FAULT_INJECTION: forcing a failure.
name fail_usercopy, interval 1, probability 0, space 0, times 0
======================================================
WARNING: possible circular locking dependency detected
6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 Not tainted
------------------------------------------------------
syz.2.1563/12749 is trying to acquire lock:
ffffffff8e613cb8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x20/0xa0 kernel/locking/semaphore.c:139
but task is already holding lock:
ffff8880b883e998 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:568
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&rq->__lock){-.-.}-{2:2}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759
_raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:560
raw_spin_rq_lock kernel/sched/sched.h:1415 [inline]
rq_lock kernel/sched/sched.h:1714 [inline]
task_fork_fair+0x61/0x1e0 kernel/sched/fair.c:12710
sched_cgroup_fork+0x37c/0x410 kernel/sched/core.c:4633
copy_process+0x2217/0x3dc0 kernel/fork.c:2483
kernel_clone+0x223/0x880 kernel/fork.c:2781
user_mode_thread+0x132/0x1a0 kernel/fork.c:2859
rest_init+0x23/0x300 init/main.c:712
start_kernel+0x47a/0x500 init/main.c:1103
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507
x86_64_start_kernel+0x9f/0xa0 arch/x86/kernel/head64.c:488
common_startup_64+0x13e/0x147
-> #1 (&p->pi_lock){-.-.}-{2:2}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]
try_to_wake_up+0xb0/0x1470 kernel/sched/core.c:4051
up+0x72/0x90 kernel/locking/semaphore.c:191
__up_console_sem kernel/printk/printk.c:340 [inline]
__console_unlock kernel/printk/printk.c:2801 [inline]
console_unlock+0x22f/0x4d0 kernel/printk/printk.c:3120
vprintk_emit+0x5dc/0x7c0 kernel/printk/printk.c:2348
_printk+0xd5/0x120 kernel/printk/printk.c:2373
batadv_check_known_mac_addr+0x2b1/0x410 net/batman-adv/hard-interface.c:526
batadv_hard_if_event+0x3a5/0x1620 net/batman-adv/hard-interface.c:998
notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93
call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]
call_netdevice_notifiers net/core/dev.c:2046 [inline]
dev_set_mac_address+0x3d9/0x510 net/core/dev.c:9101
dev_set_mac_address_user+0x31/0x50 net/core/dev.c:9115
do_setlink+0x8b6/0x41f0 net/core/rtnetlink.c:2855
__rtnl_newlink net/core/rtnetlink.c:3696 [inline]
rtnl_newlink+0x180d/0x20a0 net/core/rtnetlink.c:3743
rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357
netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
__sys_sendto+0x3a4/0x4f0 net/socket.c:2204
__do_sys_sendto net/socket.c:2216 [inline]
__se_sys_sendto net/socket.c:2212 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2212
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 ((console_sem).lock){-.-.}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3133 [inline]
check_prevs_add kernel/locking/lockdep.c:3252 [inline]
validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3868
__lock_acquire+0x137a/0x2040 kernel/locking/lockdep.c:5142
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
down_trylock+0x20/0xa0 kernel/locking/semaphore.c:139
__down_trylock_console_sem+0x109/0x250 kernel/printk/printk.c:323
console_trylock kernel/printk/printk.c:2754 [inline]
console_trylock_spinning kernel/printk/printk.c:1958 [inline]
vprintk_emit+0x2aa/0x7c0 kernel/printk/printk.c:2347
_printk+0xd5/0x120 kernel/printk/printk.c:2373
fail_dump lib/fault-inject.c:45 [inline]
should_fail_ex+0x391/0x4e0 lib/fault-inject.c:153
strncpy_from_user+0x36/0x2e0 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x71/0x140 mm/maccess.c:186
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:216 [inline]
____bpf_probe_read_compat_str kernel/trace/bpf_trace.c:311 [inline]
bpf_probe_read_compat_str+0xe9/0x180 kernel/trace/bpf_trace.c:307
bpf_prog_1ccb8ba97563bf77+0x40/0x63
bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
__bpf_prog_run include/linux/filter.h:691 [inline]
bpf_prog_run include/linux/filter.h:698 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2406 [inline]
bpf_trace_run2+0x2ec/0x540 kernel/trace/bpf_trace.c:2447
__traceiter_tlb_flush+0x77/0xd0 include/trace/events/tlb.h:38
trace_tlb_flush+0x118/0x140 include/trace/events/tlb.h:38
switch_mm_irqs_off+0x7cb/0xae0
context_switch kernel/sched/core.c:5172 [inline]
__schedule+0x1079/0x4a10 kernel/sched/core.c:6529
preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:6851
irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5763
fs_reclaim_acquire+0xaf/0x140 mm/page_alloc.c:3842
might_alloc include/linux/sched/mm.h:334 [inline]
slab_pre_alloc_hook mm/slub.c:3943 [inline]
slab_alloc_node mm/slub.c:4021 [inline]
kmem_cache_alloc_lru_noprof+0x42/0x2b0 mm/slub.c:4060
__d_alloc+0x31/0x700 fs/dcache.c:1636
d_alloc fs/dcache.c:1716 [inline]
d_alloc_parallel+0xdf/0x1600 fs/dcache.c:2476
lookup_open fs/namei.c:3503 [inline]
open_last_lookups fs/namei.c:3647 [inline]
path_openat+0x947/0x3470 fs/namei.c:3883
do_filp_open+0x235/0x490 fs/namei.c:3913
do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
do_sys_open fs/open.c:1431 [inline]
__do_sys_openat fs/open.c:1447 [inline]
__se_sys_openat fs/open.c:1442 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1442
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
(console_sem).lock --> &p->pi_lock --> &rq->__lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rq->__lock);
lock(&p->pi_lock);
lock(&rq->__lock);
lock((console_sem).lock);
*** DEADLOCK ***
5 locks held by syz.2.1563/12749:
#0: ffff888022d6ae90 (&sb->s_type->i_mutex_key#24){.+.+}-{3:3}, at: inode_lock_shared include/linux/fs.h:810 [inline]
#0: ffff888022d6ae90 (&sb->s_type->i_mutex_key#24){.+.+}-{3:3}, at: open_last_lookups fs/namei.c:3646 [inline]
#0: ffff888022d6ae90 (&sb->s_type->i_mutex_key#24){.+.+}-{3:3}, at: path_openat+0x7ec/0x3470 fs/namei.c:3883
#1: ffffffff8e82e4a0 (fs_reclaim){+.+.}-{0:0}, at: might_alloc include/linux/sched/mm.h:334 [inline]
#1: ffffffff8e82e4a0 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook mm/slub.c:3943 [inline]
#1: ffffffff8e82e4a0 (fs_reclaim){+.+.}-{0:0}, at: slab_alloc_node mm/slub.c:4021 [inline]
#1: ffffffff8e82e4a0 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_lru_noprof+0x42/0x2b0 mm/slub.c:4060
#2: ffffffff8e841120 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at: fs_reclaim_acquire+0x93/0x140 mm/page_alloc.c:3842
#3: ffff8880b883e998 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:568
#4: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:326 [inline]
#4: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
#4: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2405 [inline]
#4: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540 kernel/trace/bpf_trace.c:2447
stack backtrace:
CPU: 1 UID: 0 PID: 12749 Comm: syz.2.1563 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
__dump_stack lib/dump_stack.c:93 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2186
check_prev_add kernel/locking/lockdep.c:3133 [inline]
check_prevs_add kernel/locking/lockdep.c:3252 [inline]
validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3868
__lock_acquire+0x137a/0x2040 kernel/locking/lockdep.c:5142
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
down_trylock+0x20/0xa0 kernel/locking/semaphore.c:139
__down_trylock_console_sem+0x109/0x250 kernel/printk/printk.c:323
console_trylock kernel/printk/printk.c:2754 [inline]
console_trylock_spinning kernel/printk/printk.c:1958 [inline]
vprintk_emit+0x2aa/0x7c0 kernel/printk/printk.c:2347
_printk+0xd5/0x120 kernel/printk/printk.c:2373
fail_dump lib/fault-inject.c:45 [inline]
should_fail_ex+0x391/0x4e0 lib/fault-inject.c:153
strncpy_from_user+0x36/0x2e0 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x71/0x140 mm/maccess.c:186
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:216 [inline]
____bpf_probe_read_compat_str kernel/trace/bpf_trace.c:311 [inline]
bpf_probe_read_compat_str+0xe9/0x180 kernel/trace/bpf_trace.c:307
bpf_prog_1ccb8ba97563bf77+0x40/0x63
bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
__bpf_prog_run include/linux/filter.h:691 [inline]
bpf_prog_run include/linux/filter.h:698 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2406 [inline]
bpf_trace_run2+0x2ec/0x540 kernel/trace/bpf_trace.c:2447
__traceiter_tlb_flush+0x77/0xd0 include/trace/events/tlb.h:38
trace_tlb_flush+0x118/0x140 include/trace/events/tlb.h:38
switch_mm_irqs_off+0x7cb/0xae0
context_switch kernel/sched/core.c:5172 [inline]
__schedule+0x1079/0x4a10 kernel/sched/core.c:6529
preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:6851
irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5763
Code: 2b 00 74 08 4c 89 f7 e8 7a e1 87 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc90004c47540 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff92000988eb4 RCX: 13a819ba9032b500
RDX: dffffc0000000000 RSI: ffffffff8beae6e0 RDI: ffffffff8c3fbb00
RBP: ffffc90004c47698 R08: ffffffff93fa6857 R09: 1ffffffff27f4d0a
R10: dffffc0000000000 R11: fffffbfff27f4d0b R12: 1ffff92000988eb0
R13: dffffc0000000000 R14: ffffc90004c475a0 R15: 0000000000000246
fs_reclaim_acquire+0xaf/0x140 mm/page_alloc.c:3842
might_alloc include/linux/sched/mm.h:334 [inline]
slab_pre_alloc_hook mm/slub.c:3943 [inline]
slab_alloc_node mm/slub.c:4021 [inline]
kmem_cache_alloc_lru_noprof+0x42/0x2b0 mm/slub.c:4060
__d_alloc+0x31/0x700 fs/dcache.c:1636
d_alloc fs/dcache.c:1716 [inline]
d_alloc_parallel+0xdf/0x1600 fs/dcache.c:2476
lookup_open fs/namei.c:3503 [inline]
open_last_lookups fs/namei.c:3647 [inline]
path_openat+0x947/0x3470 fs/namei.c:3883
do_filp_open+0x235/0x490 fs/namei.c:3913
do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
do_sys_open fs/open.c:1431 [inline]
__do_sys_openat fs/open.c:1447 [inline]
__se_sys_openat fs/open.c:1442 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1442
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4257b7def9
Code: Unable to access opcode bytes at 0x7f4257b7decf.
RSP: 002b:00007f42589ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f4257d35f80 RCX: 00007f4257b7def9
RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004
RBP: 00007f42589ac090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 00007f4257d35f80 R15: 00007fffdaff01f8
CPU: 1 UID: 0 PID: 12749 Comm: syz.2.1563 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
__dump_stack lib/dump_stack.c:93 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
fail_dump lib/fault-inject.c:52 [inline]
should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:153
strncpy_from_user+0x36/0x2e0 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x71/0x140 mm/maccess.c:186
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:216 [inline]
____bpf_probe_read_compat_str kernel/trace/bpf_trace.c:311 [inline]
bpf_probe_read_compat_str+0xe9/0x180 kernel/trace/bpf_trace.c:307
bpf_prog_1ccb8ba97563bf77+0x40/0x63
bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
__bpf_prog_run include/linux/filter.h:691 [inline]
bpf_prog_run include/linux/filter.h:698 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2406 [inline]
bpf_trace_run2+0x2ec/0x540 kernel/trace/bpf_trace.c:2447
__traceiter_tlb_flush+0x77/0xd0 include/trace/events/tlb.h:38
trace_tlb_flush+0x118/0x140 include/trace/events/tlb.h:38
switch_mm_irqs_off+0x7cb/0xae0
context_switch kernel/sched/core.c:5172 [inline]
__schedule+0x1079/0x4a10 kernel/sched/core.c:6529
preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:6851
irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5763
Code: 2b 00 74 08 4c 89 f7 e8 7a e1 87 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc90004c47540 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff92000988eb4 RCX: 13a819ba9032b500
RDX: dffffc0000000000 RSI: ffffffff8beae6e0 RDI: ffffffff8c3fbb00
RBP: ffffc90004c47698 R08: ffffffff93fa6857 R09: 1ffffffff27f4d0a
R10: dffffc0000000000 R11: fffffbfff27f4d0b R12: 1ffff92000988eb0
R13: dffffc0000000000 R14: ffffc90004c475a0 R15: 0000000000000246
fs_reclaim_acquire+0xaf/0x140 mm/page_alloc.c:3842
might_alloc include/linux/sched/mm.h:334 [inline]
slab_pre_alloc_hook mm/slub.c:3943 [inline]
slab_alloc_node mm/slub.c:4021 [inline]
kmem_cache_alloc_lru_noprof+0x42/0x2b0 mm/slub.c:4060
__d_alloc+0x31/0x700 fs/dcache.c:1636
d_alloc fs/dcache.c:1716 [inline]
d_alloc_parallel+0xdf/0x1600 fs/dcache.c:2476
lookup_open fs/namei.c:3503 [inline]
open_last_lookups fs/namei.c:3647 [inline]
path_openat+0x947/0x3470 fs/namei.c:3883
do_filp_open+0x235/0x490 fs/namei.c:3913
do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
do_sys_open fs/open.c:1431 [inline]
__do_sys_openat fs/open.c:1447 [inline]
__se_sys_openat fs/open.c:1442 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1442
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4257b7def9
Code: Unable to access opcode bytes at 0x7f4257b7decf.
RSP: 002b:00007f42589ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f4257d35f80 RCX: 00007f4257b7def9
RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004
RBP: 00007f42589ac090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 00007f4257d35f80 R15: 00007fffdaff01f8
----------------
Code disassembly (best guess):
0: 2b 00 sub (%rax),%eax
2: 74 08 je 0xc
4: 4c 89 f7 mov %r14,%rdi
7: e8 7a e1 87 00 call 0x87e186
c: f6 44 24 61 02 testb $0x2,0x61(%rsp)
11: 0f 85 85 01 00 00 jne 0x19c
17: 41 f7 c7 00 02 00 00 test $0x200,%r15d
1e: 74 01 je 0x21
20: fb sti
21: 48 c7 44 24 40 0e 36 movq $0x45e0360e,0x40(%rsp)
28: e0 45
* 2a: 4b c7 44 25 00 00 00 movq $0x0,0x0(%r13,%r12,1) <-- trapping instruction
31: 00 00
33: 43 c7 44 25 09 00 00 movl $0x0,0x9(%r13,%r12,1)
3a: 00 00
3c: 43 rex.XB
3d: c7 .byte 0xc7
3e: 44 rex.R
3f: 25 .byte 0x25