./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1529437881 <...> Warning: Permanently added '10.128.0.41' (ED25519) to the list of known hosts. execve("./syz-executor1529437881", ["./syz-executor1529437881"], 0x7ffe26dac3b0 /* 10 vars */) = 0 brk(NULL) = 0x555560d7f000 brk(0x555560d7fd00) = 0x555560d7fd00 arch_prctl(ARCH_SET_FS, 0x555560d7f380) = 0 set_tid_address(0x555560d7f650) = 5830 set_robust_list(0x555560d7f660, 24) = 0 rseq(0x555560d7fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1529437881", 4096) = 28 getrandom("\xa6\x1a\x9d\x54\xd6\x2e\x6b\x62", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555560d7fd00 brk(0x555560da0d00) = 0x555560da0d00 brk(0x555560da1000) = 0x555560da1000 mprotect(0x7f1c2f982000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 [ 65.663797][ T30] audit: type=1400 audit(1752985603.293:62): avc: denied { write } for pid=5827 comm="strace-static-x" path="pipe:[4385]" dev="pipefs" ino=4385 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 openat(AT_FDCWD, "/dev/loop7", O_RDWR|O_CREAT|O_NONBLOCK|__O_SYNC|O_CLOEXEC|0x20, 000) = 3 [ 65.705347][ T30] audit: type=1400 audit(1752985603.333:63): avc: denied { execmem } for pid=5830 comm="syz-executor152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 65.725123][ T30] audit: type=1400 audit(1752985603.353:64): avc: denied { read write } for pid=5830 comm="syz-executor152" name="loop7" dev="devtmpfs" ino=654 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 openat(AT_FDCWD, "/sys/kernel/fscaps", O_RDONLY|O_NOATIME) = 4 [ 65.749439][ T30] audit: type=1400 audit(1752985603.353:65): avc: denied { open } for pid=5830 comm="syz-executor152" path="/dev/loop7" dev="devtmpfs" ino=654 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 65.763604][ T5830] loop7: detected capacity change from 0 to 7 [ 65.773784][ T30] audit: type=1400 audit(1752985603.393:66): avc: denied { ioctl } for pid=5830 comm="syz-executor152" path="/dev/loop7" dev="devtmpfs" ino=654 ioctlcmd=0x4c0a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 65.806371][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.815595][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.823843][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.832982][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.840984][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.850121][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.858248][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.867415][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.875547][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.884708][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.892800][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.901927][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.909892][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.919033][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.926894][ T5830] ldm_validate_partition_table(): Disk read failed. [ 65.933699][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.942843][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.950899][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.959992][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.968132][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 65.977275][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 65.985520][ T5830] Dev loop7: unable to read RDB block 0 [ 65.991908][ T5830] loop7: unable to read partition table [ 65.997621][ T5830] loop7: partition table beyond EOD, truncated ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0x4, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN, lo_file_name="\xfa\xf9\x83\x17\xe5\xa1\x14\x99\x89\xfc\x8d\xbe\x43\xea\x6a\xcc\x96\xe3\xa2\x50\x3d\xc3\xff\x03\xe3\x7d\x58\x12\x70\xba\xd0\x09\x9c\xeb\xdc\x25\xf5\xab\x60\xc9\xe6\xd6\x80\xf9\x85\x88\x1a\x7b\xed\xa9\xd6\x90\x98\xc8\xb5\x34\x46\x4c\x51\x6b\xdd\x8a\x0f"..., ...}}) = 0 [ 66.003804][ T5830] loop_reread_partitions: partition scan of loop7 (Cj̖P=}Xp %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 66.060866][ T5830] [ 66.063203][ T5830] ====================================================== [ 66.070208][ T5830] WARNING: possible circular locking dependency detected [ 66.077199][ T5830] 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 Not tainted [ 66.084280][ T5830] ------------------------------------------------------ [ 66.091274][ T5830] syz-executor152/5830 is trying to acquire lock: [ 66.097668][ T5830] ffff88801c6f4a20 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0 [ 66.107862][ T5830] [ 66.107862][ T5830] but task is already holding lock: [ 66.115207][ T5830] ffff8880260d4520 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 66.126428][ T5830] [ 66.126428][ T5830] which lock already depends on the new lock. [ 66.126428][ T5830] [ 66.136819][ T5830] [ 66.136819][ T5830] the existing dependency chain (in reverse order) is: [ 66.145816][ T5830] [ 66.145816][ T5830] -> #3 (&q->q_usage_counter(io)#24){++++}-{0:0}: [ 66.154406][ T5830] blk_alloc_queue+0x619/0x760 [ 66.159707][ T5830] blk_mq_alloc_queue+0x175/0x290 [ 66.165260][ T5830] __blk_mq_alloc_disk+0x29/0x120 [ 66.170797][ T5830] loop_add+0x49e/0xb70 [ 66.175469][ T5830] loop_init+0x164/0x270 [ 66.180224][ T5830] do_one_initcall+0x120/0x6e0 [ 66.185496][ T5830] kernel_init_freeable+0x5c2/0x900 [ 66.191202][ T5830] kernel_init+0x1c/0x2b0 [ 66.196047][ T5830] ret_from_fork+0x5d4/0x6f0 [ 66.201149][ T5830] ret_from_fork_asm+0x1a/0x30 [ 66.206421][ T5830] [ 66.206421][ T5830] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 66.213619][ T5830] fs_reclaim_acquire+0x102/0x150 [ 66.219154][ T5830] kmem_cache_alloc_noprof+0x53/0x3b0 [ 66.225039][ T5830] __kernfs_iattrs+0xbc/0x3f0 [ 66.230229][ T5830] __kernfs_setattr+0x4d/0x3c0 [ 66.235498][ T5830] kernfs_iop_setattr+0xda/0x120 [ 66.240943][ T5830] notify_change+0x6a9/0x1230 [ 66.246135][ T5830] do_truncate+0x1d7/0x230 [ 66.251066][ T5830] path_openat+0x2678/0x2cb0 [ 66.256161][ T5830] do_filp_open+0x20b/0x470 [ 66.261166][ T5830] do_sys_openat2+0x11b/0x1d0 [ 66.266354][ T5830] __x64_sys_openat+0x174/0x210 [ 66.271716][ T5830] do_syscall_64+0xcd/0x4c0 [ 66.276727][ T5830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.283130][ T5830] [ 66.283130][ T5830] -> #1 (iattr_mutex){+.+.}-{4:4}: [ 66.290414][ T5830] __mutex_lock+0x199/0xb90 [ 66.295428][ T5830] __kernfs_iattrs+0x2b/0x3f0 [ 66.300619][ T5830] __kernfs_setattr+0x4d/0x3c0 [ 66.305886][ T5830] kernfs_iop_setattr+0xda/0x120 [ 66.311327][ T5830] notify_change+0x6a9/0x1230 [ 66.316518][ T5830] do_truncate+0x1d7/0x230 [ 66.321447][ T5830] path_openat+0x2678/0x2cb0 [ 66.326543][ T5830] do_filp_open+0x20b/0x470 [ 66.331550][ T5830] do_sys_openat2+0x11b/0x1d0 [ 66.336734][ T5830] __x64_sys_openat+0x174/0x210 [ 66.342092][ T5830] do_syscall_64+0xcd/0x4c0 [ 66.347102][ T5830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.353503][ T5830] [ 66.353503][ T5830] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 66.362001][ T5830] __lock_acquire+0x126f/0x1c90 [ 66.367359][ T5830] lock_acquire+0x179/0x350 [ 66.372365][ T5830] down_read+0x9b/0x480 [ 66.377028][ T5830] kernfs_iop_getattr+0x9c/0xf0 [ 66.382393][ T5830] vfs_getattr_nosec+0x2ac/0x430 [ 66.387837][ T5830] vfs_getattr+0x4a/0x60 [ 66.392585][ T5830] loop_query_min_dio_size.isra.0+0x117/0x250 [ 66.399164][ T5830] lo_ioctl+0x1d2e/0x2760 [ 66.404003][ T5830] blkdev_ioctl+0x277/0x6d0 [ 66.409015][ T5830] __x64_sys_ioctl+0x18e/0x210 [ 66.414289][ T5830] do_syscall_64+0xcd/0x4c0 [ 66.419300][ T5830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.425703][ T5830] [ 66.425703][ T5830] other info that might help us debug this: [ 66.425703][ T5830] [ 66.435916][ T5830] Chain exists of: [ 66.435916][ T5830] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#24 [ 66.435916][ T5830] [ 66.450341][ T5830] Possible unsafe locking scenario: [ 66.450341][ T5830] [ 66.457775][ T5830] CPU0 CPU1 [ 66.463120][ T5830] ---- ---- [ 66.468465][ T5830] lock(&q->q_usage_counter(io)#24); [ 66.473827][ T5830] lock(fs_reclaim); [ 66.480314][ T5830] lock(&q->q_usage_counter(io)#24); [ 66.488200][ T5830] rlock(&root->kernfs_iattr_rwsem); [ 66.493559][ T5830] [ 66.493559][ T5830] *** DEADLOCK *** [ 66.493559][ T5830] [ 66.501688][ T5830] 3 locks held by syz-executor152/5830: [ 66.507218][ T5830] #0: ffff888142bf4400 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0 [ 66.517396][ T5830] #1: ffff8880260d4520 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 66.529054][ T5830] #2: ffff8880260d4558 (&q->q_usage_counter(queue)#19){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 66.540972][ T5830] [ 66.540972][ T5830] stack backtrace: [ 66.546847][ T5830] CPU: 1 UID: 0 PID: 5830 Comm: syz-executor152 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) [ 66.546865][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 66.546874][ T5830] Call Trace: [ 66.546880][ T5830] [ 66.546886][ T5830] dump_stack_lvl+0x116/0x1f0 [ 66.546912][ T5830] print_circular_bug+0x275/0x350 [ 66.546936][ T5830] check_noncircular+0x14c/0x170 [ 66.546958][ T5830] __lock_acquire+0x126f/0x1c90 [ 66.546974][ T5830] lock_acquire+0x179/0x350 [ 66.546985][ T5830] ? kernfs_iop_getattr+0x9c/0xf0 [ 66.547007][ T5830] ? __pfx___might_resched+0x10/0x10 [ 66.547027][ T5830] down_read+0x9b/0x480 [ 66.547041][ T5830] ? kernfs_iop_getattr+0x9c/0xf0 [ 66.547061][ T5830] ? find_held_lock+0x2b/0x80 [ 66.547077][ T5830] ? __pfx_down_read+0x10/0x10 [ 66.547091][ T5830] ? kernfs_root+0xee/0x2a0 [ 66.547112][ T5830] kernfs_iop_getattr+0x9c/0xf0 [ 66.547134][ T5830] vfs_getattr_nosec+0x2ac/0x430 [ 66.547149][ T5830] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 66.547170][ T5830] vfs_getattr+0x4a/0x60 [ 66.547184][ T5830] loop_query_min_dio_size.isra.0+0x117/0x250 [ 66.547204][ T5830] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 66.547222][ T5830] ? mark_held_locks+0x49/0x80 [ 66.547239][ T5830] ? blk_freeze_queue_start+0xec/0x140 [ 66.547258][ T5830] lo_ioctl+0x1d2e/0x2760 [ 66.547277][ T5830] ? __lock_acquire+0x622/0x1c90 [ 66.547292][ T5830] ? __pfx_lo_ioctl+0x10/0x10 [ 66.547309][ T5830] ? find_held_lock+0x2b/0x80 [ 66.547325][ T5830] ? avc_has_extended_perms+0x33a/0x1090 [ 66.547344][ T5830] ? avc_has_extended_perms+0x47c/0x1090 [ 66.547361][ T5830] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 66.547378][ T5830] ? kasan_quarantine_put+0x10a/0x240 [ 66.547398][ T5830] ? lockdep_hardirqs_on+0x7c/0x110 [ 66.547420][ T5830] ? find_held_lock+0x2b/0x80 [ 66.547438][ T5830] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 66.547455][ T5830] ? blkdev_common_ioctl+0x1dd/0x2480 [ 66.547472][ T5830] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 66.547487][ T5830] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 66.547505][ T5830] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 66.547523][ T5830] ? do_raw_spin_lock+0x12c/0x2b0 [ 66.547538][ T5830] ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540 [ 66.547552][ T5830] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 66.547566][ T5830] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 66.547583][ T5830] ? __pfx_lo_ioctl+0x10/0x10 [ 66.547600][ T5830] blkdev_ioctl+0x277/0x6d0 [ 66.547616][ T5830] ? __pfx_blkdev_ioctl+0x10/0x10 [ 66.547633][ T5830] ? selinux_file_ioctl+0x180/0x270 [ 66.547645][ T5830] ? selinux_file_ioctl+0xb4/0x270 [ 66.547657][ T5830] ? __pfx_blkdev_ioctl+0x10/0x10 [ 66.547673][ T5830] __x64_sys_ioctl+0x18e/0x210 [ 66.547691][ T5830] do_syscall_64+0xcd/0x4c0 [ 66.547708][ T5830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.547722][ T5830] RIP: 0033:0x7f1c2f90f2a9 [ 66.547734][ T5830] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 66.547747][ T5830] RSP: 002b:00007ffe49a03bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 66.547761][ T5830] RAX: ffffffffffffffda RBX: 00007ffe49a03d98 RCX: 00007f1c2f90f2a9 [ 66.547769][ T5830] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003 [ 66.547777][ T5830] RBP: 00007f1c2f982610 R08: 00007ffe49a03d98 R09: 00007ffe49a03d98 [ 66.547786][ T5830] R10: 00007ffe49a03d98 R11: 0000000000000246 R12: 0000000000000001 [ 66.547794][ T5830] R13: 00007ffe49a03d88 R14: 0000000000000001 R15: 0000000000000001 [ 66.547806][ T5830] [ 66.900201][ T5830] ldm_validate_partition_table(): Disk read failed. ioctl(3, LOOP_CHANGE_FD, 4) = 0 exit_group(0) = ? +++ exited with 0 +++ [