Warning: Permanently added '10.128.1.0' (ECDSA) to the list of known hosts. executing program [ 51.435153] BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245 [ 51.443685] in_atomic(): 1, irqs_disabled(): 1, pid: 7991, name: syz-executor286 [ 51.451212] 3 locks held by syz-executor286/7991: [ 51.456048] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 51.464989] #1: (&(&gsm->control_lock)->rlock){....}, at: [] gsm_control_send+0xf6/0x480 [ 51.475057] #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsm_control_transmit+0x1f1/0x2d0 [ 51.485039] irq event stamp: 14126 [ 51.488581] hardirqs last enabled at (14125): [] _raw_spin_unlock_irqrestore+0x79/0xe0 [ 51.498287] hardirqs last disabled at (14126): [] _raw_spin_lock_irqsave+0x66/0xc0 [ 51.507559] softirqs last enabled at (13638): [] __do_softirq+0x68b/0x9ff [ 51.516134] softirqs last disabled at (12881): [] irq_exit+0x193/0x240 [ 51.524354] Preemption disabled at: [ 51.524362] [< (null)>] (null) [ 51.532812] CPU: 0 PID: 7991 Comm: syz-executor286 Not tainted 4.14.296-syzkaller #0 [ 51.540686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 51.550059] Call Trace: [ 51.552645] dump_stack+0x1b2/0x281 [ 51.556276] ___might_sleep.cold+0x235/0x250 [ 51.560688] do_con_write+0xd0/0x19b0 [ 51.564493] ? lock_downgrade+0x740/0x740 [ 51.568637] ? trace_hardirqs_on+0x10/0x10 [ 51.572871] ? do_con_trol+0x51e0/0x51e0 [ 51.576928] ? mod_timer+0x4e7/0xf70 [ 51.580642] con_write+0x21/0xa0 [ 51.584007] gsmld_output+0xc3/0x190 [ 51.587714] ? gsmld_write+0x120/0x120 [ 51.591683] gsm_data_kick+0x266/0x9b0 [ 51.595577] gsm_control_transmit+0x1ff/0x2d0 [ 51.600100] gsm_control_send+0x38a/0x480 [ 51.604245] ? gsm_control_transmit+0x2d0/0x2d0 [ 51.608900] ? trace_hardirqs_on+0x10/0x10 [ 51.615184] ? tty_ldisc_put+0xb4/0xf0 [ 51.619061] ? tty_set_ldisc+0x196/0x5d0 [ 51.623102] ? tty_ioctl+0xa2a/0x1430 [ 51.626887] ? trace_hardirqs_on+0x10/0x10 [ 51.631104] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 51.636450] gsmld_config.constprop.0+0x568/0xf90 [ 51.641280] ? gsmtty_open+0xf0/0xf0 [ 51.644971] ? __might_fault+0x177/0x1b0 [ 51.649023] gsmld_ioctl+0x375/0x410 [ 51.652710] ? gsmld_config.constprop.0+0xf90/0xf90 [ 51.657706] tty_ioctl+0x5af/0x1430 [ 51.661314] ? gsmld_config.constprop.0+0xf90/0xf90 [ 51.666306] ? tty_fasync+0x2c0/0x2c0 [ 51.670089] ? prep_transhuge_page+0xa0/0xa0 [ 51.674473] ? _raw_spin_unlock+0x29/0x40 [ 51.678609] ? __pmd_alloc+0x27f/0x3f0 [ 51.682474] ? __handle_mm_fault+0x80f/0x4620 [ 51.686944] ? vm_insert_page+0x7c0/0x7c0 [ 51.691158] ? tty_fasync+0x2c0/0x2c0 [ 51.694931] do_vfs_ioctl+0x75a/0xff0 [ 51.698706] ? ioctl_preallocate+0x1a0/0x1a0 [ 51.703092] ? lock_downgrade+0x740/0x740 [ 51.707219] ? security_file_ioctl+0x83/0xb0 [ 51.711606] SyS_ioctl+0x7f/0xb0 [ 51.714963] ? do_vfs_ioctl+0xff0/0xff0 [ 51.718922] do_syscall_64+0x1d5/0x640 [ 51.722795] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 51.727965] RIP: 0033:0x7f25eda53319 [ 51.731652] RSP: 002b:00007ffcf3a60078 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.739336] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f25eda53319 [ 51.746584] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003 [ 51.753828] RBP: 00007f25eda171a0 R08: 0000000000000000 R09: 0000000000000000 [ 51.761073] R10: 000000000000000e R11: 0000000000000246 R12: 00007f25eda17230 [ 51.768317] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 51.781201] [ 51.782834] ======================================================== [ 51.789293] WARNING: possible irq lock inversion dependency detected [ 51.795758] 4.14.296-syzkaller #0 Tainted: G W [ 51.801436] -------------------------------------------------------- [ 51.807896] systemd-journal/4625 just changed the state of lock: [ 51.814009] (&(&gsm->control_lock)->rlock){..-.}, at: [] gsm_control_retransmit+0x25/0x2c0 [ 51.824129] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 51.830939] (console_lock){+.+.} [ 51.830943] [ 51.830943] [ 51.830943] and interrupts could create inverse lock ordering between them. [ 51.830943] [ 51.845861] [ 51.845861] other info that might help us debug this: [ 51.852500] Chain exists of: [ 51.852500] &(&gsm->control_lock)->rlock --> &(&gsm->tx_lock)->rlock --> console_lock [ 51.852500] [ 51.864961] Possible interrupt unsafe locking scenario: [ 51.864961] [ 51.871860] CPU0 CPU1 [ 51.876500] ---- ---- [ 51.881142] lock(console_lock); [ 51.884588] local_irq_disable(); [ 51.890615] lock(&(&gsm->control_lock)->rlock); [ 51.897957] lock(&(&gsm->tx_lock)->rlock); [ 51.904853] [ 51.907697] lock(&(&gsm->control_lock)->rlock); [ 51.912684] [ 51.912684] *** DEADLOCK *** [ 51.912684] [ 51.918716] 1 lock held by systemd-journal/4625: [ 51.923442] #0: (((&gsm->t2_timer))){+.-.}, at: [] call_timer_fn+0xb8/0x650 [ 51.932257] [ 51.932257] the shortest dependencies between 2nd lock and 1st lock: [ 51.940207] -> (console_lock){+.+.} ops: 2865 { [ 51.945028] HARDIRQ-ON-W at: [ 51.948458] lock_acquire+0x170/0x3f0 [ 51.954227] console_lock+0x42/0x70 [ 51.959823] con_init+0x12/0x5d6 [ 51.965160] console_init+0x46/0x53 [ 51.970756] start_kernel+0x521/0x763 [ 51.976527] secondary_startup_64+0xa5/0xb0 [ 51.982817] SOFTIRQ-ON-W at: [ 51.986248] lock_acquire+0x170/0x3f0 [ 51.992019] console_lock+0x42/0x70 [ 51.997620] con_init+0x12/0x5d6 [ 52.002956] console_init+0x46/0x53 [ 52.008555] start_kernel+0x521/0x763 [ 52.014323] secondary_startup_64+0xa5/0xb0 [ 52.020608] INITIAL USE at: [ 52.023948] } [ 52.025900] ... key at: [] console_lock_dep_map+0x0/0x40 [ 52.033578] ... acquired at: [ 52.036829] console_lock+0x42/0x70 [ 52.040609] do_con_write+0xd5/0x19b0 [ 52.044556] con_write+0x21/0xa0 [ 52.048068] gsmld_output+0xc3/0x190 [ 52.051928] gsm_data_kick+0x266/0x9b0 [ 52.055963] gsm_control_transmit+0x1ff/0x2d0 [ 52.060602] gsm_control_send+0x38a/0x480 [ 52.064895] gsmld_config.constprop.0+0x568/0xf90 [ 52.069885] gsmld_ioctl+0x375/0x410 [ 52.073745] tty_ioctl+0x5af/0x1430 [ 52.077519] do_vfs_ioctl+0x75a/0xff0 [ 52.081485] SyS_ioctl+0x7f/0xb0 [ 52.085005] do_syscall_64+0x1d5/0x640 [ 52.089039] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 52.094370] [ 52.095968] -> (&(&gsm->tx_lock)->rlock){....} ops: 1 { [ 52.101392] INITIAL USE at: [ 52.104646] lock_acquire+0x170/0x3f0 [ 52.110156] _raw_spin_lock_irqsave+0x8c/0xc0 [ 52.116447] gsm_control_transmit+0x1f1/0x2d0 [ 52.122653] gsm_control_send+0x38a/0x480 [ 52.128510] gsmld_config.constprop.0+0x568/0xf90 [ 52.135059] gsmld_ioctl+0x375/0x410 [ 52.140480] tty_ioctl+0x5af/0x1430 [ 52.145813] do_vfs_ioctl+0x75a/0xff0 [ 52.151340] SyS_ioctl+0x7f/0xb0 [ 52.156415] do_syscall_64+0x1d5/0x640 [ 52.162013] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 52.168910] } [ 52.170775] ... key at: [] __key.4+0x0/0x40 [ 52.177238] ... acquired at: [ 52.180405] _raw_spin_lock_irqsave+0x8c/0xc0 [ 52.185046] gsm_control_transmit+0x1f1/0x2d0 [ 52.189698] gsm_control_send+0x38a/0x480 [ 52.193993] gsmld_config.constprop.0+0x568/0xf90 [ 52.198981] gsmld_ioctl+0x375/0x410 [ 52.202841] tty_ioctl+0x5af/0x1430 [ 52.206614] do_vfs_ioctl+0x75a/0xff0 [ 52.210561] SyS_ioctl+0x7f/0xb0 [ 52.214073] do_syscall_64+0x1d5/0x640 [ 52.218105] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 52.223437] [ 52.225037] -> (&(&gsm->control_lock)->rlock){..-.} ops: 2 { [ 52.230810] IN-SOFTIRQ-W at: [ 52.234068] lock_acquire+0x170/0x3f0 [ 52.239490] _raw_spin_lock_irqsave+0x8c/0xc0 [ 52.245605] gsm_control_retransmit+0x25/0x2c0 [ 52.251819] call_timer_fn+0x14a/0x650 [ 52.257418] expire_timers+0x232/0x4d0 [ 52.262924] run_timer_softirq+0x1d5/0x5a0 [ 52.268779] __do_softirq+0x24d/0x9ff [ 52.274201] irq_exit+0x193/0x240 [ 52.279278] smp_apic_timer_interrupt+0x141/0x5e0 [ 52.285744] apic_timer_interrupt+0x93/0xa0 [ 52.291688] INITIAL USE at: [ 52.294855] lock_acquire+0x170/0x3f0 [ 52.300188] _raw_spin_lock_irqsave+0x8c/0xc0 [ 52.306219] gsm_control_send+0xf6/0x480 [ 52.311837] gsmld_config.constprop.0+0x568/0xf90 [ 52.318217] gsmld_ioctl+0x375/0x410 [ 52.323480] tty_ioctl+0x5af/0x1430 [ 52.328641] do_vfs_ioctl+0x75a/0xff0 [ 52.333976] SyS_ioctl+0x7f/0xb0 [ 52.338880] do_syscall_64+0x1d5/0x640 [ 52.344304] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 52.351027] } [ 52.352809] ... key at: [] __key.5+0x0/0x40 [ 52.359186] ... acquired at: [ 52.362266] mark_lock+0x3c7/0x1050 [ 52.366039] __lock_acquire+0xc81/0x3f20 [ 52.370266] lock_acquire+0x170/0x3f0 [ 52.374212] _raw_spin_lock_irqsave+0x8c/0xc0 [ 52.378853] gsm_control_retransmit+0x25/0x2c0 [ 52.383580] call_timer_fn+0x14a/0x650 [ 52.387614] expire_timers+0x232/0x4d0 [ 52.391648] run_timer_softirq+0x1d5/0x5a0 [ 52.396040] __do_softirq+0x24d/0x9ff [ 52.399989] irq_exit+0x193/0x240 [ 52.403591] smp_apic_timer_interrupt+0x141/0x5e0 [ 52.408576] apic_timer_interrupt+0x93/0xa0 [ 52.413040] [ 52.414637] [ 52.414637] stack backtrace: [ 52.419110] CPU: 0 PID: 4625 Comm: systemd-journal Tainted: G W 4.14.296-syzkaller #0 [ 52.428178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 52.437504] Call Trace: [ 52.440063] [ 52.442190] dump_stack+0x1b2/0x281 [ 52.445794] print_irq_inversion_bug.cold+0x313/0x346 [ 52.450961] check_usage_forwards+0x18f/0x2d0 [ 52.455430] ? apic_timer_interrupt+0x93/0xa0 [ 52.459899] ? print_irq_inversion_bug+0xd0/0xd0 [ 52.464626] ? save_trace+0xd6/0x290 [ 52.468312] mark_lock+0x3c7/0x1050 [ 52.471911] ? print_irq_inversion_bug+0xd0/0xd0 [ 52.476667] __lock_acquire+0xc81/0x3f20 [ 52.480701] ? graph_lock+0x11b/0x170 [ 52.484492] ? __lock_acquire+0x2190/0x3f20 [ 52.488802] ? trace_hardirqs_on+0x10/0x10 [ 52.493022] ? trace_hardirqs_on+0x10/0x10 [ 52.497234] ? trace_hardirqs_on+0x10/0x10 [ 52.501442] ? trace_hardirqs_on+0x10/0x10 [ 52.505651] ? __lock_acquire+0x5fc/0x3f20 [ 52.509859] lock_acquire+0x170/0x3f0 [ 52.513634] ? gsm_control_retransmit+0x25/0x2c0 [ 52.518364] _raw_spin_lock_irqsave+0x8c/0xc0 [ 52.522836] ? gsm_control_retransmit+0x25/0x2c0 [ 52.527565] gsm_control_retransmit+0x25/0x2c0 [ 52.532124] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 52.537550] call_timer_fn+0x14a/0x650 [ 52.541410] ? gsm_dtr_rts+0xa0/0xa0 [ 52.545097] ? collect_expired_timers+0x250/0x250 [ 52.549912] ? _raw_spin_unlock_irq+0x24/0x80 [ 52.554382] ? gsm_dtr_rts+0xa0/0xa0 [ 52.558068] expire_timers+0x232/0x4d0 [ 52.561929] run_timer_softirq+0x1d5/0x5a0 [ 52.566136] ? expire_timers+0x4d0/0x4d0 [ 52.570170] ? kvm_clock_read+0x1f/0x30 [ 52.574119] ? kvm_sched_clock_read+0x5/0x10 [ 52.578500] ? sched_clock+0x2a/0x40 [ 52.582189] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 52.587615] __do_softirq+0x24d/0x9ff [ 52.591391] ? check_preemption_disabled+0x35/0x240 [ 52.596466] irq_exit+0x193/0x240 [ 52.599892] smp_apic_timer_interrupt+0x141/0x5e0 [ 52.604708] apic_timer_interrupt+0x93/0xa0 [ 52.609006] [ 52.611222] RIP: 0033:0x7fb24467cf17 [ 52.614907] RSP: 002b:00007fff850bcac8 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff10 [ 52.622587] RAX: 0000000000001211 RBX: 000055f784bbe1e0 RCX: 00007fb24467cf17 [ 52.629830] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 000055f784bbe1e0 [ 52.637094] RBP: 0000000000001211 R08: 00007fff851b5000 R09: 0000000e9e1c24ac [ 52.644337] R10: 000b4c54839477d8 R11: 0000000000000202 R12: ffffffffffffffff [ 52.651579] R13: 00007fff850bcb58 R14: 000055f7849d0958 R15: 0005ec47c7da9b9f