xt_TCPMSS: Only works on TCP SYN packets
BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2599
in_atomic(): 1, irqs_disabled(): 1, pid: 18686, name: syz-executor.5
3 locks held by syz-executor.5/18686:
 #0: 000000004d855202 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
 #1: 0000000025e1d343 (&(&gsm->control_lock)->rlock){....}, at: gsm_control_send+0x109/0x4b0 drivers/tty/n_gsm.c:1365
 #2: 000000003cd8c41f (&(&gsm->tx_lock)->rlock){....}, at: gsm_data_queue drivers/tty/n_gsm.c:777 [inline]
 #2: 000000003cd8c41f (&(&gsm->tx_lock)->rlock){....}, at: gsm_control_transmit+0x1b5/0x290 drivers/tty/n_gsm.c:1306
irq event stamp: 46
hardirqs last  enabled at (45): [<ffffffff881950e9>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (45): [<ffffffff881950e9>] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:184
hardirqs last disabled at (46): [<ffffffff88194d76>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (46): [<ffffffff88194d76>] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:152
softirqs last  enabled at (0): [<ffffffff81370d39>] copy_process.part.0+0x15b9/0x8260 kernel/fork.c:1856
softirqs last disabled at (0): [<0000000000000000>]           (null)
Preemption disabled at:
[<0000000000000000>]           (null)
CPU: 1 PID: 18686 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
 do_con_write+0x116/0x1d90 drivers/tty/vt/vt.c:2599
 con_write+0x22/0xb0 drivers/tty/vt/vt.c:3163
 gsmld_output+0xdd/0x1b0 drivers/tty/n_gsm.c:2240
 gsm_data_kick+0x21b/0x920 drivers/tty/n_gsm.c:693
 gsm_data_queue drivers/tty/n_gsm.c:778 [inline]
 gsm_control_transmit+0x1c3/0x290 drivers/tty/n_gsm.c:1306
 gsm_control_send+0x3a6/0x4b0 drivers/tty/n_gsm.c:1382
 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline]
 gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551
 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615
 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f39b5a315a9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f39b4383168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f39b5b52050 RCX: 00007f39b5a315a9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007f39b5a8c580 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe120c8ddf R14: 00007f39b4383300 R15: 0000000000022000

========================================================
WARNING: possible irq lock inversion dependency detected
4.19.211-syzkaller #0 Tainted: G        W        
--------------------------------------------------------
syz-executor.5/18686 just changed the state of lock:
0000000025e1d343 (&(&gsm->control_lock)->rlock){..-.}, at: gsm_control_retransmit+0x20/0x220 drivers/tty/n_gsm.c:1325
but this lock took another, SOFTIRQ-unsafe lock in the past:
 (console_lock){+.+.}


and interrupts could create inverse lock ordering between them.


other info that might help us debug this:
Chain exists of:
  &(&gsm->control_lock)->rlock --> &(&gsm->tx_lock)->rlock --> console_lock

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(console_lock);
                               local_irq_disable();
                               lock(&(&gsm->control_lock)->rlock);
                               lock(&(&gsm->tx_lock)->rlock);
  <Interrupt>
    lock(&(&gsm->control_lock)->rlock);

 *** DEADLOCK ***

2 locks held by syz-executor.5/18686:
 #0: 000000004d855202 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
 #1: 0000000053e99416 ((&gsm->t2_timer)){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:168 [inline]
 #1: 0000000053e99416 ((&gsm->t2_timer)){+.-.}, at: call_timer_fn+0xc9/0x700 kernel/time/timer.c:1328

the shortest dependencies between 2nd lock and 1st lock:
  -> (console_lock){+.+.} ops: 29644 {
     HARDIRQ-ON-W at:
                        console_lock+0x44/0x80 kernel/printk/printk.c:2275
                        con_init+0x12/0x605 drivers/tty/vt/vt.c:3363
                        console_init+0x4cb/0x718 kernel/printk/printk.c:2862
                        start_kernel+0x686/0x911 init/main.c:659
                        secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
     SOFTIRQ-ON-W at:
                        console_lock+0x44/0x80 kernel/printk/printk.c:2275
                        con_init+0x12/0x605 drivers/tty/vt/vt.c:3363
                        console_init+0x4cb/0x718 kernel/printk/printk.c:2862
                        start_kernel+0x686/0x911 init/main.c:659
                        secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
     INITIAL USE at:
   }
   ... key      at: [<ffffffff89f7b100>] console_lock_dep_map+0x0/0x40
   ... acquired at:
   do_con_write+0x11b/0x1d90 drivers/tty/vt/vt.c:2601
   con_write+0x22/0xb0 drivers/tty/vt/vt.c:3163
   gsmld_output+0xdd/0x1b0 drivers/tty/n_gsm.c:2240
   gsm_data_kick+0x21b/0x920 drivers/tty/n_gsm.c:693
   gsm_data_queue drivers/tty/n_gsm.c:778 [inline]
   gsm_control_transmit+0x1c3/0x290 drivers/tty/n_gsm.c:1306
   gsm_control_send+0x3a6/0x4b0 drivers/tty/n_gsm.c:1382
   gsm_disconnect drivers/tty/n_gsm.c:2039 [inline]
   gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551
   gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615
   tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678
   vfs_ioctl fs/ioctl.c:46 [inline]
   file_ioctl fs/ioctl.c:501 [inline]
   do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
   ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
   __do_sys_ioctl fs/ioctl.c:712 [inline]
   __se_sys_ioctl fs/ioctl.c:710 [inline]
   __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
   do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
   entry_SYSCALL_64_after_hwframe+0x49/0xbe

 -> (&(&gsm->tx_lock)->rlock){....} ops: 1 {
    INITIAL USE at:
                     __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                     _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152
                     gsm_data_queue drivers/tty/n_gsm.c:777 [inline]
                     gsm_control_transmit+0x1b5/0x290 drivers/tty/n_gsm.c:1306
                     gsm_control_send+0x3a6/0x4b0 drivers/tty/n_gsm.c:1382
                     gsm_disconnect drivers/tty/n_gsm.c:2039 [inline]
                     gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551
                     gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615
                     tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678
                     vfs_ioctl fs/ioctl.c:46 [inline]
                     file_ioctl fs/ioctl.c:501 [inline]
                     do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
                     ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
                     __do_sys_ioctl fs/ioctl.c:712 [inline]
                     __se_sys_ioctl fs/ioctl.c:710 [inline]
                     __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
                     do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
                     entry_SYSCALL_64_after_hwframe+0x49/0xbe
  }
  ... key      at: [<ffffffff8dc8d140>] __key.4+0x0/0x40
  ... acquired at:
   gsm_data_queue drivers/tty/n_gsm.c:777 [inline]
   gsm_control_transmit+0x1b5/0x290 drivers/tty/n_gsm.c:1306
   gsm_control_send+0x3a6/0x4b0 drivers/tty/n_gsm.c:1382
   gsm_disconnect drivers/tty/n_gsm.c:2039 [inline]
   gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551
   gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615
   tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678
   vfs_ioctl fs/ioctl.c:46 [inline]
   file_ioctl fs/ioctl.c:501 [inline]
   do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
   ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
   __do_sys_ioctl fs/ioctl.c:712 [inline]
   __se_sys_ioctl fs/ioctl.c:710 [inline]
   __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
   do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
   entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> (&(&gsm->control_lock)->rlock){..-.} ops: 2 {
   IN-SOFTIRQ-W at:
                    __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                    _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152
                    gsm_control_retransmit+0x20/0x220 drivers/tty/n_gsm.c:1325
                    call_timer_fn+0x177/0x700 kernel/time/timer.c:1338
                    expire_timers+0x243/0x4e0 kernel/time/timer.c:1375
                    __run_timers kernel/time/timer.c:1696 [inline]
                    run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709
                    __do_softirq+0x265/0x980 kernel/softirq.c:292
xt_TCPMSS: Only works on TCP SYN packets
                    invoke_softirq kernel/softirq.c:372 [inline]
                    irq_exit+0x215/0x260 kernel/softirq.c:412
                    exiting_irq arch/x86/include/asm/apic.h:536 [inline]
                    smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
                    apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
                    arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
                    __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
                    _raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:184
                    spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
                    gsm_control_send+0x3b1/0x4b0 drivers/tty/n_gsm.c:1383
                    gsm_disconnect drivers/tty/n_gsm.c:2039 [inline]
                    gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551
                    gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615
                    tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678
                    vfs_ioctl fs/ioctl.c:46 [inline]
                    file_ioctl fs/ioctl.c:501 [inline]
                    do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
                    ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
                    __do_sys_ioctl fs/ioctl.c:712 [inline]
                    __se_sys_ioctl fs/ioctl.c:710 [inline]
                    __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
                    do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
                    entry_SYSCALL_64_after_hwframe+0x49/0xbe
   INITIAL USE at:
                   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                   _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152
                   gsm_control_send+0x109/0x4b0 drivers/tty/n_gsm.c:1365
                   gsm_disconnect drivers/tty/n_gsm.c:2039 [inline]
                   gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551
                   gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615
                   tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678
                   vfs_ioctl fs/ioctl.c:46 [inline]
                   file_ioctl fs/ioctl.c:501 [inline]
                   do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
                   ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
                   __do_sys_ioctl fs/ioctl.c:712 [inline]
                   __se_sys_ioctl fs/ioctl.c:710 [inline]
                   __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
                   do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
                   entry_SYSCALL_64_after_hwframe+0x49/0xbe
 }
 ... key      at: [<ffffffff8dc8d180>] __key.5+0x0/0x40
 ... acquired at:
   mark_irqflags kernel/locking/lockdep.c:3010 [inline]
   __lock_acquire+0xdc4/0x3ff0 kernel/locking/lockdep.c:3373
   lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
   _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152
   gsm_control_retransmit+0x20/0x220 drivers/tty/n_gsm.c:1325
   call_timer_fn+0x177/0x700 kernel/time/timer.c:1338
   expire_timers+0x243/0x4e0 kernel/time/timer.c:1375
   __run_timers kernel/time/timer.c:1696 [inline]
   run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709
   __do_softirq+0x265/0x980 kernel/softirq.c:292
   invoke_softirq kernel/softirq.c:372 [inline]
   irq_exit+0x215/0x260 kernel/softirq.c:412
   exiting_irq arch/x86/include/asm/apic.h:536 [inline]
   smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
   apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
   arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
   __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
   _raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:184
   spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
   gsm_control_send+0x3b1/0x4b0 drivers/tty/n_gsm.c:1383
   gsm_disconnect drivers/tty/n_gsm.c:2039 [inline]
   gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551
   gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615
   tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678
   vfs_ioctl fs/ioctl.c:46 [inline]
   file_ioctl fs/ioctl.c:501 [inline]
   do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
   ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
   __do_sys_ioctl fs/ioctl.c:712 [inline]
   __se_sys_ioctl fs/ioctl.c:710 [inline]
   __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
   do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
   entry_SYSCALL_64_after_hwframe+0x49/0xbe


stack backtrace:
CPU: 1 PID: 18686 Comm: syz-executor.5 Tainted: G        W         4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_irq_inversion_bug.cold+0x313/0x346 kernel/locking/lockdep.c:2626
 check_usage_forwards+0x1a2/0x310 kernel/locking/lockdep.c:2651
 mark_lock_irq kernel/locking/lockdep.c:2760 [inline]
 mark_lock+0x3d8/0x1160 kernel/locking/lockdep.c:3132
 mark_irqflags kernel/locking/lockdep.c:3010 [inline]
 __lock_acquire+0xdc4/0x3ff0 kernel/locking/lockdep.c:3373
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152
 gsm_control_retransmit+0x20/0x220 drivers/tty/n_gsm.c:1325
 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338
 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1696 [inline]
 run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709
 __do_softirq+0x265/0x980 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x215/0x260 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:184
Code: 48 c7 c0 88 82 f1 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 2f 48 83 3d 7c 31 d8 01 00 74 15 48 89 df 57 9d <0f> 1f 44 00 00 eb b2 e8 fb eb e6 f8 eb c0 0f 0b 0f 0b 48 c7 c7 88
RSP: 0018:ffff88802a98f848 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3051 RBX: 0000000000000286 RCX: 1ffff110094f71d5
RDX: dffffc0000000000 RSI: ffff88804a7b8e88 RDI: 0000000000000286
RBP: ffff8880a9f6f7d8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000286
R13: ffff88802a98f8b8 R14: ffff8880a9f6f488 R15: ffff8880a9f6f7d8
 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
 gsm_control_send+0x3b1/0x4b0 drivers/tty/n_gsm.c:1383
 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline]
 gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551
 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615
 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f39b5a315a9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f39b4383168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f39b5b52050 RCX: 00007f39b5a315a9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007f39b5a8c580 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe120c8ddf R14: 00007f39b4383300 R15: 0000000000022000
BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2599
in_atomic(): 1, irqs_disabled(): 1, pid: 18902, name: syz-executor.5
INFO: lockdep is turned off.
irq event stamp: 0
hardirqs last  enabled at (0): [<0000000000000000>]           (null)
hardirqs last disabled at (0): [<ffffffff81370c98>] copy_process.part.0+0x1518/0x8260 kernel/fork.c:1853
softirqs last  enabled at (0): [<ffffffff81370d39>] copy_process.part.0+0x15b9/0x8260 kernel/fork.c:1856
softirqs last disabled at (0): [<0000000000000000>]           (null)
Preemption disabled at:
[<0000000000000000>]           (null)
CPU: 1 PID: 18902 Comm: syz-executor.5 Tainted: G        W         4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6192
 do_con_write+0x116/0x1d90 drivers/tty/vt/vt.c:2599
 con_write+0x22/0xb0 drivers/tty/vt/vt.c:3163
 gsmld_output+0xdd/0x1b0 drivers/tty/n_gsm.c:2240
 gsm_data_kick+0x21b/0x920 drivers/tty/n_gsm.c:693
 gsm_data_queue drivers/tty/n_gsm.c:778 [inline]
 gsm_control_transmit+0x1c3/0x290 drivers/tty/n_gsm.c:1306
 gsm_control_send+0x3a6/0x4b0 drivers/tty/n_gsm.c:1382
 gsm_disconnect drivers/tty/n_gsm.c:2039 [inline]
 gsmld_config.constprop.0+0x679/0x1100 drivers/tty/n_gsm.c:2551
 gsmld_ioctl+0x3d7/0x480 drivers/tty/n_gsm.c:2615
 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f39b5a315a9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f39b43a4168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f39b5b51f80 RCX: 00007f39b5a315a9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007f39b5a8c580 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe120c8ddf R14: 00007f39b43a4300 R15: 0000000000022000
BUG: scheduling while atomic: syz-executor.5/18902/0x00000003
INFO: lockdep is turned off.
Modules linked in:
Preemption disabled at:
[<0000000000000000>]           (null)
----------------
Code disassembly (best guess):
   0:	48 c7 c0 88 82 f1 89 	mov    $0xffffffff89f18288,%rax
   7:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
   e:	fc ff df
  11:	48 c1 e8 03          	shr    $0x3,%rax
  15:	80 3c 10 00          	cmpb   $0x0,(%rax,%rdx,1)
  19:	75 2f                	jne    0x4a
  1b:	48 83 3d 7c 31 d8 01 	cmpq   $0x0,0x1d8317c(%rip)        # 0x1d8319f
  22:	00
  23:	74 15                	je     0x3a
  25:	48 89 df             	mov    %rbx,%rdi
  28:	57                   	push   %rdi
  29:	9d                   	popfq
* 2a:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1) <-- trapping instruction
  2f:	eb b2                	jmp    0xffffffe3
  31:	e8 fb eb e6 f8       	callq  0xf8e6ec31
  36:	eb c0                	jmp    0xfffffff8
  38:	0f 0b                	ud2
  3a:	0f 0b                	ud2
  3c:	48                   	rex.W
  3d:	c7                   	.byte 0xc7
  3e:	c7                   	(bad)
  3f:	88                   	.byte 0x88