BUG: sleeping function called from invalid context at block/blk-sysfs.c:766
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2187, name: syz-fuzzer
preempt_count: 101, expected: 0
RCU nest depth: 0, expected: 0
1 lock held by syz-fuzzer/2187:
#0: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2524 [inline]
#0: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_core+0xbf8/0x1a00 kernel/rcu/tree.c:2786
Preemption disabled at:
[<ffff80000c737b80>] schedule+0xb0/0x1c4 kernel/sched/core.c:6453
CPU: 1 PID: 2187 Comm: syz-fuzzer Not tainted 5.17.0-syzkaller-13915-g7a3ecddc571c #0
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0x1e0/0x270 arch/arm64/kernel/stacktrace.c:184
show_stack+0x18/0x70 arch/arm64/kernel/stacktrace.c:191
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x9c/0xd8 lib/dump_stack.c:106
dump_stack+0x1c/0x38 lib/dump_stack.c:113
__might_resched+0x3c8/0x530 kernel/sched/core.c:9733
__might_sleep+0x90/0x144 kernel/sched/core.c:9662
blk_release_queue+0x30/0x25c block/blk-sysfs.c:766
kobject_cleanup lib/kobject.c:705 [inline]
kobject_release lib/kobject.c:736 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x170/0x460 lib/kobject.c:753
blk_put_queue+0x14/0x20 block/blk-core.c:270
blkg_free.part.0+0xdc/0x1a0 block/blk-cgroup.c:86
blkg_free block/blk-cgroup.c:78 [inline]
__blkg_release+0xbc/0x110 block/blk-cgroup.c:102
rcu_do_batch kernel/rcu/tree.c:2535 [inline]
rcu_core+0xc60/0x1a00 kernel/rcu/tree.c:2786
rcu_core_si+0x10/0x20 kernel/rcu/tree.c:2803
_stext+0x3f4/0xff8
do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
invoke_softirq kernel/softirq.c:439 [inline]
__irq_exit_rcu+0x208/0x4f0 kernel/softirq.c:637
irq_exit_rcu+0x14/0x80 kernel/softirq.c:649
__el1_irq arch/arm64/kernel/entry-common.c:459 [inline]
el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:473
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:478
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
raw_spin_rq_unlock_irq kernel/sched/sched.h:1315 [inline]
finish_lock_switch kernel/sched/core.c:4833 [inline]
finish_task_switch.isra.0+0x1f0/0x7dc kernel/sched/core.c:4951
context_switch kernel/sched/core.c:5076 [inline]
__schedule+0x838/0x1c80 kernel/sched/core.c:6382
schedule+0xb8/0x1c4 kernel/sched/core.c:6454
freezable_schedule include/linux/freezer.h:172 [inline]
futex_wait_queue+0x130/0x320 kernel/futex/waitwake.c:355
futex_wait+0x1b4/0x40c kernel/futex/waitwake.c:656
do_futex+0x1a4/0x250 kernel/futex/syscalls.c:106
__do_sys_futex kernel/futex/syscalls.c:183 [inline]
__se_sys_futex kernel/futex/syscalls.c:164 [inline]
__arm64_sys_futex+0x15c/0x310 kernel/futex/syscalls.c:164
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
el0_svc_common.constprop.0+0xc4/0x254 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x9c/0xcc arch/arm64/kernel/syscall.c:181
el0_svc+0x70/0x29c arch/arm64/kernel/entry-common.c:616
el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:634
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
================================
WARNING: inconsistent lock state
5.17.0-syzkaller-13915-g7a3ecddc571c #0 Tainted: G W
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz-fuzzer/2187 [HC0[0]:SC1[1]:HE0:SE0] takes:
ffff000010688be8 (&xa->xa_lock#6){+.?.}-{2:2}, at: xa_destroy+0x8c/0x240 lib/xarray.c:2211
{SOFTIRQ-ON-W} state was registered at:
lock_acquire kernel/locking/lockdep.c:5641 [inline]
lock_acquire+0x568/0x93c kernel/locking/lockdep.c:5606
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x8c/0x120 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
xa_insert include/linux/xarray.h:773 [inline]
blk_mq_init_hctx block/blk-mq.c:3501 [inline]
blk_mq_alloc_and_init_hctx+0x384/0xd64 block/blk-mq.c:3962
blk_mq_realloc_hw_ctxs+0x258/0x350 block/blk-mq.c:3991
blk_mq_init_allocated_queue+0x3c8/0x1054 block/blk-mq.c:4053
blk_mq_init_queue_data block/blk-mq.c:3906 [inline]
__blk_mq_alloc_disk+0xb4/0x15c block/blk-mq.c:3926
loop_add+0x29c/0x7ac drivers/block/loop.c:2011
loop_init+0x134/0x158 drivers/block/loop.c:2267
do_one_initcall+0x128/0x950 init/main.c:1298
do_initcall_level init/main.c:1371 [inline]
do_initcalls init/main.c:1387 [inline]
do_basic_setup init/main.c:1406 [inline]
kernel_init_freeable+0x71c/0x7a0 init/main.c:1613
kernel_init+0x28/0x140 init/main.c:1502
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:867
irq event stamp: 1022353
hardirqs last enabled at (1022352): [<ffff800008789658>] kasan_quarantine_put+0x108/0x254 mm/kasan/quarantine.c:231
hardirqs last disabled at (1022353): [<ffff80000c74b270>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (1022353): [<ffff80000c74b270>] _raw_spin_lock_irqsave+0xfc/0x160 kernel/locking/spinlock.c:162
softirqs last enabled at (1022010): [<ffff80000801c150>] __lse_atomic64_andnot arch/arm64/include/asm/atomic_lse.h:124 [inline]
softirqs last enabled at (1022010): [<ffff80000801c150>] arch_atomic64_andnot arch/arm64/include/asm/atomic.h:64 [inline]
softirqs last enabled at (1022010): [<ffff80000801c150>] arch_atomic_long_andnot include/linux/atomic/atomic-long.h:299 [inline]
softirqs last enabled at (1022010): [<ffff80000801c150>] arch_clear_bit include/asm-generic/bitops/atomic.h:25 [inline]
softirqs last enabled at (1022010): [<ffff80000801c150>] clear_bit include/asm-generic/bitops/instrumented-atomic.h:42 [inline]
softirqs last enabled at (1022010): [<ffff80000801c150>] clear_ti_thread_flag include/linux/thread_info.h:94 [inline]
softirqs last enabled at (1022010): [<ffff80000801c150>] fpsimd_update_current_state+0x110/0x1c0 arch/arm64/kernel/fpsimd.c:1282
softirqs last disabled at (1022031): [<ffff800008164938>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (1022031): [<ffff800008164938>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (1022031): [<ffff800008164938>] __irq_exit_rcu+0x208/0x4f0 kernel/softirq.c:637
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&xa->xa_lock#6);
<Interrupt>
lock(&xa->xa_lock#6);
*** DEADLOCK ***
1 lock held by syz-fuzzer/2187:
#0: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2524 [inline]
#0: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_core+0xbf8/0x1a00 kernel/rcu/tree.c:2786
stack backtrace:
CPU: 1 PID: 2187 Comm: syz-fuzzer Tainted: G W 5.17.0-syzkaller-13915-g7a3ecddc571c #0
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0x1e0/0x270 arch/arm64/kernel/stacktrace.c:184
show_stack+0x18/0x70 arch/arm64/kernel/stacktrace.c:191
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x9c/0xd8 lib/dump_stack.c:106
dump_stack+0x1c/0x38 lib/dump_stack.c:113
print_usage_bug.part.0+0x4c4/0x4e8 kernel/locking/lockdep.c:3935
print_usage_bug kernel/locking/lockdep.c:3905 [inline]
valid_state kernel/locking/lockdep.c:3947 [inline]
mark_lock_irq kernel/locking/lockdep.c:4156 [inline]
mark_lock+0x1084/0x14b0 kernel/locking/lockdep.c:4607
mark_usage kernel/locking/lockdep.c:4502 [inline]
__lock_acquire+0x1038/0x4b14 kernel/locking/lockdep.c:4983
lock_acquire kernel/locking/lockdep.c:5641 [inline]
lock_acquire+0x568/0x93c kernel/locking/lockdep.c:5606
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa8/0x160 kernel/locking/spinlock.c:162
xa_destroy+0x8c/0x240 lib/xarray.c:2211
blk_mq_release+0x208/0x2e4 block/blk-mq.c:3887
blk_release_queue+0x100/0x25c block/blk-sysfs.c:780
kobject_cleanup lib/kobject.c:705 [inline]
kobject_release lib/kobject.c:736 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x170/0x460 lib/kobject.c:753
blk_put_queue+0x14/0x20 block/blk-core.c:270
blkg_free.part.0+0xdc/0x1a0 block/blk-cgroup.c:86
blkg_free block/blk-cgroup.c:78 [inline]
__blkg_release+0xbc/0x110 block/blk-cgroup.c:102
rcu_do_batch kernel/rcu/tree.c:2535 [inline]
rcu_core+0xc60/0x1a00 kernel/rcu/tree.c:2786
rcu_core_si+0x10/0x20 kernel/rcu/tree.c:2803
_stext+0x3f4/0xff8
do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
invoke_softirq kernel/softirq.c:439 [inline]
__irq_exit_rcu+0x208/0x4f0 kernel/softirq.c:637
irq_exit_rcu+0x14/0x80 kernel/softirq.c:649
__el1_irq arch/arm64/kernel/entry-common.c:459 [inline]
el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:473
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:478
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
raw_spin_rq_unlock_irq kernel/sched/sched.h:1315 [inline]
finish_lock_switch kernel/sched/core.c:4833 [inline]
finish_task_switch.isra.0+0x1f0/0x7dc kernel/sched/core.c:4951
context_switch kernel/sched/core.c:5076 [inline]
__schedule+0x838/0x1c80 kernel/sched/core.c:6382
schedule+0xb8/0x1c4 kernel/sched/core.c:6454
freezable_schedule include/linux/freezer.h:172 [inline]
futex_wait_queue+0x130/0x320 kernel/futex/waitwake.c:355
futex_wait+0x1b4/0x40c kernel/futex/waitwake.c:656
do_futex+0x1a4/0x250 kernel/futex/syscalls.c:106
__do_sys_futex kernel/futex/syscalls.c:183 [inline]
__se_sys_futex kernel/futex/syscalls.c:164 [inline]
__arm64_sys_futex+0x15c/0x310 kernel/futex/syscalls.c:164
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
el0_svc_common.constprop.0+0xc4/0x254 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x9c/0xcc arch/arm64/kernel/syscall.c:181
el0_svc+0x70/0x29c arch/arm64/kernel/entry-common.c:616
el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:634
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581