BUG: sleeping function called from invalid context in do_con_write (2)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit: 29c52025 Linux 4.14.221
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1497457f500000
kernel config: https://syzkaller.appspot.com/x/.config?x=83f668f81cfc5600
dashboard link: https://syzkaller.appspot.com/bug?extid=9a295b90a29984e591ea

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9a295b...@syzkaller.appspotmail.com

netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2228
in_atomic(): 1, irqs_disabled(): 1, pid: 9329, name: syz-executor.2
3 locks held by syz-executor.2/9329:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff83534a72>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff83533ff0>] spin_lock_irq include/linux/spinlock.h:342 [inline]
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff83533ff0>] n_tty_ioctl_helper+0xa0/0x350 drivers/tty/tty_ioctl.c:913
#2: (&tty->ldisc_sem){++++}, at: [<ffffffff83534b2b>] tty_ldisc_ref+0x1b/0x80 drivers/tty/tty_ldisc.c:305
irq event stamp: 168
hardirqs last enabled at (167): [<ffffffff81004cbc>] do_syscall_64+0x4c/0x640 arch/x86/entry/common.c:280
hardirqs last disabled at (168): [<ffffffff8720e995>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (168): [<ffffffff8720e995>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:168
softirqs last enabled at (144): [<ffffffff85c1f4d6>] rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
softirqs last enabled at (144): [<ffffffff85c1f4d6>] __dev_queue_xmit+0xc96/0x2480 net/core/dev.c:3548
softirqs last disabled at (140): [<ffffffff85c1e9ec>] __dev_queue_xmit+0x1ac/0x2480 net/core/dev.c:3455
Preemption disabled at:
[< (null)>] (null)
CPU: 1 PID: 9329 Comm: syz-executor.2 Not tainted 4.14.221-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2228
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2805
n_hdlc_send_frames+0x241/0x410 drivers/tty/n_hdlc.c:404
n_hdlc_tty_wakeup+0x95/0xb0 drivers/tty/n_hdlc.c:480
tty_wakeup+0xc3/0xf0 drivers/tty/tty_io.c:533
__start_tty drivers/tty/tty_io.c:805 [inline]
__start_tty+0x10b/0x140 drivers/tty/tty_io.c:798
n_tty_ioctl_helper+0x2f8/0x350 drivers/tty/tty_ioctl.c:916
n_hdlc_tty_ioctl+0xd4/0x300 drivers/tty/n_hdlc.c:784
tty_ioctl+0x5af/0x13c0 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x465ef9
RSP: 002b:00007fe81e8d4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465ef9
RDX: 0000000000000001 RSI: 000000000000540a RDI: 0000000000000004
RBP: 00000000004bcd1c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008
R13: 00007ffc46da67df R14: 00007fe81e8d4300 R15: 0000000000022000
netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
Can't find ip_set type bitmap:ip+mac
nla_parse: 9 callbacks suppressed
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 172 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 172 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 72 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 84 bytes leftover after parsing attributes in process `syz-executor.1'.
nft_compat: unsupported protocol 0
Unknown ioctl 1951
(syz-executor.3,10226,0):ocfs2_parse_options:1484 ERROR: Unrecognized mount option "uid=00000000000000060928" or missing value
Unknown ioctl 1951
(syz-executor.3,10226,0):ocfs2_fill_super:1217 ERROR: status = -22
(syz-executor.3,10226,0):ocfs2_parse_options:1484 ERROR: Unrecognized mount option "uid=00000000000000060928" or missing value
(syz-executor.3,10226,0):ocfs2_fill_super:1217 ERROR: status = -22
nft_compat: unsupported protocol 12
nft_compat: unsupported protocol 12
nft_compat: unsupported protocol 0
nft_compat: unsupported protocol 0
nla_parse: 43 callbacks suppressed
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
audit: type=1326 audit(1613997932.430:23530): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10451 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=231 compat=0 ip=0x465ef9 code=0x0
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit: cb83ddcd Linux 4.14.226
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12f50806d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=124f4e6b89b71fac
dashboard link: https://syzkaller.appspot.com/bug?extid=9a295b90a29984e591ea
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17959462d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17b25806d00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9a295b...@syzkaller.appspotmail.com

BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2228

in_atomic(): 1, irqs_disabled(): 1, pid: 7946, name: syz-executor665
3 locks held by syz-executor665/7946:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff83536f22>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] spin_lock_irq include/linux/spinlock.h:342 [inline]
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] n_tty_ioctl_helper+0xa0/0x350 drivers/tty/tty_ioctl.c:913
#2: (&tty->ldisc_sem){++++}, at: [<ffffffff83536fdb>] tty_ldisc_ref+0x1b/0x80 drivers/tty/tty_ldisc.c:305
irq event stamp: 372
hardirqs last enabled at (371): [<ffffffff81004cbc>] do_syscall_64+0x4c/0x640 arch/x86/entry/common.c:280
hardirqs last disabled at (372): [<ffffffff87214045>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (372): [<ffffffff87214045>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:168
softirqs last enabled at (0): [<ffffffff81303980>] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1733
softirqs last disabled at (0): [< (null)>] (null)

Preemption disabled at:
[< (null)>] (null)

CPU: 1 PID: 7946 Comm: syz-executor665 Not tainted 4.14.226-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2228
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2805
n_hdlc_send_frames+0x241/0x410 drivers/tty/n_hdlc.c:404
n_hdlc_tty_wakeup+0x95/0xb0 drivers/tty/n_hdlc.c:480
tty_wakeup+0xc3/0xf0 drivers/tty/tty_io.c:533
__start_tty drivers/tty/tty_io.c:805 [inline]
__start_tty+0x10b/0x140 drivers/tty/tty_io.c:798
n_tty_ioctl_helper+0x2f8/0x350 drivers/tty/tty_ioctl.c:916
n_hdlc_tty_ioctl+0xd4/0x300 drivers/tty/n_hdlc.c:784
tty_ioctl+0x5af/0x13c0 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

RIP: 0033:0x440009
RSP: 002b:00007ffd63cdcce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 0000000000440009
RDX: 0000000000000001 RSI: 000000000000540a RDI: 0000000000000005
RBP: 0000000000000000 R08: 000000000000000d R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403550
R13: 0000000000000000 R14: 00007ffd63cdcd10 R15: 00007ffd63cdcd00

BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2228

in_atomic(): 1, irqs_disabled(): 1, pid: 8058, name: syz-executor665
3 locks held by syz-executor665/8058:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff83536f22>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] spin_lock_irq include/linux/spinlock.h:342 [inline]
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] n_tty_ioctl_helper+0xa0/0x350 drivers/tty/tty_ioctl.c:913
#2: (&tty->ldisc_sem){++++}, at: [<ffffffff83536fdb>] tty_ldisc_ref+0x1b/0x80 drivers/tty/tty_ldisc.c:305
irq event stamp: 376
hardirqs last enabled at (375): [<ffffffff81004cbc>] do_syscall_64+0x4c/0x640 arch/x86/entry/common.c:280
hardirqs last disabled at (376): [<ffffffff87214045>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (376): [<ffffffff87214045>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:168
softirqs last enabled at (0): [<ffffffff81303980>] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1733
softirqs last disabled at (0): [< (null)>] (null)

Preemption disabled at:
[< (null)>] (null)

CPU: 1 PID: 8058 Comm: syz-executor665 Tainted: G W 4.14.226-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2228
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2805
n_hdlc_send_frames+0x241/0x410 drivers/tty/n_hdlc.c:404
n_hdlc_tty_wakeup+0x95/0xb0 drivers/tty/n_hdlc.c:480
tty_wakeup+0xc3/0xf0 drivers/tty/tty_io.c:533
__start_tty drivers/tty/tty_io.c:805 [inline]
__start_tty+0x10b/0x140 drivers/tty/tty_io.c:798
n_tty_ioctl_helper+0x2f8/0x350 drivers/tty/tty_ioctl.c:916
n_hdlc_tty_ioctl+0xd4/0x300 drivers/tty/n_hdlc.c:784
tty_ioctl+0x5af/0x13c0 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

RIP: 0033:0x440009
RSP: 002b:00007ffd63cdcce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 0000000000440009
RDX: 0000000000000001 RSI: 000000000000540a RDI: 0000000000000005
RBP: 0000000000000000 R08: 000000000000000d R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000007a0a
R13: 00007ffd63cdccfc R14: 00007ffd63cdcd10 R15: 00007ffd63cdcd00

BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2228

in_atomic(): 1, irqs_disabled(): 1, pid: 8155, name: syz-executor665
3 locks held by syz-executor665/8155:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff83536f22>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] spin_lock_irq include/linux/spinlock.h:342 [inline]
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] n_tty_ioctl_helper+0xa0/0x350 drivers/tty/tty_ioctl.c:913
#2: (&tty->ldisc_sem){++++}, at: [<ffffffff83536fdb>] tty_ldisc_ref+0x1b/0x80 drivers/tty/tty_ldisc.c:305
irq event stamp: 632
hardirqs last enabled at (631): [<ffffffff81004cbc>] do_syscall_64+0x4c/0x640 arch/x86/entry/common.c:280
hardirqs last disabled at (632): [<ffffffff87214045>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (632): [<ffffffff87214045>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:168
softirqs last enabled at (536): [<ffffffff8760068b>] __do_softirq+0x68b/0x9ff kernel/softirq.c:314
softirqs last disabled at (513): [<ffffffff81320ae3>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (513): [<ffffffff81320ae3>] irq_exit+0x193/0x240 kernel/softirq.c:409

Preemption disabled at:
[< (null)>] (null)

CPU: 0 PID: 8155 Comm: syz-executor665 Tainted: G W 4.14.226-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2228
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2805
n_hdlc_send_frames+0x241/0x410 drivers/tty/n_hdlc.c:404
n_hdlc_tty_wakeup+0x95/0xb0 drivers/tty/n_hdlc.c:480
tty_wakeup+0xc3/0xf0 drivers/tty/tty_io.c:533
__start_tty drivers/tty/tty_io.c:805 [inline]
__start_tty+0x10b/0x140 drivers/tty/tty_io.c:798
n_tty_ioctl_helper+0x2f8/0x350 drivers/tty/tty_ioctl.c:916
n_hdlc_tty_ioctl+0xd4/0x300 drivers/tty/n_hdlc.c:784
tty_ioctl+0x5af/0x13c0 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

RIP: 0033:0x440009
RSP: 002b:00007ffd63cdcce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 0000000000440009
RDX: 0000000000000001 RSI: 000000000000540a RDI: 0000000000000005
RBP: 0000000000000000 R08: 000000000000000d R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000007dc4
R13: 00007ffd63cdccfc R14: 00007ffd63cdcd10 R15: 00007ffd63cdcd00

BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2228

in_atomic(): 1, irqs_disabled(): 1, pid: 8354, name: syz-executor665
3 locks held by syz-executor665/8354:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff83536f22>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] spin_lock_irq include/linux/spinlock.h:342 [inline]
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] n_tty_ioctl_helper+0xa0/0x350 drivers/tty/tty_ioctl.c:913
#2: (&tty->ldisc_sem){++++}, at: [<ffffffff83536fdb>] tty_ldisc_ref+0x1b/0x80 drivers/tty/tty_ldisc.c:305
irq event stamp: 506
hardirqs last enabled at (505): [<ffffffff81004cbc>] do_syscall_64+0x4c/0x640 arch/x86/entry/common.c:280
hardirqs last disabled at (506): [<ffffffff87214045>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (506): [<ffffffff87214045>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:168
softirqs last enabled at (422): [<ffffffff8760068b>] __do_softirq+0x68b/0x9ff kernel/softirq.c:314
softirqs last disabled at (321): [<ffffffff81320ae3>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (321): [<ffffffff81320ae3>] irq_exit+0x193/0x240 kernel/softirq.c:409

Preemption disabled at:
[< (null)>] (null)

CPU: 1 PID: 8354 Comm: syz-executor665 Tainted: G W 4.14.226-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2228
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2805
n_hdlc_send_frames+0x241/0x410 drivers/tty/n_hdlc.c:404
n_hdlc_tty_wakeup+0x95/0xb0 drivers/tty/n_hdlc.c:480
tty_wakeup+0xc3/0xf0 drivers/tty/tty_io.c:533
__start_tty drivers/tty/tty_io.c:805 [inline]
__start_tty+0x10b/0x140 drivers/tty/tty_io.c:798
n_tty_ioctl_helper+0x2f8/0x350 drivers/tty/tty_ioctl.c:916
n_hdlc_tty_ioctl+0xd4/0x300 drivers/tty/n_hdlc.c:784
tty_ioctl+0x5af/0x13c0 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

RIP: 0033:0x440009
RSP: 002b:00007ffd63cdcce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 0000000000440009
RDX: 0000000000000001 RSI: 000000000000540a RDI: 0000000000000005
RBP: 0000000000000000 R08: 000000000000000d R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000008435
R13: 00007ffd63cdccfc R14: 00007ffd63cdcd10 R15: 00007ffd63cdcd00

BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2228

in_atomic(): 1, irqs_disabled(): 1, pid: 8683, name: syz-executor665
3 locks held by syz-executor665/8683:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff83536f22>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] spin_lock_irq include/linux/spinlock.h:342 [inline]
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] n_tty_ioctl_helper+0xa0/0x350 drivers/tty/tty_ioctl.c:913
#2: (&tty->ldisc_sem){++++}, at: [<ffffffff83536fdb>] tty_ldisc_ref+0x1b/0x80 drivers/tty/tty_ldisc.c:305
irq event stamp: 458
hardirqs last enabled at (457): [<ffffffff81004cbc>] do_syscall_64+0x4c/0x640 arch/x86/entry/common.c:280
hardirqs last disabled at (458): [<ffffffff87214045>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (458): [<ffffffff87214045>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:168
softirqs last enabled at (432): [<ffffffff8760068b>] __do_softirq+0x68b/0x9ff kernel/softirq.c:314
softirqs last disabled at (409): [<ffffffff81320ae3>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (409): [<ffffffff81320ae3>] irq_exit+0x193/0x240 kernel/softirq.c:409

Preemption disabled at:
[< (null)>] (null)

CPU: 0 PID: 8683 Comm: syz-executor665 Tainted: G W 4.14.226-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2228
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2805
n_hdlc_send_frames+0x241/0x410 drivers/tty/n_hdlc.c:404
n_hdlc_tty_wakeup+0x95/0xb0 drivers/tty/n_hdlc.c:480
tty_wakeup+0xc3/0xf0 drivers/tty/tty_io.c:533
__start_tty drivers/tty/tty_io.c:805 [inline]
__start_tty+0x10b/0x140 drivers/tty/tty_io.c:798
n_tty_ioctl_helper+0x2f8/0x350 drivers/tty/tty_ioctl.c:916
n_hdlc_tty_ioctl+0xd4/0x300 drivers/tty/n_hdlc.c:784
tty_ioctl+0x5af/0x13c0 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

RIP: 0033:0x440009
RSP: 002b:00007ffd63cdcce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 0000000000440009
RDX: 0000000000000001 RSI: 000000000000540a RDI: 0000000000000005
RBP: 0000000000000000 R08: 000000000000000d R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000008e1f
R13: 00007ffd63cdccfc R14: 00007ffd63cdcd10 R15: 00007ffd63cdcd00

BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2228

in_atomic(): 1, irqs_disabled(): 1, pid: 8878, name: syz-executor665
3 locks held by syz-executor665/8878:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff83536f22>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] spin_lock_irq include/linux/spinlock.h:342 [inline]
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] n_tty_ioctl_helper+0xa0/0x350 drivers/tty/tty_ioctl.c:913
#2: (&tty->ldisc_sem){++++}, at: [<ffffffff83536fdb>] tty_ldisc_ref+0x1b/0x80 drivers/tty/tty_ldisc.c:305
irq event stamp: 466
hardirqs last enabled at (465): [<ffffffff81004cbc>] do_syscall_64+0x4c/0x640 arch/x86/entry/common.c:280
hardirqs last disabled at (466): [<ffffffff87214045>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (466): [<ffffffff87214045>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:168
softirqs last enabled at (332): [<ffffffff8760068b>] __do_softirq+0x68b/0x9ff kernel/softirq.c:314
softirqs last disabled at (291): [<ffffffff81320ae3>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (291): [<ffffffff81320ae3>] irq_exit+0x193/0x240 kernel/softirq.c:409

Preemption disabled at:
[< (null)>] (null)

CPU: 0 PID: 8878 Comm: syz-executor665 Tainted: G W 4.14.226-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2228
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2805
n_hdlc_send_frames+0x241/0x410 drivers/tty/n_hdlc.c:404
n_hdlc_tty_wakeup+0x95/0xb0 drivers/tty/n_hdlc.c:480
tty_wakeup+0xc3/0xf0 drivers/tty/tty_io.c:533
__start_tty drivers/tty/tty_io.c:805 [inline]
__start_tty+0x10b/0x140 drivers/tty/tty_io.c:798
n_tty_ioctl_helper+0x2f8/0x350 drivers/tty/tty_ioctl.c:916
n_hdlc_tty_ioctl+0xd4/0x300 drivers/tty/n_hdlc.c:784
tty_ioctl+0x5af/0x13c0 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

RIP: 0033:0x440009
RSP: 002b:00007ffd63cdcce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 0000000000440009
RDX: 0000000000000001 RSI: 000000000000540a RDI: 0000000000000005
RBP: 0000000000000000 R08: 000000000000000d R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000009483
R13: 00007ffd63cdccfc R14: 00007ffd63cdcd10 R15: 00007ffd63cdcd00

BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2228

in_atomic(): 1, irqs_disabled(): 1, pid: 9066, name: syz-executor665
3 locks held by syz-executor665/9066:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff83536f22>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] spin_lock_irq include/linux/spinlock.h:342 [inline]
#1: (&(&tty->flow_lock)->rlock){....}, at: [<ffffffff835364a0>] n_tty_ioctl_helper+0xa0/0x350 drivers/tty/tty_ioctl.c:913
#2: (&tty->ldisc_sem){++++}, at: [<ffffffff83536fdb>] tty_ldisc_ref+0x1b/0x80 drivers/tty/tty_ldisc.c:305
irq event stamp: 610
hardirqs last enabled at (609): [<ffffffff81004cbc>] do_syscall_64+0x4c/0x640 arch/x86/entry/common.c:280
hardirqs last disabled at (610): [<ffffffff87214045>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (610): [<ffffffff87214045>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:168
softirqs last enabled at (436): [<ffffffff8760068b>] __do_softirq+0x68b/0x9ff kernel/softirq.c:314
softirqs last disabled at (381): [<ffffffff81320ae3>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (381): [<ffffffff81320ae3>] irq_exit+0x193/0x240 kernel/softirq.c:409

Preemption disabled at:
[< (null)>] (null)

CPU: 0 PID: 9066 Comm: syz-executor665 Tainted: G W 4.14.226-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6038
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2228
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2805
n_hdlc_send_frames+0x241/0x410 drivers/tty/n_hdlc.c:404
n_hdlc_tty_wakeup+0x95/0xb0 drivers/tty/n_hdlc.c:480
tty_wakeup+0xc3/0xf0 drivers/tty/tty_io.c:533
__start_tty drivers/tty/tty_io.c:805 [inline]
__start_tty+0x10b/0x140 drivers/tty/tty_io.c:798
n_tty_ioctl_helper+0x2f8/0x350 drivers/tty/tty_ioctl.c:916
n_hdlc_tty_ioctl+0xd4/0x300 drivers/tty/n_hdlc.c:784
tty_ioctl+0x5af/0x13c0 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

RIP: 0033:0x440009
RSP: 002b:00007ffd63cdcce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 0000000000440009
RDX: 0000000000000001 RSI: 000000000000540a RDI: 0000000000000005
RBP: 0000000000000000 R08: 000000000000000d R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000009ac3
R13: 00007ffd63cdccfc R14: 00007ffd63cdcd10 R15: 00007ffd63cdcd00