Sensor A: ================= START STATUS =================
Sensor A: ================== END STATUS ==================
tmpfs: Bad mount option fsmagic
BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245
in_atomic(): 1, irqs_disabled(): 1, pid: 10127, name: syz-executor.2
3 locks held by syz-executor.2/10127:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8355cf92>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&(&gsm->control_lock)->rlock){....}, at: [<ffffffff83573906>] gsm_control_send+0xf6/0x480 drivers/tty/n_gsm.c:1434
#2: (&(&gsm->tx_lock)->rlock){....}, at: [<ffffffff83573731>] gsm_data_queue drivers/tty/n_gsm.c:845 [inline]
#2: (&(&gsm->tx_lock)->rlock){....}, at: [<ffffffff83573731>] gsm_control_transmit+0x1f1/0x2d0 drivers/tty/n_gsm.c:1375
irq event stamp: 24
hardirqs last enabled at (23): [<ffffffff8724f359>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last enabled at (23): [<ffffffff8724f359>] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:192
hardirqs last disabled at (24): [<ffffffff8724efe6>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (24): [<ffffffff8724efe6>] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160
softirqs last enabled at (0): [<ffffffff81305bb0>] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734
softirqs last disabled at (0): [< (null)>] (null)
Preemption disabled at:
[< (null)>] (null)
CPU: 1 PID: 10127 Comm: syz-executor.2 Not tainted 4.14.305-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822
gsmld_output+0xc3/0x190 drivers/tty/n_gsm.c:2312
gsm_data_kick+0x266/0x9b0 drivers/tty/n_gsm.c:761
gsm_data_queue drivers/tty/n_gsm.c:846 [inline]
gsm_control_transmit+0x1ff/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fa775c2e0f9
RSP: 002b:00007fa77417f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa775d4e050 RCX: 00007fa775c2e0f9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007fa775c89ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8f47672f R14: 00007fa77417f300 R15: 0000000000022000
========================================================
WARNING: possible irq lock inversion dependency detected
4.14.305-syzkaller #0 Tainted: G W
--------------------------------------------------------
syz-executor.2/10127 just changed the state of lock:
(&(&gsm->control_lock)->rlock){..-.}, at: [<ffffffff83574385>] gsm_control_retransmit+0x25/0x2c0 drivers/tty/n_gsm.c:1394
but this lock took another, SOFTIRQ-unsafe lock in the past:
(console_lock){+.+.}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Chain exists of:
&(&gsm->control_lock)->rlock --> &(&gsm->tx_lock)->rlock --> console_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(console_lock);
local_irq_disable();
lock(&(&gsm->control_lock)->rlock);
lock(&(&gsm->tx_lock)->rlock);
<Interrupt>
lock(&(&gsm->control_lock)->rlock);
*** DEADLOCK ***
2 locks held by syz-executor.2/10127:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8355cf92>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (((&gsm->t2_timer))){+.-.}, at: [<ffffffff81487178>] lockdep_copy_map include/linux/lockdep.h:174 [inline]
#1: (((&gsm->t2_timer))){+.-.}, at: [<ffffffff81487178>] call_timer_fn+0xb8/0x650 kernel/time/timer.c:1270
the shortest dependencies between 2nd lock and 1st lock:
-> (console_lock){+.+.} ops: 4124 {
HARDIRQ-ON-W at:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
console_lock+0x42/0x70 kernel/printk/printk.c:2228
con_init+0x12/0x5d6 drivers/tty/vt/vt.c:3022
console_init+0x46/0x53 kernel/printk/printk.c:2809
start_kernel+0x521/0x763 init/main.c:638
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240
SOFTIRQ-ON-W at:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
console_lock+0x42/0x70 kernel/printk/printk.c:2228
con_init+0x12/0x5d6 drivers/tty/vt/vt.c:3022
console_init+0x46/0x53 kernel/printk/printk.c:2809
start_kernel+0x521/0x763 init/main.c:638
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240
INITIAL USE at:
}
... key at: [<ffffffff88f6fb60>] console_lock_dep_map+0x0/0x40
... acquired at:
console_lock+0x42/0x70 kernel/printk/printk.c:2228
do_con_write+0xd5/0x19b0 drivers/tty/vt/vt.c:2247
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822
gsmld_output+0xc3/0x190 drivers/tty/n_gsm.c:2312
gsm_data_kick+0x266/0x9b0 drivers/tty/n_gsm.c:761
gsm_data_queue drivers/tty/n_gsm.c:846 [inline]
gsm_control_transmit+0x1ff/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
-> (&(&gsm->tx_lock)->rlock){....} ops: 1 {
INITIAL USE at:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_data_queue drivers/tty/n_gsm.c:845 [inline]
gsm_control_transmit+0x1f1/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
}
... key at: [<ffffffff8c8d54e0>] __key.4+0x0/0x40
... acquired at:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_data_queue drivers/tty/n_gsm.c:845 [inline]
gsm_control_transmit+0x1f1/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
-> (&(&gsm->control_lock)->rlock){..-.} ops: 2 {
IN-SOFTIRQ-W at:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_control_retransmit+0x25/0x2c0 drivers/tty/n_gsm.c:1394
call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
__run_timers kernel/time/timer.c:1637 [inline]
run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
__do_softirq+0x24d/0x9ff kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x193/0x240 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:638 [inline]
smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796
arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline]
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
gsm_control_send+0x395/0x480 drivers/tty/n_gsm.c:1452
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
INITIAL USE at:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_control_send+0xf6/0x480 drivers/tty/n_gsm.c:1434
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
}
... key at: [<ffffffff8c8d5520>] __key.5+0x0/0x40
... acquired at:
mark_lock_irq kernel/locking/lockdep.c:2804 [inline]
mark_lock+0x3c7/0x1050 kernel/locking/lockdep.c:3194
mark_irqflags kernel/locking/lockdep.c:3072 [inline]
__lock_acquire+0xc81/0x3f20 kernel/locking/lockdep.c:3448
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_control_retransmit+0x25/0x2c0 drivers/tty/n_gsm.c:1394
call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
__run_timers kernel/time/timer.c:1637 [inline]
run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
__do_softirq+0x24d/0x9ff kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x193/0x240 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:638 [inline]
smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796
arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline]
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
gsm_control_send+0x395/0x480 drivers/tty/n_gsm.c:1452
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
stack backtrace:
CPU: 1 PID: 10127 Comm: syz-executor.2 Tainted: G W 4.14.305-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_irq_inversion_bug.cold+0x313/0x346 kernel/locking/lockdep.c:2670
check_usage_forwards+0x18f/0x2d0 kernel/locking/lockdep.c:2695
mark_lock_irq kernel/locking/lockdep.c:2804 [inline]
mark_lock+0x3c7/0x1050 kernel/locking/lockdep.c:3194
mark_irqflags kernel/locking/lockdep.c:3072 [inline]
__lock_acquire+0xc81/0x3f20 kernel/locking/lockdep.c:3448
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_control_retransmit+0x25/0x2c0 drivers/tty/n_gsm.c:1394
call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
__run_timers kernel/time/timer.c:1637 [inline]
run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
__do_softirq+0x24d/0x9ff kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x193/0x240 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:638 [inline]
smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:192
RSP: 0018:ffff88806cae7940 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10
RAX: 1ffffffff11e13d9 RBX: 0000000000000286 RCX: 1ffff1100d946145
RDX: dffffc0000000000 RSI: ffff88806ca30a08 RDI: 0000000000000286
RBP: ffff88806caec560 R08: ffffffff8ba3f33c R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000286
R13: 0000000000000003 R14: ffff88806caec208 R15: ffff88806caec560
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
gsm_control_send+0x395/0x480 drivers/tty/n_gsm.c:1452
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fa775c2e0f9
RSP: 002b:00007fa77417f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa775d4e050 RCX: 00007fa775c2e0f9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007fa775c89ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8f47672f R14: 00007fa77417f300 R15: 0000000000022000
BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245
in_atomic(): 1, irqs_disabled(): 1, pid: 10368, name: syz-executor.2
INFO: lockdep is turned off.
irq event stamp: 0
hardirqs last enabled at (0): [< (null)>] (null)
hardirqs last disabled at (0): [<ffffffff81305b09>] copy_process.part.0+0x1229/0x71c0 kernel/fork.c:1731
softirqs last enabled at (0): [<ffffffff81305bb0>] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734
softirqs last disabled at (0): [< (null)>] (null)
Preemption disabled at:
[< (null)>] (null)
CPU: 0 PID: 10368 Comm: syz-executor.2 Tainted: G W 4.14.305-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822
gsmld_output+0xc3/0x190 drivers/tty/n_gsm.c:2312
gsm_data_kick+0x266/0x9b0 drivers/tty/n_gsm.c:761
gsm_data_queue drivers/tty/n_gsm.c:846 [inline]
gsm_control_transmit+0x1ff/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fa775c2e0f9
RSP: 002b:00007fa77417f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa775d4e050 RCX: 00007fa775c2e0f9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007fa775c89ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8f47672f R14: 00007fa77417f300 R15: 0000000000022000
tmpfs: Bad mount option fsmagic
BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245
in_atomic(): 1, irqs_disabled(): 1, pid: 10543, name: syz-executor.2
INFO: lockdep is turned off.
irq event stamp: 0
hardirqs last enabled at (0): [< (null)>] (null)
hardirqs last disabled at (0): [<ffffffff81305b09>] copy_process.part.0+0x1229/0x71c0 kernel/fork.c:1731
softirqs last enabled at (0): [<ffffffff81305bb0>] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734
softirqs last disabled at (0): [< (null)>] (null)
Preemption disabled at:
[< (null)>] (null)
CPU: 0 PID: 10543 Comm: syz-executor.2 Tainted: G W 4.14.305-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822
gsmld_output+0xc3/0x190 drivers/tty/n_gsm.c:2312
gsm_data_kick+0x266/0x9b0 drivers/tty/n_gsm.c:761
gsm_data_queue drivers/tty/n_gsm.c:846 [inline]
gsm_control_transmit+0x1ff/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fa775c2e0f9
RSP: 002b:00007fa77417f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa775d4e050 RCX: 00007fa775c2e0f9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007fa775c89ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8f47672f R14: 00007fa77417f300 R15: 0000000000022000
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245
in_atomic(): 1, irqs_disabled(): 1, pid: 10741, name: syz-executor.2
INFO: lockdep is turned off.
irq event stamp: 0
hardirqs last enabled at (0): [< (null)>] (null)
hardirqs last disabled at (0): [<ffffffff81305b09>] copy_process.part.0+0x1229/0x71c0 kernel/fork.c:1731
softirqs last enabled at (0): [<ffffffff81305bb0>] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734
softirqs last disabled at (0): [< (null)>] (null)
Preemption disabled at:
[< (null)>] (null)
CPU: 1 PID: 10741 Comm: syz-executor.2 Tainted: G W 4.14.305-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822
gsmld_output+0xc3/0x190 drivers/tty/n_gsm.c:2312
gsm_data_kick+0x266/0x9b0 drivers/tty/n_gsm.c:761
gsm_data_queue drivers/tty/n_gsm.c:846 [inline]
gsm_control_transmit+0x1ff/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fa775c2e0f9
RSP: 002b:00007fa77417f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa775d4e050 RCX: 00007fa775c2e0f9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007fa775c89ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8f47672f R14: 00007fa77417f300 R15: 0000000000022000
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
tmpfs: Bad mount option fsmagic
loop3: p1 p2 p3
tmpfs: Bad mount option fsmagic
loop4: p1 p2 p3
loop3: p1 p2 p3
tmpfs: Bad mount option fsmagic
loop0: p1 p2 p3
loop3: p1 p2 p3
loop4: p1 p2 p3
loop3: p1 p2 p3