BUG: sleeping function called from invalid context at mm/slab.h:422 in_atomic(): 1, irqs_disabled(): 1, pid: 2372, name: syz-executor.1 3 locks held by syz-executor.1/2372: #0: 00000000c38dcc0f (&ep->mtx){+.+.}, at: __do_sys_epoll_ctl fs/eventpoll.c:2075 [inline] #0: 00000000c38dcc0f (&ep->mtx){+.+.}, at: __se_sys_epoll_ctl+0x5d2/0x2b90 fs/eventpoll.c:1997 #1: 0000000070d91668 (&dev->dev_mutex){+.+.}, at: v4l2_m2m_fop_poll+0x91/0x110 drivers/media/v4l2-core/v4l2-mem2mem.c:1056 #2: 0000000040725395 (&(&q->done_lock)->rlock){....}, at: v4l2_m2m_poll+0x140/0x720 drivers/media/v4l2-core/v4l2-mem2mem.c:623 irq event stamp: 484 hardirqs last enabled at (483): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (483): [] _raw_spin_unlock_irq+0x24/0x80 kernel/locking/spinlock.c:192 hardirqs last disabled at (484): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (484): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:152 softirqs last enabled at (466): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (231): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (231): [] irq_exit+0x215/0x260 kernel/softirq.c:412 Preemption disabled at: [<0000000000000000>] (null) CPU: 1 PID: 2372 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x26d/0x370 mm/slab.c:3557 ep_ptable_queue_proc+0xaf/0x390 fs/eventpoll.c:1242 poll_wait include/linux/poll.h:51 [inline] v4l2_m2m_poll+0x633/0x720 drivers/media/v4l2-core/v4l2-mem2mem.c:625 v4l2_m2m_fop_poll+0xa4/0x110 drivers/media/v4l2-core/v4l2-mem2mem.c:1058 v4l2_poll+0x146/0x1f0 drivers/media/v4l2-core/v4l2-dev.c:350 vfs_poll include/linux/poll.h:90 [inline] ep_item_poll+0x14a/0x3e0 fs/eventpoll.c:890 ep_insert fs/eventpoll.c:1479 [inline] __do_sys_epoll_ctl fs/eventpoll.c:2112 [inline] __se_sys_epoll_ctl+0x1b04/0x2b90 fs/eventpoll.c:1997 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fdb91026e99 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdb8f99c168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 RAX: ffffffffffffffda RBX: 00007fdb91139f60 RCX: 00007fdb91026e99 RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 00007fdb91080ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd0e90f6bf R14: 00007fdb8f99c300 R15: 0000000000022000 overlayfs: './file0' not a directory netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. xt_NFQUEUE: number of total queues is 0 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPVS: ftp: loaded support on port[0] = 21 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. *** Guest State *** CR0: actual=0xeb709f408ed399f9, shadow=0xeb709f40aed399d9, gh_mask=fffffffffffffff7 device batadv1 entered promiscuous mode 8021q: adding VLAN 0 to HW filter on device batadv1 CR4: actual=0x0000000000202764, shadow=0x0000000000200724, gh_mask=ffffffffffffe871 CR3 = 0x0000000000000000 PDPTR0 = 0x0000000000000000 PDPTR1 = 0x0000000000000000 PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000000000000000 mmap: syz-executor.0 (2632) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 IPVS: ftp: loaded support on port[0] = 21 Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 DS: sel=0x0004, attr=0x10000, limit=0x00000000, base=0x0000000000000000 SS: sel=0x0010, attr=0x10000, limit=0x00000000, base=0x0000000000000000 ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 GDTR: limit=0x00000000, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 IDTR: limit=0x00000000, base=0x0000000000000000 TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811a9c2f RSP = 0xffff888094c278c0 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f8a79bfb700 GSBase=ffff8880ba100000 TRBase=fffffe0000003000 GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=0000000049003000 CR4=00000000003426e0 Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff88201290 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ea EntryControls=0000d1ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xfffffd60085719d8 EPT pointer = 0x00000000a023201e Virtual processor ID = 0x0001 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. device batadv1 entered promiscuous mode 8021q: adding VLAN 0 to HW filter on device batadv1 *** Guest State *** CR0: actual=0xeb709f408ed399f9, shadow=0xeb709f40aed399d9, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000202764, shadow=0x0000000000200724, gh_mask=ffffffffffffe871 CR3 = 0x0000000000000000 PDPTR0 = 0x0000000000000000 PDPTR1 = 0x0000000000000000 PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000000000000000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 IPVS: ftp: loaded support on port[0] = 21 DS: sel=0x0004, attr=0x10000, limit=0x00000000, base=0x0000000000000000 SS: sel=0x0010, attr=0x10000, limit=0x00000000, base=0x0000000000000000 ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 GDTR: limit=0x00000000, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. IDTR: limit=0x00000000, base=0x0000000000000000 TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811a9c2f RSP = 0xffff888052d178c0 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f8a79bfb700 GSBase=ffff8880ba000000 TRBase=fffffe0000034000 GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=000000009d856000 CR4=00000000003426f0 Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff88201290 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ea EntryControls=0000d1ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xfffffd5ed2e8431c EPT pointer = 0x0000000051f6501e Virtual processor ID = 0x0001 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 9pnet: p9_errstr2errno: server reported unknown error ºkâ‰ýHŸ…yã device batadv1 entered promiscuous mode 8021q: adding VLAN 0 to HW filter on device batadv1 RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? IPVS: ftp: loaded support on port[0] = 21 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.