BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245 in_atomic(): 1, irqs_disabled(): 1, pid: 10391, name: syz-executor.4 3 locks held by syz-executor.4/10391: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284 #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write_lock drivers/tty/tty_io.c:885 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] do_tty_write drivers/tty/tty_io.c:908 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 drivers/tty/tty_io.c:1043 #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsmld_write+0x5e/0x120 drivers/tty/n_gsm.c:2545 irq event stamp: 546 hardirqs last enabled at (545): [] kfree+0x14a/0x250 mm/slab.c:3816 hardirqs last disabled at (546): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (546): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160 softirqs last enabled at (440): [] __do_softirq+0x68b/0x9ff kernel/softirq.c:314 softirqs last disabled at (315): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (315): [] irq_exit+0x193/0x240 kernel/softirq.c:409 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 10391 Comm: syz-executor.4 Not tainted 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040 do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245 con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822 gsmld_write+0xbb/0x120 drivers/tty/n_gsm.c:2548 do_tty_write drivers/tty/tty_io.c:959 [inline] tty_write+0x410/0x740 drivers/tty/tty_io.c:1043 __vfs_write+0xe4/0x630 fs/read_write.c:480 __kernel_write+0xf5/0x330 fs/read_write.c:501 write_pipe_buf+0x143/0x1c0 fs/splice.c:797 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x326/0x7a0 fs/splice.c:626 splice_from_pipe fs/splice.c:661 [inline] default_file_splice_write+0xc5/0x150 fs/splice.c:809 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x115/0x160 fs/splice.c:1018 splice_direct_to_actor+0x27c/0x730 fs/splice.c:973 do_splice_direct+0x164/0x210 fs/splice.c:1061 do_sendfile+0x47f/0xb30 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f5b3de9f0f9 RSP: 002b:00007f5b3c3f0168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f5b3dfbf050 RCX: 00007f5b3de9f0f9 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 RBP: 00007f5b3defaae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0800000080004103 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc7138779f R14: 00007f5b3c3f0300 R15: 0000000000022000 F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): Found nat_bits in checkpoint F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245 in_atomic(): 1, irqs_disabled(): 1, pid: 10471, name: syz-executor.4 3 locks held by syz-executor.4/10471: netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284 #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write_lock drivers/tty/tty_io.c:885 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] do_tty_write drivers/tty/tty_io.c:908 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 drivers/tty/tty_io.c:1043 #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsmld_write+0x5e/0x120 drivers/tty/n_gsm.c:2545 irq event stamp: 528 hardirqs last enabled at (527): [] free_hot_cold_page+0x884/0xca0 mm/page_alloc.c:2651 hardirqs last disabled at (528): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (528): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160 softirqs last enabled at (0): [] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734 softirqs last disabled at (0): [< (null)>] (null) Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 10471 Comm: syz-executor.4 Tainted: G W 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040 do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245 con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822 gsmld_write+0xbb/0x120 drivers/tty/n_gsm.c:2548 do_tty_write drivers/tty/tty_io.c:959 [inline] tty_write+0x410/0x740 drivers/tty/tty_io.c:1043 __vfs_write+0xe4/0x630 fs/read_write.c:480 __kernel_write+0xf5/0x330 fs/read_write.c:501 write_pipe_buf+0x143/0x1c0 fs/splice.c:797 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x326/0x7a0 fs/splice.c:626 splice_from_pipe fs/splice.c:661 [inline] default_file_splice_write+0xc5/0x150 fs/splice.c:809 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x115/0x160 fs/splice.c:1018 splice_direct_to_actor+0x27c/0x730 fs/splice.c:973 do_splice_direct+0x164/0x210 fs/splice.c:1061 do_sendfile+0x47f/0xb30 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f5b3de9f0f9 RSP: 002b:00007f5b3c411168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f5b3dfbef80 RCX: 00007f5b3de9f0f9 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 RBP: 00007f5b3defaae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0800000080004103 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc7138779f R14: 00007f5b3c411300 R15: 0000000000022000 BUG: sleeping function called from invalid context at kernel/printk/printk.c:2465 in_atomic(): 1, irqs_disabled(): 1, pid: 10471, name: syz-executor.4 4 locks held by syz-executor.4/10471: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284 #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write_lock drivers/tty/tty_io.c:885 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] do_tty_write drivers/tty/tty_io.c:908 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 drivers/tty/tty_io.c:1043 #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsmld_write+0x5e/0x120 drivers/tty/n_gsm.c:2545 #3: (console_lock){+.+.}, at: [] do_con_write+0xd5/0x19b0 drivers/tty/vt/vt.c:2247 irq event stamp: 528 hardirqs last enabled at (527): [] free_hot_cold_page+0x884/0xca0 mm/page_alloc.c:2651 hardirqs last disabled at (528): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (528): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160 softirqs last enabled at (0): [] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734 softirqs last disabled at (0): [< (null)>] (null) Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 10471 Comm: syz-executor.4 Tainted: G W 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040 console_conditional_schedule+0x2c/0x40 kernel/printk/printk.c:2465 fbcon_redraw.constprop.0+0x190/0x460 drivers/video/fbdev/core/fbcon.c:1619 fbcon_scroll+0x381/0x31e0 drivers/video/fbdev/core/fbcon.c:1735 con_scroll+0x2c5/0x360 drivers/tty/vt/vt.c:327 lf+0x226/0x270 drivers/tty/vt/vt.c:1158 do_con_write+0xf9b/0x19b0 drivers/tty/vt/vt.c:2431 con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822 gsmld_write+0xbb/0x120 drivers/tty/n_gsm.c:2548 do_tty_write drivers/tty/tty_io.c:959 [inline] tty_write+0x410/0x740 drivers/tty/tty_io.c:1043 __vfs_write+0xe4/0x630 fs/read_write.c:480 __kernel_write+0xf5/0x330 fs/read_write.c:501 write_pipe_buf+0x143/0x1c0 fs/splice.c:797 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x326/0x7a0 fs/splice.c:626 splice_from_pipe fs/splice.c:661 [inline] default_file_splice_write+0xc5/0x150 fs/splice.c:809 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x115/0x160 fs/splice.c:1018 splice_direct_to_actor+0x27c/0x730 fs/splice.c:973 do_splice_direct+0x164/0x210 fs/splice.c:1061 do_sendfile+0x47f/0xb30 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f5b3de9f0f9 RSP: 002b:00007f5b3c411168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f5b3dfbef80 RCX: 00007f5b3de9f0f9 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 RBP: 00007f5b3defaae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0800000080004103 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc7138779f R14: 00007f5b3c411300 R15: 0000000000022000 BUG: sleeping function called from invalid context at kernel/printk/printk.c:2420 in_atomic(): 1, irqs_disabled(): 1, pid: 10471, name: syz-executor.4 4 locks held by syz-executor.4/10471: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284 #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write_lock drivers/tty/tty_io.c:885 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] do_tty_write drivers/tty/tty_io.c:908 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 drivers/tty/tty_io.c:1043 #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsmld_write+0x5e/0x120 drivers/tty/n_gsm.c:2545 #3: (console_lock){+.+.}, at: [] do_con_write+0xd5/0x19b0 drivers/tty/vt/vt.c:2247 irq event stamp: 528 hardirqs last enabled at (527): [] free_hot_cold_page+0x884/0xca0 mm/page_alloc.c:2651 hardirqs last disabled at (528): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (528): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160 softirqs last enabled at (0): [] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734 softirqs last disabled at (0): [< (null)>] (null) Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 10471 Comm: syz-executor.4 Tainted: G W 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040 console_unlock+0xc19/0xf20 kernel/printk/printk.c:2420 do_con_write+0xb2f/0x19b0 drivers/tty/vt/vt.c:2476 con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822 gsmld_write+0xbb/0x120 drivers/tty/n_gsm.c:2548 do_tty_write drivers/tty/tty_io.c:959 [inline] tty_write+0x410/0x740 drivers/tty/tty_io.c:1043 __vfs_write+0xe4/0x630 fs/read_write.c:480 __kernel_write+0xf5/0x330 fs/read_write.c:501 write_pipe_buf+0x143/0x1c0 fs/splice.c:797 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x326/0x7a0 fs/splice.c:626 splice_from_pipe fs/splice.c:661 [inline] default_file_splice_write+0xc5/0x150 fs/splice.c:809 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x115/0x160 fs/splice.c:1018 splice_direct_to_actor+0x27c/0x730 fs/splice.c:973 do_splice_direct+0x164/0x210 fs/splice.c:1061 do_sendfile+0x47f/0xb30 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f5b3de9f0f9 RSP: 002b:00007f5b3c411168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f5b3dfbef80 RCX: 00007f5b3de9f0f9 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 RBP: 00007f5b3defaae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0800000080004103 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc7138779f R14: 00007f5b3c411300 R15: 0000000000022000 unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): Found nat_bits in checkpoint F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245 in_atomic(): 1, irqs_disabled(): 1, pid: 10515, name: syz-executor.4 3 locks held by syz-executor.4/10515: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284 #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write_lock drivers/tty/tty_io.c:885 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] do_tty_write drivers/tty/tty_io.c:908 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 drivers/tty/tty_io.c:1043 #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsmld_write+0x5e/0x120 drivers/tty/n_gsm.c:2545 irq event stamp: 528 hardirqs last enabled at (527): [] free_hot_cold_page+0x884/0xca0 mm/page_alloc.c:2651 hardirqs last disabled at (528): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (528): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160 softirqs last enabled at (0): [] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734 softirqs last disabled at (0): [< (null)>] (null) Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 10515 Comm: syz-executor.4 Tainted: G W 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040 do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245 con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822 gsmld_write+0xbb/0x120 drivers/tty/n_gsm.c:2548 do_tty_write drivers/tty/tty_io.c:959 [inline] tty_write+0x410/0x740 drivers/tty/tty_io.c:1043 __vfs_write+0xe4/0x630 fs/read_write.c:480 __kernel_write+0xf5/0x330 fs/read_write.c:501 write_pipe_buf+0x143/0x1c0 fs/splice.c:797 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x326/0x7a0 fs/splice.c:626 splice_from_pipe fs/splice.c:661 [inline] default_file_splice_write+0xc5/0x150 fs/splice.c:809 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x115/0x160 fs/splice.c:1018 splice_direct_to_actor+0x27c/0x730 fs/splice.c:973 do_splice_direct+0x164/0x210 fs/splice.c:1061 do_sendfile+0x47f/0xb30 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f5b3de9f0f9 RSP: 002b:00007f5b3c411168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f5b3dfbef80 RCX: 00007f5b3de9f0f9 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 RBP: 00007f5b3defaae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0800000080004103 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc7138779f R14: 00007f5b3c411300 R15: 0000000000022000 BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245 in_atomic(): 1, irqs_disabled(): 1, pid: 10515, name: syz-executor.4 3 locks held by syz-executor.4/10515: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284 #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write_lock drivers/tty/tty_io.c:885 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] do_tty_write drivers/tty/tty_io.c:908 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 drivers/tty/tty_io.c:1043 #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsmld_write+0x5e/0x120 drivers/tty/n_gsm.c:2545 irq event stamp: 2132 hardirqs last enabled at (2131): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (2131): [] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:192 hardirqs last disabled at (2132): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (2132): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160 softirqs last enabled at (2108): [] __do_softirq+0x68b/0x9ff kernel/softirq.c:314 softirqs last disabled at (535): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (535): [] irq_exit+0x193/0x240 kernel/softirq.c:409 Preemption disabled at: [< (null)>] (null) CPU: 0 PID: 10515 Comm: syz-executor.4 Tainted: G W 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040 do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245 con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822 gsmld_write+0xbb/0x120 drivers/tty/n_gsm.c:2548 do_tty_write drivers/tty/tty_io.c:959 [inline] tty_write+0x410/0x740 drivers/tty/tty_io.c:1043 __vfs_write+0xe4/0x630 fs/read_write.c:480 __kernel_write+0xf5/0x330 fs/read_write.c:501 write_pipe_buf+0x143/0x1c0 fs/splice.c:797 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x326/0x7a0 fs/splice.c:626 splice_from_pipe fs/splice.c:661 [inline] default_file_splice_write+0xc5/0x150 fs/splice.c:809 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x115/0x160 fs/splice.c:1018 splice_direct_to_actor+0x27c/0x730 fs/splice.c:973 do_splice_direct+0x164/0x210 fs/splice.c:1061 do_sendfile+0x47f/0xb30 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f5b3de9f0f9 RSP: 002b:00007f5b3c411168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f5b3dfbef80 RCX: 00007f5b3de9f0f9 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 RBP: 00007f5b3defaae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0800000080004103 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc7138779f R14: 00007f5b3c411300 R15: 0000000000022000 F2FS-fs (loop3): invalid crc value F2FS-fs (loop3): Found nat_bits in checkpoint syz-executor.0 (10517) used greatest stack depth: 24072 bytes left F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): Found nat_bits in checkpoint F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245 in_atomic(): 1, irqs_disabled(): 1, pid: 10571, name: syz-executor.4 3 locks held by syz-executor.4/10571: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284 #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write_lock drivers/tty/tty_io.c:885 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] do_tty_write drivers/tty/tty_io.c:908 [inline] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 drivers/tty/tty_io.c:1043 #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsmld_write+0x5e/0x120 drivers/tty/n_gsm.c:2545 irq event stamp: 540 hardirqs last enabled at (539): [] free_hot_cold_page+0x884/0xca0 mm/page_alloc.c:2651 hardirqs last disabled at (540): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (540): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160 softirqs last enabled at (0): [] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734 softirqs last disabled at (0): [< (null)>] (null) Preemption disabled at: [< (null)>] (null) CPU: 1 PID: 10571 Comm: syz-executor.4 Tainted: G W 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040 do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245 con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822 gsmld_write+0xbb/0x120 drivers/tty/n_gsm.c:2548 do_tty_write drivers/tty/tty_io.c:959 [inline] tty_write+0x410/0x740 drivers/tty/tty_io.c:1043 __vfs_write+0xe4/0x630 fs/read_write.c:480 __kernel_write+0xf5/0x330 fs/read_write.c:501 write_pipe_buf+0x143/0x1c0 fs/splice.c:797 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x326/0x7a0 fs/splice.c:626 splice_from_pipe fs/splice.c:661 [inline] default_file_splice_write+0xc5/0x150 fs/splice.c:809 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x115/0x160 fs/splice.c:1018 splice_direct_to_actor+0x27c/0x730 fs/splice.c:973 do_splice_direct+0x164/0x210 fs/splice.c:1061 do_sendfile+0x47f/0xb30 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f5b3de9f0f9 RSP: 002b:00007f5b3c411168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f5b3dfbef80 RCX: 00007f5b3de9f0f9 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 RBP: 00007f5b3defaae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0800000080004103 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc7138779f R14: 00007f5b3c411300 R15: 0000000000022000