BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2599 in_atomic(): 1, irqs_disabled(): 1, pid: 12793, name: syz-executor.0 3 locks held by syz-executor.0/12793: #0: 0000000060d7ae4a (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272 #1: 00000000daa5adc6 (&(&gsm->control_lock)->rlock){....}, at: gsm_control_send+0x109/0x4b0 drivers/tty/n_gsm.c:1365 #2: 00000000eaad9dba (&(&gsm->tx_lock)->rlock){....}, at: gsm_data_queue drivers/tty/n_gsm.c:777 [inline] #2: 00000000eaad9dba (&(&gsm->tx_lock)->rlock){....}, at: gsm_control_transmit+0x1b5/0x290 drivers/tty/n_gsm.c:1306 irq event stamp: 26 hardirqs last enabled at (25): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (25): [] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:184 hardirqs last disabled at (26): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (26): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:152 softirqs last enabled at (0): [] copy_process.part.0+0x15b9/0x8260 kernel/fork.c:1856 softirqs last disabled at (0): [<0000000000000000>] (null) Preemption disabled at: [<0000000000000000>] (null) CPU: 0 PID: 12793 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192 do_con_write+0x116/0x1d90 drivers/tty/vt/vt.c:2599 con_write+0x22/0xb0 drivers/tty/vt/vt.c:3163 gsmld_output+0xdd/0x1b0 drivers/tty/n_gsm.c:2240 gsm_data_kick+0x21b/0x920 drivers/tty/n_gsm.c:693 gsm_data_queue drivers/tty/n_gsm.c:778 [inline] gsm_control_transmit+0x1c3/0x290 drivers/tty/n_gsm.c:1306 gsm_control_send+0x3a6/0x4b0 drivers/tty/n_gsm.c:1382 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline] gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f3d2e002639 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3d2c554168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f3d2e123050 RCX: 00007f3d2e002639 RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003 RBP: 00007f3d2e05d7e1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc2da2309f R14: 00007f3d2c554300 R15: 0000000000022000 ======================================================== WARNING: possible irq lock inversion dependency detected 4.19.211-syzkaller #0 Tainted: G W -------------------------------------------------------- syz-executor.0/12793 just changed the state of lock: 00000000daa5adc6 (&(&gsm->control_lock)->rlock){..-.}, at: gsm_control_retransmit+0x20/0x220 drivers/tty/n_gsm.c:1325 but this lock took another, SOFTIRQ-unsafe lock in the past: (console_lock){+.+.} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Chain exists of: &(&gsm->control_lock)->rlock --> &(&gsm->tx_lock)->rlock --> console_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(console_lock); local_irq_disable(); lock(&(&gsm->control_lock)->rlock); lock(&(&gsm->tx_lock)->rlock); lock(&(&gsm->control_lock)->rlock); *** DEADLOCK *** 2 locks held by syz-executor.0/12793: #0: 0000000060d7ae4a (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272 #1: 0000000047fa607e ((&gsm->t2_timer)){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:168 [inline] #1: 0000000047fa607e ((&gsm->t2_timer)){+.-.}, at: call_timer_fn+0xc9/0x700 kernel/time/timer.c:1328 the shortest dependencies between 2nd lock and 1st lock: -> (console_lock){+.+.} ops: 5229 { HARDIRQ-ON-W at: console_lock+0x44/0x80 kernel/printk/printk.c:2275 con_init+0x12/0x605 drivers/tty/vt/vt.c:3363 console_init+0x4cb/0x718 kernel/printk/printk.c:2862 start_kernel+0x686/0x911 init/main.c:659 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 SOFTIRQ-ON-W at: console_lock+0x44/0x80 kernel/printk/printk.c:2275 con_init+0x12/0x605 drivers/tty/vt/vt.c:3363 console_init+0x4cb/0x718 kernel/printk/printk.c:2862 start_kernel+0x686/0x911 init/main.c:659 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 INITIAL USE at: } ... key at: [] console_lock_dep_map+0x0/0x40 ... acquired at: do_con_write+0x11b/0x1d90 drivers/tty/vt/vt.c:2601 con_write+0x22/0xb0 drivers/tty/vt/vt.c:3163 gsmld_output+0xdd/0x1b0 drivers/tty/n_gsm.c:2240 gsm_data_kick+0x21b/0x920 drivers/tty/n_gsm.c:693 gsm_data_queue drivers/tty/n_gsm.c:778 [inline] gsm_control_transmit+0x1c3/0x290 drivers/tty/n_gsm.c:1306 gsm_control_send+0x3a6/0x4b0 drivers/tty/n_gsm.c:1382 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline] gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> (&(&gsm->tx_lock)->rlock){....} ops: 1 { INITIAL USE at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 gsm_data_queue drivers/tty/n_gsm.c:777 [inline] gsm_control_transmit+0x1b5/0x290 drivers/tty/n_gsm.c:1306 gsm_control_send+0x3a6/0x4b0 drivers/tty/n_gsm.c:1382 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline] gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe } ... key at: [] __key.4+0x0/0x40 ... acquired at: gsm_data_queue drivers/tty/n_gsm.c:777 [inline] gsm_control_transmit+0x1b5/0x290 drivers/tty/n_gsm.c:1306 gsm_control_send+0x3a6/0x4b0 drivers/tty/n_gsm.c:1382 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline] gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> (&(&gsm->control_lock)->rlock){..-.} ops: 2 { IN-SOFTIRQ-W at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 gsm_control_retransmit+0x20/0x220 drivers/tty/n_gsm.c:1325 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:184 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline] gsm_control_send+0x3b1/0x4b0 drivers/tty/n_gsm.c:1383 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline] gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe INITIAL USE at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 gsm_control_send+0x109/0x4b0 drivers/tty/n_gsm.c:1365 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline] gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe } ... key at: [] __key.5+0x0/0x40 ... acquired at: mark_irqflags kernel/locking/lockdep.c:3010 [inline] __lock_acquire+0xdc4/0x3ff0 kernel/locking/lockdep.c:3373 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 gsm_control_retransmit+0x20/0x220 drivers/tty/n_gsm.c:1325 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:184 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline] gsm_control_send+0x3b1/0x4b0 drivers/tty/n_gsm.c:1383 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline] gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe stack backtrace: CPU: 0 PID: 12793 Comm: syz-executor.0 Tainted: G W 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_irq_inversion_bug.cold+0x313/0x346 kernel/locking/lockdep.c:2626 check_usage_forwards+0x1a2/0x310 kernel/locking/lockdep.c:2651 mark_lock_irq kernel/locking/lockdep.c:2760 [inline] mark_lock+0x3d8/0x1160 kernel/locking/lockdep.c:3132 mark_irqflags kernel/locking/lockdep.c:3010 [inline] __lock_acquire+0xdc4/0x3ff0 kernel/locking/lockdep.c:3373 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 gsm_control_retransmit+0x20/0x220 drivers/tty/n_gsm.c:1325 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:184 Code: 48 c7 c0 88 82 f1 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 2f 48 83 3d 7c 31 d8 01 00 74 15 48 89 df 57 9d <0f> 1f 44 00 00 eb b2 e8 fb eb e6 f8 eb c0 0f 0b 0f 0b 48 c7 c7 88 RSP: 0018:ffff888059927848 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3051 RBX: 0000000000000286 RCX: 1ffff110167bd9dd RDX: dffffc0000000000 RSI: ffff8880b3decec8 RDI: 0000000000000286 RBP: ffff8880a1569658 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000286 R13: ffff8880599278b8 R14: ffff8880a1569308 R15: ffff8880a1569658 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline] gsm_control_send+0x3b1/0x4b0 drivers/tty/n_gsm.c:1383 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline] gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f3d2e002639 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3d2c554168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f3d2e123050 RCX: 00007f3d2e002639 RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003 RBP: 00007f3d2e05d7e1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc2da2309f R14: 00007f3d2c554300 R15: 0000000000022000 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2599 in_atomic(): 1, irqs_disabled(): 1, pid: 13065, name: syz-executor.0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] (null) hardirqs last disabled at (0): [] copy_process.part.0+0x1518/0x8260 kernel/fork.c:1853 softirqs last enabled at (0): [] copy_process.part.0+0x15b9/0x8260 kernel/fork.c:1856 softirqs last disabled at (0): [<0000000000000000>] (null) Preemption disabled at: [<0000000000000000>] (null) CPU: 0 PID: 13065 Comm: syz-executor.0 Tainted: G W 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192 do_con_write+0x116/0x1d90 drivers/tty/vt/vt.c:2599 con_write+0x22/0xb0 drivers/tty/vt/vt.c:3163 gsmld_output+0xdd/0x1b0 drivers/tty/n_gsm.c:2240 gsm_data_kick+0x21b/0x920 drivers/tty/n_gsm.c:693 gsm_data_queue drivers/tty/n_gsm.c:778 [inline] gsm_control_transmit+0x1c3/0x290 drivers/tty/n_gsm.c:1306 gsm_control_send+0x3a6/0x4b0 drivers/tty/n_gsm.c:1382 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline] gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f3d2e002639 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3d2c554168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f3d2e123050 RCX: 00007f3d2e002639 RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003 RBP: 00007f3d2e05d7e1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc2da2309f R14: 00007f3d2c554300 R15: 0000000000022000 IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2599 in_atomic(): 1, irqs_disabled(): 1, pid: 13298, name: syz-executor.0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] (null) hardirqs last disabled at (0): [] copy_process.part.0+0x1518/0x8260 kernel/fork.c:1853 softirqs last enabled at (0): [] copy_process.part.0+0x15b9/0x8260 kernel/fork.c:1856 softirqs last disabled at (0): [<0000000000000000>] (null) Preemption disabled at: [<0000000000000000>] (null) CPU: 0 PID: 13298 Comm: syz-executor.0 Tainted: G W 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192 do_con_write+0x116/0x1d90 drivers/tty/vt/vt.c:2599 con_write+0x22/0xb0 drivers/tty/vt/vt.c:3163 gsmld_output+0xdd/0x1b0 drivers/tty/n_gsm.c:2240 gsm_data_kick+0x21b/0x920 drivers/tty/n_gsm.c:693 gsm_data_queue drivers/tty/n_gsm.c:778 [inline] gsm_control_transmit+0x1c3/0x290 drivers/tty/n_gsm.c:1306 gsm_control_send+0x3a6/0x4b0 drivers/tty/n_gsm.c:1382 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline] gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 IPv6 header not found vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 IPv6 header not found IPv6 header not found ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 IPv6 header not found __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f3d2e002639 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 ---------------- Code disassembly (best guess): 0: 48 c7 c0 88 82 f1 89 mov $0xffffffff89f18288,%rax 7: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx e: fc ff df 11: 48 c1 e8 03 shr $0x3,%rax 15: 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) 19: 75 2f jne 0x4a 1b: 48 83 3d 7c 31 d8 01 cmpq $0x0,0x1d8317c(%rip) # 0x1d8319f 22: 00 23: 74 15 je 0x3a 25: 48 89 df mov %rbx,%rdi 28: 57 push %rdi 29: 9d popfq * 2a: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) <-- trapping instruction 2f: eb b2 jmp 0xffffffe3 31: e8 fb eb e6 f8 callq 0xf8e6ec31 36: eb c0 jmp 0xfffffff8 38: 0f 0b ud2 3a: 0f 0b ud2 3c: 48 rex.W 3d: c7 .byte 0xc7 3e: c7 (bad) 3f: 88 .byte 0x88