./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3360382955 <...> Warning: Permanently added '10.128.0.168' (ED25519) to the list of known hosts. execve("./syz-executor3360382955", ["./syz-executor3360382955"], 0x7ffdefa88e20 /* 10 vars */) = 0 brk(NULL) = 0x555570ecb000 brk(0x555570ecbd00) = 0x555570ecbd00 arch_prctl(ARCH_SET_FS, 0x555570ecb380) = 0 set_tid_address(0x555570ecb650) = 5854 set_robust_list(0x555570ecb660, 24) = 0 rseq(0x555570ecbca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3360382955", 4096) = 28 getrandom("\x1d\xe7\x52\xb6\x59\x9e\xf1\xaf", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555570ecbd00 brk(0x555570eecd00) = 0x555570eecd00 brk(0x555570eed000) = 0x555570eed000 mprotect(0x7f2780890000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 openat(AT_FDCWD, "/dev/loop7", O_RDWR|O_CREAT|O_NONBLOCK|__O_SYNC|O_CLOEXEC|0x20, 000) = 3 openat(AT_FDCWD, "/sys/kernel/fscaps", O_RDONLY|O_NOATIME) = 4 [ 87.864992][ T5854] loop7: detected capacity change from 0 to 7 [ 87.873706][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 87.883000][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 87.891319][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 87.900504][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 87.908942][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 87.918089][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 87.926553][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 87.935695][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 87.943749][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 87.953071][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 87.961119][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 87.970271][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 87.978379][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 87.987553][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 87.995465][ T5854] ldm_validate_partition_table(): Disk read failed. [ 88.002354][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 88.011523][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 88.019633][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 88.028815][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 88.037082][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 88.046237][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 88.054340][ T5854] Dev loop7: unable to read RDB block 0 ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0x4, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN, lo_file_name="\xfa\xf9\x83\x17\xe5\xa1\x14\x99\x89\xfc\x8d\xbe\x43\xea\x6a\xcc\x96\xe3\xa2\x50\x3d\xc3\xff\x03\xe3\x7d\x58\x12\x70\xba\xd0\x09\x9c\xeb\xdc\x25\xf5\xab\x60\xc9\xe6\xd6\x80\xf9\x85\x88\x1a\x7b\xed\xa9\xd6\x90\x98\xc8\xb5\x34\x46\x4c\x51\x6b\xdd\x8a\x0f"..., ...}}) = 0 [ 88.060694][ T5854] loop7: unable to read partition table [ 88.066633][ T5854] loop7: partition table beyond EOD, truncated [ 88.072832][ T5854] loop_reread_partitions: partition scan of loop7 (Cj̖P=}Xp %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 88.125329][ T5854] [ 88.127689][ T5854] ====================================================== [ 88.134694][ T5854] WARNING: possible circular locking dependency detected [ 88.141708][ T5854] 6.16.0-rc6-next-20250718-syzkaller #0 Not tainted [ 88.148283][ T5854] ------------------------------------------------------ [ 88.155302][ T5854] syz-executor336/5854 is trying to acquire lock: [ 88.161701][ T5854] ffff88801b6ffa20 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9e/0x450 [ 88.171978][ T5854] [ 88.171978][ T5854] but task is already holding lock: [ 88.179337][ T5854] ffff88814375ec98 (&q->q_usage_counter(io)#25){++++}-{0:0}, at: lo_ioctl+0x17f2/0x1d00 [ 88.189118][ T5854] [ 88.189118][ T5854] which lock already depends on the new lock. [ 88.189118][ T5854] [ 88.199525][ T5854] [ 88.199525][ T5854] the existing dependency chain (in reverse order) is: [ 88.208546][ T5854] [ 88.208546][ T5854] -> #2 (&q->q_usage_counter(io)#25){++++}-{0:0}: [ 88.217145][ T5854] lock_acquire+0x120/0x360 [ 88.222167][ T5854] blk_alloc_queue+0x538/0x620 [ 88.227449][ T5854] __blk_mq_alloc_disk+0x15c/0x340 [ 88.233077][ T5854] loop_add+0x411/0xad0 [ 88.237743][ T5854] loop_init+0x173/0x230 [ 88.242490][ T5854] do_one_initcall+0x233/0x820 [ 88.247770][ T5854] do_initcall_level+0x137/0x1f0 [ 88.253244][ T5854] do_initcalls+0x69/0xd0 [ 88.258090][ T5854] kernel_init_freeable+0x3d9/0x590 [ 88.263807][ T5854] kernel_init+0x1d/0x1d0 [ 88.268668][ T5854] ret_from_fork+0x3f9/0x770 [ 88.273774][ T5854] ret_from_fork_asm+0x1a/0x30 [ 88.279052][ T5854] [ 88.279052][ T5854] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 88.286248][ T5854] lock_acquire+0x120/0x360 [ 88.291267][ T5854] fs_reclaim_acquire+0x72/0x100 [ 88.296721][ T5854] kmem_cache_alloc_noprof+0x44/0x3c0 [ 88.302603][ T5854] __kernfs_iattrs+0xd9/0x320 [ 88.307877][ T5854] kernfs_iop_setattr+0xea/0x3f0 [ 88.313325][ T5854] notify_change+0xb36/0xe40 [ 88.318427][ T5854] do_truncate+0x1a4/0x220 [ 88.323367][ T5854] path_openat+0x306c/0x3830 [ 88.328464][ T5854] do_filp_open+0x1fa/0x410 [ 88.333499][ T5854] do_sys_openat2+0x121/0x1c0 [ 88.338683][ T5854] __x64_sys_openat+0x138/0x170 [ 88.344041][ T5854] do_syscall_64+0xfa/0x3b0 [ 88.349053][ T5854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.355459][ T5854] [ 88.355459][ T5854] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 88.363951][ T5854] validate_chain+0xb9b/0x2140 [ 88.369236][ T5854] __lock_acquire+0xab9/0xd20 [ 88.374418][ T5854] lock_acquire+0x120/0x360 [ 88.379427][ T5854] down_read+0x46/0x2e0 [ 88.384086][ T5854] kernfs_iop_getattr+0x9e/0x450 [ 88.389532][ T5854] vfs_getattr_nosec+0x2de/0x430 [ 88.394991][ T5854] loop_assign_backing_file+0x222/0x400 [ 88.401054][ T5854] lo_ioctl+0x1860/0x1d00 [ 88.405928][ T5854] blkdev_ioctl+0x5a5/0x6d0 [ 88.410947][ T5854] __se_sys_ioctl+0xf9/0x170 [ 88.416044][ T5854] do_syscall_64+0xfa/0x3b0 [ 88.421057][ T5854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.427466][ T5854] [ 88.427466][ T5854] other info that might help us debug this: [ 88.427466][ T5854] [ 88.437679][ T5854] Chain exists of: [ 88.437679][ T5854] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#25 [ 88.437679][ T5854] [ 88.452106][ T5854] Possible unsafe locking scenario: [ 88.452106][ T5854] [ 88.459554][ T5854] CPU0 CPU1 [ 88.464908][ T5854] ---- ---- [ 88.470270][ T5854] lock(&q->q_usage_counter(io)#25); [ 88.475660][ T5854] lock(fs_reclaim); [ 88.482155][ T5854] lock(&q->q_usage_counter(io)#25); [ 88.490047][ T5854] rlock(&root->kernfs_iattr_rwsem); [ 88.495441][ T5854] [ 88.495441][ T5854] *** DEADLOCK *** [ 88.495441][ T5854] [ 88.503590][ T5854] 3 locks held by syz-executor336/5854: [ 88.509121][ T5854] #0: ffff888024ee4400 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0xfbf/0x1d00 [ 88.518086][ T5854] #1: ffff88814375ec98 (&q->q_usage_counter(io)#25){++++}-{0:0}, at: lo_ioctl+0x17f2/0x1d00 [ 88.528259][ T5854] #2: ffff88814375ecd0 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: lo_ioctl+0x17f2/0x1d00 [ 88.538713][ T5854] [ 88.538713][ T5854] stack backtrace: [ 88.544612][ T5854] CPU: 0 UID: 0 PID: 5854 Comm: syz-executor336 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 88.544628][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 88.544642][ T5854] Call Trace: [ 88.544649][ T5854] [ 88.544655][ T5854] dump_stack_lvl+0x189/0x250 [ 88.544675][ T5854] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.544692][ T5854] ? __pfx__printk+0x10/0x10 [ 88.544713][ T5854] print_circular_bug+0x2ee/0x310 [ 88.544732][ T5854] check_noncircular+0x134/0x160 [ 88.544750][ T5854] validate_chain+0xb9b/0x2140 [ 88.544767][ T5854] ? tomoyo_path_perm+0x1e3/0x4b0 [ 88.544788][ T5854] __lock_acquire+0xab9/0xd20 [ 88.544804][ T5854] ? kernfs_iop_getattr+0x9e/0x450 [ 88.544816][ T5854] lock_acquire+0x120/0x360 [ 88.544828][ T5854] ? kernfs_iop_getattr+0x9e/0x450 [ 88.544844][ T5854] down_read+0x46/0x2e0 [ 88.544855][ T5854] ? kernfs_iop_getattr+0x9e/0x450 [ 88.544868][ T5854] kernfs_iop_getattr+0x9e/0x450 [ 88.544881][ T5854] vfs_getattr_nosec+0x2de/0x430 [ 88.544894][ T5854] loop_assign_backing_file+0x222/0x400 [ 88.544913][ T5854] ? __pfx_loop_assign_backing_file+0x10/0x10 [ 88.544930][ T5854] ? schedule+0x91/0x360 [ 88.544950][ T5854] ? percpu_ref_kill_and_confirm+0xa3/0x130 [ 88.544973][ T5854] lo_ioctl+0x1860/0x1d00 [ 88.544988][ T5854] ? __lock_acquire+0xab9/0xd20 [ 88.545004][ T5854] ? __pfx_lo_ioctl+0x10/0x10 [ 88.545018][ T5854] ? __lock_acquire+0xab9/0xd20 [ 88.545037][ T5854] ? is_bpf_text_address+0x26/0x2b0 [ 88.545053][ T5854] ? is_bpf_text_address+0x292/0x2b0 [ 88.545067][ T5854] ? is_bpf_text_address+0x26/0x2b0 [ 88.545083][ T5854] ? __lock_acquire+0xab9/0xd20 [ 88.545099][ T5854] ? __lock_acquire+0xab9/0xd20 [ 88.545118][ T5854] ? is_bpf_text_address+0x26/0x2b0 [ 88.545133][ T5854] ? is_bpf_text_address+0x292/0x2b0 [ 88.545147][ T5854] ? is_bpf_text_address+0x26/0x2b0 [ 88.545163][ T5854] ? kernel_text_address+0xa5/0xe0 [ 88.545174][ T5854] ? __kernel_text_address+0xd/0x40 [ 88.545185][ T5854] ? unwind_get_return_address+0x4d/0x90 [ 88.545201][ T5854] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 88.545220][ T5854] ? arch_stack_walk+0xfc/0x150 [ 88.545241][ T5854] ? stack_trace_save+0x9c/0xe0 [ 88.545259][ T5854] ? stack_depot_save_flags+0x40/0x900 [ 88.545277][ T5854] ? kasan_save_track+0x4f/0x80 [ 88.545288][ T5854] ? kasan_save_track+0x3e/0x80 [ 88.545298][ T5854] ? kasan_save_free_info+0x46/0x50 [ 88.545314][ T5854] ? __kasan_slab_free+0x62/0x70 [ 88.545326][ T5854] ? kfree+0x18e/0x440 [ 88.545336][ T5854] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 88.545353][ T5854] ? security_file_ioctl+0xcb/0x2d0 [ 88.545367][ T5854] ? __se_sys_ioctl+0x47/0x170 [ 88.545380][ T5854] ? do_syscall_64+0xfa/0x3b0 [ 88.545397][ T5854] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.545421][ T5854] ? kasan_quarantine_put+0xdd/0x220 [ 88.545435][ T5854] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 88.545451][ T5854] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 88.545471][ T5854] ? do_vfs_ioctl+0xbe8/0x1430 [ 88.545485][ T5854] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 88.545501][ T5854] ? __asan_memset+0x22/0x50 [ 88.545518][ T5854] ? blk_get_meta_cap+0x140/0x6d0 [ 88.545536][ T5854] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 88.545554][ T5854] ? blkdev_common_ioctl+0xa8d/0xc50 [ 88.545571][ T5854] ? __pfx_lo_ioctl+0x10/0x10 [ 88.545586][ T5854] blkdev_ioctl+0x5a5/0x6d0 [ 88.545603][ T5854] ? __pfx_blkdev_ioctl+0x10/0x10 [ 88.545620][ T5854] ? bpf_lsm_file_ioctl+0x9/0x20 [ 88.545631][ T5854] ? __pfx_blkdev_ioctl+0x10/0x10 [ 88.545647][ T5854] __se_sys_ioctl+0xf9/0x170 [ 88.545661][ T5854] do_syscall_64+0xfa/0x3b0 [ 88.545679][ T5854] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.545695][ T5854] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.545706][ T5854] ? clear_bhb_loop+0x60/0xb0 [ 88.545719][ T5854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.545731][ T5854] RIP: 0033:0x7f278081d2a9 [ 88.545747][ T5854] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 88.545759][ T5854] RSP: 002b:00007ffca02e28a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 88.545772][ T5854] RAX: ffffffffffffffda RBX: 00007ffca02e2a78 RCX: 00007f278081d2a9 [ 88.545780][ T5854] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003 [ 88.545787][ T5854] RBP: 00007f2780890610 R08: 00007ffca02e2a78 R09: 00007ffca02e2a78 [ 88.545796][ T5854] R10: 00007ffca02e2a78 R11: 0000000000000246 R12: 0000000000000001 [ 88.545803][ T5854] R13: 00007ffca02e2a68 R14: 0000000000000001 R15: 0000000000000001 [ 88.545815][ T5854] [ 88.998020][ T5854] ldm_validate_partition_table(): Disk read failed. [ 89.009776][ T5854] Dev loop7: unable to read RDB block 0 [ 89.020201][ T5854] loop7: unable to read partition table ioctl(3, LOOP_CHANGE_FD, 4) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 89.026160][ T5854] loop7: partit