[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.866062] BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245 [ 31.874581] in_atomic(): 1, irqs_disabled(): 1, pid: 8021, name: syz-executor388 [ 31.882109] 3 locks held by syz-executor388/8021: [ 31.886940] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 31.895877] #1: (&(&gsm->control_lock)->rlock){....}, at: [] gsm_control_send+0xf6/0x480 [ 31.905854] #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsm_control_transmit+0x1f1/0x2d0 [ 31.915831] irq event stamp: 13522 [ 31.919374] hardirqs last enabled at (13521): [] _raw_spin_unlock_irqrestore+0x79/0xe0 [ 31.929086] hardirqs last disabled at (13522): [] _raw_spin_lock_irqsave+0x66/0xc0 [ 31.938360] softirqs last enabled at (12268): [] __do_softirq+0x68b/0x9ff [ 31.947013] softirqs last disabled at (11951): [] irq_exit+0x193/0x240 [ 31.955246] Preemption disabled at: [ 31.955250] [< (null)>] (null) [ 31.963696] CPU: 0 PID: 8021 Comm: syz-executor388 Not tainted 4.14.301-syzkaller #0 [ 31.971548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 31.980880] Call Trace: [ 31.983450] dump_stack+0x1b2/0x281 [ 31.987180] ___might_sleep.cold+0x235/0x250 [ 31.991585] do_con_write+0xd0/0x19b0 [ 31.995383] ? lock_downgrade+0x740/0x740 [ 31.999521] ? trace_hardirqs_on+0x10/0x10 [ 32.003734] ? do_con_trol+0x51e0/0x51e0 [ 32.007775] ? mod_timer+0x4e7/0xf70 [ 32.011471] con_write+0x21/0xa0 [ 32.014827] gsmld_output+0xc3/0x190 [ 32.018518] ? gsmld_write+0x120/0x120 [ 32.022385] gsm_data_kick+0x266/0x9b0 [ 32.026425] gsm_control_transmit+0x1ff/0x2d0 [ 32.030898] gsm_control_send+0x38a/0x480 [ 32.035025] ? gsm_control_transmit+0x2d0/0x2d0 [ 32.039668] ? trace_hardirqs_on+0x10/0x10 [ 32.043962] ? trace_hardirqs_on+0x10/0x10 [ 32.048170] ? __save_stack_trace+0x63/0x160 [ 32.052552] gsmld_config.constprop.0+0x568/0xf90 [ 32.057374] ? gsmtty_open+0xf0/0xf0 [ 32.061148] ? __might_fault+0x177/0x1b0 [ 32.065356] gsmld_ioctl+0x375/0x410 [ 32.069043] ? gsmld_config.constprop.0+0xf90/0xf90 [ 32.074037] tty_ioctl+0x5af/0x1430 [ 32.077636] ? gsmld_config.constprop.0+0xf90/0xf90 [ 32.082626] ? tty_fasync+0x2c0/0x2c0 [ 32.086399] ? lock_acquire+0x170/0x3f0 [ 32.090348] ? lock_downgrade+0x740/0x740 [ 32.094472] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 32.099554] ? debug_check_no_obj_freed+0x2c0/0x680 [ 32.104544] ? tty_fasync+0x2c0/0x2c0 [ 32.108320] do_vfs_ioctl+0x75a/0xff0 [ 32.112097] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 32.117520] ? ioctl_preallocate+0x1a0/0x1a0 [ 32.121901] ? kmem_cache_free+0x23a/0x2b0 [ 32.126109] ? putname+0xcd/0x110 [ 32.129553] ? do_sys_open+0x208/0x410 [ 32.133415] ? filp_open+0x60/0x60 [ 32.136949] ? security_file_ioctl+0x83/0xb0 [ 32.141332] SyS_ioctl+0x7f/0xb0 [ 32.144678] ? do_vfs_ioctl+0xff0/0xff0 [ 32.148641] do_syscall_64+0x1d5/0x640 [ 32.152508] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 32.157673] RIP: 0033:0x7f01f64c6329 [ 32.161362] RSP: 002b:00007ffc8a358f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 32.169053] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f01f64c6329 [ 32.176303] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000005 [ 32.183551] RBP: 00007f01f648a1b0 R08: 000000000000000e R09: 0000000000000000 [ 32.190797] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01f648a240 [ 32.198039] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.215849] [ 32.217491] ======================================================== [ 32.223964] WARNING: possible irq lock inversion dependency detected [ 32.230525] 4.14.301-syzkaller #0 Tainted: G W [ 32.236203] -------------------------------------------------------- [ 32.242669] ksoftirqd/0/7 just changed the state of lock: [ 32.248171] (&(&gsm->control_lock)->rlock){..-.}, at: [] gsm_control_retransmit+0x25/0x2c0 [ 32.258213] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 32.265025] (console_lock){+.+.} [ 32.265030] [ 32.265030] [ 32.265030] and interrupts could create inverse lock ordering between them. [ 32.265030] [ 32.280030] [ 32.280030] other info that might help us debug this: [ 32.286662] Chain exists of: [ 32.286662] &(&gsm->control_lock)->rlock --> &(&gsm->tx_lock)->rlock --> console_lock [ 32.286662] [ 32.299205] Possible interrupt unsafe locking scenario: [ 32.299205] [ 32.306097] CPU0 CPU1 [ 32.310821] ---- ---- [ 32.315454] lock(console_lock); [ 32.318917] local_irq_disable(); [ 32.324944] lock(&(&gsm->control_lock)->rlock); [ 32.332274] lock(&(&gsm->tx_lock)->rlock); [ 32.339168] [ 32.341894] lock(&(&gsm->control_lock)->rlock); [ 32.346880] [ 32.346880] *** DEADLOCK *** [ 32.346880] [ 32.352910] 1 lock held by ksoftirqd/0/7: [ 32.357029] #0: (((&gsm->t2_timer))){+.-.}, at: [] call_timer_fn+0xb8/0x650 [ 32.365843] [ 32.365843] the shortest dependencies between 2nd lock and 1st lock: [ 32.373794] -> (console_lock){+.+.} ops: 2763 { [ 32.378618] HARDIRQ-ON-W at: [ 32.382055] lock_acquire+0x170/0x3f0 [ 32.387914] console_lock+0x42/0x70 [ 32.393515] con_init+0x12/0x5d6 [ 32.398851] console_init+0x46/0x53 [ 32.404446] start_kernel+0x521/0x763 [ 32.410215] secondary_startup_64+0xa5/0xb0 [ 32.416501] SOFTIRQ-ON-W at: [ 32.419927] lock_acquire+0x170/0x3f0 [ 32.425693] console_lock+0x42/0x70 [ 32.431288] con_init+0x12/0x5d6 [ 32.436625] console_init+0x46/0x53 [ 32.442218] start_kernel+0x521/0x763 [ 32.448071] secondary_startup_64+0xa5/0xb0 [ 32.454355] INITIAL USE at: [ 32.457695] } [ 32.459653] ... key at: [] console_lock_dep_map+0x0/0x40 [ 32.467330] ... acquired at: [ 32.470584] console_lock+0x42/0x70 [ 32.474356] do_con_write+0xd5/0x19b0 [ 32.478300] con_write+0x21/0xa0 [ 32.481811] gsmld_output+0xc3/0x190 [ 32.485673] gsm_data_kick+0x266/0x9b0 [ 32.489709] gsm_control_transmit+0x1ff/0x2d0 [ 32.494352] gsm_control_send+0x38a/0x480 [ 32.498647] gsmld_config.constprop.0+0x568/0xf90 [ 32.503632] gsmld_ioctl+0x375/0x410 [ 32.507490] tty_ioctl+0x5af/0x1430 [ 32.511261] do_vfs_ioctl+0x75a/0xff0 [ 32.515205] SyS_ioctl+0x7f/0xb0 [ 32.518715] do_syscall_64+0x1d5/0x640 [ 32.522746] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 32.528105] [ 32.529703] -> (&(&gsm->tx_lock)->rlock){....} ops: 1 { [ 32.535127] INITIAL USE at: [ 32.538380] lock_acquire+0x170/0x3f0 [ 32.543906] _raw_spin_lock_irqsave+0x8c/0xc0 [ 32.550107] gsm_control_transmit+0x1f1/0x2d0 [ 32.556306] gsm_control_send+0x38a/0x480 [ 32.562159] gsmld_config.constprop.0+0x568/0xf90 [ 32.568707] gsmld_ioctl+0x375/0x410 [ 32.574128] tty_ioctl+0x5af/0x1430 [ 32.579461] do_vfs_ioctl+0x75a/0xff0 [ 32.584968] SyS_ioctl+0x7f/0xb0 [ 32.590041] do_syscall_64+0x1d5/0x640 [ 32.595634] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 32.602527] } [ 32.604389] ... key at: [] __key.4+0x0/0x40 [ 32.610934] ... acquired at: [ 32.614095] _raw_spin_lock_irqsave+0x8c/0xc0 [ 32.618733] gsm_control_transmit+0x1f1/0x2d0 [ 32.623371] gsm_control_send+0x38a/0x480 [ 32.627663] gsmld_config.constprop.0+0x568/0xf90 [ 32.632649] gsmld_ioctl+0x375/0x410 [ 32.636506] tty_ioctl+0x5af/0x1430 [ 32.640278] do_vfs_ioctl+0x75a/0xff0 [ 32.644220] SyS_ioctl+0x7f/0xb0 [ 32.647733] do_syscall_64+0x1d5/0x640 [ 32.651766] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 32.657095] [ 32.658693] -> (&(&gsm->control_lock)->rlock){..-.} ops: 2 { [ 32.664466] IN-SOFTIRQ-W at: [ 32.667729] lock_acquire+0x170/0x3f0 [ 32.673149] _raw_spin_lock_irqsave+0x8c/0xc0 [ 32.679265] gsm_control_retransmit+0x25/0x2c0 [ 32.685464] call_timer_fn+0x14a/0x650 [ 32.690969] expire_timers+0x232/0x4d0 [ 32.696476] run_timer_softirq+0x1d5/0x5a0 [ 32.702333] __do_softirq+0x24d/0x9ff [ 32.707751] run_ksoftirqd+0x50/0x1a0 [ 32.713173] smpboot_thread_fn+0x5c1/0x920 [ 32.719028] kthread+0x30d/0x420 [ 32.724012] ret_from_fork+0x24/0x30 [ 32.729345] INITIAL USE at: [ 32.732514] lock_acquire+0x170/0x3f0 [ 32.737847] _raw_spin_lock_irqsave+0x8c/0xc0 [ 32.743881] gsm_control_send+0xf6/0x480 [ 32.749474] gsmld_config.constprop.0+0x568/0xf90 [ 32.755852] gsmld_ioctl+0x375/0x410 [ 32.761096] tty_ioctl+0x5af/0x1430 [ 32.766256] do_vfs_ioctl+0x75a/0xff0 [ 32.771590] SyS_ioctl+0x7f/0xb0 [ 32.776492] do_syscall_64+0x1d5/0x640 [ 32.781912] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 32.788631] } [ 32.790405] ... key at: [] __key.5+0x0/0x40 [ 32.796775] ... acquired at: [ 32.799855] mark_lock+0x3c7/0x1050 [ 32.803628] __lock_acquire+0xc81/0x3f20 [ 32.807832] lock_acquire+0x170/0x3f0 [ 32.811802] _raw_spin_lock_irqsave+0x8c/0xc0 [ 32.816441] gsm_control_retransmit+0x25/0x2c0 [ 32.821166] call_timer_fn+0x14a/0x650 [ 32.825199] expire_timers+0x232/0x4d0 [ 32.829234] run_timer_softirq+0x1d5/0x5a0 [ 32.833622] __do_softirq+0x24d/0x9ff [ 32.837577] run_ksoftirqd+0x50/0x1a0 [ 32.841523] smpboot_thread_fn+0x5c1/0x920 [ 32.845902] kthread+0x30d/0x420 [ 32.849408] ret_from_fork+0x24/0x30 [ 32.853259] [ 32.854855] [ 32.854855] stack backtrace: [ 32.859323] CPU: 0 PID: 7 Comm: ksoftirqd/0 Tainted: G W 4.14.301-syzkaller #0 [ 32.867778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.877101] Call Trace: [ 32.879660] dump_stack+0x1b2/0x281 [ 32.883262] print_irq_inversion_bug.cold+0x313/0x346 [ 32.888421] check_usage_forwards+0x18f/0x2d0 [ 32.892886] ? print_irq_inversion_bug+0xd0/0xd0 [ 32.897612] ? save_trace+0xd6/0x290 [ 32.901295] mark_lock+0x3c7/0x1050 [ 32.904891] ? print_irq_inversion_bug+0xd0/0xd0 [ 32.909615] __lock_acquire+0xc81/0x3f20 [ 32.913648] ? __lock_acquire+0x2190/0x3f20 [ 32.917939] ? trace_hardirqs_on+0x10/0x10 [ 32.922146] ? trace_hardirqs_on+0x10/0x10 [ 32.926349] ? __lock_acquire+0x5fc/0x3f20 [ 32.930562] ? trace_hardirqs_on+0x10/0x10 [ 32.934791] ? __lock_acquire+0x5fc/0x3f20 [ 32.938998] lock_acquire+0x170/0x3f0 [ 32.942768] ? gsm_control_retransmit+0x25/0x2c0 [ 32.947499] _raw_spin_lock_irqsave+0x8c/0xc0 [ 32.951964] ? gsm_control_retransmit+0x25/0x2c0 [ 32.956689] gsm_control_retransmit+0x25/0x2c0 [ 32.961243] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 32.966663] call_timer_fn+0x14a/0x650 [ 32.970532] ? gsm_dtr_rts+0xa0/0xa0 [ 32.974215] ? collect_expired_timers+0x250/0x250 [ 32.979028] ? _raw_spin_unlock_irq+0x24/0x80 [ 32.983493] ? gsm_dtr_rts+0xa0/0xa0 [ 32.987176] expire_timers+0x232/0x4d0 [ 32.991033] run_timer_softirq+0x1d5/0x5a0 [ 32.995237] ? expire_timers+0x4d0/0x4d0 [ 32.999268] ? kvm_clock_read+0x1f/0x30 [ 33.003212] ? kvm_sched_clock_read+0x5/0x10 [ 33.007591] ? sched_clock+0x2a/0x40 [ 33.011277] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 33.016698] __do_softirq+0x24d/0x9ff [ 33.020470] ? __local_bh_enable_ip+0x170/0x170 [ 33.025106] run_ksoftirqd+0x50/0x1a0 [ 33.028880] smpboot_thread_fn+0x5c1/0x920 [ 33.033087] ? sort_range+0x30/0x30 [ 33.036682] ? sort_range+0x30/0x30 [ 33.040278] kthread+0x30d/0x420 [ 33.043613] ? kthread_create_on_node+0xd0/0xd0 [ 33.048253] ret_from_fork+0x24/0x30