no interfaces have a carrier [ 23.325182][ T4648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.335620][ T4648] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: [ 23.755526][ T4741] sshd (4741) used greatest stack depth: 22368 bytes left OK syzkaller Warning: Permanently added '10.128.1.35' (ECDSA) to the list of known hosts. syzkaller login: [ 68.070571][ T5062] cgroup: Unknown subsys name 'net' [ 68.171860][ T5062] cgroup: Unknown subsys name 'rlimit' [ 68.267761][ T5067] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.275786][ T5067] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.283826][ T5067] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.292065][ T5067] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.299719][ T5067] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.307125][ T5067] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.360576][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.368813][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.377996][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.389593][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.397509][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 68.405791][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.568346][ T5070] loop0: detected capacity change from 0 to 32768 [ 68.578872][ T5070] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 68.586778][ T5070] gfs2: fsid=loop0: Now mounting FS (format 1801)... [ 68.598878][ T5070] gfs2: fsid=loop0.0: journal 0 mapped with 5 extents in 0ms [ 68.607902][ T22] gfs2: fsid=loop0.0: jid=0, already locked for use [ 68.614735][ T22] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 68.639175][ T22] kworker/1:0: attempt to access beyond end of device [ 68.639175][ T22] loop0: rw=0, sector=507904, nr_sectors = 8 limit=32768 [ 68.654789][ T22] gfs2: fsid=loop0.0: jid=0: Failed [ 68.661630][ T5070] gfs2: fsid=loop0.0: error recovering journal 0: -5 executing program [ 68.924873][ T5071] loop0: detected capacity change from 0 to 32768 [ 68.932852][ T5071] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 68.940873][ T5071] gfs2: fsid=loop0: Now mounting FS (format 1801)... [ 68.950619][ T5071] gfs2: fsid=loop0.0: journal 0 mapped with 5 extents in 0ms [ 68.958906][ T892] gfs2: fsid=loop0.0: jid=0, already locked for use [ 68.965619][ T892] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 68.989087][ T892] kworker/0:2: attempt to access beyond end of device [ 68.989087][ T892] loop0: rw=0, sector=507904, nr_sectors = 8 limit=32768 [ 69.004431][ T892] gfs2: fsid=loop0.0: jid=0: Failed [ 69.011492][ T5071] gfs2: fsid=loop0.0: error recovering journal 0: -5 executing program [ 69.241904][ T5072] loop0: detected capacity change from 0 to 32768 [ 69.250248][ T5072] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 69.258127][ T5072] gfs2: fsid=loop0: Now mounting FS (format 1801)... [ 69.267309][ T5072] gfs2: fsid=loop0.0: journal 0 mapped with 5 extents in 0ms [ 69.275707][ T22] gfs2: fsid=loop0.0: jid=0, already locked for use [ 69.282382][ T22] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 69.305627][ T22] kworker/1:0: attempt to access beyond end of device [ 69.305627][ T22] loop0: rw=0, sector=507904, nr_sectors = 8 limit=32768 [ 69.321391][ T22] gfs2: fsid=loop0.0: jid=0: Failed [ 69.326728][ T5072] gfs2: fsid=loop0.0: error recovering journal 0: -5 executing program [ 69.562994][ T5073] loop0: detected capacity change from 0 to 32768 [ 69.571014][ T5073] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 69.579130][ T5073] gfs2: fsid=loop0: Now mounting FS (format 1801)... [ 69.588748][ T5073] gfs2: fsid=loop0.0: journal 0 mapped with 5 extents in 0ms [ 69.597184][ T892] gfs2: fsid=loop0.0: jid=0, already locked for use [ 69.603798][ T892] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 69.628476][ T892] kworker/0:2: attempt to access beyond end of device [ 69.628476][ T892] loop0: rw=0, sector=507904, nr_sectors = 8 limit=32768 [ 69.644017][ T892] gfs2: fsid=loop0.0: jid=0: Failed [ 69.649688][ T5073] gfs2: fsid=loop0.0: error recovering journal 0: -5 executing program [ 69.867403][ T5074] loop0: detected capacity change from 0 to 32768 [ 69.875216][ T5074] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 69.883085][ T5074] gfs2: fsid=loop0: Now mounting FS (format 1801)... [ 69.892290][ T5074] gfs2: fsid=loop0.0: journal 0 mapped with 5 extents in 0ms [ 69.900497][ T22] gfs2: fsid=loop0.0: jid=0, already locked for use [ 69.907140][ T22] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 69.930498][ T22] kworker/1:0: attempt to access beyond end of device [ 69.930498][ T22] loop0: rw=0, sector=507904, nr_sectors = 8 limit=32768 [ 69.945392][ T22] gfs2: fsid=loop0.0: jid=0: Failed [ 69.950934][ T5074] gfs2: fsid=loop0.0: error recovering journal 0: -5 executing program [ 70.203016][ T5075] loop0: detected capacity change from 0 to 32768 [ 70.210990][ T5075] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 70.219332][ T5075] gfs2: fsid=loop0: Now mounting FS (format 1801)... [ 70.228914][ T5075] gfs2: fsid=loop0.0: journal 0 mapped with 5 extents in 0ms [ 70.237586][ T892] gfs2: fsid=loop0.0: jid=0, already locked for use [ 70.244183][ T892] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 70.267258][ T892] kworker/0:2: attempt to access beyond end of device [ 70.267258][ T892] loop0: rw=0, sector=507904, nr_sectors = 8 limit=32768 [ 70.282742][ T892] gfs2: fsid=loop0.0: jid=0: Failed [ 70.288939][ T5075] gfs2: fsid=loop0.0: error recovering journal 0: -5 [ 70.378664][ T7] cfg80211: failed to load regulatory.db [ 70.387231][ T5067] Bluetooth: hci0: command 0x0409 tx timeout [ 70.394616][ T1201] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.401247][ T1201] ieee802154 phy1 wpan1: encryption failed: -22 executing program [ 70.694114][ T5076] loop0: detected capacity change from 0 to 32768 [ 70.705096][ T5076] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 70.713469][ T5076] gfs2: fsid=loop0: Now mounting FS (format 1801)... [ 70.724243][ T5076] gfs2: fsid=loop0.0: journal 0 mapped with 5 extents in 0ms [ 70.732860][ T22] gfs2: fsid=loop0.0: jid=0, already locked for use [ 70.739825][ T22] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 70.774281][ T22] gfs2: fsid=loop0.0: jid=0: Journal head lookup took 34ms [ 70.783206][ T22] gfs2: fsid=loop0.0: jid=0: Done [ 70.788666][ T5076] gfs2: fsid=loop0.0: first mount done, others may mount executing program [ 71.075457][ T5079] loop0: detected capacity change from 0 to 32768 [ 71.083306][ T5079] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 71.091183][ T5079] gfs2: fsid=loop0: Now mounting FS (format 1801)... [ 71.101033][ T5079] gfs2: fsid=loop0.0: journal 0 mapped with 5 extents in 0ms [ 71.109327][ T7] gfs2: fsid=loop0.0: jid=0, already locked for use [ 71.116016][ T7] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 71.139947][ T7] kworker/0:0: attempt to access beyond end of device [ 71.139947][ T7] loop0: rw=0, sector=507904, nr_sectors = 8 limit=32768 [ 71.155538][ T7] gfs2: fsid=loop0.0: jid=0: Failed [ 71.161888][ T5079] gfs2: fsid=loop0.0: error recovering journal 0: -5 executing program [ 71.392185][ T5080] loop0: detected capacity change from 0 to 32768 [ 71.400144][ T5080] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 71.408016][ T5080] gfs2: fsid=loop0: Now mounting FS (format 1801)... [ 71.417445][ T5080] gfs2: fsid=loop0.0: journal 0 mapped with 5 extents in 0ms [ 71.425930][ T22] gfs2: fsid=loop0.0: jid=0, already locked for use [ 71.432732][ T22] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 71.457152][ T22] gfs2: fsid=loop0.0: jid=0: Journal head lookup took 24ms [ 71.464500][ T22] gfs2: fsid=loop0.0: jid=0: Done [ 71.469807][ T5080] gfs2: fsid=loop0.0: first mount done, others may mount executing program [ 71.740783][ T5083] loop0: detected capacity change from 0 to 32768 [ 71.748988][ T5083] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 71.756808][ T5083] gfs2: fsid=loop0: Now mounting FS (format 1801)... [ 71.765974][ T5083] gfs2: fsid=loop0.0: journal 0 mapped with 5 extents in 0ms [ 71.774358][ T7] gfs2: fsid=loop0.0: jid=0, already locked for use [ 71.781089][ T7] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 71.804686][ T7] kworker/0:0: attempt to access beyond end of device [ 71.804686][ T7] loop0: rw=0, sector=507904, nr_sectors = 8 limit=32768 [ 71.820226][ T7] gfs2: fsid=loop0.0: jid=0: Failed [ 71.826092][ T5083] gfs2: fsid=loop0.0: error recovering journal 0: -5 executing program [ 72.063465][ T5084] loop0: detected capacity change from 0 to 32768 [ 72.071462][ T5084] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 72.079374][ T5084] gfs2: fsid=loop0: Now mounting FS (format 1801)... [ 72.088941][ T5084] gfs2: fsid=loop0.0: journal 0 mapped with 5 extents in 0ms [ 72.097473][ T22] gfs2: fsid=loop0.0: jid=0, already locked for use [ 72.104102][ T22] gfs2: fsid=loop0.0: jid=0: Looking at journal... [ 72.127970][ T22] gfs2: fsid=loop0.0: jid=0: Journal head lookup took 23ms [ 72.135333][ T22] gfs2: fsid=loop0.0: jid=0: Done [ 72.140662][ T5084] gfs2: fsid=loop0.0: first mount done, others may mount [ 72.176490][ T5084] syz-executor236: attempt to access beyond end of device [ 72.176490][ T5084] loop0: rw=0, sector=507904, nr_sectors = 8 limit=32768 [ 72.201657][ T5084] gfs2: fsid=loop0.0: can't make FS RW: -5 [ 72.208921][ T52] [ 72.211248][ T52] ====================================================== [ 72.218251][ T52] WARNING: possible circular locking dependency detected [ 72.225276][ T52] 6.2.0-syzkaller-02299-g4a7d37e824f5 #0 Not tainted [ 72.231933][ T52] ------------------------------------------------------ [ 72.238933][ T52] kworker/1:1H/52 is trying to acquire lock: [ 72.244897][ T52] ffff88807dcd40e0 (&type->s_umount_key#48){+.+.}-{3:3}, at: freeze_super+0x45/0x3c0 [ 72.254494][ T52] [ 72.254494][ T52] but task is already holding lock: [ 72.261925][ T52] ffffc90000bd7da8 ((work_completion)(&(&gl->gl_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1750 [ 72.273913][ T52] [ 72.273913][ T52] which lock already depends on the new lock. [ 72.273913][ T52] [ 72.284298][ T52] [ 72.284298][ T52] the existing dependency chain (in reverse order) is: [ 72.293292][ T52] [ 72.293292][ T52] -> #2 ((work_completion)(&(&gl->gl_work)->work)){+.+.}-{0:0}: [ 72.303088][ T52] process_one_work+0x8fd/0x1750 [ 72.308627][ T52] worker_thread+0x669/0x1090 [ 72.313817][ T52] kthread+0x2e8/0x3a0 [ 72.318394][ T52] ret_from_fork+0x1f/0x30 [ 72.323332][ T52] [ 72.323332][ T52] -> #1 ((wq_completion)glock_workqueue){+.+.}-{0:0}: [ 72.332354][ T52] __flush_workqueue+0x118/0x13a0 [ 72.337893][ T52] gfs2_gl_hash_clear+0xb1/0x270 [ 72.343353][ T52] gfs2_put_super+0x497/0x670 [ 72.348714][ T52] generic_shutdown_super+0x158/0x410 [ 72.354601][ T52] kill_block_super+0x9b/0xf0 [ 72.359790][ T52] gfs2_kill_sb+0x108/0x170 [ 72.364808][ T52] deactivate_locked_super+0x98/0x160 [ 72.370799][ T52] deactivate_super+0xb1/0xd0 [ 72.376004][ T52] cleanup_mnt+0x2ae/0x3d0 [ 72.380935][ T52] task_work_run+0x16f/0x270 [ 72.386045][ T52] exit_to_user_mode_prepare+0x23c/0x250 [ 72.392192][ T52] syscall_exit_to_user_mode+0x1d/0x50 [ 72.398174][ T52] do_syscall_64+0x46/0xb0 [ 72.403189][ T52] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 72.409591][ T52] [ 72.409591][ T52] -> #0 (&type->s_umount_key#48){+.+.}-{3:3}: [ 72.417832][ T52] __lock_acquire+0x2a43/0x56d0 [ 72.423216][ T52] lock_acquire+0x1e3/0x660 [ 72.428243][ T52] down_write+0x92/0x200 [ 72.432996][ T52] freeze_super+0x45/0x3c0 [ 72.437925][ T52] freeze_go_sync+0x1df/0x320 [ 72.443111][ T52] do_xmote+0x2f5/0xc40 [ 72.447771][ T52] run_queue+0x3cf/0x660 [ 72.452515][ T52] glock_work_func+0xc2/0x3b0 [ 72.457695][ T52] process_one_work+0x9bf/0x1750 [ 72.463181][ T52] worker_thread+0x669/0x1090 [ 72.468403][ T52] kthread+0x2e8/0x3a0 [ 72.472980][ T52] ret_from_fork+0x1f/0x30 [ 72.477994][ T52] [ 72.477994][ T52] other info that might help us debug this: [ 72.477994][ T52] [ 72.488209][ T52] Chain exists of: [ 72.488209][ T52] &type->s_umount_key#48 --> (wq_completion)glock_workqueue --> (work_completion)(&(&gl->gl_work)->work) [ 72.488209][ T52] [ 72.505323][ T52] Possible unsafe locking scenario: [ 72.505323][ T52] [ 72.512759][ T52] CPU0 CPU1 [ 72.518228][ T52] ---- ---- [ 72.523571][ T52] lock((work_completion)(&(&gl->gl_work)->work)); [ 72.530143][ T52] lock((wq_completion)glock_workqueue); [ 72.538364][ T52] lock((work_completion)(&(&gl->gl_work)->work)); [ 72.547457][ T52] lock(&type->s_umount_key#48); [ 72.552493][ T52] [ 72.552493][ T52] *** DEADLOCK *** [ 72.552493][ T52] [ 72.560618][ T52] 2 locks held by kworker/1:1H/52: [ 72.565711][ T52] #0: ffff88801b8ac538 ((wq_completion)glock_workqueue){+.+.}-{0:0}, at: process_one_work+0x86d/0x1750 [ 72.576833][ T52] #1: ffffc90000bd7da8 ((work_completion)(&(&gl->gl_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1750 [ 72.588995][ T52] [ 72.588995][ T52] stack backtrace: [ 72.594871][ T52] CPU: 1 PID: 52 Comm: kworker/1:1H Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0 [ 72.604514][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 72.614573][ T52] Workqueue: glock_workqueue glock_work_func [ 72.620555][ T52] Call Trace: [ 72.623859][ T52] [ 72.626865][ T52] dump_stack_lvl+0xd1/0x138 [ 72.631450][ T52] check_noncircular+0x25f/0x2e0 [ 72.636372][ T52] ? register_lock_class+0xbe/0x1120 [ 72.641641][ T52] ? print_circular_bug+0x1e0/0x1e0 [ 72.646820][ T52] ? lock_chain_count+0x20/0x20 [ 72.651656][ T52] ? lock_chain_count+0x20/0x20 [ 72.656490][ T52] __lock_acquire+0x2a43/0x56d0 [ 72.661333][ T52] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 72.667298][ T52] ? register_lock_class+0xbe/0x1120 [ 72.672580][ T52] lock_acquire+0x1e3/0x660 [ 72.677068][ T52] ? freeze_super+0x45/0x3c0 [ 72.681651][ T52] ? lock_release+0x830/0x830 [ 72.686402][ T52] down_write+0x92/0x200 [ 72.690637][ T52] ? freeze_super+0x45/0x3c0 [ 72.695245][ T52] ? down_write_killable_nested+0x250/0x250 [ 72.701126][ T52] ? do_xmote+0x2c7/0xc40 [ 72.705440][ T52] ? lock_downgrade+0x6e0/0x6e0 [ 72.710368][ T52] freeze_super+0x45/0x3c0 [ 72.714782][ T52] freeze_go_sync+0x1df/0x320 [ 72.719445][ T52] ? rgrp_go_sync+0x4e0/0x4e0 [ 72.724110][ T52] do_xmote+0x2f5/0xc40 [ 72.728254][ T52] run_queue+0x3cf/0x660 [ 72.732513][ T52] glock_work_func+0xc2/0x3b0 [ 72.737218][ T52] process_one_work+0x9bf/0x1750 [ 72.742195][ T52] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 72.747589][ T52] ? rwlock_bug.part.0+0x90/0x90 [ 72.752518][ T52] worker_thread+0x669/0x1090 [ 72.757208][ T52] ? __kthread_parkme+0x163/0x220 [ 72.762227][ T52] ? process_one_work+0x1750/0x1750 [ 72.767413][ T52] kthread+0x2e8/0x3a0 [ 72.771473][ T52] ? kthread_complete_and_exit+0x40/0x40 [ 72.777093][ T52] ret_from_fork+0x1f/0x30 [ 72.781505][ T52] [ 72.787065][ T5067] Bluetooth: hci0: command 0x041b tx timeout [ 74.857100][ T4392] Bluetooth: hci0: command 0x040f tx timeout [ 76.937090][ T4392] Bluetooth: hci0: command 0x0419 tx timeout