./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2694035533
<...>
Warning: Permanently added '10.128.0.99' (ECDSA) to the list of known hosts.
execve("./syz-executor2694035533", ["./syz-executor2694035533"], 0x7ffc8e5f7a20 /* 10 vars */) = 0
brk(NULL) = 0x555557242000
brk(0x555557242c40) = 0x555557242c40
arch_prctl(ARCH_SET_FS, 0x555557242300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2694035533", 4096) = 28
brk(0x555557263c40) = 0x555557263c40
brk(0x555557264000) = 0x555557264000
mprotect(0x7f642cb9f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/char/4:21", O_RDWR) = 3
ioctl(3, TIOCSETD, [21]) = 0
ioctl(3, GSMIOC_SETCONF, 0x20000040) = 0
exit_group(0) = ?
syzkaller login: [ 50.112249][ C1] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 50.121821][ C1] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3606, name: syz-executor269
[ 50.131412][ C1] preempt_count: 101, expected: 0
[ 50.136489][ C1] RCU nest depth: 0, expected: 0
[ 50.141524][ C1] 3 locks held by syz-executor269/3606:
[ 50.147218][ C1] #0: ffff8880250eb098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x79/0x2a0
[ 50.157267][ C1] #1: ffff888017ac60b0 (&gsm->mutex){+.+.}-{3:3}, at: gsm_cleanup_mux+0xf5/0x800
[ 50.166619][ C1] #2: ffffc900001f0d70 ((&dlci->t1)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0
[ 50.175760][ C1] Preemption disabled at:
[ 50.175768][ C1] [<0000000000000000>] 0x0
[ 50.184514][ C1] CPU: 1 PID: 3606 Comm: syz-executor269 Not tainted 6.0.0-rc6-syzkaller-00309-g1a61b828566f #0
[ 50.195118][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 50.205159][ C1] Call Trace:
[ 50.208428][ C1]
[ 50.211259][ C1] dump_stack_lvl+0xcd/0x134
[ 50.215846][ C1] __might_resched.cold+0x222/0x26b
[ 50.221035][ C1] __mutex_lock+0x9f/0x1350
[ 50.225542][ C1] ? __x64_sys_exit_group+0x3a/0x50
[ 50.230725][ C1] ? do_syscall_64+0x35/0xb0
[ 50.235308][ C1] ? gsm_send.isra.0+0x3b5/0x7a0
[ 50.240235][ C1] ? mutex_lock_io_nested+0x1190/0x1190
[ 50.245780][ C1] ? rcu_read_lock_sched_held+0x3a/0x70
[ 50.251310][ C1] ? trace_kmalloc+0x32/0x100
[ 50.255971][ C1] ? kmem_cache_alloc_trace+0x1f2/0x3e0
[ 50.261518][ C1] ? gsm_send.isra.0+0x58/0x7a0
[ 50.266355][ C1] gsm_send.isra.0+0x3b5/0x7a0
[ 50.271115][ C1] gsm_dlci_begin_close+0x12e/0x210
[ 50.276297][ C1] gsm_dlci_t1+0x186/0x450
[ 50.280813][ C1] ? gsmld_ioctl+0x1040/0x1040
[ 50.285561][ C1] call_timer_fn+0x1a0/0x6b0
[ 50.290160][ C1] ? timer_fixup_activate+0x350/0x350
[ 50.295526][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 50.300723][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 50.305912][ C1] ? gsmld_ioctl+0x1040/0x1040
[ 50.310660][ C1] __run_timers.part.0+0x674/0xa80
[ 50.315851][ C1] ? call_timer_fn+0x6b0/0x6b0
[ 50.320615][ C1] ? cpuacct_all_seq_show+0x520/0x520
[ 50.325997][ C1] run_timer_softirq+0xb3/0x1d0
[ 50.330834][ C1] __do_softirq+0x1d3/0x9c6
[ 50.335332][ C1] __irq_exit_rcu+0x123/0x180
[ 50.340087][ C1] irq_exit_rcu+0x5/0x20
[ 50.344316][ C1] sysvec_apic_timer_interrupt+0x93/0xc0
[ 50.349945][ C1]
[ 50.352869][ C1]
[ 50.355799][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 50.361771][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70
[ 50.368173][ C1] Code: 74 24 10 e8 fa 1d dc f7 48 89 ef e8 82 9f dc f7 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 33 61 cf f7 65 8b 05 4c 17 7f 76 85 c0 74 0a 5b 5d c3 e8 50 28
[ 50.387783][ C1] RSP: 0018:ffffc90003aef950 EFLAGS: 00000206
[ 50.393839][ C1] RAX: 0000000000000006 RBX: 0000000000000200 RCX: 1ffffffff21265a6
[ 50.401811][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[ 50.409974][ C1] RBP: ffff888011bee148 R08: 0000000000000001 R09: ffffffff908e5a0f
[ 50.418054][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801bc424c0
[ 50.426098][ C1] R13: ffffc90003aef9e8 R14: ffff888011bee148 R15: 0000000000000000
[ 50.434079][ C1] klist_next+0x288/0x510
[ 50.438412][ C1] ? device_match_of_node+0x50/0x50
[ 50.443612][ C1] class_find_device+0x174/0x2a0
[ 50.448545][ C1] ? class_for_each_device+0x290/0x290
[ 50.453996][ C1] ? slab_free_freelist_hook+0x8b/0x1c0
[ 50.459558][ C1] ? cdev_dynamic_release+0x3a/0x50
[ 50.464756][ C1] device_destroy+0x79/0xd0
[ 50.469275][ C1] ? root_device_unregister+0x60/0x60
[ 50.474653][ C1] ? kobject_put+0x1e4/0x4c0
[ 50.479427][ C1] tty_unregister_device+0x7e/0x1b0
[ 50.484968][ C1] gsm_cleanup_mux+0x5c1/0x800
[ 50.489725][ C1] ? gsm_dlci_begin_close+0x210/0x210
[ 50.495099][ C1] ? __ldsem_down_read_nested+0x850/0x850
[ 50.500813][ C1] gsmld_close+0x41/0x210
[ 50.505137][ C1] ? gsm_cleanup_mux+0x800/0x800
[ 50.510066][ C1] tty_ldisc_close+0x110/0x190
[ 50.514827][ C1] tty_ldisc_kill+0x94/0x150
[ 50.519405][ C1] tty_ldisc_release+0x1ef/0x2a0
[ 50.524335][ C1] tty_release_struct+0x20/0xe0
[ 50.529175][ C1] tty_release+0xc70/0x1200
[ 50.533669][ C1] __fput+0x277/0x9d0
[ 50.537639][ C1] ? tty_release_struct+0xe0/0xe0
[ 50.542656][ C1] task_work_run+0xdd/0x1a0
[ 50.547149][ C1] do_exit+0xad5/0x29b0
[ 50.551575][ C1] ? mm_update_next_owner+0x7a0/0x7a0
[ 50.556941][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 50.562217][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 50.567407][ C1] do_group_exit+0xd2/0x2f0
[ 50.571904][ C1] __x64_sys_exit_group+0x3a/0x50
[ 50.576920][ C1] do_syscall_64+0x35/0xb0
[ 50.582203][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.588085][ C1] RIP: 0033:0x7f642cb30f69
[ 50.592660][ C1] Code: Unable to access opcode bytes at RIP 0x7f642cb30f3f.
[ 50.600095][ C1] RSP: 002b:00007ffed5a9f4c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 50.608499][ C1] RAX: ffffffffffffffda RBX: 00007f642cba5330 RCX: 00007f642cb30f69
[ 50.616460][ C1] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[ 50.624415][ C1] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000
[ 50.632371][ C1] R10: 000000000000000e R11: 0000000000000246 R12: 00007f642cba5330
[ 50.640353][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 50.648322][ C1]
[ 50.651388][ C1]
[ 50.653710][ C1] =============================
[ 50.658555][ C1] [ BUG: Invalid wait context ]
[ 50.663471][ C1] 6.0.0-rc6-syzkaller-00309-g1a61b828566f #0 Tainted: G W
[ 50.671944][ C1] -----------------------------
[ 50.676763][ C1] syz-executor269/3606 is trying to lock:
[ 50.682478][ C1] ffff888017ac6430 (&gsm->tx_mutex){+.+.}-{3:3}, at: gsm_send.isra.0+0x3b5/0x7a0
[ 50.691599][ C1] other info that might help us debug this:
[ 50.697457][ C1] context-{2:2}
[ 50.700889][ C1] 3 locks held by syz-executor269/3606:
[ 50.706408][ C1] #0: ffff8880250eb098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x79/0x2a0
[ 50.716137][ C1] #1: ffff888017ac60b0 (&gsm->mutex){+.+.}-{3:3}, at: gsm_cleanup_mux+0xf5/0x800
[ 50.725528][ C1] #2: ffffc900001f0d70 ((&dlci->t1)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0
[ 50.734554][ C1] stack backtrace:
[ 50.738248][ C1] CPU: 1 PID: 3606 Comm: syz-executor269 Tainted: G W 6.0.0-rc6-syzkaller-00309-g1a61b828566f #0
[ 50.750113][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 50.760168][ C1] Call Trace:
[ 50.763438][ C1]
[ 50.766264][ C1] dump_stack_lvl+0xcd/0x134
[ 50.770840][ C1] __lock_acquire.cold+0x322/0x3a7
[ 50.775934][ C1] ? cpuacct_all_seq_show+0x520/0x520
[ 50.781288][ C1] ? hrtimer_interrupt+0x573/0x790
[ 50.786385][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.792351][ C1] lock_acquire+0x1ab/0x570
[ 50.796835][ C1] ? gsm_send.isra.0+0x3b5/0x7a0
[ 50.801760][ C1] ? lock_release+0x780/0x780
[ 50.806425][ C1] ? dump_stack_lvl+0x12a/0x134
[ 50.811265][ C1] ? dump_stack_lvl+0x12c/0x134
[ 50.816101][ C1] __mutex_lock+0x12f/0x1350
[ 50.820674][ C1] ? gsm_send.isra.0+0x3b5/0x7a0
[ 50.825591][ C1] ? __x64_sys_exit_group+0x3a/0x50
[ 50.830770][ C1] ? do_syscall_64+0x35/0xb0
[ 50.835342][ C1] ? gsm_send.isra.0+0x3b5/0x7a0
[ 50.840345][ C1] ? mutex_lock_io_nested+0x1190/0x1190
[ 50.845878][ C1] ? rcu_read_lock_sched_held+0x3a/0x70
[ 50.851402][ C1] ? trace_kmalloc+0x32/0x100
[ 50.856059][ C1] ? kmem_cache_alloc_trace+0x1f2/0x3e0
[ 50.861586][ C1] ? gsm_send.isra.0+0x58/0x7a0
[ 50.866596][ C1] gsm_send.isra.0+0x3b5/0x7a0
[ 50.871344][ C1] gsm_dlci_begin_close+0x12e/0x210
[ 50.876526][ C1] gsm_dlci_t1+0x186/0x450
[ 50.880922][ C1] ? gsmld_ioctl+0x1040/0x1040
[ 50.885665][ C1] call_timer_fn+0x1a0/0x6b0
[ 50.890241][ C1] ? timer_fixup_activate+0x350/0x350
[ 50.895597][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 50.900780][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 50.905959][ C1] ? gsmld_ioctl+0x1040/0x1040
[ 50.910704][ C1] __run_timers.part.0+0x674/0xa80
[ 50.915803][ C1] ? call_timer_fn+0x6b0/0x6b0
[ 50.920746][ C1] ? cpuacct_all_seq_show+0x520/0x520
[ 50.926111][ C1] run_timer_softirq+0xb3/0x1d0
[ 50.930948][ C1] __do_softirq+0x1d3/0x9c6
[ 50.935450][ C1] __irq_exit_rcu+0x123/0x180
[ 50.940113][ C1] irq_exit_rcu+0x5/0x20
[ 50.944341][ C1] sysvec_apic_timer_interrupt+0x93/0xc0
[ 50.950141][ C1]
[ 50.953057][ C1]
[ 50.955969][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 50.961937][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70
[ 50.968363][ C1] Code: 74 24 10 e8 fa 1d dc f7 48 89 ef e8 82 9f dc f7 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 33 61 cf f7 65 8b 05 4c 17 7f 76 85 c0 74 0a 5b 5d c3 e8 50 28
[ 50.988054][ C1] RSP: 0018:ffffc90003aef950 EFLAGS: 00000206
[ 50.994201][ C1] RAX: 0000000000000006 RBX: 0000000000000200 RCX: 1ffffffff21265a6
[ 51.002159][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[ 51.010111][ C1] RBP: ffff888011bee148 R08: 0000000000000001 R09: ffffffff908e5a0f
[ 51.018076][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801bc424c0
[ 51.026038][ C1] R13: ffffc90003aef9e8 R14: ffff888011bee148 R15: 0000000000000000
[ 51.034001][ C1] klist_next+0x288/0x510
[ 51.038319][ C1] ? device_match_of_node+0x50/0x50
[ 51.043502][ C1] class_find_device+0x174/0x2a0
[ 51.048420][ C1] ? class_for_each_device+0x290/0x290
[ 51.053865][ C1] ? slab_free_freelist_hook+0x8b/0x1c0
[ 51.059389][ C1] ? cdev_dynamic_release+0x3a/0x50
[ 51.064587][ C1] device_destroy+0x79/0xd0
[ 51.069080][ C1] ? root_device_unregister+0x60/0x60
[ 51.074435][ C1] ? kobject_put+0x1e4/0x4c0
[ 51.079007][ C1] tty_unregister_device+0x7e/0x1b0
[ 51.084191][ C1] gsm_cleanup_mux+0x5c1/0x800
[ 51.088940][ C1] ? gsm_dlci_begin_close+0x210/0x210
[ 51.094472][ C1] ? __ldsem_down_read_nested+0x850/0x850
[ 51.100173][ C1] gsmld_close+0x41/0x210
[ 51.104490][ C1] ? gsm_cleanup_mux+0x800/0x800
[ 51.109414][ C1] tty_ldisc_close+0x110/0x190
[ 51.114180][ C1] tty_ldisc_kill+0x94/0x150
[ 51.118754][ C1] tty_ldisc_release+0x1ef/0x2a0
[ 51.123676][ C1] tty_release_struct+0x20/0xe0
[ 51.128626][ C1] tty_release+0xc70/0x1200
[ 51.133135][ C1] __fput+0x277/0x9d0
[ 51.137102][ C1] ? tty_release_struct+0xe0/0xe0
[ 51.142137][ C1] task_work_run+0xdd/0x1a0
[ 51.146666][ C1] do_exit+0xad5/0x29b0
[ 51.150804][ C1] ? mm_update_next_owner+0x7a0/0x7a0
[ 51.156154][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 51.161333][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 51.166513][ C1] do_group_exit+0xd2/0x2f0
[ 51.171000][ C1] __x64_sys_exit_group+0x3a/0x50
[ 51.176005][ C1] do_syscall_64+0x35/0xb0
[ 51.180410][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.186286][ C1] RIP: 0033:0x7f642cb30f69
[ 51.190682][ C1] Code: Unable to access opcode bytes at RIP 0x7f642cb30f3f.
[ 51.198027][ C1] RSP: 002b:00007ffed5a9f4c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 51.206421][ C1] RAX: ffffffffffffffda RBX: 00007f642cba5330 RCX: 00007f642cb30f69
+++ exited with 0 +++
[ 51.214376][ C1] RDX: 000000