bisecting fixing commit since cf256fbcbe347b7d0ff58fe2dfa382a156bd3694 building syzkaller on 7e2b734bac96c22086fedd1b18135da06d5e4054 testing commit cf256fbcbe347b7d0ff58fe2dfa382a156bd3694 with gcc (GCC) 8.4.1 20210217 kernel signature: c784f538c3780f1f695ed1beafaa052752447923c48b7e3f2b7490ce8de60012 all runs: crashed: BUG: sleeping function called from invalid context in do_con_write testing current HEAD 7d7d1c0ab3eb7c8d8f63a126535018007823b207 testing commit 7d7d1c0ab3eb7c8d8f63a126535018007823b207 with gcc (GCC) 8.4.1 20210217 kernel signature: 3b0c21ccd2caa759bc634db4147e315b0c84a45312e28a6b958cd6fe2e51687d all runs: crashed: BUG: sleeping function called from invalid context in do_con_write revisions tested: 2, total time: 22m16.214953551s (build: 15m43.525891741s, test: 6m12.634721032s) the crash still happens on HEAD commit msg: Linux 4.14.232 crash: BUG: sleeping function called from invalid context in do_con_write IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready device veth0_macvtap entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2228 device veth1_macvtap entered promiscuous mode in_atomic(): 1, irqs_disabled(): 1, pid: 9815, name: syz-executor.5 3 locks held by syz-executor.5/9815: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:376 #1: (&(&tty->flow_lock)->rlock){....}, at: [] spin_lock_irq include/linux/spinlock.h:342 [inline] #1: (&(&tty->flow_lock)->rlock){....}, at: [] n_tty_ioctl_helper drivers/tty/tty_ioctl.c:913 [inline] #1: (&(&tty->flow_lock)->rlock){....}, at: [] n_tty_ioctl_helper+0x18f/0x320 drivers/tty/tty_ioctl.c:893 #2: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref+0x1a/0x70 drivers/tty/tty_ldisc.c:305 irq event stamp: 256 hardirqs last enabled at (255): [] do_syscall_64+0x4c/0x5b0 arch/x86/entry/common.c:280 hardirqs last disabled at (256): [] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline] hardirqs last disabled at (256): [] _raw_spin_lock_irq+0x3c/0x90 kernel/locking/spinlock.c:168 softirqs last enabled at (0): [] copy_process.part.5+0x130a/0x6e40 kernel/fork.c:1733 softirqs last disabled at (0): [< (null)>] (null) IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready Preemption disabled at: IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [] spin_lock_irq include/linux/spinlock.h:342 [inline] [] n_tty_ioctl_helper drivers/tty/tty_ioctl.c:913 [inline] [] n_tty_ioctl_helper+0x18f/0x320 drivers/tty/tty_ioctl.c:893 IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready CPU: 0 PID: 9815 Comm: syz-executor.5 Not tainted 4.14.232-syzkaller #0 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x14b/0x1e7 lib/dump_stack.c:58 ___might_sleep.cold.19+0x1f1/0x265 kernel/sched/core.c:6038 __might_sleep+0x93/0xb0 kernel/sched/core.c:5991 do_con_write.part.13+0x99/0x19b0 drivers/tty/vt/vt.c:2228 do_con_write drivers/tty/vt/vt.c:2225 [inline] con_write+0x1f/0x80 drivers/tty/vt/vt.c:2805 n_hdlc_send_frames drivers/tty/n_hdlc.c:404 [inline] n_hdlc_send_frames+0x201/0x3d0 drivers/tty/n_hdlc.c:376 n_hdlc_tty_wakeup+0x7d/0x90 drivers/tty/n_hdlc.c:480 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! tty_wakeup+0xaf/0xe0 drivers/tty/tty_io.c:533 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 __start_tty.part.14+0xbf/0xe0 drivers/tty/tty_io.c:805 __start_tty+0x48/0x60 drivers/tty/tty_io.c:800 n_tty_ioctl_helper drivers/tty/tty_ioctl.c:916 [inline] n_tty_ioctl_helper+0x22f/0x320 drivers/tty/tty_ioctl.c:893 n_hdlc_tty_ioctl+0xc0/0x2d0 drivers/tty/n_hdlc.c:784 tty_ioctl+0x4b6/0x1260 drivers/tty/tty_io.c:2670 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x180/0xfb0 fs/ioctl.c:684 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x74/0x80 fs/ioctl.c:692 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x466459 RSP: 002b:00007f07f0e95188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 RDX: 0000000000000001 RSI: 000000000000540a RDI: 0000000000000005 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fff4acd020f R14: 00007f07f0e95300 R15: 0000000000022000 BUG: scheduling while atomic: syz-executor.5/9815/0x00000002 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 3 locks held by syz-executor.5/9815: #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:376 #1: batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! (&(&tty->flow_lock)->rlock){+.+.}, at: [] spin_lock_irq include/linux/spinlock.h:342 [inline] (&(&tty->flow_lock)->rlock){+.+.}, at: [] n_tty_ioctl_helper drivers/tty/tty_ioctl.c:913 [inline] (&(&tty->flow_lock)->rlock){+.+.}, at: [] n_tty_ioctl_helper+0x18f/0x320 drivers/tty/tty_ioctl.c:893 #2: ( batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 &tty->ldisc_sem){++++}, at: [] tty_ldisc_ref+0x1a/0x70 drivers/tty/tty_ldisc.c:305 Modules linked in: Preemption disabled at: [] spin_lock_irq include/linux/spinlock.h:342 [inline] [] n_tty_ioctl_helper drivers/tty/tty_ioctl.c:913 [inline] [] n_tty_ioctl_helper+0x18f/0x320 drivers/tty/tty_ioctl.c:893