syzbot


INFO: rcu detected stall in bch2_read_iter

Status: auto-obsoleted due to no activity on 2024/07/26 22:10
Subsystems: bcachefs
[Documentation on labels]
First crash: 267d, last: 267d

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P35/1:b..l P16301/1:b..l P5873/2:b..l P16293/1:b..l
rcu: 	(detected by 1, t=10503 jiffies, g=127625, q=325 ncpus=2)
task:syz-executor.1  state:R  running task     stack:25296 pid:16293 tgid:16290 ppid:15402  flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 preempt_schedule_common+0x84/0xd0 kernel/sched/core.c:6924
 preempt_schedule+0xe1/0xf0 kernel/sched/core.c:6948
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 unwind_next_frame+0x2124/0x2a00 arch/x86/kernel/unwind_orc.c:672
 arch_stack_walk+0x151/0x1b0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122
 save_stack+0xfb/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x75/0x3f0 mm/page_owner.c:297
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1088 [inline]
 free_unref_folios+0xf23/0x19e0 mm/page_alloc.c:2650
 folios_put_refs+0x93a/0xa60 mm/swap.c:1024
 folio_batch_release include/linux/pagevec.h:101 [inline]
 shmem_undo_range+0x6de/0x1df0 mm/shmem.c:1005
 shmem_truncate_range mm/shmem.c:1114 [inline]
 shmem_evict_inode+0x29b/0xa60 mm/shmem.c:1242
 evict+0x2a8/0x630 fs/inode.c:667
 __dentry_kill+0x20d/0x630 fs/dcache.c:603
 dput+0x19f/0x2b0 fs/dcache.c:845
 __fput+0x68c/0x8b0 fs/file_table.c:430
 task_work_run+0x24f/0x310 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa27/0x27e0 kernel/exit.c:874
 do_group_exit+0x207/0x2c0 kernel/exit.c:1023
 get_signal+0x16a1/0x1740 kernel/signal.c:2909
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f769187bc2f
RSP: 002b:00007f7692656e80 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: 0000000000b98000 RBX: 00000000013bd7ef RCX: 00007f769187bc2f
RDX: 00000000013bd7ef RSI: 00007f7687600000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000550e
R10: 0000000020005d82 R11: 0000000000000293 R12: 0000000000000003
R13: 00007f7692656f80 R14: 00007f7692656f40 R15: 00007f7687600000
 </TASK>
task:syz-executor.2  state:R  running task     stack:14240 pid:5873  tgid:5872  ppid:5112   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:7067
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758
Code: 2b 00 74 08 4c 89 f7 e8 0a 95 89 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc90004756fc0 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff920008eae04 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: ffffffff8bcacc20 RDI: ffffffff8c1fe6c0
RBP: ffffc90004757108 R08: ffffffff92fb6587 R09: 1ffffffff25f6cb0
R10: dffffc0000000000 R11: fffffbfff25f6cb1 R12: 1ffff920008eae00
R13: dffffc0000000000 R14: ffffc90004757020 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 rcu_read_lock include/linux/rcupdate.h:781 [inline]
 percpu_ref_tryget_many include/linux/percpu-refcount.h:241 [inline]
 percpu_ref_tryget include/linux/percpu-refcount.h:266 [inline]
 bch2_dev_get_ioref fs/bcachefs/sb-members.h:268 [inline]
 __bch2_read_extent+0x5de/0x4690 fs/bcachefs/io_read.c:838
 __bch2_read+0x10d3/0x2090 fs/bcachefs/io_read.c:1170
 bch2_read fs/bcachefs/io_read.h:138 [inline]
 bch2_direct_IO_read fs/bcachefs/fs-io-direct.c:160 [inline]
 bch2_read_iter+0xce1/0x1430 fs/bcachefs/fs-io-direct.c:201
 do_iter_readv_writev+0x5a4/0x800
 vfs_readv+0x2b6/0xa90 fs/read_write.c:932
 do_preadv fs/read_write.c:1049 [inline]
 __do_sys_preadv2 fs/read_write.c:1111 [inline]
 __se_sys_preadv2+0x1ca/0x2d0 fs/read_write.c:1102
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3ecd47cee9
RSP: 002b:00007f3eccfff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000147
RAX: ffffffffffffffda RBX: 00007f3ecd5b3f80 RCX: 00007f3ecd47cee9
RDX: 1000000000000035 RSI: 00000000200000c0 RDI: 0000000000000004
RBP: 00007f3ecd4c947f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f3ecd5b3f80 R15: 00007fff299fa808
 </TASK>
task:syz-executor.0  state:R  running task     stack:23296 pid:16301 tgid:16300 ppid:14016  flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 preempt_schedule_common+0x84/0xd0 kernel/sched/core.c:6924
 preempt_schedule+0xe1/0xf0 kernel/sched/core.c:6948
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3e/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 finish_fault+0x739/0xde0 mm/memory.c:4796
 do_read_fault mm/memory.c:4930 [inline]
 do_fault mm/memory.c:5056 [inline]
 do_pte_missing mm/memory.c:3903 [inline]
 handle_pte_fault+0x3db5/0x7130 mm/memory.c:5380
 __handle_mm_fault mm/memory.c:5523 [inline]
 handle_mm_fault+0x10df/0x1ba0 mm/memory.c:5688
 faultin_page mm/gup.c:1290 [inline]
 __get_user_pages+0x6ef/0x1590 mm/gup.c:1589
 populate_vma_page_range+0x264/0x330 mm/gup.c:2029
 __mm_populate+0x27a/0x460 mm/gup.c:2132
 mm_populate include/linux/mm.h:3464 [inline]
 vm_mmap_pgoff+0x2c3/0x3d0 mm/util.c:578
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0ef787cee9
RSP: 002b:00007f0ef85bd0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f0ef79b3f80 RCX: 00007f0ef787cee9
RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000
RBP: 00007f0ef78c947f R08: ffffffffffffffff R09: 0000000000000000
R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f0ef79b3f80 R15: 00007ffe9d3ad3b8
 </TASK>
task:kworker/u8:2    state:R  running task     stack:19824 pid:35    tgid:35    ppid:2      flags:0x00004000
Workqueue: bat_events batadv_nc_worker
Call Trace:
 <TASK>
 </TASK>
rcu: rcu_preempt kthread starved for 10584 jiffies! g127625 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:24400 pid:17    tgid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_timeout+0x1be/0x310 kernel/time/timer.c:2581
 rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2000
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2202
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 15402 Comm: syz-executor.1 Not tainted 6.9.0-next-20240523-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:debug_lockdep_rcu_enabled+0x0/0x40 kernel/rcu/update.c:319
Code: ca 8b 48 c7 c6 60 dd ca 8b e8 5c a7 cd f5 90 0f 0b 90 90 90 eb c6 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 31 c0 83 3d b7 96 22 04 00 74 1e 83 3d 06 c8 22 04 00
RSP: 0018:ffffc90004707258 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffea0001ac9780 RCX: ffff888057b7da00
RDX: dffffc0000000000 RSI: ffffffff8c1fe6a0 RDI: ffffea0001ac9780
RBP: ffff88813fffa000 R08: ffffffff92fb6587 R09: 1ffffffff25f6cb0
R10: dffffc0000000000 R11: fffffbfff25f6cb1 R12: ffffffff8203890d
R13: dffffc0000000000 R14: dffffc0000000000 R15: 0000000000000012
FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa7d4fc8f00 CR3: 0000000065a42000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 rcu_read_unlock include/linux/rcupdate.h:810 [inline]
 __lruvec_stat_mod_folio+0x217/0x300 mm/memcontrol.c:1066
 __folio_remove_rmap mm/rmap.c:1556 [inline]
 folio_remove_rmap_ptes+0x2bf/0x4f0 mm/rmap.c:1595
 zap_present_folio_ptes mm/memory.c:1505 [inline]
 zap_present_ptes mm/memory.c:1570 [inline]
 zap_pte_range mm/memory.c:1612 [inline]
 zap_pmd_range mm/memory.c:1730 [inline]
 zap_pud_range mm/memory.c:1759 [inline]
 zap_p4d_range mm/memory.c:1780 [inline]
 unmap_page_range+0x191f/0x4d00 mm/memory.c:1801
 unmap_vmas+0x3cc/0x5f0 mm/memory.c:1891
 exit_mmap+0x264/0xc80 mm/mmap.c:3341
 __mmput+0x115/0x3c0 kernel/fork.c:1346
 exit_mm+0x220/0x310 kernel/exit.c:565
 do_exit+0x9aa/0x27e0 kernel/exit.c:861
 do_group_exit+0x207/0x2c0 kernel/exit.c:1023
 get_signal+0x16a1/0x1740 kernel/signal.c:2909
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f76918a82f5
Code: Unable to access opcode bytes at 0x7f76918a82cb.
RSP: 002b:00007ffe68b02660 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: 0000000000000000 RBX: 000000000000009d RCX: 00007f76918a82f5
RDX: 00007ffe68b026a0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffe68b0272c R08: 0000000000000000 R09: 7fffffffffffffff
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000034
R13: 00000000000de9df R14: 00000000000de9df R15: 0000000000000000
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/27 22:08 linux-next 3689b0ef08b7 f550015e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root INFO: rcu detected stall in bch2_read_iter
* Struck through repros no longer work on HEAD.