BUG: sleeping function called from invalid context at block/blk-sysfs.c:766 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2187, name: syz-fuzzer preempt_count: 101, expected: 0 RCU nest depth: 0, expected: 0 1 lock held by syz-fuzzer/2187: #0: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2524 [inline] #0: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_core+0xbf8/0x1a00 kernel/rcu/tree.c:2786 Preemption disabled at: [] schedule+0xb0/0x1c4 kernel/sched/core.c:6453 CPU: 1 PID: 2187 Comm: syz-fuzzer Not tainted 5.17.0-syzkaller-13915-g7a3ecddc571c #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x1e0/0x270 arch/arm64/kernel/stacktrace.c:184 show_stack+0x18/0x70 arch/arm64/kernel/stacktrace.c:191 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x9c/0xd8 lib/dump_stack.c:106 dump_stack+0x1c/0x38 lib/dump_stack.c:113 __might_resched+0x3c8/0x530 kernel/sched/core.c:9733 __might_sleep+0x90/0x144 kernel/sched/core.c:9662 blk_release_queue+0x30/0x25c block/blk-sysfs.c:766 kobject_cleanup lib/kobject.c:705 [inline] kobject_release lib/kobject.c:736 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x170/0x460 lib/kobject.c:753 blk_put_queue+0x14/0x20 block/blk-core.c:270 blkg_free.part.0+0xdc/0x1a0 block/blk-cgroup.c:86 blkg_free block/blk-cgroup.c:78 [inline] __blkg_release+0xbc/0x110 block/blk-cgroup.c:102 rcu_do_batch kernel/rcu/tree.c:2535 [inline] rcu_core+0xc60/0x1a00 kernel/rcu/tree.c:2786 rcu_core_si+0x10/0x20 kernel/rcu/tree.c:2803 _stext+0x3f4/0xff8 do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] invoke_softirq kernel/softirq.c:439 [inline] __irq_exit_rcu+0x208/0x4f0 kernel/softirq.c:637 irq_exit_rcu+0x14/0x80 kernel/softirq.c:649 __el1_irq arch/arm64/kernel/entry-common.c:459 [inline] el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:473 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:478 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] raw_spin_rq_unlock_irq kernel/sched/sched.h:1315 [inline] finish_lock_switch kernel/sched/core.c:4833 [inline] finish_task_switch.isra.0+0x1f0/0x7dc kernel/sched/core.c:4951 context_switch kernel/sched/core.c:5076 [inline] __schedule+0x838/0x1c80 kernel/sched/core.c:6382 schedule+0xb8/0x1c4 kernel/sched/core.c:6454 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue+0x130/0x320 kernel/futex/waitwake.c:355 futex_wait+0x1b4/0x40c kernel/futex/waitwake.c:656 do_futex+0x1a4/0x250 kernel/futex/syscalls.c:106 __do_sys_futex kernel/futex/syscalls.c:183 [inline] __se_sys_futex kernel/futex/syscalls.c:164 [inline] __arm64_sys_futex+0x15c/0x310 kernel/futex/syscalls.c:164 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0xc4/0x254 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x9c/0xcc arch/arm64/kernel/syscall.c:181 el0_svc+0x70/0x29c arch/arm64/kernel/entry-common.c:616 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:634 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 ================================ WARNING: inconsistent lock state 5.17.0-syzkaller-13915-g7a3ecddc571c #0 Tainted: G W -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. syz-fuzzer/2187 [HC0[0]:SC1[1]:HE0:SE0] takes: ffff000010688be8 (&xa->xa_lock#6){+.?.}-{2:2}, at: xa_destroy+0x8c/0x240 lib/xarray.c:2211 {SOFTIRQ-ON-W} state was registered at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x568/0x93c kernel/locking/lockdep.c:5606 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x8c/0x120 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] xa_insert include/linux/xarray.h:773 [inline] blk_mq_init_hctx block/blk-mq.c:3501 [inline] blk_mq_alloc_and_init_hctx+0x384/0xd64 block/blk-mq.c:3962 blk_mq_realloc_hw_ctxs+0x258/0x350 block/blk-mq.c:3991 blk_mq_init_allocated_queue+0x3c8/0x1054 block/blk-mq.c:4053 blk_mq_init_queue_data block/blk-mq.c:3906 [inline] __blk_mq_alloc_disk+0xb4/0x15c block/blk-mq.c:3926 loop_add+0x29c/0x7ac drivers/block/loop.c:2011 loop_init+0x134/0x158 drivers/block/loop.c:2267 do_one_initcall+0x128/0x950 init/main.c:1298 do_initcall_level init/main.c:1371 [inline] do_initcalls init/main.c:1387 [inline] do_basic_setup init/main.c:1406 [inline] kernel_init_freeable+0x71c/0x7a0 init/main.c:1613 kernel_init+0x28/0x140 init/main.c:1502 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:867 irq event stamp: 1022353 hardirqs last enabled at (1022352): [] kasan_quarantine_put+0x108/0x254 mm/kasan/quarantine.c:231 hardirqs last disabled at (1022353): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (1022353): [] _raw_spin_lock_irqsave+0xfc/0x160 kernel/locking/spinlock.c:162 softirqs last enabled at (1022010): [] __lse_atomic64_andnot arch/arm64/include/asm/atomic_lse.h:124 [inline] softirqs last enabled at (1022010): [] arch_atomic64_andnot arch/arm64/include/asm/atomic.h:64 [inline] softirqs last enabled at (1022010): [] arch_atomic_long_andnot include/linux/atomic/atomic-long.h:299 [inline] softirqs last enabled at (1022010): [] arch_clear_bit include/asm-generic/bitops/atomic.h:25 [inline] softirqs last enabled at (1022010): [] clear_bit include/asm-generic/bitops/instrumented-atomic.h:42 [inline] softirqs last enabled at (1022010): [] clear_ti_thread_flag include/linux/thread_info.h:94 [inline] softirqs last enabled at (1022010): [] fpsimd_update_current_state+0x110/0x1c0 arch/arm64/kernel/fpsimd.c:1282 softirqs last disabled at (1022031): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (1022031): [] invoke_softirq kernel/softirq.c:439 [inline] softirqs last disabled at (1022031): [] __irq_exit_rcu+0x208/0x4f0 kernel/softirq.c:637 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&xa->xa_lock#6); lock(&xa->xa_lock#6); *** DEADLOCK *** 1 lock held by syz-fuzzer/2187: #0: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2524 [inline] #0: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_core+0xbf8/0x1a00 kernel/rcu/tree.c:2786 stack backtrace: CPU: 1 PID: 2187 Comm: syz-fuzzer Tainted: G W 5.17.0-syzkaller-13915-g7a3ecddc571c #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x1e0/0x270 arch/arm64/kernel/stacktrace.c:184 show_stack+0x18/0x70 arch/arm64/kernel/stacktrace.c:191 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x9c/0xd8 lib/dump_stack.c:106 dump_stack+0x1c/0x38 lib/dump_stack.c:113 print_usage_bug.part.0+0x4c4/0x4e8 kernel/locking/lockdep.c:3935 print_usage_bug kernel/locking/lockdep.c:3905 [inline] valid_state kernel/locking/lockdep.c:3947 [inline] mark_lock_irq kernel/locking/lockdep.c:4156 [inline] mark_lock+0x1084/0x14b0 kernel/locking/lockdep.c:4607 mark_usage kernel/locking/lockdep.c:4502 [inline] __lock_acquire+0x1038/0x4b14 kernel/locking/lockdep.c:4983 lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x568/0x93c kernel/locking/lockdep.c:5606 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa8/0x160 kernel/locking/spinlock.c:162 xa_destroy+0x8c/0x240 lib/xarray.c:2211 blk_mq_release+0x208/0x2e4 block/blk-mq.c:3887 blk_release_queue+0x100/0x25c block/blk-sysfs.c:780 kobject_cleanup lib/kobject.c:705 [inline] kobject_release lib/kobject.c:736 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x170/0x460 lib/kobject.c:753 blk_put_queue+0x14/0x20 block/blk-core.c:270 blkg_free.part.0+0xdc/0x1a0 block/blk-cgroup.c:86 blkg_free block/blk-cgroup.c:78 [inline] __blkg_release+0xbc/0x110 block/blk-cgroup.c:102 rcu_do_batch kernel/rcu/tree.c:2535 [inline] rcu_core+0xc60/0x1a00 kernel/rcu/tree.c:2786 rcu_core_si+0x10/0x20 kernel/rcu/tree.c:2803 _stext+0x3f4/0xff8 do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] invoke_softirq kernel/softirq.c:439 [inline] __irq_exit_rcu+0x208/0x4f0 kernel/softirq.c:637 irq_exit_rcu+0x14/0x80 kernel/softirq.c:649 __el1_irq arch/arm64/kernel/entry-common.c:459 [inline] el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:473 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:478 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] raw_spin_rq_unlock_irq kernel/sched/sched.h:1315 [inline] finish_lock_switch kernel/sched/core.c:4833 [inline] finish_task_switch.isra.0+0x1f0/0x7dc kernel/sched/core.c:4951 context_switch kernel/sched/core.c:5076 [inline] __schedule+0x838/0x1c80 kernel/sched/core.c:6382 schedule+0xb8/0x1c4 kernel/sched/core.c:6454 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue+0x130/0x320 kernel/futex/waitwake.c:355 futex_wait+0x1b4/0x40c kernel/futex/waitwake.c:656 do_futex+0x1a4/0x250 kernel/futex/syscalls.c:106 __do_sys_futex kernel/futex/syscalls.c:183 [inline] __se_sys_futex kernel/futex/syscalls.c:164 [inline] __arm64_sys_futex+0x15c/0x310 kernel/futex/syscalls.c:164 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0xc4/0x254 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x9c/0xcc arch/arm64/kernel/syscall.c:181 el0_svc+0x70/0x29c arch/arm64/kernel/entry-common.c:616 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:634 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581