IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
BUG: sleeping function called from invalid context at kernel/printk/printk.c:2607
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 892, name: kworker/1:2
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
3 locks held by kworker/1:2/892:
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:639 [inline]
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:666 [inline]
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a0/0x1590 kernel/workqueue.c:2361
 #1: ffffc90004bdfdb8 ((work_completion)(&gsm->tx_work)){+.+.}-{0:0}, at: process_one_work+0x7cf/0x1590 kernel/workqueue.c:2365
 #2: ffff88801e0463e0 (&gsm->tx_lock){....}-{2:2}, at: gsmld_write_task+0x2c/0xd60 drivers/tty/n_gsm.c:3291
irq event stamp: 99556
hardirqs last  enabled at (99555): [<ffffffff88e2110f>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last  enabled at (99555): [<ffffffff88e2110f>] _raw_spin_unlock_irq+0x1f/0x40 kernel/locking/spinlock.c:202
hardirqs last disabled at (99556): [<ffffffff88e20f3e>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (99556): [<ffffffff88e20f3e>] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:162
softirqs last  enabled at (99548): [<ffffffff87b7d61f>] rcu_read_unlock_bh include/linux/rcupdate.h:839 [inline]
softirqs last  enabled at (99548): [<ffffffff87b7d61f>] ip6_finish_output2+0x44f/0x1240 net/ipv6/ip6_output.c:135
softirqs last disabled at (99512): [<ffffffff87b7d40d>] lwtunnel_xmit_redirect include/net/lwtunnel.h:95 [inline]
softirqs last disabled at (99512): [<ffffffff87b7d40d>] ip6_finish_output2+0x23d/0x1240 net/ipv6/ip6_output.c:112
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 892 Comm: kworker/1:2 Not tainted 6.3.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: events gsmld_write_task
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x60/0xa0 lib/dump_stack.c:106
 __might_resched+0x354/0x580 kernel/sched/core.c:10058
 console_lock+0x11/0x60 kernel/printk/printk.c:2607
 do_con_write+0xf2/0x19c0 drivers/tty/vt/vt.c:2852
 con_write+0xb/0x20 drivers/tty/vt/vt.c:3244
 gsmld_output drivers/tty/n_gsm.c:3258 [inline]
 gsm_send_packet+0x35d/0x940 drivers/tty/n_gsm.c:958
 gsm_data_kick drivers/tty/n_gsm.c:1020 [inline]
 gsmld_write_task+0x1d6/0xd60 drivers/tty/n_gsm.c:3293
 process_one_work+0x8ba/0x1590 kernel/workqueue.c:2390
 worker_thread+0x598/0xec0 kernel/workqueue.c:2537
 kthread+0x294/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>

=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
6.3.0-rc1-syzkaller #0 Tainted: G        W         
-----------------------------------------------------
kworker/1:2/892 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8b3738c0 (console_lock){+.+.}-{0:0}, at: do_con_write+0xf2/0x19c0 drivers/tty/vt/vt.c:2852

and this task is already holding:
ffff88801e0463e0 (&gsm->tx_lock){..-.}-{2:2}, at: gsmld_write_task+0x2c/0xd60 drivers/tty/n_gsm.c:3291
which would create a new lock dependency:
 (&gsm->tx_lock){..-.}-{2:2} -> (console_lock){+.+.}-{0:0}

but this new dependency connects a SOFTIRQ-irq-safe lock:
 (&gsm->tx_lock){..-.}-{2:2}

... which became SOFTIRQ-irq-safe at:
  lock_acquire kernel/locking/lockdep.c:5669 [inline]
  lock_acquire+0x1df/0x670 kernel/locking/lockdep.c:5634
  __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
  _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
  gsm_send.isra.0+0x32d/0x840 drivers/tty/n_gsm.c:830
  gsm_command drivers/tty/n_gsm.c:894 [inline]
  gsm_dlci_begin_close+0x111/0x200 drivers/tty/n_gsm.c:2340
  gsm_dlci_t1+0x1a4/0x540 drivers/tty/n_gsm.c:2235
  call_timer_fn+0x19b/0x5d0 kernel/time/timer.c:1700
  expire_timers+0x259/0x4f0 kernel/time/timer.c:1751
  __run_timers kernel/time/timer.c:2022 [inline]
  __run_timers kernel/time/timer.c:1995 [inline]
  run_timer_softirq+0x292/0x790 kernel/time/timer.c:2035
  __do_softirq+0x2df/0xadf kernel/softirq.c:571
  invoke_softirq kernel/softirq.c:445 [inline]
  __irq_exit_rcu+0x114/0x190 kernel/softirq.c:650
  irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
  sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1107
  asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:645
  native_save_fl arch/x86/include/asm/irqflags.h:26 [inline]
  arch_local_save_flags arch/x86/include/asm/irqflags.h:67 [inline]
  arch_local_irq_save arch/x86/include/asm/irqflags.h:103 [inline]
  lock_is_held_type+0x54/0x140 kernel/locking/lockdep.c:5708
  lock_is_held include/linux/lockdep.h:283 [inline]
  rcu_read_lock_sched_held+0x3a/0x70 kernel/rcu/update.c:125
  trace_ma_read include/trace/events/maple_tree.h:46 [inline]
  trace_ma_read include/trace/events/maple_tree.h:46 [inline]
  mt_find+0x602/0x6e0 lib/maple_tree.c:6453
  find_vma+0xd9/0x160 mm/mmap.c:1788
  do_user_addr_fault+0x1bb/0xd00 arch/x86/mm/fault.c:1368
  handle_page_fault arch/x86/mm/fault.c:1498 [inline]
  exc_page_fault+0x5a/0xc0 arch/x86/mm/fault.c:1554
  asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570

to a SOFTIRQ-irq-unsafe lock:
 (console_lock){+.+.}-{0:0}

... which became SOFTIRQ-irq-unsafe at:
...
  lock_acquire kernel/locking/lockdep.c:5669 [inline]
  lock_acquire+0x1df/0x670 kernel/locking/lockdep.c:5634
  console_lock+0x40/0x60 kernel/printk/printk.c:2609
  con_init+0x11/0x710 drivers/tty/vt/vt.c:3437
  console_init+0xbd/0x710 kernel/printk/printk.c:3610
  start_kernel+0x208/0x370 init/main.c:1077
  secondary_startup_64_no_verify+0xce/0xdb

other info that might help us debug this:

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(console_lock);
                               local_irq_disable();
                               lock(&gsm->tx_lock);
                               lock(console_lock);
  <Interrupt>
    lock(&gsm->tx_lock);

 *** DEADLOCK ***

3 locks held by kworker/1:2/892:
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:639 [inline]
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:666 [inline]
 #0: ffff888011070d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a0/0x1590 kernel/workqueue.c:2361
 #1: ffffc90004bdfdb8 ((work_completion)(&gsm->tx_work)){+.+.}-{0:0}, at: process_one_work+0x7cf/0x1590 kernel/workqueue.c:2365
 #2: ffff88801e0463e0 (&gsm->tx_lock){..-.}-{2:2}, at: gsmld_write_task+0x2c/0xd60 drivers/tty/n_gsm.c:3291

the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&gsm->tx_lock){..-.}-{2:2} {
   IN-SOFTIRQ-W at:
                    lock_acquire kernel/locking/lockdep.c:5669 [inline]
                    lock_acquire+0x1df/0x670 kernel/locking/lockdep.c:5634
                    __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                    _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
                    gsm_send.isra.0+0x32d/0x840 drivers/tty/n_gsm.c:830
                    gsm_command drivers/tty/n_gsm.c:894 [inline]
                    gsm_dlci_begin_close+0x111/0x200 drivers/tty/n_gsm.c:2340
                    gsm_dlci_t1+0x1a4/0x540 drivers/tty/n_gsm.c:2235
                    call_timer_fn+0x19b/0x5d0 kernel/time/timer.c:1700
                    expire_timers+0x259/0x4f0 kernel/time/timer.c:1751
                    __run_timers kernel/time/timer.c:2022 [inline]
                    __run_timers kernel/time/timer.c:1995 [inline]
                    run_timer_softirq+0x292/0x790 kernel/time/timer.c:2035
                    __do_softirq+0x2df/0xadf kernel/softirq.c:571
                    invoke_softirq kernel/softirq.c:445 [inline]
                    __irq_exit_rcu+0x114/0x190 kernel/softirq.c:650
                    irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
                    sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1107
                    asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:645
                    native_save_fl arch/x86/include/asm/irqflags.h:26 [inline]
                    arch_local_save_flags arch/x86/include/asm/irqflags.h:67 [inline]
                    arch_local_irq_save arch/x86/include/asm/irqflags.h:103 [inline]
                    lock_is_held_type+0x54/0x140 kernel/locking/lockdep.c:5708
                    lock_is_held include/linux/lockdep.h:283 [inline]
                    rcu_read_lock_sched_held+0x3a/0x70 kernel/rcu/update.c:125
                    trace_ma_read include/trace/events/maple_tree.h:46 [inline]
                    trace_ma_read include/trace/events/maple_tree.h:46 [inline]
                    mt_find+0x602/0x6e0 lib/maple_tree.c:6453
                    find_vma+0xd9/0x160 mm/mmap.c:1788
                    do_user_addr_fault+0x1bb/0xd00 arch/x86/mm/fault.c:1368
                    handle_page_fault arch/x86/mm/fault.c:1498 [inline]
                    exc_page_fault+0x5a/0xc0 arch/x86/mm/fault.c:1554
                    asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570
   INITIAL USE at:
                   lock_acquire kernel/locking/lockdep.c:5669 [inline]
                   lock_acquire+0x1df/0x670 kernel/locking/lockdep.c:5634
                   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                   _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
                   gsm_send.isra.0+0x32d/0x840 drivers/tty/n_gsm.c:830
                   gsm_command drivers/tty/n_gsm.c:894 [inline]
                   gsm_dlci_begin_open+0x2b2/0x580 drivers/tty/n_gsm.c:2287
                   gsm_config drivers/tty/n_gsm.c:3212 [inline]
                   gsmld_ioctl+0xb7c/0x1240 drivers/tty/n_gsm.c:3571
                   tty_ioctl+0x548/0x1280 drivers/tty/tty_io.c:2786
                   vfs_ioctl fs/ioctl.c:51 [inline]
                   __do_sys_ioctl fs/ioctl.c:870 [inline]
                   __se_sys_ioctl fs/ioctl.c:856 [inline]
                   __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856
                   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                   do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
                   entry_SYSCALL_64_after_hwframe+0x63/0xcd
 }
 ... key      at: [<ffffffff90939be0>] __key.10+0x0/0x40

the dependencies between the lock to be acquired
 and SOFTIRQ-irq-unsafe lock:
-> (console_lock){+.+.}-{0:0} {
   HARDIRQ-ON-W at:
                    lock_acquire kernel/locking/lockdep.c:5669 [inline]
                    lock_acquire+0x1df/0x670 kernel/locking/lockdep.c:5634
                    console_lock+0x40/0x60 kernel/printk/printk.c:2609
                    con_init+0x11/0x710 drivers/tty/vt/vt.c:3437
                    console_init+0xbd/0x710 kernel/printk/printk.c:3610
                    start_kernel+0x208/0x370 init/main.c:1077
                    secondary_startup_64_no_verify+0xce/0xdb
   SOFTIRQ-ON-W at:
                    lock_acquire kernel/locking/lockdep.c:5669 [inline]
                    lock_acquire+0x1df/0x670 kernel/locking/lockdep.c:5634
                    console_lock+0x40/0x60 kernel/printk/printk.c:2609
                    con_init+0x11/0x710 drivers/tty/vt/vt.c:3437
                    console_init+0xbd/0x710 kernel/printk/printk.c:3610
                    start_kernel+0x208/0x370 init/main.c:1077
                    secondary_startup_64_no_verify+0xce/0xdb
   INITIAL USE at:
 }
 ... key      at: [<ffffffff8b3738c0>] console_lock_dep_map+0x0/0x60
 ... acquired at:
   lock_acquire kernel/locking/lockdep.c:5669 [inline]
   lock_acquire+0x1df/0x670 kernel/locking/lockdep.c:5634
   console_lock+0x40/0x60 kernel/printk/printk.c:2609
   do_con_write+0xf2/0x19c0 drivers/tty/vt/vt.c:2852
   con_write+0xb/0x20 drivers/tty/vt/vt.c:3244
   gsmld_output drivers/tty/n_gsm.c:3258 [inline]
   gsm_send_packet+0x35d/0x940 drivers/tty/n_gsm.c:958
   gsm_data_kick drivers/tty/n_gsm.c:1020 [inline]
   gsmld_write_task+0x1d6/0xd60 drivers/tty/n_gsm.c:3293
   process_one_work+0x8ba/0x1590 kernel/workqueue.c:2390
   worker_thread+0x598/0xec0 kernel/workqueue.c:2537
   kthread+0x294/0x330 kernel/kthread.c:376
   ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308


stack backtrace:
CPU: 1 PID: 892 Comm: kworker/1:2 Tainted: G        W          6.3.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: events gsmld_write_task
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x60/0xa0 lib/dump_stack.c:106
 print_bad_irq_dependency kernel/locking/lockdep.c:2612 [inline]
 check_irq_usage+0x114e/0x1a40 kernel/locking/lockdep.c:2851
 check_prev_add kernel/locking/lockdep.c:3102 [inline]
 check_prevs_add kernel/locking/lockdep.c:3217 [inline]
 validate_chain kernel/locking/lockdep.c:3832 [inline]
 __lock_acquire+0x2edf/0x5d40 kernel/locking/lockdep.c:5056
 lock_acquire kernel/locking/lockdep.c:5669 [inline]
 lock_acquire+0x1df/0x670 kernel/locking/lockdep.c:5634
 console_lock+0x40/0x60 kernel/printk/printk.c:2609
 do_con_write+0xf2/0x19c0 drivers/tty/vt/vt.c:2852
 con_write+0xb/0x20 drivers/tty/vt/vt.c:3244
 gsmld_output drivers/tty/n_gsm.c:3258 [inline]
 gsm_send_packet+0x35d/0x940 drivers/tty/n_gsm.c:958
 gsm_data_kick drivers/tty/n_gsm.c:1020 [inline]
 gsmld_write_task+0x1d6/0xd60 drivers/tty/n_gsm.c:3293
 process_one_work+0x8ba/0x1590 kernel/workqueue.c:2390
 worker_thread+0x598/0xec0 kernel/workqueue.c:2537
 kthread+0x294/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
BUG: sleeping function called from invalid context at kernel/printk/printk.c:2607
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 892, name: kworker/1:2
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
INFO: lockdep is turned off.
irq event stamp: 99556
hardirqs last  enabled at (99555): [<ffffffff88e2110f>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last  enabled at (99555): [<ffffffff88e2110f>] _raw_spin_unlock_irq+0x1f/0x40 kernel/locking/spinlock.c:202
hardirqs last disabled at (99556): [<ffffffff88e20f3e>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (99556): [<ffffffff88e20f3e>] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:162
softirqs last  enabled at (99548): [<ffffffff87b7d61f>] rcu_read_unlock_bh include/linux/rcupdate.h:839 [inline]
softirqs last  enabled at (99548): [<ffffffff87b7d61f>] ip6_finish_output2+0x44f/0x1240 net/ipv6/ip6_output.c:135
softirqs last disabled at (99512): [<ffffffff87b7d40d>] lwtunnel_xmit_redirect include/net/lwtunnel.h:95 [inline]
softirqs last disabled at (99512): [<ffffffff87b7d40d>] ip6_finish_output2+0x23d/0x1240 net/ipv6/ip6_output.c:112
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 892 Comm: kworker/1:2 Tainted: G        W          6.3.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: events gsmld_write_task
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x60/0xa0 lib/dump_stack.c:106
 __might_resched+0x354/0x580 kernel/sched/core.c:10058
 console_lock+0x11/0x60 kernel/printk/printk.c:2607
 do_con_write+0xf2/0x19c0 drivers/tty/vt/vt.c:2852
 con_write+0xb/0x20 drivers/tty/vt/vt.c:3244
 gsmld_output drivers/tty/n_gsm.c:3258 [inline]
 gsm_send_packet+0x35d/0x940 drivers/tty/n_gsm.c:958
 gsm_data_kick drivers/tty/n_gsm.c:1020 [inline]
 gsmld_write_task+0x1d6/0xd60 drivers/tty/n_gsm.c:3293
 process_one_work+0x8ba/0x1590 kernel/workqueue.c:2390
 process_scheduled_works kernel/workqueue.c:2453 [inline]
 worker_thread+0x6f1/0xec0 kernel/workqueue.c:2542
 kthread+0x294/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>