forked to background, child pid 3180
no interfaces have a carrier
[ 25.767894][ T3181] 8021q: adding VLAN 0 to HW filter on device bond0
[ 25.777319][ T3181] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [ 47.598346][ T3617]
[ 47.600711][ T3617] ======================================================
[ 47.607712][ T3617] WARNING: possible circular locking dependency detected
[ 47.614723][ T3617] 5.19.0-syzkaller-02972-g200e340f2196 #0 Not tainted
[ 47.621468][ T3617] ------------------------------------------------------
[ 47.628645][ T3617] syz-executor259/3617 is trying to acquire lock:
[ 47.635051][ T3617] ffff88802064b0a8 ((&sq->pending_timer)){+.-.}-{0:0}, at: del_timer_sync+0xf5/0x2e0
[ 47.644542][ T3617]
[ 47.644542][ T3617] but task is already holding lock:
[ 47.651890][ T3617] ffffffff91752430 (&blkcg->lock){....}-{2:2}, at: blkcg_deactivate_policy+0x1ab/0x540
[ 47.661535][ T3617]
[ 47.661535][ T3617] which lock already depends on the new lock.
[ 47.661535][ T3617]
[ 47.671930][ T3617]
[ 47.671930][ T3617] the existing dependency chain (in reverse order) is:
[ 47.680937][ T3617]
[ 47.680937][ T3617] -> #2 (&blkcg->lock){....}-{2:2}:
[ 47.688308][ T3617] lock_acquire+0x1a7/0x400
[ 47.693501][ T3617] _raw_spin_lock+0x2a/0x40
[ 47.698528][ T3617] blkg_create+0x949/0x10a0
[ 47.703540][ T3617] blkcg_init_queue+0xb9/0x300
[ 47.708816][ T3617] __alloc_disk_node+0x28f/0x540
[ 47.714267][ T3617] __blk_alloc_disk+0x2c/0x80
[ 47.719454][ T3617] brd_alloc+0x316/0x690
[ 47.724206][ T3617] brd_init+0x102/0x1c6
[ 47.728871][ T3617] do_one_initcall+0xbd/0x2b0
[ 47.734063][ T3617] do_initcall_level+0x168/0x218
[ 47.739520][ T3617] do_initcalls+0x4b/0x8c
[ 47.744352][ T3617] kernel_init_freeable+0x43a/0x5c3
[ 47.750068][ T3617] kernel_init+0x19/0x2b0
[ 47.754915][ T3617] ret_from_fork+0x1f/0x30
[ 47.759839][ T3617]
[ 47.759839][ T3617] -> #1 (&q->queue_lock){..-.}-{2:2}:
[ 47.767382][ T3617] lock_acquire+0x1a7/0x400
[ 47.772392][ T3617] _raw_spin_lock_irq+0xcf/0x110
[ 47.777837][ T3617] throtl_pending_timer_fn+0xe9/0xfb0
[ 47.783716][ T3617] call_timer_fn+0xf5/0x210
[ 47.788724][ T3617] __run_timers+0x76a/0x980
[ 47.793731][ T3617] run_timer_softirq+0x63/0xf0
[ 47.799014][ T3617] __do_softirq+0x382/0x793
[ 47.804023][ T3617] __irq_exit_rcu+0xec/0x170
[ 47.809292][ T3617] irq_exit_rcu+0x5/0x20
[ 47.814050][ T3617] sysvec_apic_timer_interrupt+0x91/0xb0
[ 47.820205][ T3617] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 47.826699][ T3617] acpi_idle_enter+0x43d/0x7a0
[ 47.831976][ T3617] cpuidle_enter_state+0x517/0xed0
[ 47.837603][ T3617] cpuidle_enter+0x59/0x90
[ 47.842535][ T3617] do_idle+0x3d2/0x640
[ 47.847118][ T3617] cpu_startup_entry+0x15/0x20
[ 47.852391][ T3617] start_secondary+0xe4/0xf0
[ 47.857487][ T3617] secondary_startup_64_no_verify+0xcf/0xdb
[ 47.863886][ T3617]
[ 47.863886][ T3617] -> #0 ((&sq->pending_timer)){+.-.}-{0:0}:
[ 47.871953][ T3617] validate_chain+0x185c/0x65c0
[ 47.877312][ T3617] __lock_acquire+0x129a/0x1f80
[ 47.882688][ T3617] lock_acquire+0x1a7/0x400
[ 47.887698][ T3617] del_timer_sync+0x111/0x2e0
[ 47.892885][ T3617] throtl_pd_free+0x15/0x40
[ 47.897897][ T3617] blkcg_deactivate_policy+0x328/0x540
[ 47.903862][ T3617] blk_throtl_exit+0x86/0x120
[ 47.909047][ T3617] blkcg_init_queue+0x281/0x300
[ 47.914404][ T3617] __alloc_disk_node+0x28f/0x540
[ 47.919851][ T3617] __blk_mq_alloc_disk+0x11b/0x1e0
[ 47.925468][ T3617] loop_add+0x325/0x9b0
[ 47.930132][ T3617] loop_control_ioctl+0x108/0x770
[ 47.935662][ T3617] __se_sys_ioctl+0xfb/0x170
[ 47.940767][ T3617] do_syscall_64+0x2b/0x70
[ 47.945702][ T3617] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.952114][ T3617]
[ 47.952114][ T3617] other info that might help us debug this:
[ 47.952114][ T3617]
[ 47.962333][ T3617] Chain exists of:
[ 47.962333][ T3617] (&sq->pending_timer) --> &q->queue_lock --> &blkcg->lock
[ 47.962333][ T3617]
[ 47.975453][ T3617] Possible unsafe locking scenario:
[ 47.975453][ T3617]
[ 47.982885][ T3617] CPU0 CPU1
[ 47.988236][ T3617] ---- ----
[ 47.993583][ T3617] lock(&blkcg->lock);
[ 47.997732][ T3617] lock(&q->queue_lock);
[ 48.004571][ T3617] lock(&blkcg->lock);
[ 48.011334][ T3617] lock((&sq->pending_timer));
[ 48.016177][ T3617]
[ 48.016177][ T3617] *** DEADLOCK ***
[ 48.016177][ T3617]
[ 48.024305][ T3617] 2 locks held by syz-executor259/3617:
[ 48.029832][ T3617] #0: ffff8880206d2e70 (&q->queue_lock){..-.}-{2:2}, at: blkcg_deactivate_policy+0xe9/0x540
[ 48.040001][ T3617] #1: ffffffff91752430 (&blkcg->lock){....}-{2:2}, at: blkcg_deactivate_policy+0x1ab/0x540
[ 48.050080][ T3617]
[ 48.050080][ T3617] stack backtrace:
[ 48.055947][ T3617] CPU: 1 PID: 3617 Comm: syz-executor259 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0
[ 48.066081][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 48.076121][ T3617] Call Trace:
[ 48.079392][ T3617]
[ 48.082315][ T3617] dump_stack_lvl+0x1e3/0x2cb
[ 48.086985][ T3617] ? io_notif_register+0x5e7/0x5e7
[ 48.092085][ T3617] ? print_circular_bug+0x13e/0x1c0
[ 48.097446][ T3617] check_noncircular+0x2f7/0x3b0
[ 48.102375][ T3617] ? add_chain_block+0x850/0x850
[ 48.107298][ T3617] ? lockdep_lock+0x11d/0x2a0
[ 48.112322][ T3617] ? reacquire_held_locks+0x680/0x680
[ 48.117679][ T3617] ? reacquire_held_locks+0x680/0x680
[ 48.123041][ T3617] validate_chain+0x185c/0x65c0
[ 48.127880][ T3617] ? reacquire_held_locks+0x680/0x680
[ 48.133261][ T3617] ? reacquire_held_locks+0x680/0x680
[ 48.138620][ T3617] ? __debug_object_init+0x847/0x1860
[ 48.143977][ T3617] ? reacquire_held_locks+0x680/0x680
[ 48.149337][ T3617] ? rcu_read_lock_sched_held+0x89/0x130
[ 48.154956][ T3617] ? reacquire_held_locks+0x680/0x680
[ 48.160325][ T3617] ? reacquire_held_locks+0x680/0x680
[ 48.165688][ T3617] ? mark_lock+0x98/0x350
[ 48.170004][ T3617] ? reacquire_held_locks+0x680/0x680
[ 48.175381][ T3617] ? mark_lock+0x98/0x350
[ 48.179700][ T3617] ? register_lock_class+0xfe/0x9d0
[ 48.184882][ T3617] ? percpu_ref_is_zero+0xdb/0x100
[ 48.189978][ T3617] ? rcu_read_lock_sched_held+0x89/0x130
[ 48.195606][ T3617] ? is_dynamic_key+0x1f0/0x1f0
[ 48.200451][ T3617] ? mark_lock+0x98/0x350
[ 48.204772][ T3617] __lock_acquire+0x129a/0x1f80
[ 48.209617][ T3617] lock_acquire+0x1a7/0x400
[ 48.214120][ T3617] ? del_timer_sync+0xf5/0x2e0
[ 48.218875][ T3617] ? read_lock_is_recursive+0x10/0x10
[ 48.224262][ T3617] ? read_lock_is_recursive+0x10/0x10
[ 48.229620][ T3617] del_timer_sync+0x111/0x2e0
[ 48.234282][ T3617] ? del_timer_sync+0xf5/0x2e0
[ 48.239040][ T3617] ? try_to_del_timer_sync+0x3d0/0x3d0
[ 48.244485][ T3617] ? __rwlock_init+0x140/0x140
[ 48.249235][ T3617] ? percpu_ref_kill_and_confirm+0x9c/0x130
[ 48.255114][ T3617] ? throtl_pd_offline+0x1f0/0x1f0
[ 48.260214][ T3617] throtl_pd_free+0x15/0x40
[ 48.264706][ T3617] blkcg_deactivate_policy+0x328/0x540
[ 48.270153][ T3617] blk_throtl_exit+0x86/0x120
[ 48.274819][ T3617] blkcg_init_queue+0x281/0x300
[ 48.279669][ T3617] __alloc_disk_node+0x28f/0x540
[ 48.284600][ T3617] __blk_mq_alloc_disk+0x11b/0x1e0
[ 48.289698][ T3617] loop_add+0x325/0x9b0
[ 48.293842][ T3617] ? smack_file_ioctl+0x298/0x3a0
[ 48.298856][ T3617] loop_control_ioctl+0x108/0x770
[ 48.303869][ T3617] ? loop_set_hw_queue_depth+0x60/0x60
[ 48.309311][ T3617] ? vtime_user_exit+0x2b2/0x3e0
[ 48.314240][ T3617] ? __ct_user_exit+0x81/0xe0
[ 48.318903][ T3617] ? bpf_lsm_file_ioctl+0x5/0x10
[ 48.323826][ T3617] ? security_file_ioctl+0x9d/0xb0
[ 48.328929][ T3617] ? loop_set_hw_queue_depth+0x60/0x60
[ 48.334373][ T3617] __se_sys_ioctl+0xfb/0x170
[ 48.338949][ T3617] do_syscall_64+0x2b/0x70
[ 48.343352][ T3617] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.349232][ T3617] RIP: 0033:0x7f06e05a5079
[ 48.353633][ T3617] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 48.373226][ T3617] RSP: 002b:00007ffff97c2348 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 48.381624][ T3617] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f06e05a5079
[ 48.389600][ T3617] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000003
executing program
executing program
[ 48.397571][ T3617] RBP: 00007ffff97c2360 R08: 0000000000000002 R09: 0000000000000001
[ 48.405529][ T3617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 48.413486][ T3617] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 48.421447][ T3617]
executing program
executing program
[ 48.490212][ T145] ==================================================================
[ 48.498296][ T145] BUG: KASAN: use-after-free in kobject_put+0x119/0x120
[ 48.505220][ T145] Read of size 1 at addr ffff8880206d2edc by task kworker/0:2/145
[ 48.513008][ T145]
[ 48.515404][ T145] CPU: 0 PID: 145 Comm: kworker/0:2 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0
[ 48.525109][ T145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 48.535143][ T145] Workqueue: events blkg_free_workfn
[ 48.540417][ T145] Call Trace:
[ 48.543686][ T145]
[ 48.546607][ T145] dump_stack_lvl+0x1e3/0x2cb
[ 48.551278][ T145] ? io_notif_register+0x5e7/0x5e7
[ 48.556378][ T145] ? _printk+0xcf/0x10f
[ 48.560524][ T145] ? __wake_up_klogd+0xd6/0x100
[ 48.565387][ T145] ? __wake_up_klogd+0xcd/0x100
[ 48.570251][ T145] ? panic+0x76e/0x76e
[ 48.574312][ T145] ? _printk+0xcf/0x10f
[ 48.578455][ T145] print_address_description+0x65/0x4b0
[ 48.584003][ T145] print_report+0xf4/0x210
[ 48.588415][ T145] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 48.594391][ T145] ? read_lock_is_recursive+0x10/0x10
[ 48.599752][ T145] ? kobject_put+0x119/0x120
[ 48.604332][ T145] kasan_report+0xfb/0x130
[ 48.608741][ T145] ? kobject_put+0x119/0x120
[ 48.613325][ T145] kobject_put+0x119/0x120
[ 48.617730][ T145] blkg_free_workfn+0x2b1/0x300
[ 48.622571][ T145] process_one_work+0x81c/0xd10
[ 48.627432][ T145] ? worker_detach_from_pool+0x260/0x260
[ 48.633057][ T145] ? _raw_spin_lock_irqsave+0x120/0x120
[ 48.638594][ T145] ? kthread_data+0x4d/0xc0
[ 48.643086][ T145] ? wq_worker_running+0x95/0x190
[ 48.648115][ T145] worker_thread+0xb14/0x1330
[ 48.652801][ T145] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 48.658709][ T145] kthread+0x266/0x300
[ 48.662773][ T145] ? rcu_lock_release+0x20/0x20
[ 48.667612][ T145] ? kthread_blkcg+0xd0/0xd0
[ 48.672193][ T145] ret_from_fork+0x1f/0x30
[ 48.676606][ T145]
[ 48.679611][ T145]
[ 48.681923][ T145] Allocated by task 3617:
[ 48.686239][ T145] __kasan_slab_alloc+0xb2/0xe0
[ 48.691089][ T145] kmem_cache_alloc_node+0x1cc/0x350
[ 48.696367][ T145] blk_alloc_queue+0x3e/0x5b0
[ 48.701030][ T145] __blk_mq_alloc_disk+0x81/0x1e0
[ 48.706058][ T145] loop_add+0x325/0x9b0
[ 48.710208][ T145] loop_control_ioctl+0x108/0x770
[ 48.715309][ T145] __se_sys_ioctl+0xfb/0x170
[ 48.719890][ T145] do_syscall_64+0x2b/0x70
[ 48.724297][ T145] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.730179][ T145]
[ 48.732491][ T145] Freed by task 0:
[ 48.736193][ T145] kasan_set_track+0x4c/0x70
[ 48.740772][ T145] kasan_set_free_info+0x1f/0x40
[ 48.745695][ T145] ____kasan_slab_free+0xd8/0x110
[ 48.750709][ T145] slab_free_freelist_hook+0x12e/0x1a0
[ 48.756152][ T145] kmem_cache_free+0xe6/0x260
[ 48.760812][ T145] rcu_core+0xa61/0x1710
[ 48.765042][ T145] __do_softirq+0x382/0x793
[ 48.769530][ T145]
[ 48.771837][ T145] Last potentially related work creation:
[ 48.777534][ T145] kasan_save_stack+0x3b/0x60
[ 48.782196][ T145] __kasan_record_aux_stack+0xaf/0xc0
[ 48.787552][ T145] call_rcu+0x163/0x9c0
[ 48.791695][ T145] kobject_cleanup+0x235/0x470
[ 48.796444][ T145] blk_mq_destroy_queue+0x1f5/0x250
[ 48.801629][ T145] __blk_mq_alloc_disk+0x156/0x1e0
[ 48.806725][ T145] loop_add+0x325/0x9b0
[ 48.810863][ T145] loop_control_ioctl+0x108/0x770
[ 48.815871][ T145] __se_sys_ioctl+0xfb/0x170
[ 48.820450][ T145] do_syscall_64+0x2b/0x70
[ 48.824856][ T145] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.830735][ T145]
[ 48.833044][ T145] The buggy address belongs to the object at ffff8880206d2da0
[ 48.833044][ T145] which belongs to the cache request_queue of size 2792
[ 48.847371][ T145] The buggy address is located 316 bytes inside of
[ 48.847371][ T145] 2792-byte region [ffff8880206d2da0, ffff8880206d3888)
[ 48.860723][ T145]
[ 48.863042][ T145] The buggy address belongs to the physical page:
[ 48.869438][ T145] page:ffffea000081b400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x206d0
[ 48.879663][ T145] head:ffffea000081b400 order:3 compound_mapcount:0 compound_pincount:0
[ 48.887974][ T145] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 48.896031][ T145] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff8880175e0000
[ 48.904688][ T145] raw: 0000000000000000 00000000800b000b 00000001ffffffff 0000000000000000
[ 48.913254][ T145] page dumped because: kasan: bad access detected
[ 48.919646][ T145] page_owner tracks the page as allocated
[ 48.925343][ T145] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8, tgid 8 (kworker/u4:0), ts 6634196660, free_ts 0
[ 48.945210][ T145] get_page_from_freelist+0x72b/0x7a0
[ 48.950580][ T145] __alloc_pages+0x259/0x560
[ 48.955157][ T145] alloc_slab_page+0x70/0xf0
[ 48.959731][ T145] allocate_slab+0x5e/0x520
[ 48.964226][ T145] ___slab_alloc+0x42e/0xce0
[ 48.968799][ T145] kmem_cache_alloc_node+0x28a/0x350
[ 48.974070][ T145] blk_alloc_queue+0x3e/0x5b0
[ 48.978732][ T145] blk_mq_init_queue+0x64/0x120
[ 48.983571][ T145] scsi_alloc_sdev+0x697/0x9d0
[ 48.988323][ T145] scsi_probe_and_add_lun+0x1d1/0x4ab0
[ 48.993768][ T145] __scsi_scan_target+0x1fb/0x10e0
[ 48.998865][ T145] scsi_scan_host_selected+0x394/0x6c0
[ 49.004307][ T145] do_scan_async+0x12e/0x7b0
[ 49.008883][ T145] async_run_entry_fn+0xa6/0x400
[ 49.013813][ T145] process_one_work+0x81c/0xd10
[ 49.018649][ T145] worker_thread+0xb14/0x1330
[ 49.023327][ T145] page_owner free stack trace missing
[ 49.028675][ T145]
[ 49.030992][ T145] Memory state around the buggy address:
[ 49.036603][ T145] ffff8880206d2d80: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[ 49.044645][ T145] ffff8880206d2e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.052697][ T145] >ffff8880206d2e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.060738][ T145] ^
[ 49.067662][ T145] ffff8880206d2f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.075704][ T145] ffff8880206d2f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.083926][ T145] ==================================================================
[ 49.093107][ T145] Kernel panic - not syncing: panic_on_warn set ...
[ 49.099705][ T145] CPU: 0 PID: 145 Comm: kworker/0:2 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0
[ 49.109408][ T145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 49.119447][ T145] Workqueue: events blkg_free_workfn
[ 49.124729][ T145] Call Trace:
[ 49.127995][ T145]
[ 49.130917][ T145] dump_stack_lvl+0x1e3/0x2cb
[ 49.135587][ T145] ? io_notif_register+0x5e7/0x5e7
[ 49.140691][ T145] ? panic+0x76e/0x76e
[ 49.144745][ T145] ? preempt_schedule_common+0xb7/0xe0
[ 49.150190][ T145] ? preempt_schedule+0xd9/0xe0
[ 49.155114][ T145] ? vscnprintf+0x59/0x80
[ 49.159433][ T145] panic+0x312/0x76e
[ 49.163317][ T145] ? fb_is_primary_device+0xcc/0xcc
[ 49.168501][ T145] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 49.174473][ T145] ? kobject_put+0x119/0x120
[ 49.179055][ T145] end_report+0x91/0xa0
[ 49.183198][ T145] kasan_report+0x108/0x130
[ 49.187690][ T145] ? kobject_put+0x119/0x120
[ 49.192546][ T145] kobject_put+0x119/0x120
[ 49.196953][ T145] blkg_free_workfn+0x2b1/0x300
[ 49.201790][ T145] process_one_work+0x81c/0xd10
[ 49.206636][ T145] ? worker_detach_from_pool+0x260/0x260
[ 49.212255][ T145] ? _raw_spin_lock_irqsave+0x120/0x120
[ 49.217786][ T145] ? kthread_data+0x4d/0xc0
[ 49.222277][ T145] ? wq_worker_running+0x95/0x190
[ 49.227293][ T145] worker_thread+0xb14/0x1330
[ 49.231967][ T145] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 49.237852][ T145] kthread+0x266/0x300
[ 49.241911][ T145] ? rcu_lock_release+0x20/0x20
[ 49.246749][ T145] ? kthread_blkcg+0xd0/0xd0
[ 49.251324][ T145] ret_from_fork+0x1f/0x30
[ 49.255733][ T145]
[ 49.258903][ T145] Kernel Offset: disabled
[ 49.263236][ T145] Rebooting in 86400 seconds..