BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 14966, name: syz-executor.0 6 locks held by syz-executor.0/14966: #0: ffff88804eb64460 (sb_writers#20){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 fs/namespace.c:377 #1: ffff88804c0fb0d0 (&sb->s_type->i_mutex_key#27){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline] #1: ffff88804c0fb0d0 (&sb->s_type->i_mutex_key#27){+.+.}-{3:3}, at: do_truncate+0x208/0x300 fs/open.c:63 #2: ffff88804c0fb750 (&fi->i_gc_rwsem[WRITE]){+.+.}-{3:3}, at: f2fs_setattr+0x930/0x10a0 fs/f2fs/file.c:960 #3: ffff88804c0fb270 (mapping.invalidate_lock#5){++++}-{3:3}, at: filemap_invalidate_lock include/linux/fs.h:832 [inline] #3: ffff88804c0fb270 (mapping.invalidate_lock#5){++++}-{3:3}, at: f2fs_setattr+0x960/0x10a0 fs/f2fs/file.c:961 #4: ffff88804c0fb328 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:502 [inline] #4: ffff88804c0fb328 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unmap_mapping_pages mm/memory.c:3414 [inline] #4: ffff88804c0fb328 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unmap_mapping_range+0x170/0x3e0 mm/memory.c:3452 #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline] #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1331 [inline] #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1494 [inline] #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1523 [inline] #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1544 [inline] #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x9c3/0x2630 mm/memory.c:1565 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 PID: 14966 Comm: syz-executor.0 Not tainted 5.15.104-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ___might_sleep+0x547/0x6a0 kernel/sched/core.c:9622 might_alloc include/linux/sched/mm.h:209 [inline] slab_pre_alloc_hook+0x44/0xc0 mm/slab.h:492 slab_alloc_node mm/slub.c:3134 [inline] slab_alloc mm/slub.c:3228 [inline] kmem_cache_alloc+0x3f/0x280 mm/slub.c:3233 f2fs_kmem_cache_alloc_nofail fs/f2fs/f2fs.h:2627 [inline] f2fs_kmem_cache_alloc fs/f2fs/f2fs.h:2637 [inline] f2fs_register_inmem_page+0x1d0/0x6f0 fs/f2fs/segment.c:192 f2fs_set_data_page_dirty+0x7bb/0xa90 fs/f2fs/data.c:3781 zap_pte_range mm/memory.c:1366 [inline] zap_pmd_range mm/memory.c:1494 [inline] zap_pud_range mm/memory.c:1523 [inline] zap_p4d_range mm/memory.c:1544 [inline] unmap_page_range+0xdcd/0x2630 mm/memory.c:1565 zap_page_range_single+0x38f/0x500 mm/memory.c:1693 unmap_mapping_range_vma mm/memory.c:3333 [inline] unmap_mapping_range_tree mm/memory.c:3354 [inline] unmap_mapping_pages mm/memory.c:3416 [inline] unmap_mapping_range+0x368/0x3e0 mm/memory.c:3452 truncate_pagecache mm/truncate.c:734 [inline] truncate_setsize+0xb9/0xf0 mm/truncate.c:760 f2fs_setattr+0x98b/0x10a0 fs/f2fs/file.c:963 notify_change+0xd4d/0x1000 fs/attr.c:488 do_truncate+0x21c/0x300 fs/open.c:65 handle_truncate fs/namei.c:3195 [inline] do_open fs/namei.c:3542 [inline] path_openat+0x28a0/0x2f20 fs/namei.c:3672 do_filp_open+0x21c/0x460 fs/namei.c:3699 do_sys_openat2+0x13b/0x500 fs/open.c:1211 do_sys_open fs/open.c:1227 [inline] __do_sys_open fs/open.c:1235 [inline] __se_sys_open fs/open.c:1231 [inline] __x64_sys_open+0x221/0x270 fs/open.c:1231 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7f922cb330f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9224b48168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007f922cc53120 RCX: 00007f922cb330f9 RDX: 0000000000000000 RSI: 00000000001c5b42 RDI: 0000000020000080 RBP: 00007f922cb8eb39 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd0667f01f R14: 00007f9224b48300 R15: 0000000000022000 ============================= [ BUG: Invalid wait context ] 5.15.104-syzkaller #0 Tainted: G W ----------------------------- syz-executor.0/14966 is trying to lock: ffff88804c0fb618 (&fi->inmem_lock){+.+.}-{3:3}, at: f2fs_register_inmem_page+0x31b/0x6f0 fs/f2fs/segment.c:201 other info that might help us debug this: context-{4:4} 6 locks held by syz-executor.0/14966: #0: ffff88804eb64460 (sb_writers#20){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 fs/namespace.c:377 #1: ffff88804c0fb0d0 (&sb->s_type->i_mutex_key#27){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline] #1: ffff88804c0fb0d0 (&sb->s_type->i_mutex_key#27){+.+.}-{3:3}, at: do_truncate+0x208/0x300 fs/open.c:63 #2: ffff88804c0fb750 (&fi->i_gc_rwsem[WRITE]){+.+.}-{3:3}, at: f2fs_setattr+0x930/0x10a0 fs/f2fs/file.c:960 #3: ffff88804c0fb270 (mapping.invalidate_lock#5){++++}-{3:3}, at: filemap_invalidate_lock include/linux/fs.h:832 [inline] #3: ffff88804c0fb270 (mapping.invalidate_lock#5){++++}-{3:3}, at: f2fs_setattr+0x960/0x10a0 fs/f2fs/file.c:961 #4: ffff88804c0fb328 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:502 [inline] #4: ffff88804c0fb328 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unmap_mapping_pages mm/memory.c:3414 [inline] #4: ffff88804c0fb328 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unmap_mapping_range+0x170/0x3e0 mm/memory.c:3452 #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline] #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1331 [inline] #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1494 [inline] #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1523 [inline] #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1544 [inline] #5: ffff8880236479d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x9c3/0x2630 mm/memory.c:1565 stack backtrace: CPU: 1 PID: 14966 Comm: syz-executor.0 Tainted: G W 5.15.104-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 print_lock_invalid_wait_context kernel/locking/lockdep.c:4663 [inline] check_wait_context kernel/locking/lockdep.c:4724 [inline] __lock_acquire+0x14f5/0x1ff0 kernel/locking/lockdep.c:4961 lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5622 __mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743 f2fs_register_inmem_page+0x31b/0x6f0 fs/f2fs/segment.c:201 f2fs_set_data_page_dirty+0x7bb/0xa90 fs/f2fs/data.c:3781 zap_pte_range mm/memory.c:1366 [inline] zap_pmd_range mm/memory.c:1494 [inline] zap_pud_range mm/memory.c:1523 [inline] zap_p4d_range mm/memory.c:1544 [inline] unmap_page_range+0xdcd/0x2630 mm/memory.c:1565 zap_page_range_single+0x38f/0x500 mm/memory.c:1693 unmap_mapping_range_vma mm/memory.c:3333 [inline] unmap_mapping_range_tree mm/memory.c:3354 [inline] unmap_mapping_pages mm/memory.c:3416 [inline] unmap_mapping_range+0x368/0x3e0 mm/memory.c:3452 truncate_pagecache mm/truncate.c:734 [inline] truncate_setsize+0xb9/0xf0 mm/truncate.c:760 f2fs_setattr+0x98b/0x10a0 fs/f2fs/file.c:963 notify_change+0xd4d/0x1000 fs/attr.c:488 do_truncate+0x21c/0x300 fs/open.c:65 handle_truncate fs/namei.c:3195 [inline] do_open fs/namei.c:3542 [inline] path_openat+0x28a0/0x2f20 fs/namei.c:3672 do_filp_open+0x21c/0x460 fs/namei.c:3699 do_sys_openat2+0x13b/0x500 fs/open.c:1211 do_sys_open fs/open.c:1227 [inline] __do_sys_open fs/open.c:1235 [inline] __se_sys_open fs/open.c:1231 [inline] __x64_sys_open+0x221/0x270 fs/open.c:1231 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7f922cb330f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9224b48168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007f922cc53120 RCX: 00007f922cb330f9 RDX: 0000000000000000 RSI: 00000000001c5b42 RDI: 0000000020000080 RBP: 00007f922cb8eb39 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd0667f01f R14: 00007f9224b48300 R15: 0000000000022000