BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.16 (3360) BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d BTRFS info (device loop2): using sha256 (sha256-x86_64) checksum algorithm BTRFS info (device loop2): disk space caching is enabled BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 ====================================================== WARNING: possible circular locking dependency detected 6.16.0-rc2-syzkaller #0 Not tainted ------------------------------------------------------ syz.2.16/3360 is trying to acquire lock: ffffffff83e72c70 (uuid_mutex){+.+.}-{4:4}, at: btrfs_read_chunk_tree+0x52/0xcc0 fs/btrfs/volumes.c:7462 but task is already holding lock: ffff888101b860e0 (&type->s_umount_key#48/1){+.+.}-{4:4}, at: alloc_super+0xd2/0x3b0 fs/super.c:345 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&type->s_umount_key#48/1){+.+.}-{4:4}: down_write_nested+0x2d/0xc0 kernel/locking/rwsem.c:1693 alloc_super+0xd2/0x3b0 fs/super.c:345 sget_fc+0xe7/0x3a0 fs/super.c:761 btrfs_get_tree_super fs/btrfs/super.c:1867 [inline] btrfs_get_tree_subvol fs/btrfs/super.c:2060 [inline] btrfs_get_tree+0x199/0x6c0 fs/btrfs/super.c:2094 vfs_get_tree+0x29/0xb0 fs/super.c:1802 do_new_mount+0x13f/0x380 fs/namespace.c:3885 do_mount fs/namespace.c:4222 [inline] __do_sys_mount fs/namespace.c:4433 [inline] __se_sys_mount+0x173/0x1e0 fs/namespace.c:4410 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa6/0x2c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (uuid_mutex){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3168 [inline] check_prevs_add kernel/locking/lockdep.c:3287 [inline] validate_chain kernel/locking/lockdep.c:3911 [inline] __lock_acquire+0x12e6/0x2100 kernel/locking/lockdep.c:5240 lock_acquire+0xe9/0x270 kernel/locking/lockdep.c:5871 __mutex_lock_common kernel/locking/mutex.c:602 [inline] __mutex_lock+0xab/0xb20 kernel/locking/mutex.c:747 btrfs_read_chunk_tree+0x52/0xcc0 fs/btrfs/volumes.c:7462 open_ctree+0x8bf/0x1680 fs/btrfs/disk-io.c:3462 btrfs_fill_super fs/btrfs/super.c:984 [inline] btrfs_get_tree_super fs/btrfs/super.c:1923 [inline] btrfs_get_tree_subvol fs/btrfs/super.c:2060 [inline] btrfs_get_tree+0x427/0x6c0 fs/btrfs/super.c:2094 vfs_get_tree+0x29/0xb0 fs/super.c:1802 do_new_mount+0x13f/0x380 fs/namespace.c:3885 do_mount fs/namespace.c:4222 [inline] __do_sys_mount fs/namespace.c:4433 [inline] __se_sys_mount+0x173/0x1e0 fs/namespace.c:4410 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa6/0x2c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&type->s_umount_key#48/1); lock(uuid_mutex); lock(&type->s_umount_key#48/1); lock(uuid_mutex); *** DEADLOCK *** 1 lock held by syz.2.16/3360: #0: ffff888101b860e0 (&type->s_umount_key#48/1){+.+.}-{4:4}, at: alloc_super+0xd2/0x3b0 fs/super.c:345 stack backtrace: CPU: 0 UID: 0 PID: 3360 Comm: syz.2.16 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(undef) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: dump_stack_lvl+0xad/0x110 lib/dump_stack.c:120 print_circular_bug+0x29b/0x2b0 kernel/locking/lockdep.c:2046 check_noncircular+0x10e/0x130 kernel/locking/lockdep.c:2178 check_prev_add kernel/locking/lockdep.c:3168 [inline] check_prevs_add kernel/locking/lockdep.c:3287 [inline] validate_chain kernel/locking/lockdep.c:3911 [inline] __lock_acquire+0x12e6/0x2100 kernel/locking/lockdep.c:5240 lock_acquire+0xe9/0x270 kernel/locking/lockdep.c:5871 __mutex_lock_common kernel/locking/mutex.c:602 [inline] __mutex_lock+0xab/0xb20 kernel/locking/mutex.c:747 btrfs_read_chunk_tree+0x52/0xcc0 fs/btrfs/volumes.c:7462 open_ctree+0x8bf/0x1680 fs/btrfs/disk-io.c:3462 btrfs_fill_super fs/btrfs/super.c:984 [inline] btrfs_get_tree_super fs/btrfs/super.c:1923 [inline] btrfs_get_tree_subvol fs/btrfs/super.c:2060 [inline] btrfs_get_tree+0x427/0x6c0 fs/btrfs/super.c:2094 vfs_get_tree+0x29/0xb0 fs/super.c:1802 do_new_mount+0x13f/0x380 fs/namespace.c:3885 do_mount fs/namespace.c:4222 [inline] __do_sys_mount fs/namespace.c:4433 [inline] __se_sys_mount+0x173/0x1e0 fs/namespace.c:4410 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa6/0x2c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f68d77900ca Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f68d858de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f68d858def0 RCX: 00007f68d77900ca RDX: 00002000000004c0 RSI: 00002000000015c0 RDI: 00007f68d858deb0 RBP: 00002000000004c0 R08: 00007f68d858def0 R09: 0000000002000000 R10: 0000000002000000 R11: 0000000000000246 R12: 00002000000015c0 R13: 00007f68d858deb0 R14: 000000000000559e R15: 0000200000000100 BTRFS info (device loop2): rebuilding free space tree BTRFS info (device loop2): disabling free space tree BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)