FAULT_INJECTION: forcing a failure.
name fail_usercopy, interval 1, probability 0, space 0, times 0
======================================================
WARNING: possible circular locking dependency detected
6.16.0-syzkaller #0 Not tainted
------------------------------------------------------
syz.3.181/6813 is trying to acquire lock:
ffffffff8e133300 (console_owner){-...}-{0:0}, at: rcu_try_lock_acquire include/linux/rcupdate.h:336 [inline]
ffffffff8e133300 (console_owner){-...}-{0:0}, at: srcu_read_lock_nmisafe include/linux/srcu.h:346 [inline]
ffffffff8e133300 (console_owner){-...}-{0:0}, at: console_srcu_read_lock kernel/printk/printk.c:288 [inline]
ffffffff8e133300 (console_owner){-...}-{0:0}, at: console_flush_all+0x13a/0xc40 kernel/printk/printk.c:3203
but task is already holding lock:
ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 kernel/sched/core.c:614
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (&rq->__lock){-.-.}-{2:2}:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
_raw_spin_lock_nested+0x32/0x50 kernel/locking/spinlock.c:378
raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:606
raw_spin_rq_lock kernel/sched/sched.h:1532 [inline]
task_rq_lock+0xbc/0x470 kernel/sched/core.c:708
cgroup_move_task+0x9a/0x590 kernel/sched/psi.c:1161
css_set_move_task+0x658/0x9e0 kernel/cgroup/cgroup.c:918
cgroup_post_fork+0x1ef/0x790 kernel/cgroup/cgroup.c:6754
copy_process+0x37e6/0x3b80 kernel/fork.c:2413
kernel_clone+0x224/0x7f0 kernel/fork.c:2599
user_mode_thread+0xdd/0x140 kernel/fork.c:2677
rest_init+0x23/0x300 init/main.c:710
start_kernel+0x47d/0x500 init/main.c:1102
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:307
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:288
common_startup_64+0x13e/0x147
-> #3 (&p->pi_lock){-.-.}-{2:2}:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162
class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:557 [inline]
try_to_wake_up+0x6e/0x1290 kernel/sched/core.c:4227
__wake_up_common kernel/sched/wait.c:89 [inline]
__wake_up_common_lock+0x137/0x1f0 kernel/sched/wait.c:106
tty_port_default_wakeup+0xa2/0xf0 drivers/tty/tty_port.c:69
serial8250_tx_chars+0x72e/0x970 drivers/tty/serial/8250/8250_port.c:1838
serial8250_handle_irq+0x633/0xbb0 drivers/tty/serial/8250/8250_port.c:1946
serial8250_default_handle_irq+0xbf/0x1b0 drivers/tty/serial/8250/8250_port.c:1966
serial8250_interrupt+0xa2/0x1d0 drivers/tty/serial/8250/8250_core.c:86
__handle_irq_event_percpu+0x289/0x980 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x267/0x9c0 kernel/irq/chip.c:797
generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
handle_irq arch/x86/kernel/irq.c:254 [inline]
call_irq_handler arch/x86/kernel/irq.c:266 [inline]
__common_interrupt+0x140/0x250 arch/x86/kernel/irq.c:292
common_interrupt+0xb6/0xe0 arch/x86/kernel/irq.c:285
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:81
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:749
default_idle_call+0x74/0xb0 kernel/sched/idle.c:117
cpuidle_idle_call kernel/sched/idle.c:185 [inline]
do_idle+0x1e8/0x510 kernel/sched/idle.c:325
cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:423
rest_init+0x2de/0x300 init/main.c:745
start_kernel+0x47d/0x500 init/main.c:1102
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:307
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:288
common_startup_64+0x13e/0x147
-> #2 (&tty->write_wait){-...}-{3:3}:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162
__wake_up_common_lock+0x2f/0x1f0 kernel/sched/wait.c:105
tty_port_default_wakeup+0xa2/0xf0 drivers/tty/tty_port.c:69
serial8250_tx_chars+0x72e/0x970 drivers/tty/serial/8250/8250_port.c:1838
serial8250_handle_irq+0x633/0xbb0 drivers/tty/serial/8250/8250_port.c:1946
serial8250_default_handle_irq+0xbf/0x1b0 drivers/tty/serial/8250/8250_port.c:1966
serial8250_interrupt+0xa2/0x1d0 drivers/tty/serial/8250/8250_core.c:86
__handle_irq_event_percpu+0x289/0x980 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x267/0x9c0 kernel/irq/chip.c:797
generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
handle_irq arch/x86/kernel/irq.c:254 [inline]
call_irq_handler arch/x86/kernel/irq.c:266 [inline]
__common_interrupt+0x140/0x250 arch/x86/kernel/irq.c:292
common_interrupt+0xb6/0xe0 arch/x86/kernel/irq.c:285
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:81
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:749
default_idle_call+0x74/0xb0 kernel/sched/idle.c:117
cpuidle_idle_call kernel/sched/idle.c:185 [inline]
do_idle+0x1e8/0x510 kernel/sched/idle.c:325
cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:423
rest_init+0x2de/0x300 init/main.c:745
start_kernel+0x47d/0x500 init/main.c:1102
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:307
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:288
common_startup_64+0x13e/0x147
-> #1 (&port_lock_key){-...}-{3:3}:
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162
uart_port_lock_irqsave include/linux/serial_core.h:717 [inline]
serial8250_console_write+0x17e/0x1ba0 drivers/tty/serial/8250/8250_port.c:3415
console_emit_next_record kernel/printk/printk.c:3138 [inline]
console_flush_all+0x728/0xc40 kernel/printk/printk.c:3226
__console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
console_unlock+0xc4/0x270 kernel/printk/printk.c:3325
vprintk_emit+0x5b7/0x7a0 kernel/printk/printk.c:2450
_printk+0xcf/0x120 kernel/printk/printk.c:2475
register_console+0xa8b/0xf90 kernel/printk/printk.c:4125
univ8250_console_init+0x52/0x90 drivers/tty/serial/8250/8250_core.c:513
console_init+0x1a1/0x670 kernel/printk/printk.c:4323
start_kernel+0x2cc/0x500 init/main.c:1036
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:307
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:288
common_startup_64+0x13e/0x147
-> #0 (console_owner){-...}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3168 [inline]
check_prevs_add kernel/locking/lockdep.c:3287 [inline]
validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3911
__lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5240
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
console_lock_spinning_enable kernel/printk/printk.c:1924 [inline]
console_emit_next_record kernel/printk/printk.c:3132 [inline]
console_flush_all+0x6d2/0xc40 kernel/printk/printk.c:3226
__console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
console_unlock+0xc4/0x270 kernel/printk/printk.c:3325
vprintk_emit+0x5b7/0x7a0 kernel/printk/printk.c:2450
_printk+0xcf/0x120 kernel/printk/printk.c:2475
fail_dump lib/fault-inject.c:66 [inline]
should_fail_ex+0x3f5/0x560 lib/fault-inject.c:174
strncpy_from_user+0x36/0x290 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x72/0x150 mm/maccess.c:193
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:215 [inline]
____bpf_probe_read_user_str kernel/trace/bpf_trace.c:224 [inline]
bpf_probe_read_user_str+0x2a/0x70 kernel/trace/bpf_trace.c:221
bpf_prog_bc7c5c6b9645592f+0x3e/0x44
bpf_dispatcher_nop_func include/linux/bpf.h:1322 [inline]
__bpf_prog_run include/linux/filter.h:718 [inline]
bpf_prog_run include/linux/filter.h:725 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2258 [inline]
bpf_trace_run4+0x28e/0x4a0 kernel/trace/bpf_trace.c:2301
__bpf_trace_sched_switch+0x17a/0x1e0 include/trace/events/sched.h:220
__traceiter_sched_switch+0x9a/0xd0 include/trace/events/sched.h:220
__do_trace_sched_switch include/trace/events/sched.h:220 [inline]
trace_sched_switch include/trace/events/sched.h:220 [inline]
__schedule+0x22ba/0x4c90 kernel/sched/core.c:6783
preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7109
irqentry_exit+0x6f/0x90 kernel/entry/common.c:307
asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
check_kcov_mode kernel/kcov.c:185 [inline]
write_comp_data kernel/kcov.c:246 [inline]
__sanitizer_cov_trace_cmp4+0x37/0x90 kernel/kcov.c:288
rht_grow_above_75 include/linux/rhashtable.h:186 [inline]
__rhashtable_insert_fast include/linux/rhashtable.h:799 [inline]
rhashtable_lookup_insert_key include/linux/rhashtable.h:967 [inline]
__netlink_insert net/netlink/af_netlink.c:507 [inline]
netlink_insert+0xe4d/0x1370 net/netlink/af_netlink.c:568
netlink_autobind+0x22e/0x300 net/netlink/af_netlink.c:828
netlink_sendmsg+0x523/0xb30 net/netlink/af_netlink.c:1859
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x21c/0x270 net/socket.c:727
____sys_sendmsg+0x505/0x830 net/socket.c:2566
___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620
__sys_sendmsg net/socket.c:2652 [inline]
__do_sys_sendmsg net/socket.c:2657 [inline]
__se_sys_sendmsg net/socket.c:2655 [inline]
__x64_sys_sendmsg+0x19b/0x260 net/socket.c:2655
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
console_owner --> &p->pi_lock --> &rq->__lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rq->__lock);
lock(&p->pi_lock);
lock(&rq->__lock);
lock(console_owner);
*** DEADLOCK ***
6 locks held by syz.3.181/6813:
#0: ffff888020aea258 (sk_lock-AF_NETLINK){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
#0: ffff888020aea258 (sk_lock-AF_NETLINK){+.+.}-{0:0}, at: netlink_insert+0xd3/0x1370 net/netlink/af_netlink.c:557
#1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: __rhashtable_insert_fast include/linux/rhashtable.h:722 [inline]
#1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: rhashtable_lookup_insert_key include/linux/rhashtable.h:967 [inline]
#1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: __netlink_insert net/netlink/af_netlink.c:507 [inline]
#1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: netlink_insert+0x2b2/0x1370 net/netlink/af_netlink.c:568
#2: ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 kernel/sched/core.c:614
#3: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#3: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#3: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2257 [inline]
#3: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x19c/0x4a0 kernel/trace/bpf_trace.c:2301
#4: ffffffff8e133360 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x120 kernel/printk/printk.c:2475
#5: ffffffff8e01ac30 (console_srcu){....}-{0:0}, at: rcu_try_lock_acquire include/linux/rcupdate.h:336 [inline]
#5: ffffffff8e01ac30 (console_srcu){....}-{0:0}, at: srcu_read_lock_nmisafe include/linux/srcu.h:346 [inline]
#5: ffffffff8e01ac30 (console_srcu){....}-{0:0}, at: console_srcu_read_lock kernel/printk/printk.c:288 [inline]
#5: ffffffff8e01ac30 (console_srcu){....}-{0:0}, at: console_flush_all+0x13a/0xc40 kernel/printk/printk.c:3203
stack backtrace:
CPU: 1 UID: 0 PID: 6813 Comm: syz.3.181 Not tainted 6.16.0-syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
print_circular_bug+0x2ee/0x310 kernel/locking/lockdep.c:2046
check_noncircular+0x134/0x160 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3168 [inline]
check_prevs_add kernel/locking/lockdep.c:3287 [inline]
validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3911
__lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5240
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
console_lock_spinning_enable kernel/printk/printk.c:1924 [inline]
console_emit_next_record kernel/printk/printk.c:3132 [inline]
console_flush_all+0x6d2/0xc40 kernel/printk/printk.c:3226
__console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
console_unlock+0xc4/0x270 kernel/printk/printk.c:3325
vprintk_emit+0x5b7/0x7a0 kernel/printk/printk.c:2450
_printk+0xcf/0x120 kernel/printk/printk.c:2475
fail_dump lib/fault-inject.c:66 [inline]
should_fail_ex+0x3f5/0x560 lib/fault-inject.c:174
strncpy_from_user+0x36/0x290 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x72/0x150 mm/maccess.c:193
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:215 [inline]
____bpf_probe_read_user_str kernel/trace/bpf_trace.c:224 [inline]
bpf_probe_read_user_str+0x2a/0x70 kernel/trace/bpf_trace.c:221
bpf_prog_bc7c5c6b9645592f+0x3e/0x44
bpf_dispatcher_nop_func include/linux/bpf.h:1322 [inline]
__bpf_prog_run include/linux/filter.h:718 [inline]
bpf_prog_run include/linux/filter.h:725 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2258 [inline]
bpf_trace_run4+0x28e/0x4a0 kernel/trace/bpf_trace.c:2301
__bpf_trace_sched_switch+0x17a/0x1e0 include/trace/events/sched.h:220
__traceiter_sched_switch+0x9a/0xd0 include/trace/events/sched.h:220
__do_trace_sched_switch include/trace/events/sched.h:220 [inline]
trace_sched_switch include/trace/events/sched.h:220 [inline]
__schedule+0x22ba/0x4c90 kernel/sched/core.c:6783
preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7109
irqentry_exit+0x6f/0x90 kernel/entry/common.c:307
asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
RIP: 0010:check_kcov_mode kernel/kcov.c:194 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:246 [inline]
RIP: 0010:__sanitizer_cov_trace_cmp4+0x37/0x90 kernel/kcov.c:288
Code: 08 90 9c 92 65 8b 0d 98 68 dc 10 81 e1 00 01 ff 00 74 11 81 f9 00 01 00 00 75 5b 83 ba 3c 16 00 00 00 74 52 8b 8a 18 16 00 00 <83> f9 03 75 47 48 8b 8a 20 16 00 00 44 8b 8a 1c 16 00 00 49 c1 e1
RSP: 0018:ffffc9001baef6f8 EFLAGS: 00000246
RAX: ffffffff898c5bed RBX: 0000000000000010 RCX: 0000000000000000
RDX: ffff88802eb5bc00 RSI: 000000000000000c RDI: 0000000000000007
RBP: ffffc9001baef868 R08: ffff88801e2ee27b R09: 1ffff11003c5dc4f
R10: dffffc0000000000 R11: ffffed1003c5dc50 R12: ffff88801e2ee120
R13: 1ffff11003c5dc4f R14: 0000000000000007 R15: 000000000000000c
rht_grow_above_75 include/linux/rhashtable.h:186 [inline]
__rhashtable_insert_fast include/linux/rhashtable.h:799 [inline]
rhashtable_lookup_insert_key include/linux/rhashtable.h:967 [inline]
__netlink_insert net/netlink/af_netlink.c:507 [inline]
netlink_insert+0xe4d/0x1370 net/netlink/af_netlink.c:568
netlink_autobind+0x22e/0x300 net/netlink/af_netlink.c:828
netlink_sendmsg+0x523/0xb30 net/netlink/af_netlink.c:1859
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x21c/0x270 net/socket.c:727
____sys_sendmsg+0x505/0x830 net/socket.c:2566
___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620
__sys_sendmsg net/socket.c:2652 [inline]
__do_sys_sendmsg net/socket.c:2657 [inline]
__se_sys_sendmsg net/socket.c:2655 [inline]
__x64_sys_sendmsg+0x19b/0x260 net/socket.c:2655
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7faf3678eb69
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faf37641038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007faf369b6160 RCX: 00007faf3678eb69
RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000008
RBP: 00007faf37641090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 00007faf369b6160 R15: 00007ffdf23c64d8
CPU: 1 UID: 0 PID: 6813 Comm: syz.3.181 Not tainted 6.16.0-syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
fail_dump lib/fault-inject.c:73 [inline]
should_fail_ex+0x414/0x560 lib/fault-inject.c:174
strncpy_from_user+0x36/0x290 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x72/0x150 mm/maccess.c:193
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:215 [inline]
____bpf_probe_read_user_str kernel/trace/bpf_trace.c:224 [inline]
bpf_probe_read_user_str+0x2a/0x70 kernel/trace/bpf_trace.c:221
bpf_prog_bc7c5c6b9645592f+0x3e/0x44
bpf_dispatcher_nop_func include/linux/bpf.h:1322 [inline]
__bpf_prog_run include/linux/filter.h:718 [inline]
bpf_prog_run include/linux/filter.h:725 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2258 [inline]
bpf_trace_run4+0x28e/0x4a0 kernel/trace/bpf_trace.c:2301
__bpf_trace_sched_switch+0x17a/0x1e0 include/trace/events/sched.h:220
__traceiter_sched_switch+0x9a/0xd0 include/trace/events/sched.h:220
__do_trace_sched_switch include/trace/events/sched.h:220 [inline]
trace_sched_switch include/trace/events/sched.h:220 [inline]
__schedule+0x22ba/0x4c90 kernel/sched/core.c:6783
preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7109
irqentry_exit+0x6f/0x90 kernel/entry/common.c:307
asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
RIP: 0010:check_kcov_mode kernel/kcov.c:194 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:246 [inline]
RIP: 0010:__sanitizer_cov_trace_cmp4+0x37/0x90 kernel/kcov.c:288
Code: 08 90 9c 92 65 8b 0d 98 68 dc 10 81 e1 00 01 ff 00 74 11 81 f9 00 01 00 00 75 5b 83 ba 3c 16 00 00 00 74 52 8b 8a 18 16 00 00 <83> f9 03 75 47 48 8b 8a 20 16 00 00 44 8b 8a 1c 16 00 00 49 c1 e1
RSP: 0018:ffffc9001baef6f8 EFLAGS: 00000246
RAX: ffffffff898c5bed RBX: 0000000000000010 RCX: 0000000000000000
RDX: ffff88802eb5bc00 RSI: 000000000000000c RDI: 0000000000000007
RBP: ffffc9001baef868 R08: ffff88801e2ee27b R09: 1ffff11003c5dc4f
R10: dffffc0000000000 R11: ffffed1003c5dc50 R12: ffff88801e2ee120
R13: 1ffff11003c5dc4f R14: 0000000000000007 R15: 000000000000000c
rht_grow_above_75 include/linux/rhashtable.h:186 [inline]
__rhashtable_insert_fast include/linux/rhashtable.h:799 [inline]
rhashtable_lookup_insert_key include/linux/rhashtable.h:967 [inline]
__netlink_insert net/netlink/af_netlink.c:507 [inline]
netlink_insert+0xe4d/0x1370 net/netlink/af_netlink.c:568
netlink_autobind+0x22e/0x300 net/netlink/af_netlink.c:828
netlink_sendmsg+0x523/0xb30 net/netlink/af_netlink.c:1859
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x21c/0x270 net/socket.c:727
____sys_sendmsg+0x505/0x830 net/socket.c:2566
___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620
__sys_sendmsg net/socket.c:2652 [inline]
__do_sys_sendmsg net/socket.c:2657 [inline]
__se_sys_sendmsg net/socket.c:2655 [inline]
__x64_sys_sendmsg+0x19b/0x260 net/socket.c:2655
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7faf3678eb69
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faf37641038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007faf369b6160 RCX: 00007faf3678eb69
RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000008
RBP: 00007faf37641090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 00007faf369b6160 R15: 00007ffdf23c64d8
lo speed is unknown, defaulting to 1000
lo speed is unknown, defaulting to 1000
lo speed is unknown, defaulting to 1000
iwpm_register_pid: Unable to send a nlmsg (client = 2)
infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
lo speed is unknown, defaulting to 1000
lo speed is unknown, defaulting to 1000
lo speed is unknown, defaulting to 1000
lo speed is unknown, defaulting to 1000
lo speed is unknown, defaulting to 1000
----------------
Code disassembly (best guess):
0: 08 90 9c 92 65 8b or %dl,-0x749a6d64(%rax)
6: 0d 98 68 dc 10 or $0x10dc6898,%eax
b: 81 e1 00 01 ff 00 and $0xff0100,%ecx
11: 74 11 je 0x24
13: 81 f9 00 01 00 00 cmp $0x100,%ecx
19: 75 5b jne 0x76
1b: 83 ba 3c 16 00 00 00 cmpl $0x0,0x163c(%rdx)
22: 74 52 je 0x76
24: 8b 8a 18 16 00 00 mov 0x1618(%rdx),%ecx
* 2a: 83 f9 03 cmp $0x3,%ecx <-- trapping instruction
2d: 75 47 jne 0x76
2f: 48 8b 8a 20 16 00 00 mov 0x1620(%rdx),%rcx
36: 44 8b 8a 1c 16 00 00 mov 0x161c(%rdx),%r9d
3d: 49 rex.WB
3e: c1 .byte 0xc1
3f: e1 .byte 0xe1