BUG: sleeping function called from invalid context in synchronize_rcu_expedited

From: Hao Sun
Date: Mon Sep 20 2021 - 08:51:45 EST


Hello,

When using Healer to fuzz the latest Linux kernel, the following crash
was triggered.

HEAD commit: 4357f03d6611 Merge tag 'pm-5.15-rc2
git tree: upstream
console output:
https://drive.google.com/file/d/1AJpdt-ENezAYZ0xo3787EvsK09-Vz404/view?usp=sharing
kernel config: https://drive.google.com/file/d/1HKZtF_s3l6PL3OoQbNq_ei9CdBus-Tz0/view?usp=sharing

If you fix this issue, please add the following tag to the commit:
Reported-by: Hao Sun <sunhao.th@xxxxxxxxx>

BUG: sleeping function called from invalid context at kernel/rcu/tree_exp.h:854
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 21, name: ksoftirqd/1
2 locks held by ksoftirqd/1/21:
#0: ffffffff85a1d4a0 (rcu_callback){....}-{0:0}, at: rcu_do_batch
kernel/rcu/tree.c:2500 [inline]
#0: ffffffff85a1d4a0 (rcu_callback){....}-{0:0}, at:
rcu_core+0x283/0x9f0 kernel/rcu/tree.c:2743
#1: ffffffff85a1fd28 (rcu_state.exp_mutex){+.+.}-{3:3}, at:
exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline]
#1: ffffffff85a1fd28 (rcu_state.exp_mutex){+.+.}-{3:3}, at:
synchronize_rcu_expedited+0x32d/0x460 kernel/rcu/tree_exp.h:837
Preemption disabled at:
[<ffffffff8460005c>] softirq_handle_begin kernel/softirq.c:396 [inline]
[<ffffffff8460005c>] __do_softirq+0x5c/0x561 kernel/softirq.c:534
CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 5.15.0-rc1+ #19
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x8d/0xcf lib/dump_stack.c:106
___might_sleep+0x1f0/0x250 kernel/sched/core.c:9538
synchronize_rcu_expedited+0x2db/0x460 kernel/rcu/tree_exp.h:853
bdi_remove_from_list mm/backing-dev.c:938 [inline]
bdi_unregister+0x97/0x270 mm/backing-dev.c:946
release_bdi+0x4a/0x70 mm/backing-dev.c:968
kref_put include/linux/kref.h:65 [inline]
bdi_put+0x47/0x70 mm/backing-dev.c:976
bdev_free_inode+0x59/0xc0 block/bdev.c:408
i_callback+0x24/0x50 fs/inode.c:224
rcu_do_batch kernel/rcu/tree.c:2508 [inline]
rcu_core+0x2d6/0x9f0 kernel/rcu/tree.c:2743
__do_softirq+0xe9/0x561 kernel/softirq.c:558
run_ksoftirqd+0x2d/0x60 kernel/softirq.c:920
smpboot_thread_fn+0x225/0x320 kernel/smpboot.c:164
kthread+0x178/0x1b0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
BUG: scheduling while atomic: ksoftirqd/1/21/0x00000101
2 locks held by ksoftirqd/1/21:
#0: ffffffff85a1d4a0 (rcu_callback){....}-{0:0}, at: rcu_do_batch
kernel/rcu/tree.c:2500 [inline]
#0: ffffffff85a1d4a0 (rcu_callback){....}-{0:0}, at:
rcu_core+0x283/0x9f0 kernel/rcu/tree.c:2743
#1: ffffffff85a1fd28 (rcu_state.exp_mutex){+.+.}-{3:3}, at:
exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline]
#1: ffffffff85a1fd28 (rcu_state.exp_mutex){+.+.}-{3:3}, at:
synchronize_rcu_expedited+0x32d/0x460 kernel/rcu/tree_exp.h:837
Modules linked in:
Preemption disabled at:
[<ffffffff8460005c>] softirq_handle_begin kernel/softirq.c:396 [inline]
[<ffffffff8460005c>] __do_softirq+0x5c/0x561 kernel/softirq.c:534