BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 31133, name: syz-executor.3
preempt_count: 101, expected: 0
RCU nest depth: 0, expected: 0
3 locks held by syz-executor.3/31133:
 #0: ffff0000ff348098 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:290 [inline]
 #0: ffff0000ff348098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock_pair_timeout+0xe8/0x1c4 drivers/tty/tty_ldisc.c:353
 #1: ffff00011f7b70b0 (&gsm->mutex){+.+.}-{3:3}, at: gsm_cleanup_mux+0x54/0x3c0 drivers/tty/n_gsm.c:2446
 #2: ffff80000800be20 ((&dlci->t1)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:31 [inline]
 #2: ffff80000800be20 ((&dlci->t1)){+.-.}-{0:0}, at: call_timer_fn+0x54/0x144 kernel/time/timer.c:1464
Preemption disabled at:
[<ffff8000096ae810>] klist_next+0x30/0x18c lib/klist.c:382
CPU: 1 PID: 31133 Comm: syz-executor.3 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Call trace:
 dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __might_resched+0x208/0x218 kernel/sched/core.c:9892
 __might_sleep+0x48/0x78 kernel/sched/core.c:9821
 __mutex_lock_common+0x6c/0xca8 kernel/locking/mutex.c:580
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
 gsm_send+0x1a0/0x260 drivers/tty/n_gsm.c:704
 gsm_dlci_t1+0xa8/0x1e0
 call_timer_fn+0x90/0x144 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers+0x280/0x374 kernel/time/timer.c:1790
 run_timer_softirq+0x34/0x5c kernel/time/timer.c:1803
 _stext+0x168/0x37c
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
 call_on_irq_stack+0x2c/0x54 arch/arm64/kernel/entry.S:889
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84
 invoke_softirq+0x70/0xbc kernel/softirq.c:452
 __irq_exit_rcu+0xf0/0x140 kernel/softirq.c:650
 irq_exit_rcu+0x10/0x40 kernel/softirq.c:662
 __el1_irq arch/arm64/kernel/entry-common.c:471 [inline]
 el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:485
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
 _raw_spin_unlock_irqrestore+0x58/0x8c kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:404 [inline]
 klist_next+0x108/0x18c lib/klist.c:401
 class_dev_iter_next drivers/base/class.c:311 [inline]
 class_find_device+0xc0/0x178 drivers/base/class.c:415
 class_find_device_by_devt include/linux/device/class.h:167 [inline]
 device_destroy+0x48/0xdc drivers/base/core.c:4299
 tty_unregister_device+0x38/0x88 drivers/tty/tty_io.c:3299
 gsm_unregister_devices drivers/tty/n_gsm.c:564 [inline]
 gsm_cleanup_mux+0x22c/0x3c0 drivers/tty/n_gsm.c:2465
 gsmld_close+0x28/0x74 drivers/tty/n_gsm.c:2907
 tty_ldisc_close drivers/tty/tty_ldisc.c:456 [inline]
 tty_ldisc_kill drivers/tty/tty_ldisc.c:608 [inline]
 tty_ldisc_release+0x108/0x384 drivers/tty/tty_ldisc.c:776
 tty_release_struct+0x28/0x9c drivers/tty/tty_io.c:1694
 tty_release+0x5e8/0x614 drivers/tty/tty_io.c:1865
 __fput+0x198/0x3dc fs/file_table.c:320
 ____fput+0x20/0x30 fs/file_table.c:353
 task_work_run+0xc4/0x14c kernel/task_work.c:177
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 do_notify_resume+0x174/0x1f0 arch/arm64/kernel/signal.c:1127
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_svc+0x9c/0x150 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581

=============================
[ BUG: Invalid wait context ]
6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 Tainted: G        W         
-----------------------------
syz-executor.3/31133 is trying to lock:
ffff00011b7e4430 (&gsm->tx_mutex){+.+.}-{3:3}, at: gsm_send+0x1a0/0x260 drivers/tty/n_gsm.c:704
other info that might help us debug this:
context-{2:2}
3 locks held by syz-executor.3/31133:
 #0: ffff0000ff348098 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:290 [inline]
 #0: ffff0000ff348098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock_pair_timeout+0xe8/0x1c4 drivers/tty/tty_ldisc.c:353
 #1: ffff00011f7b70b0 (&gsm->mutex){+.+.}-{3:3}, at: gsm_cleanup_mux+0x54/0x3c0 drivers/tty/n_gsm.c:2446
 #2: ffff80000800be20 ((&dlci->t1)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:31 [inline]
 #2: ffff80000800be20 ((&dlci->t1)){+.-.}-{0:0}, at: call_timer_fn+0x54/0x144 kernel/time/timer.c:1464
stack backtrace:
CPU: 1 PID: 31133 Comm: syz-executor.3 Tainted: G        W          6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Call trace:
 dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4705 [inline]
 check_wait_context kernel/locking/lockdep.c:4766 [inline]
 __lock_acquire+0x9c8/0x30a4 kernel/locking/lockdep.c:5003
 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
 __mutex_lock_common+0xd4/0xca8 kernel/locking/mutex.c:603
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
 gsm_send+0x1a0/0x260 drivers/tty/n_gsm.c:704
 gsm_dlci_t1+0xa8/0x1e0
 call_timer_fn+0x90/0x144 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers+0x280/0x374 kernel/time/timer.c:1790
 run_timer_softirq+0x34/0x5c kernel/time/timer.c:1803
 _stext+0x168/0x37c
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
 call_on_irq_stack+0x2c/0x54 arch/arm64/kernel/entry.S:889
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84
 invoke_softirq+0x70/0xbc kernel/softirq.c:452
 __irq_exit_rcu+0xf0/0x140 kernel/softirq.c:650
 irq_exit_rcu+0x10/0x40 kernel/softirq.c:662
 __el1_irq arch/arm64/kernel/entry-common.c:471 [inline]
 el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:485
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
 _raw_spin_unlock_irqrestore+0x58/0x8c kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:404 [inline]
 klist_next+0x108/0x18c lib/klist.c:401
 class_dev_iter_next drivers/base/class.c:311 [inline]
 class_find_device+0xc0/0x178 drivers/base/class.c:415
 class_find_device_by_devt include/linux/device/class.h:167 [inline]
 device_destroy+0x48/0xdc drivers/base/core.c:4299
 tty_unregister_device+0x38/0x88 drivers/tty/tty_io.c:3299
 gsm_unregister_devices drivers/tty/n_gsm.c:564 [inline]
 gsm_cleanup_mux+0x22c/0x3c0 drivers/tty/n_gsm.c:2465
 gsmld_close+0x28/0x74 drivers/tty/n_gsm.c:2907
 tty_ldisc_close drivers/tty/tty_ldisc.c:456 [inline]
 tty_ldisc_kill drivers/tty/tty_ldisc.c:608 [inline]
 tty_ldisc_release+0x108/0x384 drivers/tty/tty_ldisc.c:776
 tty_release_struct+0x28/0x9c drivers/tty/tty_io.c:1694
 tty_release+0x5e8/0x614 drivers/tty/tty_io.c:1865
 __fput+0x198/0x3dc fs/file_table.c:320
 ____fput+0x20/0x30 fs/file_table.c:353
 task_work_run+0xc4/0x14c kernel/task_work.c:177
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 do_notify_resume+0x174/0x1f0 arch/arm64/kernel/signal.c:1127
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_svc+0x9c/0x150 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581