff88806a59dc38 (&wp->lock){+.+.}-{4:4}, at: bch2_alloc_sectors_start_trans+0x956/0x2030 fs/bcachefs/alloc_foreground.c:1335 but task is already holding lock: ffff88806a59dc38 (&wp->lock){+.+.}-{4:4}, at: bch2_trans_mutex_lock_norelock fs/bcachefs/alloc_foreground.c:41 [inline] ffff88806a59dc38 (&wp->lock){+.+.}-{4:4}, at: writepoint_find fs/bcachefs/alloc_foreground.c:1229 [inline] ffff88806a59dc38 (&wp->lock){+.+.}-{4:4}, at: bch2_alloc_sectors_start_trans+0x2e8/0x2030 fs/bcachefs/alloc_foreground.c:1335 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&wp->lock); lock(&wp->lock); *** DEADLOCK *** May be due to missing lock nesting notation 7 locks held by syz.0.18/5994: #0: ffff88806a580278 (&c->state_lock){+.+.}-{4:4}, at: bch2_fs_start+0x45/0x610 fs/bcachefs/super.c:1006 #1: ffff88806a5caee8 (&j->reclaim_lock){+.+.}-{4:4}, at: journal_flush_done+0x79/0x260 fs/bcachefs/journal_reclaim.c:819 #2: ffff88806a584750 (&wb->flushing.lock){+.+.}-{4:4}, at: btree_write_buffer_flush_seq+0x1b19/0x1cc0 fs/bcachefs/btree_write_buffer.c:516 #3: ffff88806a5843a8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:158 [inline] #3: ffff88806a5843a8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:249 [inline] #3: ffff88806a5843a8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: bch2_trans_srcu_lock+0x9a/0x1a0 fs/bcachefs/btree_iter.c:3174 #4: ffff88806a5a6710 (&c->gc_lock){++++}-{4:4}, at: bch2_btree_update_start+0x682/0x14e0 fs/bcachefs/btree_update_interior.c:1191 #5: ffff88806a59dc38 (&wp->lock){+.+.}-{4:4}, at: bch2_trans_mutex_lock_norelock fs/bcachefs/alloc_foreground.c:41 [inline] #5: ffff88806a59dc38 (&wp->lock){+.+.}-{4:4}, at: writepoint_find fs/bcachefs/alloc_foreground.c:1229 [inline] #5: ffff88806a59dc38 (&wp->lock){+.+.}-{4:4}, at: bch2_alloc_sectors_start_trans+0x2e8/0x2030 fs/bcachefs/alloc_foreground.c:1335 #6: ffff88806a5a6710 (&c->gc_lock){++++}-{4:4}, at: bch2_btree_update_start+0x682/0x14e0 fs/bcachefs/btree_update_interior.c:1191 stack backtrace: CPU: 0 UID: 0 PID: 5994 Comm: syz.0.18 Not tainted 6.12.0-next-20241120-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037 check_deadlock kernel/locking/lockdep.c:3089 [inline] validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735 bch2_trans_mutex_lock_norelock fs/bcachefs/alloc_foreground.c:43 [inline] writepoint_find fs/bcachefs/alloc_foreground.c:1229 [inline] bch2_alloc_sectors_start_trans+0x956/0x2030 fs/bcachefs/alloc_foreground.c:1335 __bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:333 [inline] bch2_btree_reserve_get+0x612/0x1890 fs/bcachefs/btree_update_interior.c:543 bch2_btree_update_start+0xe56/0x14e0 fs/bcachefs/btree_update_interior.c:1241 bch2_btree_split_leaf+0x121/0x880 fs/bcachefs/btree_update_interior.c:1857 bch2_trans_commit_error+0x212/0x1390 fs/bcachefs/btree_trans_commit.c:918 __bch2_trans_commit+0x7f95/0x9520 fs/bcachefs/btree_trans_commit.c:1095 bch2_trans_commit fs/bcachefs/btree_update.h:182 [inline] bch2_check_discard_freespace_key+0xba7/0x1120 fs/bcachefs/alloc_background.c:1385 try_alloc_bucket fs/bcachefs/alloc_foreground.c:287 [inline] bch2_bucket_alloc_freelist fs/bcachefs/alloc_foreground.c:443 [inline] bch2_bucket_alloc_trans+0x1584/0x2fd0 fs/bcachefs/alloc_foreground.c:570 bch2_bucket_alloc_set_trans+0x517/0xd30 fs/bcachefs/alloc_foreground.c:730 __open_bucket_add_buckets+0x13d0/0x1ec0 fs/bcachefs/alloc_foreground.c:979 open_bucket_add_buckets+0x33a/0x410 fs/bcachefs/alloc_foreground.c:1023 bch2_alloc_sectors_start_trans+0xce9/0x2030 __bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:333 [inline] bch2_btree_reserve_get+0x612/0x1890 fs/bcachefs/btree_update_interior.c:543 bch2_btree_update_start+0xe56/0x14e0 fs/bcachefs/btree_update_interior.c:1241 bch2_btree_split_leaf+0x121/0x880 fs/bcachefs/btree_update_interior.c:1857 bch2_trans_commit_error+0x212/0x1390 fs/bcachefs/btree_trans_commit.c:918 __bch2_trans_commit+0x7f95/0x9520 fs/bcachefs/btree_trans_commit.c:1095 wb_flush_one fs/bcachefs/btree_write_buffer.c:183 [inline] bch2_btree_write_buffer_flush_locked+0x2b4e/0x5a60 fs/bcachefs/btree_write_buffer.c:379 btree_write_buffer_flush_seq+0x1b23/0x1cc0 fs/bcachefs/btree_write_buffer.c:517 bch2_btree_write_buffer_journal_flush+0xc7/0x150 fs/bcachefs/btree_write_buffer.c:533 journal_flush_pins+0x5f7/0xb20 fs/bcachefs/journal_reclaim.c:565 journal_flush_done+0x8e/0x260 fs/bcachefs/journal_reclaim.c:821 bch2_journal_flush_pins+0x225/0x3a0 fs/bcachefs/journal_reclaim.c:854 bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline] bch2_journal_replay+0x2744/0x2a70 fs/bcachefs/recovery.c:422 bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:222 bch2_run_recovery_passes+0x290/0x9f0 fs/bcachefs/recovery_passes.c:285 bch2_fs_recovery+0x2666/0x3a90 fs/bcachefs/recovery.c:898 bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1037 bch2_fs_get_tree+0xd8d/0x1740 fs/bcachefs/fs.c:2183 vfs_get_tree+0x90/0x2b0 fs/super.c:1814 do_new_mount+0x2be/0xb40 fs/namespace.c:3507 do_mount fs/namespace.c:3847 [inline] __do_sys_mount fs/namespace.c:4057 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb7b357ffba Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb7b13f5e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007fb7b13f5ef0 RCX: 00007fb7b357ffba RDX: 00000000200058c0 RSI: 0000000020005900 RDI: 00007fb7b13f5eb0 RBP: 00000000200058c0 R08: 00007fb7b13f5ef0 R09: 0000000001000000 R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020005900 R13: 00007fb7b13f5eb0 R14: 0000000000005933 R15: 00000000200001c0