./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor879690112 <...> Warning: Permanently added '10.128.0.90' (ED25519) to the list of known hosts. execve("./syz-executor879690112", ["./syz-executor879690112"], 0x7ffcc2f025f0 /* 10 vars */) = 0 brk(NULL) = 0x555563bf8000 brk(0x555563bf8d00) = 0x555563bf8d00 arch_prctl(ARCH_SET_FS, 0x555563bf8380) = 0 set_tid_address(0x555563bf8650) = 5077 set_robust_list(0x555563bf8660, 24) = 0 rseq(0x555563bf8ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor879690112", 4096) = 27 getrandom("\xe7\xb4\xa0\x99\x78\xf2\x15\x72", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555563bf8d00 brk(0x555563c19d00) = 0x555563c19d00 brk(0x555563c1a000) = 0x555563c1a000 mprotect(0x7fdf4ff6b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdf47a00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fdf47a00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 mount("/dev/loop0", "./file1", "ext4", MS_NODIRATIME|MS_RELATIME, "nodiscard,bsddf,auto_da_alloc=0x0000000000000000,lazytime,prjquota,bsdgroups,norecovery,acl,debug,,e"...) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 71.106877][ T5077] loop0: detected capacity change from 0 to 1024 [ 71.142816][ T5077] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdf47a00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7fdf47a00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = -1 EEXIST (File exists) [ 71.466315][ T5077] loop0: detected capacity change from 0 to 32768 [ 71.552558][ T5077] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=compression=lz4,prjquota,nodiscard,norecovery,nojournal_transaction_names [ 71.566958][ T5077] bcachefs (loop0): recovering from clean shutdown, journal seq 7 [ 71.588545][ T5077] bcachefs (loop0): alloc_read... done [ 71.594472][ T5077] bcachefs (loop0): stripes_read... done [ 71.600319][ T5077] bcachefs (loop0): snapshots_read... done [ 71.609728][ T5077] bcachefs (loop0): reading quotas [ 71.615091][ T5077] [ 71.617580][ T5077] ============================= [ 71.622562][ T5077] WARNING: suspicious RCU usage [ 71.627437][ T5077] 6.9.0-rc6-syzkaller-00234-g7367539ad4b0 #0 Not tainted [ 71.634537][ T5077] ----------------------------- [ 71.639507][ T5077] fs/bcachefs/snapshot.h:45 suspicious rcu_dereference_check() usage! [ 71.647691][ T5077] [ 71.647691][ T5077] other info that might help us debug this: [ 71.647691][ T5077] [ 71.658085][ T5077] [ 71.658085][ T5077] rcu_scheduler_active = 2, debug_locks = 1 [ 71.666264][ T5077] 4 locks held by syz-executor879/5077: [ 71.671897][ T5077] #0: ffff888074000278 (&c->state_lock){+.+.}-{3:3}, at: bch2_fs_start+0x45/0x5b0 [ 71.681358][ T5077] #1: ffff888074004250 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x8c8/0xc90 [ 71.691880][ T5077] #2: ffff88802c42d070 (&dev->mutex){....}-{3:3}, at: bch2_btree_path_traverse_one+0xa85/0x3250 [ 71.702560][ T5077] #3: ffff88801bef8870 (&dev->mutex){....}-{3:3}, at: bch2_btree_path_traverse_one+0xa85/0x3250 [ 71.716660][ T5077] [ 71.716660][ T5077] stack backtrace: [ 71.722703][ T5077] CPU: 0 PID: 5077 Comm: syz-executor879 Not tainted 6.9.0-rc6-syzkaller-00234-g7367539ad4b0 #0 [ 71.733243][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 71.743324][ T5077] Call Trace: [ 71.746625][ T5077] [ 71.749575][ T5077] dump_stack_lvl+0x241/0x360 [ 71.754286][ T5077] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.759517][ T5077] ? __pfx__printk+0x10/0x10 [ 71.764136][ T5077] ? bch2_snapshot_tree_lookup+0x174/0x260 [ 71.770051][ T5077] lockdep_rcu_suspicious+0x221/0x340 [ 71.775694][ T5077] bch2_fs_quota_read+0x195e/0x2770 [ 71.780907][ T5077] ? bch2_fs_quota_read+0x605/0x2770 [ 71.786303][ T5077] ? __pfx_bch2_fs_quota_read+0x10/0x10 [ 71.791895][ T5077] ? tick_nohz_tick_stopped+0x82/0xb0 [ 71.797271][ T5077] ? __irq_work_queue_local+0x137/0x410 [ 71.802824][ T5077] ? irq_work_queue+0xca/0x150 [ 71.807598][ T5077] ? __wake_up_klogd+0xd5/0x110 [ 71.812456][ T5077] ? vprintk_emit+0x631/0x770 [ 71.817140][ T5077] ? __pfx_vprintk_emit+0x10/0x10 [ 71.822166][ T5077] ? __mutex_unlock_slowpath+0x21d/0x750 [ 71.827814][ T5077] ? bch2_fs_quota_read+0x605/0x2770 [ 71.833120][ T5077] ? __bch2_print+0x17a/0x220 [ 71.837813][ T5077] ? bch2_fs_quota_read+0x605/0x2770 [ 71.843110][ T5077] bch2_fs_recovery+0x4b25/0x6390 [ 71.848156][ T5077] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 71.853551][ T5077] ? __pfx_lock_acquire+0x10/0x10 [ 71.858572][ T5077] ? bch2_get_next_online_dev+0x48/0x4b0 [ 71.864230][ T5077] ? __pfx_lock_release+0x10/0x10 [ 71.869269][ T5077] ? __mutex_lock+0x2ef/0xd70 [ 71.873976][ T5077] ? bch2_get_next_online_dev+0x48/0x4b0 [ 71.879622][ T5077] ? bch2_get_next_online_dev+0x47f/0x4b0 [ 71.885351][ T5077] ? bch2_get_next_online_dev+0x48/0x4b0 [ 71.890998][ T5077] ? llist_reverse_order+0x72/0x90 [ 71.896133][ T5077] bch2_fs_start+0x356/0x5b0 [ 71.900748][ T5077] bch2_fs_open+0xa8d/0xdf0 [ 71.905303][ T5077] ? __pfx_bch2_fs_open+0x10/0x10 [ 71.910380][ T5077] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 71.916751][ T5077] ? __pfx_bch2_test_super+0x10/0x10 [ 71.922052][ T5077] ? sget+0x2b8/0x620 [ 71.926040][ T5077] ? __pfx_bch2_noset_super+0x10/0x10 [ 71.931506][ T5077] bch2_mount+0x71d/0x1320 [ 71.935952][ T5077] ? __pfx_bch2_mount+0x10/0x10 [ 71.940879][ T5077] ? vfs_parse_fs_string+0x190/0x230 [ 71.946196][ T5077] ? kfree+0x4e/0x3a0 [ 71.950198][ T5077] ? vfs_parse_fs_string+0x190/0x230 [ 71.955492][ T5077] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 71.961136][ T5077] ? cap_capable+0x1b4/0x250 [ 71.965741][ T5077] legacy_get_tree+0xee/0x190 [ 71.970438][ T5077] ? __pfx_bch2_mount+0x10/0x10 [ 71.975299][ T5077] vfs_get_tree+0x90/0x2a0 [ 71.979735][ T5077] do_new_mount+0x2be/0xb40 [ 71.984254][ T5077] ? ns_capable+0x8a/0xf0 [ 71.988688][ T5077] ? __pfx_do_new_mount+0x10/0x10 [ 71.993908][ T5077] __se_sys_mount+0x2d9/0x3c0 [ 71.998603][ T5077] ? __pfx___se_sys_mount+0x10/0x10 [ 72.003813][ T5077] ? do_syscall_64+0x102/0x240 [ 72.008605][ T5077] ? __x64_sys_mount+0x20/0xc0 [ 72.013381][ T5077] do_syscall_64+0xf5/0x240 [ 72.017905][ T5077] ? clear_bhb_loop+0x35/0x90 [ 72.022597][ T5077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.028529][ T5077] RIP: 0033:0x7fdf4fef3dba [ 72.032953][ T5077] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 72.052567][ T5077] RSP: 002b:00007ffdd442cdd8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 72.060998][ T5077] RAX: ffffffffffffffda RBX: 00007ffdd442ce20 RCX: 00007fdf4fef3dba [ 72.068979][ T5077] RDX: 0000000020005d80 RSI: 0000000020005dc0 RDI: 00007ffdd442ce20 [ 72.076974][ T5077] RBP: 0000000020005dc0 R08: 00007ffdd442ce60 R09: 0000000000005d58 [ 72.084950][ T5077] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000020005d80 [ 72.092930][ T5077] R13: 0000000000005d5e R14: 00007ffdd442ce60 R15: 0000000000000004 [ 72.100923][ T5077] [ 72.104295][ T5077] bcachefs (loop0): bch2_fs_quota_read_inode: snapshot tree 0 not found [ 72.114083][ T5077] bcachefs (loop0): inconsistency detected - emergency read only at journal seq 7 [ 72.124075][ T5077] bcachefs (loop0): bch2_fs_quota_read(): error ENOENT_snapshot_tree [ 72.132869][ T5077] bcachefs (loop0): bch2_fs_recovery(): error ENOENT_snapshot_tree [ 72.140850][ T5077] bcachefs (loop0): bch2_fs_start(): error starting filesystem ENOENT_snapshot_tree [ 72.150742][ T5077] bcachefs (loop0): shutting down [ 72.214606][ T5077] bcachefs (loop0): shutdown complete mount("/dev/loop0", "./file1", "bcachefs", 0, "nodiscard,bsddf,auto_da_alloc=0x0000000000000000,lazytime,prjquota,bsdgroups,norecovery,acl,debug,") = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 exit_group(0) = ? +++ exited with 0 +++