FAULT_INJECTION: forcing a failure.
name fail_usercopy, interval 1, probability 0, space 0, times 0
======================================================
WARNING: possible circular locking dependency detected
6.1.77-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.0/9606 is trying to acquire lock:
ffffffff8d0068d8 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:139
but task is already holding lock:
ffff8880b9839e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:537
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&rq->__lock){-.-.}-{2:2}:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:378
raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:537
raw_spin_rq_lock kernel/sched/sched.h:1354 [inline]
rq_lock kernel/sched/sched.h:1644 [inline]
task_fork_fair+0x5d/0x350 kernel/sched/fair.c:11863
sched_cgroup_fork+0x374/0x400 kernel/sched/core.c:4686
copy_process+0x2442/0x4060 kernel/fork.c:2384
kernel_clone+0x222/0x920 kernel/fork.c:2682
user_mode_thread+0x12e/0x190 kernel/fork.c:2758
rest_init+0x23/0x300 init/main.c:696
start_kernel+0x0/0x53f init/main.c:891
start_kernel+0x496/0x53f init/main.c:1138
secondary_startup_64_no_verify+0xcf/0xdb
-> #1 (&p->pi_lock){-.-.}-{2:2}:
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
try_to_wake_up+0xad/0x12e0 kernel/sched/core.c:4112
up+0x6e/0x90 kernel/locking/semaphore.c:191
__up_console_sem+0xf8/0x1e0 kernel/printk/printk.c:260
__console_unlock kernel/printk/printk.c:2662 [inline]
console_unlock+0x591/0x7c0 kernel/printk/printk.c:2873
vprintk_emit+0x523/0x740 kernel/printk/printk.c:2268
_printk+0xd1/0x111 kernel/printk/printk.c:2293
printk_stack_address arch/x86/kernel/dumpstack.c:72 [inline]
show_trace_log_lvl+0x388/0x410 arch/x86/kernel/dumpstack.c:285
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
fail_dump lib/fault-inject.c:52 [inline]
should_fail_ex+0x3a6/0x4d0 lib/fault-inject.c:147
should_failslab+0x5/0x20 mm/slab_common.c:1452
slab_pre_alloc_hook+0x59/0x300 mm/slab.h:712
slab_alloc_node mm/slub.c:3318 [inline]
__kmem_cache_alloc_node+0x47/0x260 mm/slub.c:3437
__do_kmalloc_node mm/slab_common.c:954 [inline]
__kmalloc_node+0xa2/0x230 mm/slab_common.c:962
kmalloc_node include/linux/slab.h:579 [inline]
kvmalloc_node+0x6e/0x180 mm/util.c:581
kvmalloc include/linux/slab.h:706 [inline]
map_get_next_key+0x27b/0x620 kernel/bpf/syscall.c:1549
__sys_bpf+0x364/0x6c0 kernel/bpf/syscall.c:4999
__do_sys_bpf kernel/bpf/syscall.c:5109 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5107 [inline]
__x64_sys_bpf+0x78/0x90 kernel/bpf/syscall.c:5107
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x63/0xcd
-> #0 ((console_sem).lock){-...}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3090 [inline]
check_prevs_add kernel/locking/lockdep.c:3209 [inline]
validate_chain+0x1661/0x5950 kernel/locking/lockdep.c:3825
__lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5049
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:139
__down_trylock_console_sem+0x105/0x250 kernel/printk/printk.c:243
console_trylock kernel/printk/printk.c:2615 [inline]
console_trylock_spinning kernel/printk/printk.c:1867 [inline]
vprintk_emit+0x1ee/0x740 kernel/printk/printk.c:2267
_printk+0xd1/0x111 kernel/printk/printk.c:2293
fail_dump lib/fault-inject.c:45 [inline]
should_fail_ex+0x387/0x4d0 lib/fault-inject.c:147
strncpy_from_user+0x32/0x360 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:186
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:204 [inline]
____bpf_probe_read_compat_str kernel/trace/bpf_trace.c:310 [inline]
bpf_probe_read_compat_str+0xe4/0x180 kernel/trace/bpf_trace.c:306
bpf_prog_e42f6260c1b72fb3+0x35/0x37
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:600 [inline]
bpf_prog_run include/linux/filter.h:607 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2275 [inline]
bpf_trace_run4+0x253/0x470 kernel/trace/bpf_trace.c:2316
__traceiter_sched_switch+0x91/0xc0 include/trace/events/sched.h:222
trace_sched_switch include/trace/events/sched.h:222 [inline]
__schedule+0x2116/0x4550 kernel/sched/core.c:6555
preempt_schedule_irq+0xf7/0x1c0 kernel/sched/core.c:6870
irqentry_exit+0x53/0x80 kernel/entry/common.c:433
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:653
rcu_read_lock_sched_held+0x56/0x130 kernel/rcu/update.c:120
task_css include/linux/cgroup.h:509 [inline]
mem_cgroup_from_task+0x49/0x110 mm/memcontrol.c:985
get_obj_cgroup_from_current+0x168/0x280 mm/memcontrol.c:3020
memcg_slab_pre_alloc_hook mm/slab.h:485 [inline]
slab_pre_alloc_hook+0x90/0x300 mm/slab.h:715
slab_alloc_node mm/slub.c:3318 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x4e/0x2d0 mm/slub.c:3422
anon_vma_alloc mm/rmap.c:93 [inline]
__anon_vma_prepare+0xb7/0x400 mm/rmap.c:202
anon_vma_prepare include/linux/rmap.h:159 [inline]
do_anonymous_page mm/memory.c:4150 [inline]
handle_pte_fault mm/memory.c:4991 [inline]
__handle_mm_fault mm/memory.c:5135 [inline]
handle_mm_fault+0x4b0f/0x5340 mm/memory.c:5256
do_user_addr_fault arch/x86/mm/fault.c:1380 [inline]
handle_page_fault arch/x86/mm/fault.c:1471 [inline]
exc_page_fault+0x26f/0x660 arch/x86/mm/fault.c:1527
asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570
other info that might help us debug this:
Chain exists of:
(console_sem).lock --> &p->pi_lock --> &rq->__lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rq->__lock);
lock(&p->pi_lock);
lock(&rq->__lock);
lock((console_sem).lock);
*** DEADLOCK ***
4 locks held by syz-executor.0/9606:
#0: ffff888015305b58 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
#0: ffff888015305b58 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5284 [inline]
#0: ffff888015305b58 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x2e/0x2e0 mm/memory.c:5346
#1: ffffffff8d12a740 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:318 [inline]
#1: ffffffff8d12a740 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:759 [inline]
#1: ffffffff8d12a740 (rcu_read_lock){....}-{1:2}, at: get_obj_cgroup_from_current+0xd4/0x280 mm/memcontrol.c:3016
#2: ffff8880b9839e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:537
#3: ffffffff8d12a740 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:318 [inline]
#3: ffffffff8d12a740 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:759 [inline]
#3: ffffffff8d12a740 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2274 [inline]
#3: ffffffff8d12a740 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x16a/0x470 kernel/trace/bpf_trace.c:2316
stack backtrace:
CPU: 0 PID: 9606 Comm: syz-executor.0 Not tainted 6.1.77-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
check_noncircular+0x2fa/0x3b0 kernel/locking/lockdep.c:2170
check_prev_add kernel/locking/lockdep.c:3090 [inline]
check_prevs_add kernel/locking/lockdep.c:3209 [inline]
validate_chain+0x1661/0x5950 kernel/locking/lockdep.c:3825
__lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5049
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:139
__down_trylock_console_sem+0x105/0x250 kernel/printk/printk.c:243
console_trylock kernel/printk/printk.c:2615 [inline]
console_trylock_spinning kernel/printk/printk.c:1867 [inline]
vprintk_emit+0x1ee/0x740 kernel/printk/printk.c:2267
_printk+0xd1/0x111 kernel/printk/printk.c:2293
fail_dump lib/fault-inject.c:45 [inline]
should_fail_ex+0x387/0x4d0 lib/fault-inject.c:147
strncpy_from_user+0x32/0x360 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:186
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:204 [inline]
____bpf_probe_read_compat_str kernel/trace/bpf_trace.c:310 [inline]
bpf_probe_read_compat_str+0xe4/0x180 kernel/trace/bpf_trace.c:306
bpf_prog_e42f6260c1b72fb3+0x35/0x37
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:600 [inline]
bpf_prog_run include/linux/filter.h:607 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2275 [inline]
bpf_trace_run4+0x253/0x470 kernel/trace/bpf_trace.c:2316
__traceiter_sched_switch+0x91/0xc0 include/trace/events/sched.h:222
trace_sched_switch include/trace/events/sched.h:222 [inline]
__schedule+0x2116/0x4550 kernel/sched/core.c:6555
preempt_schedule_irq+0xf7/0x1c0 kernel/sched/core.c:6870
irqentry_exit+0x53/0x80 kernel/entry/common.c:433
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:653
RIP: 0010:rcu_read_lock_sched_held+0x56/0x130 kernel/rcu/update.c:120
Code: c7 04 24 b3 8a b5 41 48 c7 44 24 08 68 0e 8d 8c 48 c7 44 24 10 80 f7 71 81 48 89 e3 48 c1 eb 03 48 b8 f1 f1 f1 f1 00 f3 f3 f3 <4a> 89 04 33 e8 41 66 18 09 85 c0 74 2a 45 31 ff e8 a5 3e 01 00 84
RSP: 0000:ffffc90013187a60 EFLAGS: 00000a02
RAX: f3f3f300f1f1f1f1 RBX: 1ffff92002630f4c RCX: ffff88807d0f5940
RDX: dffffc0000000000 RSI: ffffffff8b3d0da0 RDI: ffff88807d0f5940
RBP: ffffc90013187ae8 R08: dffffc0000000000 R09: fffffbfff2092245
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
R13: ffff888140008140 R14: dffffc0000000000 R15: dffffc0000000000
task_css include/linux/cgroup.h:509 [inline]
mem_cgroup_from_task+0x49/0x110 mm/memcontrol.c:985
get_obj_cgroup_from_current+0x168/0x280 mm/memcontrol.c:3020
memcg_slab_pre_alloc_hook mm/slab.h:485 [inline]
slab_pre_alloc_hook+0x90/0x300 mm/slab.h:715
slab_alloc_node mm/slub.c:3318 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x4e/0x2d0 mm/slub.c:3422
anon_vma_alloc mm/rmap.c:93 [inline]
__anon_vma_prepare+0xb7/0x400 mm/rmap.c:202
anon_vma_prepare include/linux/rmap.h:159 [inline]
do_anonymous_page mm/memory.c:4150 [inline]
handle_pte_fault mm/memory.c:4991 [inline]
__handle_mm_fault mm/memory.c:5135 [inline]
handle_mm_fault+0x4b0f/0x5340 mm/memory.c:5256
do_user_addr_fault arch/x86/mm/fault.c:1380 [inline]
handle_page_fault arch/x86/mm/fault.c:1471 [inline]
exc_page_fault+0x26f/0x660 arch/x86/mm/fault.c:1527
asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7f6530e29793
Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
RSP: 002b:00007f6531bed530 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 00007f6531bed5d0 RCX: 00007f65275ff000
RDX: 00007f6531bed770 RSI: 0000000000000003 RDI: 00007f6531bed670
RBP: 0000000000000139 R08: 000000000000000a R09: 00000000000002e6
R10: 000000000000033e R11: 00007f6531bed5d0 R12: 00007f6531bed5d0
R13: 00007f6530eeccc0 R14: 0000000000000058 R15: 00007f6531bed670
CPU: 0 PID: 9606 Comm: syz-executor.0 Not tainted 6.1.77-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
fail_dump lib/fault-inject.c:52 [inline]
should_fail_ex+0x3a6/0x4d0 lib/fault-inject.c:147
strncpy_from_user+0x32/0x360 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:186
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:204 [inline]
____bpf_probe_read_compat_str kernel/trace/bpf_trace.c:310 [inline]
bpf_probe_read_compat_str+0xe4/0x180 kernel/trace/bpf_trace.c:306
bpf_prog_e42f6260c1b72fb3+0x35/0x37
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:600 [inline]
bpf_prog_run include/linux/filter.h:607 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2275 [inline]
bpf_trace_run4+0x253/0x470 kernel/trace/bpf_trace.c:2316
__traceiter_sched_switch+0x91/0xc0 include/trace/events/sched.h:222
trace_sched_switch include/trace/events/sched.h:222 [inline]
__schedule+0x2116/0x4550 kernel/sched/core.c:6555
preempt_schedule_irq+0xf7/0x1c0 kernel/sched/core.c:6870
irqentry_exit+0x53/0x80 kernel/entry/common.c:433
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:653
RIP: 0010:rcu_read_lock_sched_held+0x56/0x130 kernel/rcu/update.c:120
Code: c7 04 24 b3 8a b5 41 48 c7 44 24 08 68 0e 8d 8c 48 c7 44 24 10 80 f7 71 81 48 89 e3 48 c1 eb 03 48 b8 f1 f1 f1 f1 00 f3 f3 f3 <4a> 89 04 33 e8 41 66 18 09 85 c0 74 2a 45 31 ff e8 a5 3e 01 00 84
RSP: 0000:ffffc90013187a60 EFLAGS: 00000a02
RAX: f3f3f300f1f1f1f1 RBX: 1ffff92002630f4c RCX: ffff88807d0f5940
RDX: dffffc0000000000 RSI: ffffffff8b3d0da0 RDI: ffff88807d0f5940
RBP: ffffc90013187ae8 R08: dffffc0000000000 R09: fffffbfff2092245
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
R13: ffff888140008140 R14: dffffc0000000000 R15: dffffc0000000000
task_css include/linux/cgroup.h:509 [inline]
mem_cgroup_from_task+0x49/0x110 mm/memcontrol.c:985
get_obj_cgroup_from_current+0x168/0x280 mm/memcontrol.c:3020
memcg_slab_pre_alloc_hook mm/slab.h:485 [inline]
slab_pre_alloc_hook+0x90/0x300 mm/slab.h:715
slab_alloc_node mm/slub.c:3318 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x4e/0x2d0 mm/slub.c:3422
anon_vma_alloc mm/rmap.c:93 [inline]
__anon_vma_prepare+0xb7/0x400 mm/rmap.c:202
anon_vma_prepare include/linux/rmap.h:159 [inline]
do_anonymous_page mm/memory.c:4150 [inline]
handle_pte_fault mm/memory.c:4991 [inline]
__handle_mm_fault mm/memory.c:5135 [inline]
handle_mm_fault+0x4b0f/0x5340 mm/memory.c:5256
do_user_addr_fault arch/x86/mm/fault.c:1380 [inline]
handle_page_fault arch/x86/mm/fault.c:1471 [inline]
exc_page_fault+0x26f/0x660 arch/x86/mm/fault.c:1527
asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7f6530e29793
Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
RSP: 002b:00007f6531bed530 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 00007f6531bed5d0 RCX: 00007f65275ff000
RDX: 00007f6531bed770 RSI: 0000000000000003 RDI: 00007f6531bed670
RBP: 0000000000000139 R08: 000000000000000a R09: 00000000000002e6
R10: 000000000000033e R11: 00007f6531bed5d0 R12: 00007f6531bed5d0
R13: 00007f6530eeccc0 R14: 0000000000000058 R15: 00007f6531bed670
loop0: detected capacity change from 0 to 32768
XFS (loop0): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent.
XFS (loop0): Quotacheck needed: Please wait.
XFS (loop0): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
----------------
Code disassembly (best guess):
0: c7 04 24 b3 8a b5 41 movl $0x41b58ab3,(%rsp)
7: 48 c7 44 24 08 68 0e movq $0xffffffff8c8d0e68,0x8(%rsp)
e: 8d 8c
10: 48 c7 44 24 10 80 f7 movq $0xffffffff8171f780,0x10(%rsp)
17: 71 81
19: 48 89 e3 mov %rsp,%rbx
1c: 48 c1 eb 03 shr $0x3,%rbx
20: 48 b8 f1 f1 f1 f1 00 movabs $0xf3f3f300f1f1f1f1,%rax
27: f3 f3 f3
* 2a: 4a 89 04 33 mov %rax,(%rbx,%r14,1) <-- trapping instruction
2e: e8 41 66 18 09 call 0x9186674
33: 85 c0 test %eax,%eax
35: 74 2a je 0x61
37: 45 31 ff xor %r15d,%r15d
3a: e8 a5 3e 01 00 call 0x13ee4
3f: 84 .byte 0x84