BUG: sleeping function called from invalid context at mm/slab.h:419 in_atomic(): 1, irqs_disabled(): 1, pid: 9994, name: syz-executor.0 3 locks held by syz-executor.0/9994: #0: (&ep->mtx){+.+.}, at: [] SYSC_epoll_ctl fs/eventpoll.c:2080 [inline] #0: (&ep->mtx){+.+.}, at: [] SyS_epoll_ctl+0x516/0x2780 fs/eventpoll.c:2002 #1: (&dev->dev_mutex){+.+.}, at: [] v4l2_m2m_fop_poll+0x91/0x110 drivers/media/v4l2-core/v4l2-mem2mem.c:802 #2: (&(&q->done_lock)->rlock){....}, at: [] v4l2_m2m_poll+0x116/0x670 drivers/media/v4l2-core/v4l2-mem2mem.c:536 irq event stamp: 272 hardirqs last enabled at (271): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (271): [] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:192 hardirqs last disabled at (272): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (272): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160 softirqs last enabled at (0): [] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734 softirqs last disabled at (0): [< (null)>] (null) Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 9994 Comm: syz-executor.0 Not tainted 4.14.258-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041 slab_pre_alloc_hook mm/slab.h:419 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc+0x284/0x3c0 mm/slab.c:3550 ep_ptable_queue_proc+0x9e/0x370 fs/eventpoll.c:1255 poll_wait include/linux/poll.h:50 [inline] v4l2_m2m_poll+0x583/0x670 drivers/media/v4l2-core/v4l2-mem2mem.c:538 v4l2_m2m_fop_poll+0xa4/0x110 drivers/media/v4l2-core/v4l2-mem2mem.c:804 v4l2_poll+0x133/0x1d0 drivers/media/v4l2-core/v4l2-dev.c:342 ep_item_poll fs/eventpoll.c:885 [inline] ep_insert fs/eventpoll.c:1490 [inline] SYSC_epoll_ctl fs/eventpoll.c:2117 [inline] SyS_epoll_ctl+0x14af/0x2780 fs/eventpoll.c:2002 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f946a155e99 RSP: 002b:00007f9468acb168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 RAX: ffffffffffffffda RBX: 00007f946a268f60 RCX: 00007f946a155e99 RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 00007f946a1afff1 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffed5ac970f R14: 00007f9468acb300 R15: 0000000000022000 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. mip6: mip6_destopt_init_state: spi is not 0: 33554432 capability: warning: `syz-executor.5' uses deprecated v2 capabilities in a way that may be insecure A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. syz-executor.1 (10203) used greatest stack depth: 24776 bytes left rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future netlink: 156 bytes leftover after parsing attributes in process `syz-executor.2'. rtc_cmos 00:00: Alarms can be up to one day in the future audit: type=1800 audit(1639500456.935:2): pid=10499 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=14060 res=0 rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc rtc0: __rtc_set_alarm: err=-22 ====================================================== WARNING: the mand mount option is being deprecated and will be removed in v5.15! ====================================================== audit: type=1804 audit(1639500457.935:3): pid=10646 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir058917459/syzkaller.nu2WMK/39/file0/bus" dev="ramfs" ino=31286 res=1 audit: type=1804 audit(1639500458.015:4): pid=10646 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir058917459/syzkaller.nu2WMK/39/file0/bus" dev="ramfs" ino=31286 res=1 audit: type=1804 audit(1639500458.075:5): pid=10646 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir058917459/syzkaller.nu2WMK/39/file0/bus" dev="ramfs" ino=31286 res=1 audit: type=1804 audit(1639500458.335:6): pid=10672 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir058917459/syzkaller.nu2WMK/40/file0/bus" dev="ramfs" ino=32059 res=1 device lo entered promiscuous mode audit: type=1804 audit(1639500458.365:7): pid=10672 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir058917459/syzkaller.nu2WMK/40/file0/bus" dev="ramfs" ino=32059 res=1 device tunl0 entered promiscuous mode device gre0 entered promiscuous mode device gretap0 entered promiscuous mode device erspan0 entered promiscuous mode device ip_vti0 entered promiscuous mode device ip6_vti0 entered promiscuous mode device sit0 entered promiscuous mode device ip6tnl0 entered promiscuous mode audit: type=1804 audit(1639500458.525:8): pid=10672 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir058917459/syzkaller.nu2WMK/40/file0/bus" dev="ramfs" ino=32059 res=1 device ip6gre0 entered promiscuous mode device syz_tun entered promiscuous mode device ip6gretap0 entered promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state device bridge0 entered promiscuous mode device vcan0 entered promiscuous mode device bond0 entered promiscuous mode device bond_slave_0 entered promiscuous mode device bond_slave_1 entered promiscuous mode device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode device dummy0 entered promiscuous mode device nlmon0 entered promiscuous mode device caif0 entered promiscuous mode device batadv0 entered promiscuous mode device vxcan0 entered promiscuous mode device vxcan1 entered promiscuous mode device veth0 entered promiscuous mode device veth1 entered promiscuous mode device veth0_to_bridge entered promiscuous mode device veth1_to_bridge entered promiscuous mode device veth0_to_bond entered promiscuous mode device veth1_to_bond entered promiscuous mode device veth0_to_team entered promiscuous mode device veth1_to_team entered promiscuous mode device veth0_to_batadv entered promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 device batadv_slave_0 entered promiscuous mode device veth1_to_batadv entered promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_1 device batadv_slave_1 entered promiscuous mode device veth0_to_hsr entered promiscuous mode device veth1_to_hsr entered promiscuous mode device hsr0 entered promiscuous mode device veth1_virt_wifi entered promiscuous mode device veth0_virt_wifi entered promiscuous mode device vlan0 entered promiscuous mode device vlan1 entered promiscuous mode device macvlan0 entered promiscuous mode device macvlan1 entered promiscuous mode device ipvlan0 entered promiscuous mode device ipvlan1 entered promiscuous mode device macvtap0 entered promiscuous mode device macsec0 entered promiscuous mode device geneve0 entered promiscuous mode device geneve1 entered promiscuous mode syz-executor.2 (10678) used greatest stack depth: 24376 bytes left audit: type=1804 audit(1639500459.185:9): pid=10723 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir058917459/syzkaller.nu2WMK/41/file0/bus" dev="ramfs" ino=31393 res=1 audit: type=1804 audit(1639500459.335:10): pid=10723 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir058917459/syzkaller.nu2WMK/41/file0/bus" dev="ramfs" ino=31393 res=1 audit: type=1804 audit(1639500459.505:11): pid=10723 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir058917459/syzkaller.nu2WMK/41/file0/bus" dev="ramfs" ino=31393 res=1 device bridge0 left promiscuous mode