BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3030, name: syz-executor282
preempt_count: 101, expected: 0
RCU nest depth: 0, expected: 0
4 locks held by syz-executor282/3030:
 #0: ffff0000cb21f1c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0x90/0x100 drivers/tty/tty_mutex.c:20
 #1: ffff0000cb21f098 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:290 [inline]
 #1: ffff0000cb21f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock drivers/tty/tty_ldisc.c:314 [inline]
 #1: ffff0000cb21f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_hangup+0x168/0x508 drivers/tty/tty_ldisc.c:713
 #2: ffff0000cb0630b0 (&gsm->mutex){+.+.}-{3:3}, at: gsm_cleanup_mux+0x54/0x3c0 drivers/tty/n_gsm.c:2446
 #3: ffff800008003e20 ((&dlci->t1)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:31 [inline]
 #3: ffff800008003e20 ((&dlci->t1)){+.-.}-{0:0}, at: call_timer_fn+0x54/0x144 kernel/time/timer.c:1464
Preemption disabled at:
[<ffff8000096aec50>] klist_next+0x30/0x18c lib/klist.c:382
CPU: 0 PID: 3030 Comm: syz-executor282 Not tainted 6.0.0-rc6-syzkaller-17742-gc194837ebb57 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call trace:
 dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __might_resched+0x208/0x218 kernel/sched/core.c:9892
 __might_sleep+0x48/0x78 kernel/sched/core.c:9821
 __mutex_lock_common+0x6c/0xca8 kernel/locking/mutex.c:580
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
 gsm_send+0x1a0/0x260 drivers/tty/n_gsm.c:704
 gsm_dlci_t1+0xa8/0x1e0
 call_timer_fn+0x90/0x144 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers+0x280/0x374 kernel/time/timer.c:1790
 run_timer_softirq+0x34/0x5c kernel/time/timer.c:1803
 _stext+0x168/0x37c
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
 call_on_irq_stack+0x2c/0x54
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84
 invoke_softirq+0x70/0xbc kernel/softirq.c:452
 __irq_exit_rcu+0xf0/0x140 kernel/softirq.c:650
 irq_exit_rcu+0x10/0x40 kernel/softirq.c:662
 __el1_irq arch/arm64/kernel/entry-common.c:471 [inline]
 el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:485
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
 el1h_64_irq+0x64/0x68
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
 _raw_spin_unlock_irqrestore+0x58/0x8c kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:404 [inline]
 klist_next+0x108/0x18c lib/klist.c:401
 class_dev_iter_next drivers/base/class.c:311 [inline]
 class_find_device+0xc0/0x178 drivers/base/class.c:415
 class_find_device_by_devt include/linux/device/class.h:167 [inline]
 device_destroy+0x48/0xdc drivers/base/core.c:4299
 tty_unregister_device+0x38/0x88 drivers/tty/tty_io.c:3299
 gsm_unregister_devices drivers/tty/n_gsm.c:564 [inline]
 gsm_cleanup_mux+0x22c/0x3c0 drivers/tty/n_gsm.c:2465
 gsmld_close+0x28/0x74 drivers/tty/n_gsm.c:2907
 tty_ldisc_close drivers/tty/tty_ldisc.c:456 [inline]
 tty_ldisc_kill drivers/tty/tty_ldisc.c:608 [inline]
 tty_ldisc_hangup+0x358/0x508 drivers/tty/tty_ldisc.c:724
 __tty_hangup+0x27c/0x47c drivers/tty/tty_io.c:637
 tty_vhangup_session+0x24/0x34 drivers/tty/tty_io.c:741
 disassociate_ctty+0x1d8/0x460 drivers/tty/tty_jobctrl.c:275
 do_exit+0x230/0xbe0 kernel/exit.c:793
 do_group_exit+0x60/0xe8 kernel/exit.c:925
 __do_sys_exit_group kernel/exit.c:936 [inline]
 __se_sys_exit_group kernel/exit.c:934 [inline]
 __wake_up_parent+0x0/0x40 kernel/exit.c:934
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190

=============================
[ BUG: Invalid wait context ]
6.0.0-rc6-syzkaller-17742-gc194837ebb57 #0 Tainted: G        W         
-----------------------------
syz-executor282/3030 is trying to lock:
ffff0000cb063430 (&gsm->tx_mutex){+.+.}-{3:3}, at: gsm_send+0x1a0/0x260 drivers/tty/n_gsm.c:704
other info that might help us debug this:
context-{2:2}
4 locks held by syz-executor282/3030:
 #0: ffff0000cb21f1c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0x90/0x100 drivers/tty/tty_mutex.c:20
 #1: ffff0000cb21f098 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:290 [inline]
 #1: ffff0000cb21f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock drivers/tty/tty_ldisc.c:314 [inline]
 #1: ffff0000cb21f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_hangup+0x168/0x508 drivers/tty/tty_ldisc.c:713
 #2: ffff0000cb0630b0 (&gsm->mutex){+.+.}-{3:3}, at: gsm_cleanup_mux+0x54/0x3c0 drivers/tty/n_gsm.c:2446
 #3: ffff800008003e20 ((&dlci->t1)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:31 [inline]
 #3: ffff800008003e20 ((&dlci->t1)){+.-.}-{0:0}, at: call_timer_fn+0x54/0x144 kernel/time/timer.c:1464
stack backtrace:
CPU: 0 PID: 3030 Comm: syz-executor282 Tainted: G        W          6.0.0-rc6-syzkaller-17742-gc194837ebb57 #0