FAULT_INJECTION: forcing a failure.
name fail_usercopy, interval 1, probability 0, space 0, times 0
======================================================
WARNING: possible circular locking dependency detected
6.1.106-syzkaller #0 Not tainted
------------------------------------------------------
syz.3.2236/10667 is trying to acquire lock:
ffffffff8d31f480 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable kernel/printk/printk.c:1818 [inline]
ffffffff8d31f480 (console_owner){-.-.}-{0:0}, at: console_emit_next_record+0xa9c/0x1000 kernel/printk/printk.c:2774
but task is already holding lock:
ffff8880b993a9d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:537
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (&rq->__lock){-.-.}-{2:2}:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:378
raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:537
raw_spin_rq_lock kernel/sched/sched.h:1355 [inline]
rq_lock kernel/sched/sched.h:1645 [inline]
task_fork_fair+0x5d/0x350 kernel/sched/fair.c:11877
sched_cgroup_fork+0x374/0x400 kernel/sched/core.c:4682
copy_process+0x2442/0x4060 kernel/fork.c:2384
kernel_clone+0x222/0x920 kernel/fork.c:2682
user_mode_thread+0x12e/0x190 kernel/fork.c:2758
rest_init+0x23/0x300 init/main.c:698
start_kernel+0x0/0x53f init/main.c:893
start_kernel+0x496/0x53f init/main.c:1140
secondary_startup_64_no_verify+0xcf/0xdb
-> #3 (&p->pi_lock){-.-.}-{2:2}:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
try_to_wake_up+0xad/0x12e0 kernel/sched/core.c:4108
__wake_up_common+0x2a0/0x4e0 kernel/sched/wait.c:107
__wake_up_common_lock kernel/sched/wait.c:138 [inline]
__wake_up+0x11a/0x1c0 kernel/sched/wait.c:160
tty_port_default_wakeup+0xa2/0xf0 drivers/tty/tty_port.c:71
serial8250_tx_chars+0x60d/0x800 drivers/tty/serial/8250/8250_port.c:1854
serial8250_handle_irq+0x4ff/0x6a0 drivers/tty/serial/8250/8250_port.c:1961
serial8250_default_handle_irq+0xc8/0x1e0 drivers/tty/serial/8250/8250_port.c:1981
serial8250_interrupt+0xa1/0x1e0 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x2a8/0xb20 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x85/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x245/0xbf0 kernel/irq/chip.c:819
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:231 [inline]
__common_interrupt+0xd7/0x1f0 arch/x86/kernel/irq.c:250
common_interrupt+0x9f/0xc0 arch/x86/kernel/irq.c:240
asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:644
anon_vma_interval_tree_insert+0x25/0x490 mm/interval_tree.c:77
anon_vma_chain_link mm/rmap.c:156 [inline]
anon_vma_fork+0x4a4/0x580 mm/rmap.c:382
dup_mmap kernel/fork.c:662 [inline]
dup_mm kernel/fork.c:1540 [inline]
copy_mm+0xc83/0x1990 kernel/fork.c:1589
copy_process+0x19d5/0x4060 kernel/fork.c:2267
kernel_clone+0x222/0x920 kernel/fork.c:2682
__do_sys_clone kernel/fork.c:2823 [inline]
__se_sys_clone kernel/fork.c:2807 [inline]
__x64_sys_clone+0x231/0x280 kernel/fork.c:2807
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
-> #2 (&tty->write_wait){-...}-{2:2}:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
__wake_up_common_lock kernel/sched/wait.c:137 [inline]
__wake_up+0xfd/0x1c0 kernel/sched/wait.c:160
tty_port_default_wakeup+0xa2/0xf0 drivers/tty/tty_port.c:71
serial8250_tx_chars+0x60d/0x800 drivers/tty/serial/8250/8250_port.c:1854
serial8250_handle_irq+0x4ff/0x6a0 drivers/tty/serial/8250/8250_port.c:1961
serial8250_default_handle_irq+0xc8/0x1e0 drivers/tty/serial/8250/8250_port.c:1981
serial8250_interrupt+0xa1/0x1e0 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x2a8/0xb20 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x85/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x245/0xbf0 kernel/irq/chip.c:819
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:231 [inline]
__common_interrupt+0xd7/0x1f0 arch/x86/kernel/irq.c:250
common_interrupt+0x9f/0xc0 arch/x86/kernel/irq.c:240
asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:644
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
uart_write+0x6af/0x930 drivers/tty/serial/serial_core.c:600
process_output_block drivers/tty/n_tty.c:586 [inline]
n_tty_write+0xd7f/0x1260 drivers/tty/n_tty.c:2377
do_tty_write drivers/tty/tty_io.c:1018 [inline]
file_tty_write+0x504/0x890 drivers/tty/tty_io.c:1089
call_write_iter include/linux/fs.h:2265 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x857/0xbc0 fs/read_write.c:584
ksys_write+0x19c/0x2c0 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
-> #1 (&port_lock_key){-.-.}-{2:2}:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
serial8250_console_write+0x19d/0x1750 drivers/tty/serial/8250/8250_port.c:3404
call_console_driver kernel/printk/printk.c:1977 [inline]
console_emit_next_record+0xbb4/0x1000 kernel/printk/printk.c:2777
console_unlock+0x278/0x7c0 kernel/printk/printk.c:2906
vprintk_emit+0x523/0x740 kernel/printk/printk.c:2303
_printk+0xd1/0x111 kernel/printk/printk.c:2328
register_console+0x6b9/0x9a0 kernel/printk/printk.c:3269
univ8250_console_init+0x41/0x43 drivers/tty/serial/8250/8250_core.c:687
console_init+0x1d6/0x7f3 kernel/printk/printk.c:3359
start_kernel+0x30b/0x53f init/main.c:1076
secondary_startup_64_no_verify+0xcf/0xdb
-> #0 (console_owner){-.-.}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3090 [inline]
check_prevs_add kernel/locking/lockdep.c:3209 [inline]
validate_chain+0x1661/0x5950 kernel/locking/lockdep.c:3825
__lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5049
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
console_lock_spinning_enable kernel/printk/printk.c:1818 [inline]
console_emit_next_record+0xabd/0x1000 kernel/printk/printk.c:2774
console_unlock+0x278/0x7c0 kernel/printk/printk.c:2906
vprintk_emit+0x523/0x740 kernel/printk/printk.c:2303
_printk+0xd1/0x111 kernel/printk/printk.c:2328
fail_dump lib/fault-inject.c:45 [inline]
should_fail_ex+0x387/0x4d0 lib/fault-inject.c:147
strncpy_from_user+0x32/0x360 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:186
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:204 [inline]
____bpf_probe_read_user_str kernel/trace/bpf_trace.c:213 [inline]
bpf_probe_read_user_str+0x26/0x70 kernel/trace/bpf_trace.c:210
bpf_prog_86d6612bc91ef38d+0x35/0x37
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:596 [inline]
bpf_prog_run include/linux/filter.h:610 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2273 [inline]
bpf_trace_run4+0x3c3/0x470 kernel/trace/bpf_trace.c:2314
__traceiter_sched_switch+0x91/0xc0 include/trace/events/sched.h:222
trace_sched_switch include/trace/events/sched.h:222 [inline]
__schedule+0x2128/0x4570 kernel/sched/core.c:6555
preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:6727
preempt_schedule+0xd9/0xe0 kernel/sched/core.c:6751
preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:34
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0x128/0x130 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
prepare_to_wait_event+0x3b5/0x3f0 kernel/sched/wait.c:335
synchronize_rcu_expedited+0x766/0x930 kernel/rcu/tree_exp.h:977
synchronize_rcu+0x11c/0x3f0 kernel/rcu/tree.c:3575
sk_common_release+0x9d/0x310 net/core/sock.c:3696
pn_socket_release+0x90/0xb0 net/phonet/socket.c:34
__sock_release net/socket.c:654 [inline]
sock_close+0xcd/0x230 net/socket.c:1400
__fput+0x3f6/0x8d0 fs/file_table.c:320
task_work_run+0x246/0x300 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xde/0x100 kernel/entry/common.c:177
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
other info that might help us debug this:
Chain exists of:
console_owner --> &p->pi_lock --> &rq->__lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rq->__lock);
lock(&p->pi_lock);
lock(&rq->__lock);
lock(console_owner);
*** DEADLOCK ***
5 locks held by syz.3.2236/10667:
#0: ffff88807f3aac10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#0: ffff88807f3aac10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release net/socket.c:653 [inline]
#0: ffff88807f3aac10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x98/0x230 net/socket.c:1400
#1: ffffffff8d3305b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:291 [inline]
#1: ffffffff8d3305b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4f0/0x930 kernel/rcu/tree_exp.h:962
#2: ffff8880b993a9d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:537
#3: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
#3: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
#3: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2272 [inline]
#3: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x16a/0x470 kernel/trace/bpf_trace.c:2314
#4: ffffffff8d2071e0 (console_lock){+.+.}-{0:0}, at: _printk+0xd1/0x111 kernel/printk/printk.c:2328
stack backtrace:
CPU: 1 PID: 10667 Comm: syz.3.2236 Not tainted 6.1.106-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
check_noncircular+0x2fa/0x3b0 kernel/locking/lockdep.c:2170
check_prev_add kernel/locking/lockdep.c:3090 [inline]
check_prevs_add kernel/locking/lockdep.c:3209 [inline]
validate_chain+0x1661/0x5950 kernel/locking/lockdep.c:3825
__lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5049
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
console_lock_spinning_enable kernel/printk/printk.c:1818 [inline]
console_emit_next_record+0xabd/0x1000 kernel/printk/printk.c:2774
console_unlock+0x278/0x7c0 kernel/printk/printk.c:2906
vprintk_emit+0x523/0x740 kernel/printk/printk.c:2303
_printk+0xd1/0x111 kernel/printk/printk.c:2328
fail_dump lib/fault-inject.c:45 [inline]
should_fail_ex+0x387/0x4d0 lib/fault-inject.c:147
strncpy_from_user+0x32/0x360 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:186
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:204 [inline]
____bpf_probe_read_user_str kernel/trace/bpf_trace.c:213 [inline]
bpf_probe_read_user_str+0x26/0x70 kernel/trace/bpf_trace.c:210
bpf_prog_86d6612bc91ef38d+0x35/0x37
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:596 [inline]
bpf_prog_run include/linux/filter.h:610 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2273 [inline]
bpf_trace_run4+0x3c3/0x470 kernel/trace/bpf_trace.c:2314
__traceiter_sched_switch+0x91/0xc0 include/trace/events/sched.h:222
trace_sched_switch include/trace/events/sched.h:222 [inline]
__schedule+0x2128/0x4570 kernel/sched/core.c:6555
preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:6727
preempt_schedule+0xd9/0xe0 kernel/sched/core.c:6751
preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:34
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0x128/0x130 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
prepare_to_wait_event+0x3b5/0x3f0 kernel/sched/wait.c:335
synchronize_rcu_expedited+0x766/0x930 kernel/rcu/tree_exp.h:977
synchronize_rcu+0x11c/0x3f0 kernel/rcu/tree.c:3575
sk_common_release+0x9d/0x310 net/core/sock.c:3696
pn_socket_release+0x90/0xb0 net/phonet/socket.c:34
__sock_release net/socket.c:654 [inline]
sock_close+0xcd/0x230 net/socket.c:1400
__fput+0x3f6/0x8d0 fs/file_table.c:320
task_work_run+0x246/0x300 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xde/0x100 kernel/entry/common.c:177
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f6aced79e79
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6acebff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007f6acef15f80 RCX: 00007f6aced79e79
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f6acebff090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 00007f6acef15f80 R15: 00007fff34ad7958
</TASK>
CPU: 1 PID: 10667 Comm: syz.3.2236 Not tainted 6.1.106-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
fail_dump lib/fault-inject.c:52 [inline]
should_fail_ex+0x3a6/0x4d0 lib/fault-inject.c:147
strncpy_from_user+0x32/0x360 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:186
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:204 [inline]
____bpf_probe_read_user_str kernel/trace/bpf_trace.c:213 [inline]
bpf_probe_read_user_str+0x26/0x70 kernel/trace/bpf_trace.c:210
bpf_prog_86d6612bc91ef38d+0x35/0x37
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:596 [inline]
bpf_prog_run include/linux/filter.h:610 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2273 [inline]
bpf_trace_run4+0x3c3/0x470 kernel/trace/bpf_trace.c:2314
__traceiter_sched_switch+0x91/0xc0 include/trace/events/sched.h:222
trace_sched_switch include/trace/events/sched.h:222 [inline]
__schedule+0x2128/0x4570 kernel/sched/core.c:6555
preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:6727
preempt_schedule+0xd9/0xe0 kernel/sched/core.c:6751
preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:34
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0x128/0x130 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
prepare_to_wait_event+0x3b5/0x3f0 kernel/sched/wait.c:335
synchronize_rcu_expedited+0x766/0x930 kernel/rcu/tree_exp.h:977
synchronize_rcu+0x11c/0x3f0 kernel/rcu/tree.c:3575
sk_common_release+0x9d/0x310 net/core/sock.c:3696
pn_socket_release+0x90/0xb0 net/phonet/socket.c:34
__sock_release net/socket.c:654 [inline]
sock_close+0xcd/0x230 net/socket.c:1400
__fput+0x3f6/0x8d0 fs/file_table.c:320
task_work_run+0x246/0x300 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xde/0x100 kernel/entry/common.c:177
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f6aced79e79
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6acebff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007f6acef15f80 RCX: 00007f6aced79e79
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f6acebff090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 00007f6acef15f80 R15: 00007fff34ad7958
</TASK>