BUG: sleeping function called from invalid context at block/blk-sysfs.c:766 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 16579, name: syz-executor.1 preempt_count: 101, expected: 0 RCU nest depth: 2, expected: 0 5 locks held by syz-executor.1/16579: #0: ffff00000bf22d18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline] #0: ffff00000bf22d18 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0xbc/0x350 mm/mmap.c:3133 #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1355 [inline] #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1497 [inline] #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1526 [inline] #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1547 [inline] #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: unmap_page_range+0x400/0x18b0 mm/memory.c:1568 #2: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: cgroup_id include/linux/cgroup.h:312 [inline] #2: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: cgroup_is_descendant include/linux/cgroup.h:577 [inline] #2: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: mem_cgroup_is_descendant include/linux/memcontrol.h:867 [inline] #2: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: folio_memcg_lock+0x0/0x41c mm/memcontrol.c:1973 #3: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: page_pgdat include/linux/mm.h:1484 [inline] #3: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: __mod_lruvec_page_state+0x94/0x280 mm/memcontrol.c:753 #4: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2524 [inline] #4: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_core+0xbf8/0x1a00 kernel/rcu/tree.c:2786 Preemption disabled at: [] spin_lock include/linux/spinlock.h:349 [inline] [] zap_pte_range mm/memory.c:1355 [inline] [] zap_pmd_range mm/memory.c:1497 [inline] [] zap_pud_range mm/memory.c:1526 [inline] [] zap_p4d_range mm/memory.c:1547 [inline] [] unmap_page_range+0x400/0x18b0 mm/memory.c:1568 CPU: 1 PID: 16579 Comm: syz-executor.1 Not tainted 5.17.0-syzkaller-13915-g7a3ecddc571c #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x1e0/0x270 arch/arm64/kernel/stacktrace.c:184 show_stack+0x18/0x70 arch/arm64/kernel/stacktrace.c:191 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x9c/0xd8 lib/dump_stack.c:106 dump_stack+0x1c/0x38 lib/dump_stack.c:113 __might_resched+0x3c8/0x530 kernel/sched/core.c:9733 __might_sleep+0x90/0x144 kernel/sched/core.c:9662 blk_release_queue+0x30/0x25c block/blk-sysfs.c:766 kobject_cleanup lib/kobject.c:705 [inline] kobject_release lib/kobject.c:736 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x170/0x460 lib/kobject.c:753 blk_put_queue+0x14/0x20 block/blk-core.c:270 blkg_free.part.0+0xdc/0x1a0 block/blk-cgroup.c:86 blkg_free block/blk-cgroup.c:78 [inline] __blkg_release+0xbc/0x110 block/blk-cgroup.c:102 rcu_do_batch kernel/rcu/tree.c:2535 [inline] rcu_core+0xc60/0x1a00 kernel/rcu/tree.c:2786 rcu_core_si+0x10/0x20 kernel/rcu/tree.c:2803 _stext+0x3f4/0xff8 do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] invoke_softirq kernel/softirq.c:439 [inline] __irq_exit_rcu+0x208/0x4f0 kernel/softirq.c:637 irq_exit_rcu+0x14/0x80 kernel/softirq.c:649 __el1_irq arch/arm64/kernel/entry-common.c:459 [inline] el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:473 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:478 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577 memcg_rstat_updated mm/memcontrol.c:624 [inline] __mod_memcg_lruvec_state+0x210/0x3c0 mm/memcontrol.c:723 __mod_lruvec_state+0x5c/0x80 mm/memcontrol.c:745 __mod_lruvec_page_state+0x18c/0x280 mm/memcontrol.c:766 page_remove_file_rmap mm/rmap.c:1322 [inline] page_remove_rmap+0x554/0xab0 mm/rmap.c:1380 zap_pte_range mm/memory.c:1389 [inline] zap_pmd_range mm/memory.c:1497 [inline] zap_pud_range mm/memory.c:1526 [inline] zap_p4d_range mm/memory.c:1547 [inline] unmap_page_range+0x85c/0x18b0 mm/memory.c:1568 unmap_single_vma mm/memory.c:1613 [inline] unmap_vmas+0x1a0/0x3a0 mm/memory.c:1645 exit_mmap+0x108/0x350 mm/mmap.c:3148 __mmput+0xa4/0x2f0 kernel/fork.c:1183 mmput+0x74/0x84 kernel/fork.c:1205 exit_mm kernel/exit.c:510 [inline] do_exit+0x730/0x1ff0 kernel/exit.c:782 do_group_exit+0xa8/0x240 kernel/exit.c:925 __do_sys_exit_group kernel/exit.c:936 [inline] __se_sys_exit_group kernel/exit.c:934 [inline] __arm64_sys_exit_group+0x3c/0x4c kernel/exit.c:934 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0xc4/0x254 arch/arm64/kernel/syscall.c:142 do_el0_svc_compat+0x40/0x80 arch/arm64/kernel/syscall.c:187 el0_svc_compat+0x70/0x294 arch/arm64/kernel/entry-common.c:749 el0t_32_sync_handler+0x90/0x140 arch/arm64/kernel/entry-common.c:759 el0t_32_sync+0x190/0x194 arch/arm64/kernel/entry.S:586 ================================ WARNING: inconsistent lock state 5.17.0-syzkaller-13915-g7a3ecddc571c #0 Tainted: G W -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. syz-executor.1/16579 [HC0[0]:SC1[1]:HE0:SE0] takes: ffff00001060dca0 (&xa->xa_lock#6){+.?.}-{2:2}, at: xa_destroy+0x8c/0x240 lib/xarray.c:2211 {SOFTIRQ-ON-W} state was registered at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x568/0x93c kernel/locking/lockdep.c:5606 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x8c/0x120 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] xa_insert include/linux/xarray.h:773 [inline] blk_mq_init_hctx block/blk-mq.c:3501 [inline] blk_mq_alloc_and_init_hctx+0x384/0xd64 block/blk-mq.c:3962 blk_mq_realloc_hw_ctxs+0x258/0x350 block/blk-mq.c:3991 blk_mq_init_allocated_queue+0x3c8/0x1054 block/blk-mq.c:4053 blk_mq_init_queue_data block/blk-mq.c:3906 [inline] __blk_mq_alloc_disk+0xb4/0x15c block/blk-mq.c:3926 loop_add+0x29c/0x7ac drivers/block/loop.c:2011 loop_init+0x134/0x158 drivers/block/loop.c:2267 do_one_initcall+0x128/0x950 init/main.c:1298 do_initcall_level init/main.c:1371 [inline] do_initcalls init/main.c:1387 [inline] do_basic_setup init/main.c:1406 [inline] kernel_init_freeable+0x71c/0x7a0 init/main.c:1613 kernel_init+0x28/0x140 init/main.c:1502 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:867 irq event stamp: 5997 hardirqs last enabled at (5996): [] kasan_quarantine_put+0x108/0x254 mm/kasan/quarantine.c:231 hardirqs last disabled at (5997): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (5997): [] _raw_spin_lock_irqsave+0xfc/0x160 kernel/locking/spinlock.c:162 softirqs last enabled at (5350): [] _stext+0x964/0xff8 softirqs last disabled at (5547): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (5547): [] invoke_softirq kernel/softirq.c:439 [inline] softirqs last disabled at (5547): [] __irq_exit_rcu+0x208/0x4f0 kernel/softirq.c:637 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&xa->xa_lock#6); lock(&xa->xa_lock#6); *** DEADLOCK *** 5 locks held by syz-executor.1/16579: #0: ffff00000bf22d18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline] #0: ffff00000bf22d18 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0xbc/0x350 mm/mmap.c:3133 #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1355 [inline] #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1497 [inline] #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1526 [inline] #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1547 [inline] #1: ffff00000ee412b8 (ptlock_ptr(page)){+.+.}-{2:2}, at: unmap_page_range+0x400/0x18b0 mm/memory.c:1568 #2: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: cgroup_id include/linux/cgroup.h:312 [inline] #2: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: cgroup_is_descendant include/linux/cgroup.h:577 [inline] #2: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: mem_cgroup_is_descendant include/linux/memcontrol.h:867 [inline] #2: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: folio_memcg_lock+0x0/0x41c mm/memcontrol.c:1973 #3: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: page_pgdat include/linux/mm.h:1484 [inline] #3: ffff80000dea44c0 (rcu_read_lock){....}-{1:2}, at: __mod_lruvec_page_state+0x94/0x280 mm/memcontrol.c:753 #4: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2524 [inline] #4: ffff80000dea4d20 (rcu_callback){....}-{0:0}, at: rcu_core+0xbf8/0x1a00 kernel/rcu/tree.c:2786 stack backtrace: CPU: 1 PID: 16579 Comm: syz-executor.1 Tainted: G W 5.17.0-syzkaller-13915-g7a3ecddc571c #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x1e0/0x270 arch/arm64/kernel/stacktrace.c:184 show_stack+0x18/0x70 arch/arm64/kernel/stacktrace.c:191 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x9c/0xd8 lib/dump_stack.c:106 dump_stack+0x1c/0x38 lib/dump_stack.c:113 print_usage_bug.part.0+0x4c4/0x4e8 kernel/locking/lockdep.c:3935 print_usage_bug kernel/locking/lockdep.c:3905 [inline] valid_state kernel/locking/lockdep.c:3947 [inline] mark_lock_irq kernel/locking/lockdep.c:4156 [inline] mark_lock+0x1084/0x14b0 kernel/locking/lockdep.c:4607 mark_usage kernel/locking/lockdep.c:4502 [inline] __lock_acquire+0x1038/0x4b14 kernel/locking/lockdep.c:4983 lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x568/0x93c kernel/locking/lockdep.c:5606 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa8/0x160 kernel/locking/spinlock.c:162 xa_destroy+0x8c/0x240 lib/xarray.c:2211 blk_mq_release+0x208/0x2e4 block/blk-mq.c:3887 blk_release_queue+0x100/0x25c block/blk-sysfs.c:780 kobject_cleanup lib/kobject.c:705 [inline] kobject_release lib/kobject.c:736 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x170/0x460 lib/kobject.c:753 blk_put_queue+0x14/0x20 block/blk-core.c:270 blkg_free.part.0+0xdc/0x1a0 block/blk-cgroup.c:86 blkg_free block/blk-cgroup.c:78 [inline] __blkg_release+0xbc/0x110 block/blk-cgroup.c:102 rcu_do_batch kernel/rcu/tree.c:2535 [inline] rcu_core+0xc60/0x1a00 kernel/rcu/tree.c:2786 rcu_core_si+0x10/0x20 kernel/rcu/tree.c:2803 _stext+0x3f4/0xff8 do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] invoke_softirq kernel/softirq.c:439 [inline] __irq_exit_rcu+0x208/0x4f0 kernel/softirq.c:637 irq_exit_rcu+0x14/0x80 kernel/softirq.c:649 __el1_irq arch/arm64/kernel/entry-common.c:459 [inline] el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:473 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:478 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577 memcg_rstat_updated mm/memcontrol.c:624 [inline] __mod_memcg_lruvec_state+0x210/0x3c0 mm/memcontrol.c:723 __mod_lruvec_state+0x5c/0x80 mm/memcontrol.c:745 __mod_lruvec_page_state+0x18c/0x280 mm/memcontrol.c:766 page_remove_file_rmap mm/rmap.c:1322 [inline] page_remove_rmap+0x554/0xab0 mm/rmap.c:1380 zap_pte_range mm/memory.c:1389 [inline] zap_pmd_range mm/memory.c:1497 [inline] zap_pud_range mm/memory.c:1526 [inline] zap_p4d_range mm/memory.c:1547 [inline] unmap_page_range+0x85c/0x18b0 mm/memory.c:1568 unmap_single_vma mm/memory.c:1613 [inline] unmap_vmas+0x1a0/0x3a0 mm/memory.c:1645 exit_mmap+0x108/0x350 mm/mmap.c:3148 __mmput+0xa4/0x2f0 kernel/fork.c:1183 mmput+0x74/0x84 kernel/fork.c:1205 exit_mm kernel/exit.c:510 [inline] do_exit+0x730/0x1ff0 kernel/exit.c:782 do_group_exit+0xa8/0x240 kernel/exit.c:925 __do_sys_exit_group kernel/exit.c:936 [inline] __se_sys_exit_group kernel/exit.c:934 [inline] __arm64_sys_exit_group+0x3c/0x4c kernel/exit.c:934 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0xc4/0x254 arch/arm64/kernel/syscall.c:142 do_el0_svc_compat+0x40/0x80 arch/arm64/kernel/syscall.c:187 el0_svc_compat+0x70/0x294 arch/arm64/kernel/entry-common.c:749 el0t_32_sync_handler+0x90/0x140 arch/arm64/kernel/entry-common.c:759 el0t_32_sync+0x190/0x194 arch/arm64/kernel/entry.S:586 BUG: sleeping function called from invalid context at block/blk-sysfs.c:766 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 16598, name: syz-executor.1 preempt_count: 101, expected: 0 RCU nest depth: 1, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [] spin_lock include/linux/spinlock.h:349 [inline] [] zap_pte_range mm/memory.c:1355 [inline] [] zap_pmd_range mm/memory.c:1497 [inline] [] zap_pud_range mm/memory.c:1526 [inline] [] zap_p4d_range mm/memory.c:1547 [inline] [] unmap_page_range+0x400/0x18b0 mm/memory.c:1568 CPU: 1 PID: 16598 Comm: syz-executor.1 Tainted: G W 5.17.0-syzkaller-13915-g7a3ecddc571c #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x1e0/0x270 arch/arm64/kernel/stacktrace.c:184 show_stack+0x18/0x70 arch/arm64/kernel/stacktrace.c:191 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x9c/0xd8 lib/dump_stack.c:106 dump_stack+0x1c/0x38 lib/dump_stack.c:113 __might_resched+0x3c8/0x530 kernel/sched/core.c:9733 __might_sleep+0x90/0x144 kernel/sched/core.c:9662 blk_release_queue+0x30/0x25c block/blk-sysfs.c:766 kobject_cleanup lib/kobject.c:705 [inline] kobject_release lib/kobject.c:736 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x170/0x460 lib/kobject.c:753 blk_put_queue+0x14/0x20 block/blk-core.c:270 blkg_free.part.0+0xdc/0x1a0 block/blk-cgroup.c:86 blkg_free block/blk-cgroup.c:78 [inline] __blkg_release+0xbc/0x110 block/blk-cgroup.c:102 rcu_do_batch kernel/rcu/tree.c:2535 [inline] rcu_core+0xc60/0x1a00 kernel/rcu/tree.c:2786 rcu_core_si+0x10/0x20 kernel/rcu/tree.c:2803 _stext+0x3f4/0xff8 do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] invoke_softirq kernel/softirq.c:439 [inline] __irq_exit_rcu+0x208/0x4f0 kernel/softirq.c:637 irq_exit_rcu+0x14/0x80 kernel/softirq.c:649 __el1_irq arch/arm64/kernel/entry-common.c:459 [inline] el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:473 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:478 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577 arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122 lock_page_memcg+0x40/0x60 mm/memcontrol.c:2060 page_remove_rmap+0x2c/0xab0 mm/rmap.c:1377 zap_pte_range mm/memory.c:1389 [inline] zap_pmd_range mm/memory.c:1497 [inline] zap_pud_range mm/memory.c:1526 [inline] zap_p4d_range mm/memory.c:1547 [inline] unmap_page_range+0x85c/0x18b0 mm/memory.c:1568 unmap_single_vma mm/memory.c:1613 [inline] unmap_vmas+0x1a0/0x3a0 mm/memory.c:1645 exit_mmap+0x108/0x350 mm/mmap.c:3148 __mmput+0xa4/0x2f0 kernel/fork.c:1183 mmput+0x74/0x84 kernel/fork.c:1205 exit_mm kernel/exit.c:510 [inline] do_exit+0x730/0x1ff0 kernel/exit.c:782 do_group_exit+0xa8/0x240 kernel/exit.c:925 get_signal+0x161c/0x1b30 kernel/signal.c:2904 do_signal arch/arm64/kernel/signal.c:889 [inline] do_notify_resume+0x2b4/0x242c arch/arm64/kernel/signal.c:942 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline] el0_svc_compat+0x1e0/0x294 arch/arm64/kernel/entry-common.c:750 el0t_32_sync_handler+0x90/0x140 arch/arm64/kernel/entry-common.c:759 el0t_32_sync+0x190/0x194 arch/arm64/kernel/entry.S:586