[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.101' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 30.811383] BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245 [ 30.819904] in_atomic(): 1, irqs_disabled(): 1, pid: 7969, name: syz-executor131 [ 30.827434] 3 locks held by syz-executor131/7969: [ 30.832266] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 30.841312] #1: (&(&gsm->control_lock)->rlock){....}, at: [] gsm_control_send+0xf6/0x480 [ 30.851288] #2: (&(&gsm->tx_lock)->rlock){....}, at: [] gsm_control_transmit+0x1f1/0x2d0 [ 30.861269] irq event stamp: 13078 [ 30.864813] hardirqs last enabled at (13077): [] _raw_spin_unlock_irqrestore+0x79/0xe0 [ 30.874515] hardirqs last disabled at (13078): [] _raw_spin_lock_irqsave+0x66/0xc0 [ 30.883787] softirqs last enabled at (12826): [] __do_softirq+0x68b/0x9ff [ 30.892363] softirqs last disabled at (12689): [] irq_exit+0x193/0x240 [ 30.900583] Preemption disabled at: [ 30.900591] [< (null)>] (null) [ 30.909046] CPU: 0 PID: 7969 Comm: syz-executor131 Not tainted 4.14.294-syzkaller #0 [ 30.916917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 30.926371] Call Trace: [ 30.928957] dump_stack+0x1b2/0x281 [ 30.932588] ___might_sleep.cold+0x235/0x250 [ 30.937001] do_con_write+0xd0/0x19b0 [ 30.940807] ? lock_downgrade+0x740/0x740 [ 30.944956] ? trace_hardirqs_on+0x10/0x10 [ 30.949196] ? do_con_trol+0x51e0/0x51e0 [ 30.953255] ? mod_timer+0x4e7/0xf70 [ 30.956974] con_write+0x21/0xa0 [ 30.960354] gsmld_output+0xc3/0x190 [ 30.964049] ? gsmld_write+0x120/0x120 [ 30.967915] gsm_data_kick+0x266/0x9b0 [ 30.971789] gsm_control_transmit+0x1ff/0x2d0 [ 30.976301] gsm_control_send+0x38a/0x480 [ 30.980438] ? gsm_control_transmit+0x2d0/0x2d0 [ 30.985089] ? trace_hardirqs_on+0x10/0x10 [ 30.989306] ? tty_ldisc_put+0xb4/0xf0 [ 30.993186] ? tty_set_ldisc+0x196/0x5d0 [ 30.997226] ? tty_ioctl+0xa2a/0x1430 [ 31.001019] ? trace_hardirqs_on+0x10/0x10 [ 31.005269] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.010618] gsmld_config.constprop.0+0x568/0xf90 [ 31.015455] ? gsmtty_open+0xf0/0xf0 [ 31.019176] ? __might_fault+0x177/0x1b0 [ 31.023221] gsmld_ioctl+0x375/0x410 [ 31.026916] ? gsmld_config.constprop.0+0xf90/0xf90 [ 31.031917] tty_ioctl+0x5af/0x1430 [ 31.035527] ? gsmld_config.constprop.0+0xf90/0xf90 [ 31.040522] ? tty_fasync+0x2c0/0x2c0 [ 31.044303] ? prep_transhuge_page+0xa0/0xa0 [ 31.048687] ? _raw_spin_unlock+0x29/0x40 [ 31.052810] ? __pmd_alloc+0x27f/0x3f0 [ 31.056687] ? __handle_mm_fault+0x80f/0x4620 [ 31.061168] ? vm_insert_page+0x7c0/0x7c0 [ 31.065314] ? tty_fasync+0x2c0/0x2c0 [ 31.069110] do_vfs_ioctl+0x75a/0xff0 [ 31.072902] ? ioctl_preallocate+0x1a0/0x1a0 [ 31.077336] ? lock_downgrade+0x740/0x740 [ 31.081508] ? security_file_ioctl+0x83/0xb0 [ 31.085899] SyS_ioctl+0x7f/0xb0 [ 31.089267] ? do_vfs_ioctl+0xff0/0xff0 [ 31.093220] do_syscall_64+0x1d5/0x640 [ 31.097089] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.102262] RIP: 0033:0x7fe49c3b4319 [ 31.105979] RSP: 002b:00007ffc6afdbc38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 31.113677] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe49c3b4319 [ 31.120924] RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003 [ 31.128179] RBP: 00007fe49c3781a0 R08: 0000000000000000 R09: 0000000000000000 [ 31.135439] R10: 000000000000000e R11: 0000000000000246 R12: 00007fe49c378230 [ 31.142686] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 31.168105] [ 31.169741] ======================================================== [ 31.176221] WARNING: possible irq lock inversion dependency detected [ 31.182690] 4.14.294-syzkaller #0 Tainted: G W [ 31.188379] -------------------------------------------------------- [ 31.194846] swapper/0/0 just changed the state of lock: [ 31.200179] (&(&gsm->control_lock)->rlock){..-.}, at: [] gsm_control_retransmit+0x25/0x2c0 [ 31.210218] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 31.217031] (console_lock){+.+.} [ 31.217036] [ 31.217036] [ 31.217036] and interrupts could create inverse lock ordering between them. [ 31.217036] [ 31.231953] [ 31.231953] other info that might help us debug this: [ 31.238588] Chain exists of: [ 31.238588] &(&gsm->control_lock)->rlock --> &(&gsm->tx_lock)->rlock --> console_lock [ 31.238588] [ 31.251049] Possible interrupt unsafe locking scenario: [ 31.251049] [ 31.257950] CPU0 CPU1 [ 31.262590] ---- ---- [ 31.267225] lock(console_lock); [ 31.270647] local_irq_disable(); [ 31.276670] lock(&(&gsm->control_lock)->rlock); [ 31.284013] lock(&(&gsm->tx_lock)->rlock); [ 31.290911] [ 31.293637] lock(&(&gsm->control_lock)->rlock); [ 31.298636] [ 31.298636] *** DEADLOCK *** [ 31.298636] [ 31.304668] 1 lock held by swapper/0/0: [ 31.308614] #0: (((&gsm->t2_timer))){+.-.}, at: [] call_timer_fn+0xb8/0x650 [ 31.317431] [ 31.317431] the shortest dependencies between 2nd lock and 1st lock: [ 31.325384] -> (console_lock){+.+.} ops: 2761 { [ 31.330199] HARDIRQ-ON-W at: [ 31.333628] lock_acquire+0x170/0x3f0 [ 31.339398] console_lock+0x42/0x70 [ 31.344996] con_init+0x12/0x5d6 [ 31.350330] console_init+0x46/0x53 [ 31.355926] start_kernel+0x521/0x763 [ 31.361695] secondary_startup_64+0xa5/0xb0 [ 31.367982] SOFTIRQ-ON-W at: [ 31.371406] lock_acquire+0x170/0x3f0 [ 31.377189] console_lock+0x42/0x70 [ 31.382785] con_init+0x12/0x5d6 [ 31.388119] console_init+0x46/0x53 [ 31.393710] start_kernel+0x521/0x763 [ 31.399496] secondary_startup_64+0xa5/0xb0 [ 31.405783] INITIAL USE at: [ 31.409145] } [ 31.411099] ... key at: [] console_lock_dep_map+0x0/0x40 [ 31.418778] ... acquired at: [ 31.422036] console_lock+0x42/0x70 [ 31.425813] do_con_write+0xd5/0x19b0 [ 31.429758] con_write+0x21/0xa0 [ 31.433269] gsmld_output+0xc3/0x190 [ 31.437126] gsm_data_kick+0x266/0x9b0 [ 31.441159] gsm_control_transmit+0x1ff/0x2d0 [ 31.445813] gsm_control_send+0x38a/0x480 [ 31.450107] gsmld_config.constprop.0+0x568/0xf90 [ 31.455094] gsmld_ioctl+0x375/0x410 [ 31.458955] tty_ioctl+0x5af/0x1430 [ 31.462727] do_vfs_ioctl+0x75a/0xff0 [ 31.466671] SyS_ioctl+0x7f/0xb0 [ 31.470185] do_syscall_64+0x1d5/0x640 [ 31.474219] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.479636] [ 31.481235] -> (&(&gsm->tx_lock)->rlock){....} ops: 1 { [ 31.486665] INITIAL USE at: [ 31.489920] lock_acquire+0x170/0x3f0 [ 31.495436] _raw_spin_lock_irqsave+0x8c/0xc0 [ 31.501639] gsm_control_transmit+0x1f1/0x2d0 [ 31.507842] gsm_control_send+0x38a/0x480 [ 31.513697] gsmld_config.constprop.0+0x568/0xf90 [ 31.520249] gsmld_ioctl+0x375/0x410 [ 31.525673] tty_ioctl+0x5af/0x1430 [ 31.531009] do_vfs_ioctl+0x75a/0xff0 [ 31.536516] SyS_ioctl+0x7f/0xb0 [ 31.541588] do_syscall_64+0x1d5/0x640 [ 31.547185] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.554080] } [ 31.555945] ... key at: [] __key.4+0x0/0x40 [ 31.562421] ... acquired at: [ 31.565622] _raw_spin_lock_irqsave+0x8c/0xc0 [ 31.570274] gsm_control_transmit+0x1f1/0x2d0 [ 31.574916] gsm_control_send+0x38a/0x480 [ 31.579211] gsmld_config.constprop.0+0x568/0xf90 [ 31.584199] gsmld_ioctl+0x375/0x410 [ 31.588071] tty_ioctl+0x5af/0x1430 [ 31.591858] do_vfs_ioctl+0x75a/0xff0 [ 31.595811] SyS_ioctl+0x7f/0xb0 [ 31.599329] do_syscall_64+0x1d5/0x640 [ 31.603370] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.608769] [ 31.610371] -> (&(&gsm->control_lock)->rlock){..-.} ops: 2 { [ 31.616146] IN-SOFTIRQ-W at: [ 31.619414] lock_acquire+0x170/0x3f0 [ 31.624944] _raw_spin_lock_irqsave+0x8c/0xc0 [ 31.631069] gsm_control_retransmit+0x25/0x2c0 [ 31.637281] call_timer_fn+0x14a/0x650 [ 31.642805] expire_timers+0x232/0x4d0 [ 31.648322] run_timer_softirq+0x1d5/0x5a0 [ 31.654189] __do_softirq+0x24d/0x9ff [ 31.659714] irq_exit+0x193/0x240 [ 31.664793] smp_apic_timer_interrupt+0x141/0x5e0 [ 31.671357] apic_timer_interrupt+0x93/0xa0 [ 31.677303] native_safe_halt+0xe/0x10 [ 31.682817] default_idle+0x47/0x370 [ 31.688164] do_idle+0x250/0x3c0 [ 31.693153] cpu_startup_entry+0x14/0x20 [ 31.698837] start_kernel+0x743/0x763 [ 31.704266] secondary_startup_64+0xa5/0xb0 [ 31.710207] INITIAL USE at: [ 31.713393] lock_acquire+0x170/0x3f0 [ 31.718735] _raw_spin_lock_irqsave+0x8c/0xc0 [ 31.724766] gsm_control_send+0xf6/0x480 [ 31.730378] gsmld_config.constprop.0+0x568/0xf90 [ 31.736754] gsmld_ioctl+0x375/0x410 [ 31.742006] tty_ioctl+0x5af/0x1430 [ 31.747167] do_vfs_ioctl+0x75a/0xff0 [ 31.752526] SyS_ioctl+0x7f/0xb0 [ 31.757449] do_syscall_64+0x1d5/0x640 [ 31.762980] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.769701] } [ 31.771507] ... key at: [] __key.5+0x0/0x40 [ 31.777884] ... acquired at: [ 31.780969] mark_lock+0x3c7/0x1050 [ 31.784755] __lock_acquire+0xc81/0x3f20 [ 31.788963] lock_acquire+0x170/0x3f0 [ 31.792910] _raw_spin_lock_irqsave+0x8c/0xc0 [ 31.797551] gsm_control_retransmit+0x25/0x2c0 [ 31.802290] call_timer_fn+0x14a/0x650 [ 31.806326] expire_timers+0x232/0x4d0 [ 31.810371] run_timer_softirq+0x1d5/0x5a0 [ 31.814768] __do_softirq+0x24d/0x9ff [ 31.818729] irq_exit+0x193/0x240 [ 31.822329] smp_apic_timer_interrupt+0x141/0x5e0 [ 31.827315] apic_timer_interrupt+0x93/0xa0 [ 31.831792] native_safe_halt+0xe/0x10 [ 31.835823] default_idle+0x47/0x370 [ 31.839694] do_idle+0x250/0x3c0 [ 31.843204] cpu_startup_entry+0x14/0x20 [ 31.847424] start_kernel+0x743/0x763 [ 31.851382] secondary_startup_64+0xa5/0xb0 [ 31.855850] [ 31.857460] [ 31.857460] stack backtrace: [ 31.861940] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 4.14.294-syzkaller #0 [ 31.870319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 31.879757] Call Trace: [ 31.882316] [ 31.884446] dump_stack+0x1b2/0x281 [ 31.888052] print_irq_inversion_bug.cold+0x313/0x346 [ 31.893219] check_usage_forwards+0x18f/0x2d0 [ 31.897698] ? print_irq_inversion_bug+0xd0/0xd0 [ 31.902441] ? save_trace+0xd6/0x290 [ 31.906149] mark_lock+0x3c7/0x1050 [ 31.909767] ? print_irq_inversion_bug+0xd0/0xd0 [ 31.914506] __lock_acquire+0xc81/0x3f20 [ 31.918570] ? __lock_acquire+0x2190/0x3f20 [ 31.922878] ? trace_hardirqs_on+0x10/0x10 [ 31.927105] ? trace_hardirqs_on+0x10/0x10 [ 31.931431] ? trace_hardirqs_on+0x10/0x10 [ 31.935643] ? trace_hardirqs_on+0x10/0x10 [ 31.939852] ? __lock_acquire+0x5fc/0x3f20 [ 31.944061] lock_acquire+0x170/0x3f0 [ 31.947840] ? gsm_control_retransmit+0x25/0x2c0 [ 31.952588] _raw_spin_lock_irqsave+0x8c/0xc0 [ 31.957061] ? gsm_control_retransmit+0x25/0x2c0 [ 31.961808] gsm_control_retransmit+0x25/0x2c0 [ 31.966367] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 31.971794] call_timer_fn+0x14a/0x650 [ 31.975670] ? gsm_dtr_rts+0xa0/0xa0 [ 31.979369] ? collect_expired_timers+0x250/0x250 [ 31.984218] ? _raw_spin_unlock_irq+0x24/0x80 [ 31.988753] ? gsm_dtr_rts+0xa0/0xa0 [ 31.992449] expire_timers+0x232/0x4d0 [ 31.996313] run_timer_softirq+0x1d5/0x5a0 [ 32.000525] ? expire_timers+0x4d0/0x4d0 [ 32.004580] ? kvm_clock_read+0x1f/0x30 [ 32.008548] ? kvm_sched_clock_read+0x5/0x10 [ 32.012935] ? sched_clock+0x2a/0x40 [ 32.016625] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 32.022054] __do_softirq+0x24d/0x9ff [ 32.025832] ? check_preemption_disabled+0x35/0x240 [ 32.030824] irq_exit+0x193/0x240 [ 32.034253] smp_apic_timer_interrupt+0x141/0x5e0 [ 32.039092] apic_timer_interrupt+0x93/0xa0 [ 32.043402] [ 32.045615] RIP: 0010:native_safe_halt+0xe/0x10 [ 32.050268] RSP: 0018:ffffffff88e07e78 EFLAGS: 000002c2 ORIG_RAX: ffffffffffffff10 [ 32.057950] RAX: 1ffffffff11e135c RBX: dffffc0000000000 RCX: 0000000000000000 [ 32.065380] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff88e74d04 [ 32.072625] RBP: ffffffff88f09ad0 R08: 0000000000000000 R09: 0000000000000000 [ 32.079868] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff11ce890 [ 32.087204] R13: ffffffff88e74480 R14: 0000000000000000 R15: 0000000000000000 [ 32.094463] default_idle+0x47/0x370 [ 32.098156] do_idle+0x250/0x3c0 [ 32.101498] ? trace_event_define_fields_x86_irq_vector+0x28/0x28 [ 32.107802] cpu_startup_entry+0x14/0x20 [ 32.111851] start_kernel+0x743/0x763 [ 32.115631] ? mem_encrypt_init+0x5/0x5 [ 32.119585] ? load_ucode_bsp+0x1ae/0x1e4 [ 32.123780] secondary_startup_64+0xa5/0xb0