BUG: sleeping function called from invalid context at mm/slab.h:419 in_atomic(): 1, irqs_disabled(): 1, pid: 10000, name: syz-executor.3 3 locks held by syz-executor.3/10000: #0: (&ep->mtx){+.+.}, at: [] SYSC_epoll_ctl fs/eventpoll.c:2080 [inline] #0: (&ep->mtx){+.+.}, at: [] SyS_epoll_ctl+0x516/0x2780 fs/eventpoll.c:2002 #1: (&dev->dev_mutex){+.+.}, at: [] v4l2_m2m_fop_poll+0x91/0x110 drivers/media/v4l2-core/v4l2-mem2mem.c:802 #2: (&(&q->done_lock)->rlock){....}, at: [] v4l2_m2m_poll+0x116/0x670 drivers/media/v4l2-core/v4l2-mem2mem.c:536 irq event stamp: 304 hardirqs last enabled at (303): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (303): [] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:192 hardirqs last disabled at (304): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (304): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160 softirqs last enabled at (0): [] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734 softirqs last disabled at (0): [< (null)>] (null) Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 10000 Comm: syz-executor.3 Not tainted 4.14.258-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 FAT-fs (loop1): Unrecognized mount option "nnonumtail=1" or missing value slab_pre_alloc_hook mm/slab.h:419 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc+0x284/0x3c0 mm/slab.c:3550 ep_ptable_queue_proc+0x9e/0x370 fs/eventpoll.c:1255 poll_wait include/linux/poll.h:50 [inline] v4l2_m2m_poll+0x583/0x670 drivers/media/v4l2-core/v4l2-mem2mem.c:538 v4l2_m2m_fop_poll+0xa4/0x110 drivers/media/v4l2-core/v4l2-mem2mem.c:804 v4l2_poll+0x133/0x1d0 drivers/media/v4l2-core/v4l2-dev.c:342 ep_item_poll fs/eventpoll.c:885 [inline] ep_insert fs/eventpoll.c:1490 [inline] SYSC_epoll_ctl fs/eventpoll.c:2117 [inline] SyS_epoll_ctl+0x14af/0x2780 fs/eventpoll.c:2002 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f86e6806e99 RSP: 002b:00007f86e517c168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 RAX: ffffffffffffffda RBX: 00007f86e6919f60 RCX: 00007f86e6806e99 RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 00007f86e6860ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffc7e2e8ef R14: 00007f86e517c300 R15: 0000000000022000 syz-executor.5 (9999) used greatest stack depth: 23648 bytes left FAT-fs (loop1): Unrecognized mount option "nnonumtail=1" or missing value IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready syz-executor.4 uses obsolete (PF_INET,SOCK_PACKET) hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready audit: type=1804 audit(1639943968.929:8): pid=10443 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir795946051/syzkaller.aDXJJx/24/memory.events" dev="sda1" ino=13962 res=1 audit: type=1800 audit(1639943968.929:9): pid=10443 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="memory.events" dev="sda1" ino=13962 res=0 audit: type=1804 audit(1639943969.029:10): pid=10449 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir795946051/syzkaller.aDXJJx/25/memory.events" dev="sda1" ino=13973 res=1 audit: type=1800 audit(1639943969.029:11): pid=10449 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="memory.events" dev="sda1" ino=13973 res=0 BTRFS: device fsid f90cac8b-044b-4fa8-8bee-4b8d3da88dc2 devid 1 transid 7 /dev/loop3 audit: type=1804 audit(1639943969.099:12): pid=10455 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir795946051/syzkaller.aDXJJx/26/memory.events" dev="sda1" ino=13973 res=1 audit: type=1800 audit(1639943969.099:13): pid=10455 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="memory.events" dev="sda1" ino=13973 res=0 BTRFS info (device loop3): disk space caching is enabled BTRFS info (device loop3): has skinny extents audit: type=1804 audit(1639943969.139:14): pid=10459 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir795946051/syzkaller.aDXJJx/26/memory.events" dev="sda1" ino=13973 res=1 audit: type=1800 audit(1639943969.139:15): pid=10459 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="memory.events" dev="sda1" ino=13973 res=0 BTRFS error (device loop3): open_ctree failed BTRFS info (device loop3): disk space caching is enabled BTRFS info (device loop3): has skinny extents BTRFS info (device loop3): disk space caching is enabled BTRFS info (device loop3): has skinny extents EXT4-fs error (device loop3): ext4_fill_super:4371: inode #2: comm syz-executor.3: iget: bogus i_mode (2355) EXT4-fs (loop3): get root inode failed EXT4-fs (loop3): mount failed new mount options do not match the existing superblock, will be ignored netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'. new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1639943974.779:16): pid=11017 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir795946051/syzkaller.aDXJJx/37/file0/bus" dev="sda1" ino=13993 res=1 netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'. new mount options do not match the existing superblock, will be ignored netlink: 100 bytes leftover after parsing attributes in process `syz-executor.0'. EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1639943975.719:17): pid=11156 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir795946051/syzkaller.aDXJJx/38/bus" dev="sda1" ino=13978 res=1 netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'. EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue