In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix sleep from invalid context bug in btrfsqgroupinherit()
Syzkaller reported BUG as follows:
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 Call Trace: <TASK> dumpstacklvl+0xcd/0x134 _mightresched.cold+0x222/0x26b kmemcachealloc+0x2e7/0x3c0 updateqgrouplimititem+0xe1/0x390 btrfsqgroupinherit+0x147b/0x1ee0 createsubvol+0x4eb/0x1710 btrfsmksubvol+0xfe5/0x13f0 _btrfsioctlsnapcreate+0x2b0/0x430 btrfsioctlsnapcreatev2+0x25a/0x520 btrfsioctl+0x2a1c/0x5ce0 _x64sysioctl+0x193/0x200 dosyscall_64+0x35/0x80
Fix this by calling qgroupdirty() on @dstqgroup, and update limit item in btrfsrun_qgroups() later outside of the spinlock context.