[   16.738602][ T3892] 8021q: adding VLAN 0 to HW filter on device bond0
[   16.743369][ T3892] eql: remember to turn off Van-Jacobson compression on your slave devices
[   16.788477][   T11] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   16.793950][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.10.45' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   39.948009][ T4306] 
[   39.948612][ T4306] ======================================================
[   39.950180][ T4306] WARNING: possible circular locking dependency detected
[   39.951748][ T4306] 6.1.16-syzkaller #0 Not tainted
[   39.952951][ T4306] ------------------------------------------------------
[   39.954513][ T4306] syz-executor181/4306 is trying to acquire lock:
[   39.955948][ T4306] ffff0000ccd080a8 ((&sq->pending_timer)){+.-.}-{0:0}, at: del_timer_sync+0x74/0x210
[   39.958107][ T4306] 
[   39.958107][ T4306] but task is already holding lock:
[   39.959782][ T4306] ffff800019965b30 (&blkcg->lock){....}-{2:2}, at: blkcg_deactivate_policy+0x1b8/0x4bc
[   39.962084][ T4306] 
[   39.962084][ T4306] which lock already depends on the new lock.
[   39.962084][ T4306] 
[   39.964422][ T4306] 
[   39.964422][ T4306] the existing dependency chain (in reverse order) is:
[   39.966535][ T4306] 
[   39.966535][ T4306] -> #2 (&blkcg->lock){....}-{2:2}:
[   39.968282][ T4306]        _raw_spin_lock+0x54/0x6c
[   39.969412][ T4306]        blkg_create+0x9f4/0x1158
[   39.970570][ T4306]        blkcg_init_disk+0xe4/0x32c
[   39.971828][ T4306]        __alloc_disk_node+0x26c/0x484
[   39.973104][ T4306]        __blk_alloc_disk+0x40/0xbc
[   39.974310][ T4306]        brd_alloc+0x2ac/0x5c8
[   39.975412][ T4306]        brd_init+0x108/0x1c4
[   39.976465][ T4306]        do_one_initcall+0x310/0xda4
[   39.977687][ T4306]        do_initcall_level+0x154/0x214
[   39.978918][ T4306]        do_initcalls+0x58/0xac
[   39.980063][ T4306]        do_basic_setup+0x8c/0xa0
[   39.981280][ T4306]        kernel_init_freeable+0x3a4/0x528
[   39.982644][ T4306]        kernel_init+0x24/0x29c
[   39.983796][ T4306]        ret_from_fork+0x10/0x20
[   39.984945][ T4306] 
[   39.984945][ T4306] -> #1 (&q->queue_lock){..-.}-{2:2}:
[   39.986759][ T4306]        _raw_spin_lock_irq+0x70/0x9c
[   39.988014][ T4306]        throtl_pending_timer_fn+0x104/0xdcc
[   39.989390][ T4306]        call_timer_fn+0x270/0xcf4
[   39.990574][ T4306]        __run_timers+0x554/0x718
[   39.991737][ T4306]        run_timer_softirq+0x7c/0x114
[   39.993058][ T4306]        __do_softirq+0x37c/0xff4
[   39.994285][ T4306]        ____do_softirq+0x14/0x20
[   39.995466][ T4306]        call_on_irq_stack+0x2c/0x54
[   39.996748][ T4306]        do_softirq_own_stack+0x20/0x2c
[   39.998095][ T4306]        __irq_exit_rcu+0x28c/0x534
[   39.999298][ T4306]        irq_exit_rcu+0x14/0x84
[   40.000402][ T4306]        el1_interrupt+0x38/0x68
[   40.001527][ T4306]        el1h_64_irq_handler+0x18/0x24
[   40.002807][ T4306]        el1h_64_irq+0x64/0x68
[   40.003962][ T4306]        arch_local_irq_enable+0xc/0x18
[   40.005233][ T4306]        default_idle_call+0x68/0xdc
[   40.006455][ T4306]        do_idle+0x1e0/0x514
[   40.007505][ T4306]        cpu_startup_entry+0x24/0x28
[   40.008794][ T4306]        secondary_start_kernel+0x19c/0x1c4
[   40.010191][ T4306]        __secondary_switched+0xb0/0xb4
[   40.011558][ T4306] 
[   40.011558][ T4306] -> #0 ((&sq->pending_timer)){+.-.}-{0:0}:
[   40.013508][ T4306]        __lock_acquire+0x3338/0x764c
[   40.014834][ T4306]        lock_acquire+0x300/0x8e4
[   40.016045][ T4306]        del_timer_sync+0x9c/0x210
[   40.017236][ T4306]        throtl_pd_free+0x20/0x48
[   40.018391][ T4306]        blkcg_deactivate_policy+0x2d8/0x4bc
[   40.019801][ T4306]        blk_throtl_exit+0x9c/0x13c
[   40.021001][ T4306]        blkcg_exit_disk+0x4c/0x5c
[   40.022216][ T4306]        disk_release+0x170/0x2d8
[   40.023404][ T4306]        device_release+0x8c/0x1ac
[   40.024580][ T4306]        kobject_put+0x2a8/0x41c
[   40.025738][ T4306]        put_device+0x28/0x40
[   40.026777][ T4306]        put_disk+0x4c/0x64
[   40.027812][ T4306]        loop_control_ioctl+0x534/0x650
[   40.029121][ T4306]        __arm64_sys_ioctl+0x14c/0x1c8
[   40.030450][ T4306]        invoke_syscall+0x98/0x2c0
[   40.031652][ T4306]        el0_svc_common+0x138/0x258
[   40.032846][ T4306]        do_el0_svc+0x64/0x218
[   40.033975][ T4306]        el0_svc+0x58/0x168
[   40.034992][ T4306]        el0t_64_sync_handler+0x84/0xf0
[   40.036257][ T4306]        el0t_64_sync+0x18c/0x190
[   40.037428][ T4306] 
[   40.037428][ T4306] other info that might help us debug this:
[   40.037428][ T4306] 
[   40.039737][ T4306] Chain exists of:
[   40.039737][ T4306]   (&sq->pending_timer) --> &q->queue_lock --> &blkcg->lock
[   40.039737][ T4306] 
[   40.042758][ T4306]  Possible unsafe locking scenario:
[   40.042758][ T4306] 
[   40.044445][ T4306]        CPU0                    CPU1
[   40.045671][ T4306]        ----                    ----
[   40.046941][ T4306]   lock(&blkcg->lock);
[   40.047955][ T4306]                                lock(&q->queue_lock);
[   40.049626][ T4306]                                lock(&blkcg->lock);
[   40.051171][ T4306]   lock((&sq->pending_timer));
[   40.052304][ T4306] 
[   40.052304][ T4306]  *** DEADLOCK ***
[   40.052304][ T4306] 
[   40.054196][ T4306] 3 locks held by syz-executor181/4306:
[   40.055519][ T4306]  #0: ffff0000cccf0b28 (&q->blkcg_mutex){+.+.}-{3:3}, at: blkcg_deactivate_policy+0xfc/0x4bc
[   40.057914][ T4306]  #1: ffff0000cccf0918 (&q->queue_lock){..-.}-{2:2}, at: blkcg_deactivate_policy+0x108/0x4bc
[   40.060293][ T4306]  #2: ffff800019965b30 (&blkcg->lock){....}-{2:2}, at: blkcg_deactivate_policy+0x1b8/0x4bc
[   40.062548][ T4306] 
[   40.062548][ T4306] stack backtrace:
[   40.063929][ T4306] CPU: 1 PID: 4306 Comm: syz-executor181 Not tainted 6.1.16-syzkaller #0
[   40.065806][ T4306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   40.068098][ T4306] Call trace:
[   40.068848][ T4306]  dump_backtrace+0x1c8/0x1f4
[   40.069938][ T4306]  show_stack+0x2c/0x3c
[   40.070863][ T4306]  dump_stack_lvl+0x108/0x170
[   40.072000][ T4306]  dump_stack+0x1c/0x5c
[   40.072975][ T4306]  print_circular_bug+0x150/0x1b8
[   40.074169][ T4306]  check_noncircular+0x2cc/0x378
[   40.075338][ T4306]  __lock_acquire+0x3338/0x764c
[   40.076441][ T4306]  lock_acquire+0x300/0x8e4
[   40.077438][ T4306]  del_timer_sync+0x9c/0x210
[   40.078543][ T4306]  throtl_pd_free+0x20/0x48
[   40.079556][ T4306]  blkcg_deactivate_policy+0x2d8/0x4bc
[   40.080819][ T4306]  blk_throtl_exit+0x9c/0x13c
[   40.081923][ T4306]  blkcg_exit_disk+0x4c/0x5c
[   40.083017][ T4306]  disk_release+0x170/0x2d8
[   40.084003][ T4306]  device_release+0x8c/0x1ac
[   40.085043][ T4306]  kobject_put+0x2a8/0x41c
[   40.086088][ T4306]  put_device+0x28/0x40
[   40.087085][ T4306]  put_disk+0x4c/0x64
[   40.088071][ T4306]  loop_control_ioctl+0x534/0x650
[   40.089191][ T4306]  __arm64_sys_ioctl+0x14c/0x1c8
[   40.090350][ T4306]  invoke_syscall+0x98/0x2c0
[   40.091390][ T4306]  el0_svc_common+0x138/0x258
[   40.092443][ T4306]  do_el0_svc+0x64/0x218
[   40.093436][ T4306]  el0_svc+0x58/0x168
[   40.094328][ T4306]  el0t_64_sync_handler+0x84/0xf0
[   40.095465][ T4306]  el0t_64_sync+0x18c/0x190