BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4982, name: syz-executor.4
preempt_count: 100, expected: 0
RCU nest depth: 1, expected: 0
5 locks held by syz-executor.4/4982:
 #0: ffff0000c0199460 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x180/0x46c fs/read_write.c:574
 #1: ffff0000c9285460 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:756 [inline]
 #1: ffff0000c9285460 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: generic_file_write_iter+0x3c/0x168 mm/filemap.c:3895
 #2: ffff000102cd4b98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #2: ffff000102cd4b98 (&mm->mmap_lock){++++}-{3:3}, at: do_page_fault+0x1ec/0x79c arch/arm64/mm/fault.c:583
 #3: ffff80000d433440 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:279
 #4: ffff80000800be20 ((&dlci->t1)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:31 [inline]
 #4: ffff80000800be20 ((&dlci->t1)){+.-.}-{0:0}, at: call_timer_fn+0x54/0x144 kernel/time/timer.c:1464
Preemption disabled at:
[<ffff800008010080>] _stext+0x80/0x37c
CPU: 1 PID: 4982 Comm: syz-executor.4 Not tainted 6.0.0-rc6-syzkaller-17742-gc194837ebb57 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call trace:
 dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __might_resched+0x208/0x218 kernel/sched/core.c:9892
 __might_sleep+0x48/0x78 kernel/sched/core.c:9821
 __mutex_lock_common+0x6c/0xca8 kernel/locking/mutex.c:580
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
 gsm_send+0x1a0/0x260 drivers/tty/n_gsm.c:704
 gsm_dlci_t1+0xa8/0x1e0
 call_timer_fn+0x90/0x144 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers+0x280/0x374 kernel/time/timer.c:1790
 run_timer_softirq+0x34/0x5c kernel/time/timer.c:1803
 _stext+0x168/0x37c
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
 call_on_irq_stack+0x2c/0x54
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84
 invoke_softirq+0x70/0xbc kernel/softirq.c:452
 __irq_exit_rcu+0xf0/0x140 kernel/softirq.c:650
 irq_exit_rcu+0x10/0x40 kernel/softirq.c:662
 __el1_irq arch/arm64/kernel/entry-common.c:471 [inline]
 el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:485
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
 el1h_64_irq+0x64/0x68
 rcu_read_unlock include/linux/rcupdate.h:735 [inline]
 count_memcg_event_mm+0x1a4/0x290 include/linux/memcontrol.h:1107
 handle_mm_fault+0xd0/0xa40 mm/memory.c:5131
 __do_page_fault arch/arm64/mm/fault.c:502 [inline]
 do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:602
 do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:685
 do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:821
 el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:366
 el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:426
 el1h_64_sync+0x64/0x68
 fault_in_readable+0x230/0x2ec mm/gup.c:1883
 fault_in_iov_iter_readable+0x74/0x16c lib/iov_iter.c:353
 generic_perform_write+0x88/0x2cc mm/filemap.c:3728
 __generic_file_write_iter+0xd8/0x21c mm/filemap.c:3866
 generic_file_write_iter+0x6c/0x168 mm/filemap.c:3898
 call_write_iter include/linux/fs.h:2187 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x2dc/0x46c fs/read_write.c:578
 ksys_pwrite64 fs/read_write.c:693 [inline]
 __do_sys_pwrite64 fs/read_write.c:703 [inline]
 __se_sys_pwrite64 fs/read_write.c:700 [inline]
 __arm64_sys_pwrite64+0xbc/0x11c fs/read_write.c:700
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190

=============================
[ BUG: Invalid wait context ]
6.0.0-rc6-syzkaller-17742-gc194837ebb57 #0 Tainted: G        W         
-----------------------------
syz-executor.4/4982 is trying to lock:
ffff0001003bb430 (&gsm->tx_mutex){+.+.}-{3:3}, at: gsm_send+0x1a0/0x260 drivers/tty/n_gsm.c:704
other info that might help us debug this:
context-{2:2}
5 locks held by syz-executor.4/4982:
 #0: ffff0000c0199460 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x180/0x46c fs/read_write.c:574
 #1: ffff0000c9285460 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:756 [inline]
 #1: ffff0000c9285460 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: generic_file_write_iter+0x3c/0x168 mm/filemap.c:3895
 #2: ffff000102cd4b98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #2: ffff000102cd4b98 (&mm->mmap_lock){++++}-{3:3}, at: do_page_fault+0x1ec/0x79c arch/arm64/mm/fault.c:583
 #3: ffff80000d433440 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:279
 #4: ffff80000800be20 ((&dlci->t1)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:31 [inline]
 #4: ffff80000800be20 ((&dlci->t1)){+.-.}-{0:0}, at: call_timer_fn+0x54/0x144 kernel/time/timer.c:1464
stack backtrace:
CPU: 1 PID: 4982 Comm: syz-executor.4 Tainted: G        W          6.0.0-rc6-syzkaller-17742-gc194837ebb57 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call trace:
 dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4705 [inline]
 check_wait_context kernel/locking/lockdep.c:4766 [inline]
 __lock_acquire+0x9c8/0x30a4 kernel/locking/lockdep.c:5003
 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
 __mutex_lock_common+0xd4/0xca8 kernel/locking/mutex.c:603
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
 gsm_send+0x1a0/0x260 drivers/tty/n_gsm.c:704
 gsm_dlci_t1+0xa8/0x1e0
 call_timer_fn+0x90/0x144 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers+0x280/0x374 kernel/time/timer.c:1790
 run_timer_softirq+0x34/0x5c kernel/time/timer.c:1803
 _stext+0x168/0x37c
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
 call_on_irq_stack+0x2c/0x54
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84
 invoke_softirq+0x70/0xbc kernel/softirq.c:452
 __irq_exit_rcu+0xf0/0x140 kernel/softirq.c:650
 irq_exit_rcu+0x10/0x40 kernel/softirq.c:662
 __el1_irq arch/arm64/kernel/entry-common.c:471 [inline]
 el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:485
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
 el1h_64_irq+0x64/0x68
 rcu_read_unlock include/linux/rcupdate.h:735 [inline]
 count_memcg_event_mm+0x1a4/0x290 include/linux/memcontrol.h:1107
 handle_mm_fault+0xd0/0xa40 mm/memory.c:5131
 __do_page_fault arch/arm64/mm/fault.c:502 [inline]
 do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:602
 do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:685
 do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:821
 el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:366
 el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:426
 el1h_64_sync+0x64/0x68
 fault_in_readable+0x230/0x2ec mm/gup.c:1883
 fault_in_iov_iter_readable+0x74/0x16c lib/iov_iter.c:353
 generic_perform_write+0x88/0x2cc mm/filemap.c:3728
 __generic_file_write_iter+0xd8/0x21c mm/filemap.c:3866
 generic_file_write_iter+0x6c/0x168 mm/filemap.c:3898
 call_write_iter include/linux/fs.h:2187 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x2dc/0x46c fs/read_write.c:578
 ksys_pwrite64 fs/read_write.c:693 [inline]
 __do_sys_pwrite64 fs/read_write.c:703 [inline]
 __se_sys_pwrite64 fs/read_write.c:700 [inline]
 __arm64_sys_pwrite64+0xbc/0x11c fs/read_write.c:700
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190