./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor512086955 <...> Warning: Permanently added '10.128.0.201' (ED25519) to the list of known hosts. execve("./syz-executor512086955", ["./syz-executor512086955"], 0x7fff601ef6a0 /* 10 vars */) = 0 brk(NULL) = 0x55558d726000 brk(0x55558d726d00) = 0x55558d726d00 arch_prctl(ARCH_SET_FS, 0x55558d726380) = 0 set_tid_address(0x55558d726650) = 5832 set_robust_list(0x55558d726660, 24) = 0 rseq(0x55558d726ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor512086955", 4096) = 27 getrandom("\x7c\xcd\x4a\x97\xde\xff\x12\x3c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558d726d00 brk(0x55558d747d00) = 0x55558d747d00 brk(0x55558d748000) = 0x55558d748000 mprotect(0x7fc7b947b000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x55558d726660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558d726650) = 5833 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 executing program [pid 5833] write(1, "executing program\n", 18) = 18 [pid 5833] memfd_create("syzkaller", 0) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b0e00000 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5833] munmap(0x7fc7b0e00000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file1", 0777) = 0 [ 80.214998][ T5833] loop0: detected capacity change from 0 to 32768 [ 80.237672][ T5833] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor512 (5833) [ 80.266251][ T5833] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 80.278462][ T5833] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 80.288112][ T5833] BTRFS info (device loop0): using free-space-tree [ 80.329000][ T5833] [ 80.331351][ T5833] ====================================================== [ 80.338370][ T5833] WARNING: possible circular locking dependency detected [ 80.345387][ T5833] 6.16.0-rc2-next-20250620-syzkaller #0 Not tainted [ 80.351957][ T5833] ------------------------------------------------------ [ 80.358961][ T5833] syz-executor512/5833 is trying to acquire lock: [ 80.365353][ T5833] ffffffff8e6e9fe8 (uuid_mutex){+.+.}-{4:4}, at: btrfs_read_chunk_tree+0xef/0x2170 [ 80.374667][ T5833] [ 80.374667][ T5833] but task is already holding lock: [ 80.382017][ T5833] ffff8880330220e0 (&type->s_umount_key#41/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 80.391757][ T5833] [ 80.391757][ T5833] which lock already depends on the new lock. [ 80.391757][ T5833] [ 80.402238][ T5833] [ 80.402238][ T5833] the existing dependency chain (in reverse order) is: [ 80.411247][ T5833] [ 80.411247][ T5833] -> #1 (&type->s_umount_key#41/1){+.+.}-{4:4}: [ 80.419688][ T5833] lock_acquire+0x120/0x360 [ 80.424709][ T5833] down_write_nested+0x9d/0x200 [ 80.430071][ T5833] alloc_super+0x204/0x970 [ 80.435002][ T5833] sget_fc+0x329/0xa40 [ 80.439583][ T5833] btrfs_get_tree+0x4c6/0x12d0 [ 80.444868][ T5833] vfs_get_tree+0x8f/0x2b0 [ 80.449804][ T5833] do_new_mount+0x24a/0xa40 [ 80.454909][ T5833] __se_sys_mount+0x317/0x410 [ 80.460097][ T5833] do_syscall_64+0xfa/0x3b0 [ 80.465161][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.471583][ T5833] [ 80.471583][ T5833] -> #0 (uuid_mutex){+.+.}-{4:4}: [ 80.478828][ T5833] validate_chain+0xb9b/0x2140 [ 80.484159][ T5833] __lock_acquire+0xab9/0xd20 [ 80.489369][ T5833] lock_acquire+0x120/0x360 [ 80.494394][ T5833] __mutex_lock+0x182/0xe80 [ 80.499508][ T5833] btrfs_read_chunk_tree+0xef/0x2170 [ 80.505325][ T5833] open_ctree+0x17f2/0x3a10 [ 80.510371][ T5833] btrfs_get_tree+0xc6f/0x12d0 [ 80.515665][ T5833] vfs_get_tree+0x8f/0x2b0 [ 80.520620][ T5833] do_new_mount+0x24a/0xa40 [ 80.525652][ T5833] __se_sys_mount+0x317/0x410 [ 80.530855][ T5833] do_syscall_64+0xfa/0x3b0 [ 80.535878][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.542288][ T5833] [ 80.542288][ T5833] other info that might help us debug this: [ 80.542288][ T5833] [ 80.552514][ T5833] Possible unsafe locking scenario: [ 80.552514][ T5833] [ 80.559955][ T5833] CPU0 CPU1 [ 80.565307][ T5833] ---- ---- [ 80.570661][ T5833] lock(&type->s_umount_key#41/1); [ 80.575874][ T5833] lock(uuid_mutex); [ 80.582370][ T5833] lock(&type->s_umount_key#41/1); [ 80.590106][ T5833] lock(uuid_mutex); [ 80.594085][ T5833] [ 80.594085][ T5833] *** DEADLOCK *** [ 80.594085][ T5833] [ 80.602225][ T5833] 1 lock held by syz-executor512/5833: [ 80.607697][ T5833] #0: ffff8880330220e0 (&type->s_umount_key#41/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 80.617806][ T5833] [ 80.617806][ T5833] stack backtrace: [ 80.623706][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor512 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) [ 80.623726][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 80.623740][ T5833] Call Trace: [ 80.623748][ T5833] [ 80.623755][ T5833] dump_stack_lvl+0x189/0x250 [ 80.623779][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.623798][ T5833] ? __pfx__printk+0x10/0x10 [ 80.623817][ T5833] ? print_lock_name+0xde/0x100 [ 80.623835][ T5833] print_circular_bug+0x2ee/0x310 [ 80.623849][ T5833] check_noncircular+0x134/0x160 [ 80.623872][ T5833] validate_chain+0xb9b/0x2140 [ 80.623899][ T5833] __lock_acquire+0xab9/0xd20 [ 80.623918][ T5833] ? btrfs_read_chunk_tree+0xef/0x2170 [ 80.623933][ T5833] lock_acquire+0x120/0x360 [ 80.623949][ T5833] ? btrfs_read_chunk_tree+0xef/0x2170 [ 80.623969][ T5833] __mutex_lock+0x182/0xe80 [ 80.623982][ T5833] ? btrfs_read_chunk_tree+0xef/0x2170 [ 80.624000][ T5833] ? btrfs_read_chunk_tree+0xef/0x2170 [ 80.624016][ T5833] ? __pfx___mutex_lock+0x10/0x10 [ 80.624030][ T5833] ? rcu_is_watching+0x15/0xb0 [ 80.624050][ T5833] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 80.624069][ T5833] ? btrfs_read_chunk_tree+0xcd/0x2170 [ 80.624085][ T5833] btrfs_read_chunk_tree+0xef/0x2170 [ 80.624103][ T5833] ? btrfs_root_node+0xae/0x4a0 [ 80.624120][ T5833] ? btrfs_root_node+0x459/0x4a0 [ 80.624135][ T5833] ? btrfs_root_node+0xae/0x4a0 [ 80.624151][ T5833] ? __pfx_btrfs_root_node+0x10/0x10 [ 80.624169][ T5833] ? __pfx_btrfs_read_chunk_tree+0x10/0x10 [ 80.624184][ T5833] ? load_super_root+0x2b2/0x3f0 [ 80.624199][ T5833] ? __pfx_load_super_root+0x10/0x10 [ 80.624215][ T5833] ? read_extent_buffer+0x120/0x5e0 [ 80.624229][ T5833] ? open_ctree+0x17ea/0x3a10 [ 80.624245][ T5833] open_ctree+0x17f2/0x3a10 [ 80.624259][ T5833] ? bdi_register_va+0x58d/0x740 [ 80.624274][ T5833] ? open_ctree+0xa1a/0x3a10 [ 80.624292][ T5833] ? __pfx_open_ctree+0x10/0x10 [ 80.624309][ T5833] btrfs_get_tree+0xc6f/0x12d0 [ 80.624330][ T5833] vfs_get_tree+0x8f/0x2b0 [ 80.624354][ T5833] do_new_mount+0x24a/0xa40 [ 80.624369][ T5833] __se_sys_mount+0x317/0x410 [ 80.624383][ T5833] ? __pfx___se_sys_mount+0x10/0x10 [ 80.624395][ T5833] ? rcu_is_watching+0x15/0xb0 [ 80.624416][ T5833] ? __x64_sys_mount+0x20/0xc0 [ 80.624429][ T5833] do_syscall_64+0xfa/0x3b0 [ 80.624442][ T5833] ? lockdep_hardirqs_on+0x9c/0x150 [ 80.624453][ T5833] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.624466][ T5833] ? clear_bhb_loop+0x60/0xb0 [ 80.624480][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.624493][ T5833] RIP: 0033:0x7fc7b9403faa [ 80.624509][ T5833] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.624524][ T5833] RSP: 002b:00007ffd6d6a3cd8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 80.624538][ T5833] RAX: ffffffffffffffda RBX: 00007ffd6d6a3cf0 RCX: 00007fc7b9403faa [ 80.624548][ T5833] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 00007ffd6d6a3cf0 [ 80.624557][ T5833] RBP: 00002000000000c0 R08: 00007ffd6d6a3d30 R09: 00000000000055db [ 80.624566][ T5833] R10: 000000000001c005 R11: 0000000000000282 R12: 0000200000000080 [ 80.624574][ T5833] R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffd6d6a3d30 [ 80.624588][ T5833] [ 80.948880][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0x324c5e2d0cac2dc8f61cbfdfc8cd69d9816061b1498b9e1bff7d10a59610160b found 0xf8bb6bdef03b64ff3b11a2a87ba7a2aeacfdb41cc49a87adad5cc1644d216b29 level 0 [ 80.972228][ T5833] BTRFS error (device loop0): failed to load root extent [ 80.984978][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5341184 mirror 1 wanted 0xc53d3c5bb04ba5dfc01f4c277f0b81815915cb99da5074f609a3f7f617cf284a found 0xd34891a64d32c06b063fbbf3d26e09cb4d5acf5ade8dc51c4cd532bb53f895d0 level 0 [ 81.010041][ T5833] BTRFS error (device loop0): failed to load root free space [ 81.018170][ T1157] BTRFS warning (device loop0): checksum verify failed on logical 5287936 mirror 1 wanted 0x31987782e3a542b4b1826f4a60605b79838e23bf27075900db4b92202c72b2fd found 0xcc73edc8ee24564a8c6ce1ce085684ad2f9862e56f948f195b5cd36555a6be2f level 0 [ 81.041497][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5292032 mirror 1 wanted 0xcbbb23d5b53a3b4892a5068ee5011732ffcd94742b434497e3f11d7ca86a6d23 found 0x6ab87e71a537053373402d980abd70276b583e303a68e0dd0a46bb41cfc306c8 level 0 [ 81.067002][ T5833] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN PTI [ 81.078896][ T5833] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [ 81.087295][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor512 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) [ 81.099166][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 81.109211][ T5833] RIP: 0010:btrfs_root_node+0x151/0x4a0 [ 81.114752][ T5833] Code: 24 e8 73 50 02 fe c6 05 3f 67 cd 0b 01 48 c7 c7 a0 07 cd 8b be 4b 03 00 00 48 c7 c2 e0 07 cd 8b e8 a4 56 e0 fd 48 8b 44 24 18 <42> 80 3c 30 00 74 08 4c 89 e7 e8 20 7b 66 fe 4d 8b 2c 24 e8 47 57 [ 81.134339][ T5833] RSP: 0018:ffffc90003e8f8a0 EFLAGS: 00010293 [ 81.140399][ T5833] RAX: 0000000000000003 RBX: ffffffff83be07ee RCX: ffff888032200000 [ 81.148379][ T5833] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 81.156337][ T5833] RBP: ffffc90003e8f960 R08: 0000000000000000 R09: 0000000000000000 [ 81.164292][ T5833] R10: dffffc0000000000 R11: ffffed100e73d80e R12: 0000000000000018 [ 81.172251][ T5833] R13: ffff8880335ebc00 R14: dffffc0000000000 R15: 0000000000000000 [ 81.180219][ T5833] FS: 000055558d726380(0000) GS:ffff888125d26000(0000) knlGS:0000000000000000 [ 81.189136][ T5833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.195713][ T5833] CR2: 00007faf2ba74d90 CR3: 00000000743fa000 CR4: 00000000003526f0 [ 81.203675][ T5833] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.211636][ T5833] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.219603][ T5833] Call Trace: [ 81.222879][ T5833] [ 81.225813][ T5833] ? _raw_read_unlock+0x28/0x50 [ 81.230673][ T5833] ? __pfx_btrfs_root_node+0x10/0x10 [ 81.235960][ T5833] ? __pfx_btrfs_extent_root+0x10/0x10 [ 81.241414][ T5833] ? rcu_is_watching+0x15/0xb0 [ 81.246189][ T5833] btrfs_read_lock_root_node+0x27/0xd0 [ 81.251651][ T5833] btrfs_build_ref_tree+0x113/0x1680 [ 81.256941][ T5833] ? preempt_schedule_common+0x83/0xd0 [ 81.262403][ T5833] ? preempt_schedule+0xae/0xc0 [ 81.267260][ T5833] ? __pfx_preempt_schedule+0x10/0x10 [ 81.272636][ T5833] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 81.278965][ T5833] ? __pfx_btrfs_read_qgroup_config+0x10/0x10 [ 81.285034][ T5833] ? __pfx_btrfs_build_ref_tree+0x10/0x10 [ 81.290763][ T5833] ? try_to_wake_up+0x81b/0x1290 [ 81.295706][ T5833] open_ctree+0x2504/0x3a10 [ 81.300214][ T5833] ? bdi_register_va+0x58d/0x740 [ 81.305145][ T5833] ? open_ctree+0xa1a/0x3a10 [ 81.309731][ T5833] ? __pfx_open_ctree+0x10/0x10 [ 81.314574][ T5833] btrfs_get_tree+0xc6f/0x12d0 [ 81.319336][ T5833] vfs_get_tree+0x8f/0x2b0 [ 81.323756][ T5833] do_new_mount+0x24a/0xa40 [ 81.328251][ T5833] __se_sys_mount+0x317/0x410 [ 81.332925][ T5833] ? __pfx___se_sys_mount+0x10/0x10 [ 81.338225][ T5833] ? rcu_is_watching+0x15/0xb0 [ 81.342993][ T5833] ? __x64_sys_mount+0x20/0xc0 [ 81.347750][ T5833] do_syscall_64+0xfa/0x3b0 [ 81.352245][ T5833] ? lockdep_hardirqs_on+0x9c/0x150 [ 81.357431][ T5833] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.363485][ T5833] ? clear_bhb_loop+0x60/0xb0 [ 81.368151][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.374033][ T5833] RIP: 0033:0x7fc7b9403faa [ 81.378440][ T5833] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 81.398036][ T5833] RSP: 002b:00007ffd6d6a3cd8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 81.406442][ T5833] RAX: ffffffffffffffda RBX: 00007ffd6d6a3cf0 RCX: 00007fc7b9403faa [ 81.414427][ T5833] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 00007ffd6d6a3cf0 [ 81.422391][ T5833] RBP: 00002000000000c0 R08: 00007ffd6d6a3d30 R09: 00000000000055db [ 81.430359][ T5833] R10: 000000000001c005 R11: 0000000000000282 R12: 0000200000000080 [ 81.438342][ T5833] R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffd6d6a3d30 [ 81.446310][ T5833] [ 81.449317][ T5833] Modules linked in: [ 81.453309][ T5833] ---[ end trace 0000000000000000 ]--- [ 81.459729][ T5833] RIP: 0010:btrfs_root_node+0x151/0x4a0 [ 81.465320][ T5833] Code: 24 e8 73 50 02 fe c6 05 3f 67 cd 0b 01 48 c7 c7 a0 07 cd 8b be 4b 03 00 00 48 c7 c2 e0 07 cd 8b e8 a4 56 e0 fd 48 8b 44 24 18 <42> 80 3c 30 00 74 08 4c 89 e7 e8 20 7b 66 fe 4d 8b 2c 24 e8 47 57 [ 81.485077][ T5833] RSP: 0018:ffffc90003e8f8a0 EFLAGS: 00010293 [ 81.491177][ T5833] RAX: 0000000000000003 RBX: ffffffff83be07ee RCX: ffff888032200000 [ 81.499202][ T5833] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 81.507215][ T5833] RBP: ffffc90003e8f960 R08: 0000000000000000 R09: 0000000000000000 [ 81.515172][ T5833] R10: dffffc0000000000 R11: ffffed100e73d80e R12: 0000000000000018 [ 81.523207][ T5833] R13: ffff8880335ebc00 R14: dffffc0000000000 R15: 0000000000000000 [ 81.531220][ T5833] FS: 000055558d726380(0000) GS:ffff888125c26000(0000) knlGS:0000000000000000 [ 81.540204][ T5833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.546812][ T5833] CR2: 000055a544b26768 CR3: 00000000743fa000 CR4: 00000000003526f0 [ 81.554782][ T5833] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.562811][ T5833] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.570832][ T5833] Kernel panic - not syncing: Fatal exception [ 81.577190][ T5833] Kernel Offset: disabled [ 81.581512][ T5833] Rebooting in 86400 seconds..