loop0: detected capacity change from 0 to 32768 bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=gzip,journal_flush_disabled,fsck,nojournal_transaction_names,reconstruct_alloc,no_data_io bcachefs (loop0): recovering from clean shutdown, journal seq 10 bcachefs (loop0): Version upgrade required: Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete Doing incompatible version upgrade from 0.24: unwritten_extents to 1.20: directory_size running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance bcachefs (loop0): dropping and reconstructing all alloc info bcachefs (loop0): accounting_read... done bcachefs (loop0): alloc_read... done bcachefs (loop0): stripes_read... done bcachefs (loop0): snapshots_read... done bcachefs (loop0): check_allocations... done bcachefs (loop0): going read-write bcachefs (loop0): journal_replay... ====================================================== WARNING: possible circular locking dependency detected 6.13.0-syzkaller-07644-gc2da8b3f914f #0 Not tainted ------------------------------------------------------ syz.0.0/5318 is trying to acquire lock: ffffffff8ea1bc48 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x293/0x1760 mm/percpu.c:1795 but task is already holding lock: ffff888053681c68 (&bc->lock){+.+.}-{4:4}, at: bch2_btree_node_mem_alloc+0x559/0x16f0 fs/bcachefs/btree_cache.c:801 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&bc->lock){+.+.}-{4:4}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730 bch2_btree_cache_scan+0x184/0xec0 fs/bcachefs/btree_cache.c:479 do_shrink_slab+0x72d/0x1160 mm/shrinker.c:437 shrink_slab+0x1093/0x14d0 mm/shrinker.c:664 shrink_one+0x43b/0x850 mm/vmscan.c:4846 shrink_many mm/vmscan.c:4907 [inline] lru_gen_shrink_node mm/vmscan.c:4985 [inline] shrink_node+0x37c5/0x3e50 mm/vmscan.c:5966 kswapd_shrink_node mm/vmscan.c:6795 [inline] balance_pgdat mm/vmscan.c:6987 [inline] kswapd+0x1c28/0x3670 mm/vmscan.c:7252 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #1 (fs_reclaim){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 __fs_reclaim_acquire mm/page_alloc.c:3853 [inline] fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3867 might_alloc include/linux/sched/mm.h:318 [inline] slab_pre_alloc_hook mm/slub.c:4070 [inline] slab_alloc_node mm/slub.c:4148 [inline] __do_kmalloc_node mm/slub.c:4297 [inline] __kmalloc_noprof+0xae/0x4c0 mm/slub.c:4310 kmalloc_noprof include/linux/slab.h:905 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] pcpu_mem_zalloc mm/percpu.c:510 [inline] pcpu_alloc_chunk mm/percpu.c:1443 [inline] pcpu_create_chunk+0x57/0xbc0 mm/percpu-vm.c:338 pcpu_balance_populated mm/percpu.c:2076 [inline] pcpu_balance_workfn+0xc4d/0xd40 mm/percpu.c:2213 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317 worker_thread+0x870/0xd30 kernel/workqueue.c:3398 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3163 [inline] check_prevs_add kernel/locking/lockdep.c:3282 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730 pcpu_alloc_noprof+0x293/0x1760 mm/percpu.c:1795 __six_lock_init+0x104/0x150 fs/bcachefs/six.c:876 bch2_btree_lock_init+0x38/0x100 fs/bcachefs/btree_locking.c:12 bch2_btree_node_mem_alloc+0x565/0x16f0 fs/bcachefs/btree_cache.c:804 __bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:304 [inline] bch2_btree_reserve_get+0x2df/0x1890 fs/bcachefs/btree_update_interior.c:532 bch2_btree_update_start+0xe56/0x14e0 fs/bcachefs/btree_update_interior.c:1230 bch2_btree_split_leaf+0x121/0x880 fs/bcachefs/btree_update_interior.c:1851 bch2_trans_commit_error+0x212/0x1380 fs/bcachefs/btree_trans_commit.c:908 __bch2_trans_commit+0x8126/0x97a0 fs/bcachefs/btree_trans_commit.c:1085 bch2_trans_commit fs/bcachefs/btree_update.h:183 [inline] bch2_journal_replay+0x1a18/0x2a70 fs/bcachefs/recovery.c:374 bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:226 bch2_run_recovery_passes+0x2ad/0xa90 fs/bcachefs/recovery_passes.c:291 bch2_fs_recovery+0x265a/0x3de0 fs/bcachefs/recovery.c:937 bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1030 bch2_fs_get_tree+0xd8d/0x1740 fs/bcachefs/fs.c:2203 vfs_get_tree+0x90/0x2b0 fs/super.c:1814 do_new_mount+0x2be/0xb40 fs/namespace.c:3560 do_mount fs/namespace.c:3900 [inline] __do_sys_mount fs/namespace.c:4111 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4088 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: pcpu_alloc_mutex --> fs_reclaim --> &bc->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&bc->lock); lock(fs_reclaim); lock(&bc->lock); lock(pcpu_alloc_mutex); *** DEADLOCK *** 4 locks held by syz.0.0/5318: #0: ffff888053680278 (&c->state_lock){+.+.}-{4:4}, at: bch2_fs_start+0x45/0x610 fs/bcachefs/super.c:999 #1: ffff888053684378 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:164 [inline] #1: ffff888053684378 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:256 [inline] #1: ffff888053684378 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x7e4/0xd30 fs/bcachefs/btree_iter.c:3378 #2: ffff8880536a66d0 (&c->gc_lock){++++}-{4:4}, at: bch2_btree_update_start+0x682/0x14e0 fs/bcachefs/btree_update_interior.c:1180 #3: ffff888053681c68 (&bc->lock){+.+.}-{4:4}, at: bch2_btree_node_mem_alloc+0x559/0x16f0 fs/bcachefs/btree_cache.c:801 stack backtrace: CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208 check_prev_add kernel/locking/lockdep.c:3163 [inline] check_prevs_add kernel/locking/lockdep.c:3282 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730 pcpu_alloc_noprof+0x293/0x1760 mm/percpu.c:1795 __six_lock_init+0x104/0x150 fs/bcachefs/six.c:876 bch2_btree_lock_init+0x38/0x100 fs/bcachefs/btree_locking.c:12 bch2_btree_node_mem_alloc+0x565/0x16f0 fs/bcachefs/btree_cache.c:804 __bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:304 [inline] bch2_btree_reserve_get+0x2df/0x1890 fs/bcachefs/btree_update_interior.c:532 bch2_btree_update_start+0xe56/0x14e0 fs/bcachefs/btree_update_interior.c:1230 bch2_btree_split_leaf+0x121/0x880 fs/bcachefs/btree_update_interior.c:1851 bch2_trans_commit_error+0x212/0x1380 fs/bcachefs/btree_trans_commit.c:908 __bch2_trans_commit+0x8126/0x97a0 fs/bcachefs/btree_trans_commit.c:1085 bch2_trans_commit fs/bcachefs/btree_update.h:183 [inline] bch2_journal_replay+0x1a18/0x2a70 fs/bcachefs/recovery.c:374 bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:226 bch2_run_recovery_passes+0x2ad/0xa90 fs/bcachefs/recovery_passes.c:291 bch2_fs_recovery+0x265a/0x3de0 fs/bcachefs/recovery.c:937 bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1030 bch2_fs_get_tree+0xd8d/0x1740 fs/bcachefs/fs.c:2203 vfs_get_tree+0x90/0x2b0 fs/super.c:1814 do_new_mount+0x2be/0xb40 fs/namespace.c:3560 do_mount fs/namespace.c:3900 [inline] __do_sys_mount fs/namespace.c:4111 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4088 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fe84c38e4ca Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fe84d27be68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007fe84d27bef0 RCX: 00007fe84c38e4ca RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 00007fe84d27beb0 RBP: 00000000200000c0 R08: 00007fe84d27bef0 R09: 0000000000800000 R10: 0000000000800000 R11: 0000000000000246 R12: 0000000020000000 R13: 00007fe84d27beb0 R14: 0000000000005903 R15: 0000000020000200 done bcachefs (loop0): check_alloc_info... done bcachefs (loop0): check_lrus... done bcachefs (loop0): check_btree_backpointers... done bcachefs (loop0): check_backpointers_to_extents... done bcachefs (loop0): check_extents_to_backpointers... bcachefs (loop0): scanning for missing backpointers in 9/128 buckets done bcachefs (loop0): check_alloc_to_lru_refs... done bcachefs (loop0): bucket_gens_init... done bcachefs (loop0): check_snapshot_trees... done bcachefs (loop0): check_snapshots... snapshot points to missing/incorrect tree: u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: is_subvol 1 deleted 0 parent 0 children 0 0 subvol 1 tree 0, fixing done bcachefs (loop0): check_subvols... done bcachefs (loop0): check_subvol_children... done bcachefs (loop0): delete_dead_snapshots... done bcachefs (loop0): check_inodes... done bcachefs (loop0): check_extents... done bcachefs (loop0): check_indirect_extents... done bcachefs (loop0): check_dirents... done bcachefs (loop0): check_xattrs... done bcachefs (loop0): check_root... done bcachefs (loop0): check_unreachable_inodes... done bcachefs (loop0): check_subvolume_structure... done bcachefs (loop0): check_directory_structure... done bcachefs (loop0): check_nlinks... inode 536870914 type reg has wrong i_nlink (2780562353, should be 1), fixing done bcachefs (loop0): resume_logged_ops... done bcachefs (loop0): delete_dead_inodes... done bcachefs (loop0): set_fs_needs_rebalance... done bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean bcachefs (loop0): check_alloc_info... done bcachefs (loop0): check_lrus... done bcachefs (loop0): check_btree_backpointers... done bcachefs (loop0): check_backpointers_to_extents... done bcachefs (loop0): check_extents_to_backpointers... done bcachefs (loop0): check_alloc_to_lru_refs... done bcachefs (loop0): bucket_gens_init... done bcachefs (loop0): check_snapshot_trees... done bcachefs (loop0): check_snapshots... done bcachefs (loop0): check_subvols... done bcachefs (loop0): check_subvol_children... done bcachefs (loop0): delete_dead_snapshots... done bcachefs (loop0): check_inodes... done bcachefs (loop0): check_extents... done bcachefs (loop0): check_indirect_extents... done bcachefs (loop0): check_dirents... done bcachefs (loop0): check_xattrs... done bcachefs (loop0): check_root... done bcachefs (loop0): check_unreachable_inodes... done bcachefs (loop0): check_subvolume_structure... done bcachefs (loop0): check_directory_structure... done bcachefs (loop0): check_nlinks... done bcachefs (loop0): resume_logged_ops... done bcachefs (loop0): delete_dead_inodes... done bcachefs (loop0): set_fs_needs_rebalance... done bcachefs (loop0): done starting filesystem syz.0.0 (5318) used greatest stack depth: 10768 bytes left