[syzbot] [bcachefs?] INFO: task hung in bch2_fs_read_only_work (2)

[syzbot] [bcachefs?] INFO: task hung in bch2_fs_read_only_work (2)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    a2392f333575 drm/panthor: Clean up FW version information ..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=17077c3f980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8cceedf2e27e877d
dashboard link: https://syzkaller.appspot.com/bug?extid=674ccd0645d379ed5f80
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10fd894c580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7df8ceab3279/disk-a2392f33.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/42c5af403371/vmlinux-a2392f33.xz
kernel image: https://storage.googleapis.com/syzbot-assets/73599b849e20/Image-a2392f33.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/fd7871ac7900/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+674ccd0645d379ed5f80@syzkaller.appspotmail.com

INFO: task kworker/1:4:6586 blocked for more than 143 seconds.
      Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:4     state:D stack:0     pid:6586  tgid:6586  ppid:2      task_flags:0x4208060 flags:0x00000008
Workqueue: events_long bch2_fs_read_only_work
Call trace:
 __switch_to+0x414/0x788 arch/arm64/kernel/process.c:701 (T)
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x1360/0x257c kernel/sched/core.c:6765
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0xbc/0x238 kernel/sched/core.c:6857
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6914
 rwsem_down_write_slowpath+0xd10/0x14c8 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0xb4/0xc0 kernel/locking/rwsem.c:1578
 bch2_fs_read_only_work+0x28/0x48 fs/bcachefs/super.c:393
 process_one_work+0x810/0x1638 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x97c/0xeec kernel/workqueue.c:3400
 kthread+0x65c/0x7b0 kernel/kthread.c:464
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
INFO: task syz.0.388:10111 blocked for more than 143 seconds.
      Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.388       state:D stack:0     pid:10111 tgid:10110 ppid:6583   task_flags:0x400140 flags:0x0000000d
Call trace:
 __switch_to+0x414/0x788 arch/arm64/kernel/process.c:701 (T)
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x1360/0x257c kernel/sched/core.c:6765
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0xbc/0x238 kernel/sched/core.c:6857
 __closure_sync+0x198/0x29c lib/closure.c:146
 closure_sync include/linux/closure.h:195 [inline]
 bch2_journal_flush_pins+0x1e0/0x348 fs/bcachefs/journal_reclaim.c:911
 bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline]
 bch2_journal_replay+0x1c28/0x1f64 fs/bcachefs/recovery.c:442
 bch2_run_recovery_pass+0xe4/0x1d4 fs/bcachefs/recovery_passes.c:226
 bch2_run_recovery_passes+0x260/0x92c fs/bcachefs/recovery_passes.c:291
 bch2_fs_recovery+0x20e0/0x32ec fs/bcachefs/recovery.c:936
 bch2_fs_start+0x32c/0x570 fs/bcachefs/super.c:1041
 bch2_fs_get_tree+0xa50/0x11d4 fs/bcachefs/fs.c:2203
 vfs_get_tree+0x90/0x28c fs/super.c:1814
 do_new_mount+0x278/0x900 fs/namespace.c:3560
 path_mount+0x590/0xe04 fs/namespace.c:3887
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount fs/namespace.c:4088 [inline]
 __arm64_sys_mount+0x4f4/0x5d0 fs/namespace.c:4088
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600

Showing all locks held in the system:
1 lock held by khungtaskd/32:
 #0: ffff80008ff22620 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:336
1 lock held by udevd/6081:
2 locks held by getty/6220:
 #0: ffff0000d74fa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff80009bf4e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41c/0x1228 drivers/tty/n_tty.c:2211
3 locks held by kworker/1:4/6586:
 #0: ffff0000c0029548 ((wq_completion)events_long){+.+.}-{0:0}, at: process_one_work+0x674/0x1638 kernel/workqueue.c:3212
 #1: ffff80009f6b7ba0 ((work_completion)(&c->read_only_work)){+.+.}-{0:0}, at: process_one_work+0x708/0x1638 kernel/workqueue.c:3212
 #2: ffff0000e7500278 (&c->state_lock){+.+.}-{4:4}, at: bch2_fs_read_only_work+0x28/0x48 fs/bcachefs/super.c:393
1 lock held by syz.0.388/10111:
 #0: ffff0000e7500278 (&c->state_lock){+.+.}-{4:4}, at: bch2_fs_start+0x50/0x570 fs/bcachefs/super.c:1010
2 locks held by kworker/1:5/11232:
 #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:598 [inline]
 #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1521 [inline]
 #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1852 [inline]
 #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2e0/0x257c kernel/sched/core.c:6688
 #1: ffff0001b375d408 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x394/0x5e8 kernel/sched/psi.c:987
2 locks held by syz.3.1147/16990:
2 locks held by syz.4.1148/16993:
 #0: ffff0000fc500920 (&c->sb_lock){+.+.}-{4:4}, at: bch2_fs_alloc fs/bcachefs/super.c:833 [inline]
 #0: ffff0000fc500920 (&c->sb_lock){+.+.}-{4:4}, at: bch2_fs_open+0x1238/0x299c fs/bcachefs/super.c:2065
 #1: ffff0000fc5049b0 (&c->mark_lock){++++}-{0:0}, at: bch2_sb_replicas_to_cpu_replicas+0x198/0x290 fs/bcachefs/replicas.c:600
3 locks held by syz.5.1149/17000:
2 locks held by syz.2.1150/17009:

=============================================



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [bcachefs?] INFO: task hung in bch2_fs_read_only_work (2)

[Alan Huang]

On Apr 7, 2025, at 01:51, syzbot <syzbot+674ccd0645d379ed5f80@syzkaller.appspotmail.com> wrote:
> 
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    a2392f333575 drm/panthor: Clean up FW version information ..
> git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> console output: https://syzkaller.appspot.com/x/log.txt?x=17077c3f980000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=8cceedf2e27e877d
> dashboard link: https://syzkaller.appspot.com/bug?extid=674ccd0645d379ed5f80
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10fd894c580000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/7df8ceab3279/disk-a2392f33.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/42c5af403371/vmlinux-a2392f33.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/73599b849e20/Image-a2392f33.gz.xz
> mounted in repro: https://storage.googleapis.com/syzbot-assets/fd7871ac7900/mount_0.gz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+674ccd0645d379ed5f80@syzkaller.appspotmail.com
> 
> INFO: task kworker/1:4:6586 blocked for more than 143 seconds.
>      Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:kworker/1:4     state:D stack:0     pid:6586  tgid:6586  ppid:2      task_flags:0x4208060 flags:0x00000008
> Workqueue: events_long bch2_fs_read_only_work
> Call trace:
> __switch_to+0x414/0x788 arch/arm64/kernel/process.c:701 (T)
> context_switch kernel/sched/core.c:5378 [inline]
> __schedule+0x1360/0x257c kernel/sched/core.c:6765
> __schedule_loop kernel/sched/core.c:6842 [inline]
> schedule+0xbc/0x238 kernel/sched/core.c:6857
> schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6914
> rwsem_down_write_slowpath+0xd10/0x14c8 kernel/locking/rwsem.c:1176
> __down_write_common kernel/locking/rwsem.c:1304 [inline]
> __down_write kernel/locking/rwsem.c:1313 [inline]
> down_write+0xb4/0xc0 kernel/locking/rwsem.c:1578

state_lock

> bch2_fs_read_only_work+0x28/0x48 fs/bcachefs/super.c:393
> process_one_work+0x810/0x1638 kernel/workqueue.c:3238
> process_scheduled_works kernel/workqueue.c:3319 [inline]
> worker_thread+0x97c/0xeec kernel/workqueue.c:3400
> kthread+0x65c/0x7b0 kernel/kthread.c:464
> ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
> INFO: task syz.0.388:10111 blocked for more than 143 seconds.
>      Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz.0.388       state:D stack:0     pid:10111 tgid:10110 ppid:6583   task_flags:0x400140 flags:0x0000000d
> Call trace:
> __switch_to+0x414/0x788 arch/arm64/kernel/process.c:701 (T)
> context_switch kernel/sched/core.c:5378 [inline]
> __schedule+0x1360/0x257c kernel/sched/core.c:6765
> __schedule_loop kernel/sched/core.c:6842 [inline]
> schedule+0xbc/0x238 kernel/sched/core.c:6857
> __closure_sync+0x198/0x29c lib/closure.c:146
> closure_sync include/linux/closure.h:195 [inline]

sync with state_lock held
 
> bch2_journal_flush_pins+0x1e0/0x348 fs/bcachefs/journal_reclaim.c:911
> bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline]
> bch2_journal_replay+0x1c28/0x1f64 fs/bcachefs/recovery.c:442
> bch2_run_recovery_pass+0xe4/0x1d4 fs/bcachefs/recovery_passes.c:226
> bch2_run_recovery_passes+0x260/0x92c fs/bcachefs/recovery_passes.c:291
> bch2_fs_recovery+0x20e0/0x32ec fs/bcachefs/recovery.c:936
> bch2_fs_start+0x32c/0x570 fs/bcachefs/super.c:1041
> bch2_fs_get_tree+0xa50/0x11d4 fs/bcachefs/fs.c:2203
> vfs_get_tree+0x90/0x28c fs/super.c:1814
> do_new_mount+0x278/0x900 fs/namespace.c:3560
> path_mount+0x590/0xe04 fs/namespace.c:3887
> do_mount fs/namespace.c:3900 [inline]
> __do_sys_mount fs/namespace.c:4111 [inline]
> __se_sys_mount fs/namespace.c:4088 [inline]
> __arm64_sys_mount+0x4f4/0x5d0 fs/namespace.c:4088
> __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
> invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
> el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
> do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
> el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
> el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
> el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
> 
> Showing all locks held in the system:
> 1 lock held by khungtaskd/32:
> #0: ffff80008ff22620 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:336
> 1 lock held by udevd/6081:
> 2 locks held by getty/6220:
> #0: ffff0000d74fa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
> #1: ffff80009bf4e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41c/0x1228 drivers/tty/n_tty.c:2211
> 3 locks held by kworker/1:4/6586:
> #0: ffff0000c0029548 ((wq_completion)events_long){+.+.}-{0:0}, at: process_one_work+0x674/0x1638 kernel/workqueue.c:3212
> #1: ffff80009f6b7ba0 ((work_completion)(&c->read_only_work)){+.+.}-{0:0}, at: process_one_work+0x708/0x1638 kernel/workqueue.c:3212
> #2: ffff0000e7500278 (&c->state_lock){+.+.}-{4:4}, at: bch2_fs_read_only_work+0x28/0x48 fs/bcachefs/super.c:393
> 1 lock held by syz.0.388/10111:
> #0: ffff0000e7500278 (&c->state_lock){+.+.}-{4:4}, at: bch2_fs_start+0x50/0x570 fs/bcachefs/super.c:1010
> 2 locks held by kworker/1:5/11232:
> #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:598 [inline]
> #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1521 [inline]
> #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1852 [inline]
> #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2e0/0x257c kernel/sched/core.c:6688
> #1: ffff0001b375d408 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x394/0x5e8 kernel/sched/psi.c:987
> 2 locks held by syz.3.1147/16990:
> 2 locks held by syz.4.1148/16993:
> #0: ffff0000fc500920 (&c->sb_lock){+.+.}-{4:4}, at: bch2_fs_alloc fs/bcachefs/super.c:833 [inline]
> #0: ffff0000fc500920 (&c->sb_lock){+.+.}-{4:4}, at: bch2_fs_open+0x1238/0x299c fs/bcachefs/super.c:2065
> #1: ffff0000fc5049b0 (&c->mark_lock){++++}-{0:0}, at: bch2_sb_replicas_to_cpu_replicas+0x198/0x290 fs/bcachefs/replicas.c:600
> 3 locks held by syz.5.1149/17000:
> 2 locks held by syz.2.1150/17009:
> 
> =============================================
> 
> 
> 
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
> 
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> 
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
> 
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
> 
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
> 
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
> 
> If you want to undo deduplication, reply with:
> #syz undup
> 

Re: [syzbot] [bcachefs?] INFO: task hung in bch2_fs_read_only_work (2)

[Kent Overstreet]

On Mon, Apr 07, 2025 at 02:11:54AM +0800, Alan Huang wrote:
> On Apr 7, 2025, at 01:51, syzbot <syzbot+674ccd0645d379ed5f80@syzkaller.appspotmail.com> wrote:
> > 
> > Hello,
> > 
> > syzbot found the following issue on:
> > 
> > HEAD commit:    a2392f333575 drm/panthor: Clean up FW version information ..
> > git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> > console output: https://syzkaller.appspot.com/x/log.txt?x=17077c3f980000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=8cceedf2e27e877d
> > dashboard link: https://syzkaller.appspot.com/bug?extid=674ccd0645d379ed5f80
> > compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> > userspace arch: arm64
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10fd894c580000
> > 
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/7df8ceab3279/disk-a2392f33.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/42c5af403371/vmlinux-a2392f33.xz
> > kernel image: https://storage.googleapis.com/syzbot-assets/73599b849e20/Image-a2392f33.gz.xz
> > mounted in repro: https://storage.googleapis.com/syzbot-assets/fd7871ac7900/mount_0.gz
> > 
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+674ccd0645d379ed5f80@syzkaller.appspotmail.com
> > 
> > INFO: task kworker/1:4:6586 blocked for more than 143 seconds.
> >      Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0
> > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> > task:kworker/1:4     state:D stack:0     pid:6586  tgid:6586  ppid:2      task_flags:0x4208060 flags:0x00000008
> > Workqueue: events_long bch2_fs_read_only_work
> > Call trace:
> > __switch_to+0x414/0x788 arch/arm64/kernel/process.c:701 (T)
> > context_switch kernel/sched/core.c:5378 [inline]
> > __schedule+0x1360/0x257c kernel/sched/core.c:6765
> > __schedule_loop kernel/sched/core.c:6842 [inline]
> > schedule+0xbc/0x238 kernel/sched/core.c:6857
> > schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6914
> > rwsem_down_write_slowpath+0xd10/0x14c8 kernel/locking/rwsem.c:1176
> > __down_write_common kernel/locking/rwsem.c:1304 [inline]
> > __down_write kernel/locking/rwsem.c:1313 [inline]
> > down_write+0xb4/0xc0 kernel/locking/rwsem.c:1578
> 
> state_lock
> 
> > bch2_fs_read_only_work+0x28/0x48 fs/bcachefs/super.c:393
> > process_one_work+0x810/0x1638 kernel/workqueue.c:3238
> > process_scheduled_works kernel/workqueue.c:3319 [inline]
> > worker_thread+0x97c/0xeec kernel/workqueue.c:3400
> > kthread+0x65c/0x7b0 kernel/kthread.c:464
> > ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
> > INFO: task syz.0.388:10111 blocked for more than 143 seconds.
> >      Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0
> > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> > task:syz.0.388       state:D stack:0     pid:10111 tgid:10110 ppid:6583   task_flags:0x400140 flags:0x0000000d
> > Call trace:
> > __switch_to+0x414/0x788 arch/arm64/kernel/process.c:701 (T)
> > context_switch kernel/sched/core.c:5378 [inline]
> > __schedule+0x1360/0x257c kernel/sched/core.c:6765
> > __schedule_loop kernel/sched/core.c:6842 [inline]
> > schedule+0xbc/0x238 kernel/sched/core.c:6857
> > __closure_sync+0x198/0x29c lib/closure.c:146
> > closure_sync include/linux/closure.h:195 [inline]
> 
> sync with state_lock held

we're trying to go read only before recovery's finished

I just changed recovery to not run with state_lock held, this ought to
be fixed now

>  
> > bch2_journal_flush_pins+0x1e0/0x348 fs/bcachefs/journal_reclaim.c:911
> > bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline]
> > bch2_journal_replay+0x1c28/0x1f64 fs/bcachefs/recovery.c:442
> > bch2_run_recovery_pass+0xe4/0x1d4 fs/bcachefs/recovery_passes.c:226
> > bch2_run_recovery_passes+0x260/0x92c fs/bcachefs/recovery_passes.c:291
> > bch2_fs_recovery+0x20e0/0x32ec fs/bcachefs/recovery.c:936
> > bch2_fs_start+0x32c/0x570 fs/bcachefs/super.c:1041
> > bch2_fs_get_tree+0xa50/0x11d4 fs/bcachefs/fs.c:2203
> > vfs_get_tree+0x90/0x28c fs/super.c:1814
> > do_new_mount+0x278/0x900 fs/namespace.c:3560
> > path_mount+0x590/0xe04 fs/namespace.c:3887
> > do_mount fs/namespace.c:3900 [inline]
> > __do_sys_mount fs/namespace.c:4111 [inline]
> > __se_sys_mount fs/namespace.c:4088 [inline]
> > __arm64_sys_mount+0x4f4/0x5d0 fs/namespace.c:4088
> > __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
> > invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
> > el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
> > do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
> > el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
> > el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
> > el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
> > 
> > Showing all locks held in the system:
> > 1 lock held by khungtaskd/32:
> > #0: ffff80008ff22620 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:336
> > 1 lock held by udevd/6081:
> > 2 locks held by getty/6220:
> > #0: ffff0000d74fa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
> > #1: ffff80009bf4e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41c/0x1228 drivers/tty/n_tty.c:2211
> > 3 locks held by kworker/1:4/6586:
> > #0: ffff0000c0029548 ((wq_completion)events_long){+.+.}-{0:0}, at: process_one_work+0x674/0x1638 kernel/workqueue.c:3212
> > #1: ffff80009f6b7ba0 ((work_completion)(&c->read_only_work)){+.+.}-{0:0}, at: process_one_work+0x708/0x1638 kernel/workqueue.c:3212
> > #2: ffff0000e7500278 (&c->state_lock){+.+.}-{4:4}, at: bch2_fs_read_only_work+0x28/0x48 fs/bcachefs/super.c:393
> > 1 lock held by syz.0.388/10111:
> > #0: ffff0000e7500278 (&c->state_lock){+.+.}-{4:4}, at: bch2_fs_start+0x50/0x570 fs/bcachefs/super.c:1010
> > 2 locks held by kworker/1:5/11232:
> > #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:598 [inline]
> > #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1521 [inline]
> > #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1852 [inline]
> > #0: ffff0001b3772798 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2e0/0x257c kernel/sched/core.c:6688
> > #1: ffff0001b375d408 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x394/0x5e8 kernel/sched/psi.c:987
> > 2 locks held by syz.3.1147/16990:
> > 2 locks held by syz.4.1148/16993:
> > #0: ffff0000fc500920 (&c->sb_lock){+.+.}-{4:4}, at: bch2_fs_alloc fs/bcachefs/super.c:833 [inline]
> > #0: ffff0000fc500920 (&c->sb_lock){+.+.}-{4:4}, at: bch2_fs_open+0x1238/0x299c fs/bcachefs/super.c:2065
> > #1: ffff0000fc5049b0 (&c->mark_lock){++++}-{0:0}, at: bch2_sb_replicas_to_cpu_replicas+0x198/0x290 fs/bcachefs/replicas.c:600
> > 3 locks held by syz.5.1149/17000:
> > 2 locks held by syz.2.1150/17009:
> > 
> > =============================================
> > 
> > 
> > 
> > ---
> > This report is generated by a bot. It may contain errors.
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at syzkaller@googlegroups.com.
> > 
> > syzbot will keep track of this issue. See:
> > https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> > 
> > If the report is already addressed, let syzbot know by replying with:
> > #syz fix: exact-commit-title
> > 
> > If you want syzbot to run the reproducer, reply with:
> > #syz test: git://repo/address.git branch-or-commit-hash
> > If you attach or paste a git patch, syzbot will apply it before testing.
> > 
> > If you want to overwrite report's subsystems, reply with:
> > #syz set subsystems: new-subsystem
> > (See the list of subsystem names on the web dashboard)
> > 
> > If the report is a duplicate of another one, reply with:
> > #syz dup: exact-subject-of-another-report
> > 
> > If you want to undo deduplication, reply with:
> > #syz undup
> > 
> 

Re: [syzbot] [bcachefs?] INFO: task hung in bch2_fs_read_only_work (2)

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit:    8d561baae505 Merge tag 'x86_urgent_for_v6.17_rc2' of git:/..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=164606f0580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=98e114f4eb77e551
dashboard link: https://syzkaller.appspot.com/bug?extid=674ccd0645d379ed5f80
compiler:       Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=12e66ba2580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12c29234580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/595e1e4d6418/disk-8d561baa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ab14cc587702/vmlinux-8d561baa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/368a3a55dcfb/bzImage-8d561baa.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/d34a76f45dd5/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+674ccd0645d379ed5f80@syzkaller.appspotmail.com

INFO: task kworker/0:2:5165 blocked for more than 143 sec[  348.252664][   T38] INFO: task kworker/0:2:5165 blocked for more than 143 seconds.
      Tainted: G        W           6.17.0-rc1-syzkaller-00224-g8d561baae505 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:2     state:D stack:19368 pid:5165  tgid:5165  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: events_long bch2_fs_read_only_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block kernel/locking/rtmutex.c:1647 [inline]
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked+0x1e04/0x25e0 kernel/locking/rtmutex.c:1760
 rt_mutex_slowlock+0xb5/0x160 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244
 bch2_fs_read_only_work+0x25/0x40 fs/bcachefs/super.c:408
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task kworker/0:3:5894 blocked for more than 143 seconds.
      Tainted: G        W           6.17.0-rc1-syzkaller-00224-g8d561baae505 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:3     state:D stack:19368 pid:5894  tgid:5894  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: events_long bch2_fs_read_only_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block kernel/locking/rtmutex.c:1647 [inline]
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked+0x1e04/0x25e0 kernel/locking/rtmutex.c:1760
 rt_mutex_slowlock+0xb5/0x160 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244
 bch2_fs_read_only_work+0x25/0x40 fs/bcachefs/super.c:408
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz.3.29:6306 blocked for more than 143 seconds.
      Tainted: G        W           6.17.0-rc1-syzkaller-00224-g8d561baae505 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.29        state:D stack:22952 pid:6306  tgid:6256  ppid:5968   task_flags:0x400140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7058
 __closure_sync+0x163/0x220 lib/closure.c:146
 closure_sync include/linux/closure.h:195 [inline]
 bch2_dev_allocator_remove+0x7ad/0x9c0 fs/bcachefs/alloc_background.c:2651
 __bch2_dev_read_only fs/bcachefs/super.c:1705 [inline]
 bch2_dev_remove+0x504/0x13a0 fs/bcachefs/super.c:1792
 bch2_ioctl_disk_remove+0x130/0x170 fs/bcachefs/chardev.c:226
 bch2_fs_ioctl+0xb41/0x1920 fs/bcachefs/chardev.c:730
 bch2_fs_file_ioctl+0x564/0x1dd0 fs/bcachefs/fs-ioctl.c:411
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:598 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:584
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5de5d0ebe9
RSP: 002b:00007f5de5355038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f5de5f36090 RCX: 00007f5de5d0ebe9
RDX: 00002000000000c0 RSI: 000000004010bc05 RDI: 0000000000000004
RBP: 00007f5de5d91e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5de5f36128 R14: 00007f5de5f36090 R15: 00007fffe9406a88
 </TASK>
INFO: task syz.1.37:6366 blocked for more than 143 seconds.
      Tainted: G        W           6.17.0-rc1-syzkaller-00224-g8d561baae505 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.37        state:D stack:15976 pid:6366  tgid:6364  ppid:5967   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7058
 __closure_sync+0x163/0x220 lib/closure.c:146
 closure_sync include/linux/closure.h:195 [inline]
 bch2_dev_allocator_remove+0x7ad/0x9c0 fs/bcachefs/alloc_background.c:2651
 __bch2_dev_read_only fs/bcachefs/super.c:1705 [inline]
 bch2_dev_remove+0x504/0x13a0 fs/bcachefs/super.c:1792
 bch2_ioctl_disk_remove+0x130/0x170 fs/bcachefs/chardev.c:226
 bch2_fs_ioctl+0xb41/0x1920 fs/bcachefs/chardev.c:730
 bch2_fs_file_ioctl+0x564/0x1dd0 fs/bcachefs/fs-ioctl.c:411
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:598 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:584
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbae6e3ebe9
RSP: 002b:00007fbae64ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fbae7065fa0 RCX: 00007fbae6e3ebe9
RDX: 00002000000000c0 RSI: 000000004010bc05 RDI: 0000000000000004
RBP: 00007fbae6ec1e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fbae7066038 R14: 00007fbae7065fa0 R15: 00007ffc4fe142e8
 </TASK>
INFO: lockdep is turned off.
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Tainted: G        W           6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT_{RT,(full)} 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
 watchdog+0xf93/0xfe0 kernel/hung_task.c:491
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 8017 Comm: syz.2.386 Tainted: G        W           6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT_{RT,(full)} 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:xas_clear_mark+0x28/0x530 lib/xarray.c:-1
Code: 90 90 f3 0f 1e fa 55 41 57 41 56 41 55 41 54 53 48 83 ec 18 89 74 24 04 48 89 fb 49 bd 00 00 00 00 00 fc ff df e8 b8 1e ca f6 <48> 89 5c 24 08 48 8d 7b 18 48 89 f8 48 c1 e8 03 42 80 3c 28 00 74
RSP: 0018:ffffc900060df4a8 EFLAGS: 00000293
RAX: ffffffff8af43c88 RBX: ffffc900060df580 RCX: ffff888091b5bb80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffed101341a6d0 R12: 0000000000000001
R13: dffffc0000000000 R14: ffff88806492a638 R15: dffffc0000000000
FS:  00007f86571066c0(0000) GS:ffff8881269c5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1deed16000 CR3: 000000003e458000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 xas_init_marks+0x6c/0xc0 lib/xarray.c:955
 page_cache_delete mm/filemap.c:142 [inline]
 __filemap_remove_folio+0x3cf/0x500 mm/filemap.c:224
 filemap_remove_folio+0xe6/0x200 mm/filemap.c:253
 truncate_inode_folio+0x5d/0x70 mm/truncate.c:176
 shmem_undo_range+0x3a9/0x14b0 mm/shmem.c:1153
 shmem_truncate_range mm/shmem.c:1269 [inline]
 shmem_evict_inode+0x272/0xa70 mm/shmem.c:1397
 evict+0x504/0x9c0 fs/inode.c:810
 __dentry_kill+0x209/0x660 fs/dcache.c:669
 dput+0x19f/0x2b0 fs/dcache.c:911
 __fput+0x69d/0xa80 fs/file_table.c:476
 fput_close_sync+0x119/0x200 fs/file_table.c:573
 __do_sys_close fs/open.c:1587 [inline]
 __se_sys_close fs/open.c:1572 [inline]
 __x64_sys_close+0x7f/0x110 fs/open.c:1572
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8657a9d84a
Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 43 91 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 a3 91 02 00 8b 44 24
RSP: 002b:00007f8657105e00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f8657a9d84a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000010 R08: 0000000000000000 R09: 00000000000059da
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 00007f8657105ef0 R14: 00007f8657106668 R15: 00007f864ece6000
 </TASK>


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.