FAULT_INJECTION: forcing a failure.
name fail_usercopy, interval 1, probability 0, space 0, times 0
======================================================
WARNING: possible circular locking dependency detected
5.15.164-syzkaller #0 Not tainted
------------------------------------------------------
syz.2.448/5770 is trying to acquire lock:
ffffffff8c7fc378 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:138
but task is already holding lock:
ffff8880b9a3a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&rq->__lock){-.-.}-{2:2}:
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:368
raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
raw_spin_rq_lock kernel/sched/sched.h:1326 [inline]
rq_lock kernel/sched/sched.h:1621 [inline]
task_fork_fair+0x5d/0x350 kernel/sched/fair.c:11495
sched_cgroup_fork+0x2d3/0x330 kernel/sched/core.c:4466
copy_process+0x224a/0x3ef0 kernel/fork.c:2320
kernel_clone+0x210/0x960 kernel/fork.c:2604
kernel_thread+0x168/0x1e0 kernel/fork.c:2656
rest_init+0x21/0x330 init/main.c:706
start_kernel+0x48c/0x540 init/main.c:1140
secondary_startup_64_no_verify+0xb1/0xbb
-> #1 (&p->pi_lock){-.-.}-{2:2}:
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
try_to_wake_up+0xae/0x1300 kernel/sched/core.c:4030
up+0x6e/0x90 kernel/locking/semaphore.c:190
__up_console_sem+0x11a/0x1e0 kernel/printk/printk.c:256
console_unlock+0x1145/0x12b0 kernel/printk/printk.c:2760
do_con_write+0x718a/0x7270 drivers/tty/vt/vt.c:2965
con_put_char+0x91/0xe0 drivers/tty/vt/vt.c:3303
tty_put_char+0xdb/0x180 drivers/tty/tty_io.c:3178
__process_echoes+0x462/0x920 drivers/tty/n_tty.c:725
flush_echoes drivers/tty/n_tty.c:826 [inline]
__receive_buf drivers/tty/n_tty.c:1579 [inline]
n_tty_receive_buf_common+0x63d4/0x6ac0 drivers/tty/n_tty.c:1674
tty_port_default_receive_buf+0x6a/0x90 drivers/tty/tty_port.c:39
receive_buf drivers/tty/tty_buffer.c:471 [inline]
flush_to_ldisc+0x2b9/0x540 drivers/tty/tty_buffer.c:523
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:334
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
-> #0 ((console_sem).lock){-...}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:138
__down_trylock_console_sem+0x105/0x250 kernel/printk/printk.c:239
console_trylock kernel/printk/printk.c:2575 [inline]
console_trylock_spinning+0x8a/0x3f0 kernel/printk/printk.c:1867
vprintk_emit+0xa6/0x150 kernel/printk/printk.c:2273
_printk+0xd1/0x120 kernel/printk/printk.c:2299
fail_dump lib/fault-inject.c:45 [inline]
should_fail+0x36c/0x4c0 lib/fault-inject.c:146
strncpy_from_user+0x32/0x370 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:295
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:194 [inline]
____bpf_probe_read_compat_str kernel/trace/bpf_trace.c:300 [inline]
bpf_probe_read_compat_str+0xe4/0x180 kernel/trace/bpf_trace.c:296
bpf_prog_e3f550b2299101ce+0x38/0xf8c
bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
__bpf_prog_run include/linux/filter.h:628 [inline]
bpf_prog_run include/linux/filter.h:635 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:1880 [inline]
bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1918
__traceiter_sched_switch+0x7d/0xb0 include/trace/events/sched.h:220
trace_sched_switch include/trace/events/sched.h:220 [inline]
__schedule+0x1e8d/0x45b0 kernel/sched/core.c:6373
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
exit_to_user_mode_loop+0x44/0x130 kernel/entry/common.c:169
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
__syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
syscall_exit_to_user_mode+0x5d/0x240 kernel/entry/common.c:307
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x66/0xd0
other info that might help us debug this:
Chain exists of:
(console_sem).lock --> &p->pi_lock --> &rq->__lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rq->__lock);
lock(&p->pi_lock);
lock(&rq->__lock);
lock((console_sem).lock);
*** DEADLOCK ***
2 locks held by syz.2.448/5770:
#0: ffff8880b9a3a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
#1: ffffffff8c91fb20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
stack backtrace:
CPU: 0 PID: 5770 Comm: syz.2.448 Not tainted 5.15.164-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
check_noncircular+0x2f8/0x3b0 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:138
__down_trylock_console_sem+0x105/0x250 kernel/printk/printk.c:239
console_trylock kernel/printk/printk.c:2575 [inline]
console_trylock_spinning+0x8a/0x3f0 kernel/printk/printk.c:1867
vprintk_emit+0xa6/0x150 kernel/printk/printk.c:2273
_printk+0xd1/0x120 kernel/printk/printk.c:2299
fail_dump lib/fault-inject.c:45 [inline]
should_fail+0x36c/0x4c0 lib/fault-inject.c:146
strncpy_from_user+0x32/0x370 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:295
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:194 [inline]
____bpf_probe_read_compat_str kernel/trace/bpf_trace.c:300 [inline]
bpf_probe_read_compat_str+0xe4/0x180 kernel/trace/bpf_trace.c:296
bpf_prog_e3f550b2299101ce+0x38/0xf8c
bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
__bpf_prog_run include/linux/filter.h:628 [inline]
bpf_prog_run include/linux/filter.h:635 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:1880 [inline]
bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1918
__traceiter_sched_switch+0x7d/0xb0 include/trace/events/sched.h:220
trace_sched_switch include/trace/events/sched.h:220 [inline]
__schedule+0x1e8d/0x45b0 kernel/sched/core.c:6373
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
exit_to_user_mode_loop+0x44/0x130 kernel/entry/common.c:169
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
__syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
syscall_exit_to_user_mode+0x5d/0x240 kernel/entry/common.c:307
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fcdcc1ae4df
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48
RSP: 002b:00007fcdca5ec030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: 0000000000000001 RBX: 0000000000000009 RCX: 00007fcdcc1ae4df
RDX: 0000000000000001 RSI: 00007fcdca5ec090 RDI: 0000000000000009
RBP: 00007fcdca5ec090 R08: 0000000000000000 R09: 00007fcdca5ebdf7
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 0000000000000000 R14: 00007fcdcc33e130 R15: 00007ffeff23f5c8
</TASK>
CPU: 0 PID: 5770 Comm: syz.2.448 Not tainted 5.15.164-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
fail_dump lib/fault-inject.c:52 [inline]
should_fail+0x38a/0x4c0 lib/fault-inject.c:146
strncpy_from_user+0x32/0x370 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:295
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:194 [inline]
____bpf_probe_read_compat_str kernel/trace/bpf_trace.c:300 [inline]
bpf_probe_read_compat_str+0xe4/0x180 kernel/trace/bpf_trace.c:296
bpf_prog_e3f550b2299101ce+0x38/0xf8c
bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
__bpf_prog_run include/linux/filter.h:628 [inline]
bpf_prog_run include/linux/filter.h:635 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:1880 [inline]
bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1918
__traceiter_sched_switch+0x7d/0xb0 include/trace/events/sched.h:220
trace_sched_switch include/trace/events/sched.h:220 [inline]
__schedule+0x1e8d/0x45b0 kernel/sched/core.c:6373
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
exit_to_user_mode_loop+0x44/0x130 kernel/entry/common.c:169
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
__syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
syscall_exit_to_user_mode+0x5d/0x240 kernel/entry/common.c:307
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fcdcc1ae4df
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48
RSP: 002b:00007fcdca5ec030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: 0000000000000001 RBX: 0000000000000009 RCX: 00007fcdcc1ae4df
RDX: 0000000000000001 RSI: 00007fcdca5ec090 RDI: 0000000000000009
RBP: 00007fcdca5ec090 R08: 0000000000000000 R09: 00007fcdca5ebdf7
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 0000000000000000 R14: 00007fcdcc33e130 R15: 00007ffeff23f5c8
</TASK>
netlink: 4 bytes leftover after parsing attributes in process `syz.2.448'.