======================================================
WARNING: possible circular locking dependency detected
6.9.0-rc6-syzkaller-00113-g49a73b1652c5 #0 Not tainted
------------------------------------------------------
syz-executor.1/8723 is trying to acquire lock:
ffff888022a28958 (&sighand->siglock){-.-.}-{2:2}, at: force_sig_info_to_task+0x7a/0x660 kernel/signal.c:1334

but task is already holding lock:
ffff8880b953ea58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:559

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&rq->__lock){-.-.}-{2:2}:
       _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
       raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:559
       raw_spin_rq_lock kernel/sched/sched.h:1387 [inline]
       _raw_spin_rq_lock_irqsave kernel/sched/sched.h:1406 [inline]
       rq_lock_irqsave kernel/sched/sched.h:1685 [inline]
       class_rq_lock_irqsave_constructor kernel/sched/sched.h:1739 [inline]
       sched_mm_cid_before_execve+0x114/0x5e0 kernel/sched/core.c:12027
       exit_signals+0x34d/0x960 kernel/signal.c:3016
       do_exit+0x530/0x2c10 kernel/exit.c:837
       __do_sys_exit kernel/exit.c:994 [inline]
       __se_sys_exit kernel/exit.c:992 [inline]
       __x64_sys_exit+0x42/0x50 kernel/exit.c:992
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xcf/0x260 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&sighand->siglock){-.-.}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain kernel/locking/lockdep.c:3869 [inline]
       __lock_acquire+0x2478/0x3b30 kernel/locking/lockdep.c:5137
       lock_acquire kernel/locking/lockdep.c:5754 [inline]
       lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
       force_sig_info_to_task+0x7a/0x660 kernel/signal.c:1334
       force_sig_fault_to_task kernel/signal.c:1733 [inline]
       force_sig_fault+0xc5/0x110 kernel/signal.c:1738
       kernelmode_fixup_or_oops+0x209/0x2b0 arch/x86/mm/fault.c:750
       __bad_area_nosemaphore+0x39f/0x6b0 arch/x86/mm/fault.c:814
       do_user_addr_fault+0x557/0x1080 arch/x86/mm/fault.c:1298
       handle_page_fault arch/x86/mm/fault.c:1505 [inline]
       exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1563
       asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
       rep_movs_alternative+0x13/0x70 arch/x86/lib/copy_user_64.S:40
       copy_user_generic arch/x86/include/asm/uaccess_64.h:110 [inline]
       raw_copy_from_user arch/x86/include/asm/uaccess_64.h:125 [inline]
       __copy_from_user_inatomic include/linux/uaccess.h:87 [inline]
       copy_from_user_nofault+0xe1/0x170 mm/maccess.c:125
       bpf_probe_read_user_common kernel/trace/bpf_trace.c:179 [inline]
       ____bpf_probe_read_user kernel/trace/bpf_trace.c:188 [inline]
       bpf_probe_read_user+0x26/0x70 kernel/trace/bpf_trace.c:185
       ___bpf_prog_run+0x3e51/0xabd0 kernel/bpf/core.c:1997
       __bpf_prog_run32+0xc1/0x100 kernel/bpf/core.c:2236
       bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
       __bpf_prog_run include/linux/filter.h:657 [inline]
       bpf_prog_run include/linux/filter.h:664 [inline]
       __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
       bpf_trace_run4+0x176/0x460 kernel/trace/bpf_trace.c:2422
       __bpf_trace_sched_switch+0x13e/0x190 include/trace/events/sched.h:222
       __traceiter_sched_switch+0x6c/0xc0 include/trace/events/sched.h:222
       trace_sched_switch include/trace/events/sched.h:222 [inline]
       __schedule+0x252c/0x5d00 kernel/sched/core.c:6743
       preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7068
       irqentry_exit+0x36/0x90 kernel/entry/common.c:354
       asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
       seqcount_lockdep_reader_access include/linux/seqlock.h:74 [inline]
       ktime_get_real_ts64+0xbf/0x570 kernel/time/timekeeping.c:824
       __do_sys_gettimeofday kernel/time/time.c:146 [inline]
       __se_sys_gettimeofday kernel/time/time.c:140 [inline]
       __x64_sys_gettimeofday+0xd4/0x210 kernel/time/time.c:140
       emulate_vsyscall+0x4ea/0xe50 arch/x86/entry/vsyscall/vsyscall_64.c:247
       do_user_addr_fault+0x61a/0x1080 arch/x86/mm/fault.c:1346
       handle_page_fault arch/x86/mm/fault.c:1505 [inline]
       exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1563
       asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
       _end+0x6a9da000/0x0

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&rq->__lock);
                               lock(&sighand->siglock);
                               lock(&rq->__lock);
  lock(&sighand->siglock);

 *** DEADLOCK ***

2 locks held by syz-executor.1/8723:
 #0: ffff8880b953ea58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:559
 #1: ffffffff8d7b0e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #1: ffffffff8d7b0e20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #1: ffffffff8d7b0e20 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline]
 #1: ffffffff8d7b0e20 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x107/0x460 kernel/trace/bpf_trace.c:2422

stack backtrace:
CPU: 1 PID: 8723 Comm: syz-executor.1 Not tainted 6.9.0-rc6-syzkaller-00113-g49a73b1652c5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain kernel/locking/lockdep.c:3869 [inline]
 __lock_acquire+0x2478/0x3b30 kernel/locking/lockdep.c:5137
 lock_acquire kernel/locking/lockdep.c:5754 [inline]
 lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
 force_sig_info_to_task+0x7a/0x660 kernel/signal.c:1334
 force_sig_fault_to_task kernel/signal.c:1733 [inline]
 force_sig_fault+0xc5/0x110 kernel/signal.c:1738
 kernelmode_fixup_or_oops+0x209/0x2b0 arch/x86/mm/fault.c:750
 __bad_area_nosemaphore+0x39f/0x6b0 arch/x86/mm/fault.c:814
 do_user_addr_fault+0x557/0x1080 arch/x86/mm/fault.c:1298
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1563
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:rep_movs_alternative+0x13/0x70 arch/x86/lib/copy_user_64.S:43
Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f
RSP: 0000:ffffc90003307750 EFLAGS: 00050046
RAX: 00000000000051af RBX: 0000000000000008 RCX: 0000000000000008
RDX: 0000000000040000 RSI: 0000000000000000 RDI: ffffc90003307838
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000002
R10: 0000000000000002 R11: 0000000000000001 R12: ffffc90003307838
R13: ffff888021b20000 R14: 0000000000000000 R15: 0000000000000000
 copy_user_generic arch/x86/include/asm/uaccess_64.h:110 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:125 [inline]
 __copy_from_user_inatomic include/linux/uaccess.h:87 [inline]
 copy_from_user_nofault+0xe1/0x170 mm/maccess.c:125
 bpf_probe_read_user_common kernel/trace/bpf_trace.c:179 [inline]
 ____bpf_probe_read_user kernel/trace/bpf_trace.c:188 [inline]
 bpf_probe_read_user+0x26/0x70 kernel/trace/bpf_trace.c:185
 ___bpf_prog_run+0x3e51/0xabd0 kernel/bpf/core.c:1997
 __bpf_prog_run32+0xc1/0x100 kernel/bpf/core.c:2236
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
 bpf_trace_run4+0x176/0x460 kernel/trace/bpf_trace.c:2422
 __bpf_trace_sched_switch+0x13e/0x190 include/trace/events/sched.h:222
 __traceiter_sched_switch+0x6c/0xc0 include/trace/events/sched.h:222
 trace_sched_switch include/trace/events/sched.h:222 [inline]
 __schedule+0x252c/0x5d00 kernel/sched/core.c:6743
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7068
 irqentry_exit+0x36/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__seqprop_raw_spinlock_sequence include/linux/seqlock.h:226 [inline]
RIP: 0010:ktime_get_real_ts64+0xbf/0x570 kernel/time/timekeeping.c:824
Code: 24 58 48 c7 c7 48 da 7d 8d e8 dd 19 f0 ff 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 ab fa 11 00 48 85 db 58 0f 85 3a 04 00 00 <e8> 8c ff 11 00 eb 07 e8 85 ff 11 00 f3 90 8b 2d 8d 13 02 0c 31 ff
RSP: 0000:ffffc90003307d88 EFLAGS: 00000283
RAX: 000000000000516b RBX: 0000000000000000 RCX: ffffc90013400000
RDX: 0000000000040000 RSI: ffffffff817bca99 RDI: 0000000000000007
RBP: 0000000000000019 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90003307e00
R13: 00007fcca1911c70 R14: dffffc0000000000 R15: ffff888021b20000
 __do_sys_gettimeofday kernel/time/time.c:146 [inline]
 __se_sys_gettimeofday kernel/time/time.c:140 [inline]
 __x64_sys_gettimeofday+0xd4/0x210 kernel/time/time.c:140
 emulate_vsyscall+0x4ea/0xe50 arch/x86/entry/vsyscall/vsyscall_64.c:247
 do_user_addr_fault+0x61a/0x1080 arch/x86/mm/fault.c:1346
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1563
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:_end+0x6a9da000/0x0
Code: Unable to access opcode bytes at 0xffffffffff5fffd6.
RSP: 002b:00007fcca1911b38 EFLAGS: 00010246
RAX: ffffffffffffffda RBX: 00007fcca0dac050 RCX: 00007fcca0c7dea9
RDX: 00007fcca1911b40 RSI: 00007fcca1911c70 RDI: 0000000000000019
RBP: 00007fcca0cca4a4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007fcca0dac050 R15: 00007ffcc06f7cb8
 </TASK>
----------------
Code disassembly (best guess):
   0:	cc                   	int3
   1:	cc                   	int3
   2:	cc                   	int3
   3:	0f 1f 40 00          	nopl   0x0(%rax)
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	f3 0f 1e fa          	endbr64
  1b:	48 83 f9 40          	cmp    $0x40,%rcx
  1f:	73 40                	jae    0x61
  21:	83 f9 08             	cmp    $0x8,%ecx
  24:	73 21                	jae    0x47
  26:	85 c9                	test   %ecx,%ecx
  28:	74 0f                	je     0x39
* 2a:	8a 06                	mov    (%rsi),%al <-- trapping instruction
  2c:	88 07                	mov    %al,(%rdi)
  2e:	48 ff c7             	inc    %rdi
  31:	48 ff c6             	inc    %rsi
  34:	48 ff c9             	dec    %rcx
  37:	75 f1                	jne    0x2a
  39:	c3                   	ret
  3a:	cc                   	int3
  3b:	cc                   	int3
  3c:	cc                   	int3
  3d:	cc                   	int3
  3e:	66                   	data16
  3f:	0f                   	.byte 0xf