audit: type=1804 audit(1677156967.950:25): pid=11503 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir928938078/syzkaller.pCtgJJ/66/file0" dev="sda1" ino=14114 res=1 device batadv_slave_1 left promiscuous mode BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245 in_atomic(): 1, irqs_disabled(): 1, pid: 11559, name: syz-executor.0 device batadv_slave_1 left promiscuous mode 3 locks held by syz-executor.0/11559: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284 #1: (&(&gsm->control_lock)->rlock){....}, at: [] gsm_control_send+0xf6/0x480 drivers/tty/n_gsm.c:1434 #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsm_data_queue drivers/tty/n_gsm.c:845 [inline] #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsm_control_transmit+0x1f1/0x2d0 drivers/tty/n_gsm.c:1375 irq event stamp: 24 hardirqs last enabled at (23): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (23): [] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:192 hardirqs last disabled at (24): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (24): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160 softirqs last enabled at (0): [] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734 device batadv_slave_1 entered promiscuous mode softirqs last disabled at (0): [< (null)>] (null) Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 11559 Comm: syz-executor.0 Not tainted 4.14.306-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040 do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245 con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822 gsmld_output+0xc3/0x190 drivers/tty/n_gsm.c:2312 gsm_data_kick+0x266/0x9b0 drivers/tty/n_gsm.c:761 gsm_data_queue drivers/tty/n_gsm.c:846 [inline] gsm_control_transmit+0x1ff/0x2d0 drivers/tty/n_gsm.c:1375 gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451 gsm_disconnect drivers/tty/n_gsm.c:2110 [inline] gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636 gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700 tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 netlink: 32803 bytes leftover after parsing attributes in process `syz-executor.3'. entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fa6983810f9 RSP: 002b:00007fa6968d2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fa6984a1050 RCX: 00007fa6983810f9 RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003 RBP: 00007fa6983dcae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc6cfed27f R14: 00007fa6968d2300 R15: 0000000000022000 BUG: scheduling while atomic: syz-executor.0/11559/0x00000003 device bridge_slave_1 left promiscuous mode 3 locks held by syz-executor.0/11559: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284 #1: (&(&gsm->control_lock)->rlock){+.+.}, at: [] gsm_control_send+0xf6/0x480 drivers/tty/n_gsm.c:1434 #2: (&(&gsm->tx_lock)->rlock){+.+.}, at: [] gsm_data_queue drivers/tty/n_gsm.c:845 [inline] #2: (&(&gsm->tx_lock)->rlock){+.+.}, at: [] gsm_control_transmit+0x1f1/0x2d0 drivers/tty/n_gsm.c:1375 Modules linked in: Preemption disabled at: [< (null)>] (null)