EEVDF scheduling fail, picking leftmost ====================================================== WARNING: possible circular locking dependency detected 6.6.0-rc6-syzkaller-00312-g4d7b04c0cda3 #0 Not tainted ------------------------------------------------------ syz-executor.0/3116 is trying to acquire lock: ffff8000865277a0 (console_owner){-.-.}-{0:0}, at: console_emit_next_record kernel/printk/printk.c:2903 [inline] ffff8000865277a0 (console_owner){-.-.}-{0:0}, at: console_flush_all+0x314/0x920 kernel/printk/printk.c:2966 but task is already holding lock: ffff00006a8fe758 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:558 [inline] ffff00006a8fe758 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1372 [inline] ffff00006a8fe758 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1681 [inline] ffff00006a8fe758 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x268/0x2ae4 kernel/sched/core.c:6612 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (&rq->__lock){-.-.}-{2:2}: _raw_spin_lock_nested+0x50/0x6c kernel/locking/spinlock.c:378 raw_spin_rq_lock_nested+0x2c/0x44 kernel/sched/core.c:558 raw_spin_rq_lock kernel/sched/sched.h:1372 [inline] rq_lock kernel/sched/sched.h:1681 [inline] task_fork_fair+0x70/0x13c kernel/sched/fair.c:12416 sched_cgroup_fork+0x35c/0x520 kernel/sched/core.c:4816 copy_process+0x2fb0/0x5520 kernel/fork.c:2609 kernel_clone+0x140/0x7e8 kernel/fork.c:2909 user_mode_thread+0xb4/0xf0 kernel/fork.c:2987 rest_init+0x2c/0x210 init/main.c:691 arch_post_acpi_subsys_init+0x0/0x8 init/main.c:823 start_kernel+0x328/0x3a0 init/main.c:1068 __primary_switched+0xb8/0xc0 arch/arm64/kernel/head.S:523 -> #3 (&p->pi_lock){-.-.}-{2:2}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x58/0x80 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:518 [inline] try_to_wake_up+0xac/0x1924 kernel/sched/core.c:4230 default_wake_function+0x34/0x54 kernel/sched/core.c:7019 woken_wake_function+0x4c/0x74 kernel/sched/wait.c:484 __wake_up_common+0x130/0x4a8 kernel/sched/wait.c:107 __wake_up_common_lock+0xd4/0x138 kernel/sched/wait.c:138 __wake_up+0x18/0x24 kernel/sched/wait.c:160 tty_ldisc_lock+0x60/0xe4 drivers/tty/tty_ldisc.c:311 tty_set_ldisc+0x68/0x4c4 drivers/tty/tty_ldisc.c:529 tiocsetd drivers/tty/tty_io.c:2431 [inline] tty_ioctl+0x63c/0x1684 drivers/tty/tty_io.c:2712 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __arm64_sys_ioctl+0x124/0x190 fs/ioctl.c:857 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:51 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:136 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x58/0x140 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 -> #2 (&tty->write_wait){....}-{2:2}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x58/0x80 kernel/locking/spinlock.c:162 __wake_up_common_lock+0xb4/0x138 kernel/sched/wait.c:137 __wake_up+0x18/0x24 kernel/sched/wait.c:160 tty_wakeup+0x4c/0xd8 drivers/tty/tty_io.c:527 tty_port_default_wakeup+0x20/0x38 drivers/tty/tty_port.c:69 tty_port_tty_wakeup+0x54/0x74 drivers/tty/tty_port.c:433 uart_write_wakeup+0x38/0x54 drivers/tty/serial/serial_core.c:120 pl011_tx_chars+0x680/0xccc drivers/tty/serial/amba-pl011.c:1500 pl011_start_tx_pio drivers/tty/serial/amba-pl011.c:1346 [inline] pl011_start_tx+0x280/0x870 drivers/tty/serial/amba-pl011.c:1358 __uart_start+0x1a4/0x318 drivers/tty/serial/serial_core.c:160 uart_write+0x1bc/0x448 drivers/tty/serial/serial_core.c:618 process_output_block drivers/tty/n_tty.c:579 [inline] n_tty_write+0x304/0xb8c drivers/tty/n_tty.c:2384 iterate_tty_write drivers/tty/tty_io.c:1017 [inline] file_tty_write.constprop.0+0x2c4/0x624 drivers/tty/tty_io.c:1088 tty_write drivers/tty/tty_io.c:1109 [inline] redirected_tty_write drivers/tty/tty_io.c:1132 [inline] redirected_tty_write+0xe4/0x110 drivers/tty/tty_io.c:1112 call_write_iter include/linux/fs.h:1956 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x394/0x74c fs/read_write.c:584 ksys_write+0xf0/0x1dc fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __arm64_sys_write+0x6c/0x9c fs/read_write.c:646 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:51 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:136 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x58/0x140 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 -> #1 (&port_lock_key){-.-.}-{2:2}: __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x48/0x60 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] pl011_console_write+0x32c/0x51c drivers/tty/serial/amba-pl011.c:2341 console_emit_next_record kernel/printk/printk.c:2910 [inline] console_flush_all+0x380/0x920 kernel/printk/printk.c:2966 console_unlock+0xc8/0x1d8 kernel/printk/printk.c:3035 vprintk_emit+0x270/0x4e4 kernel/printk/printk.c:2307 vprintk_default+0x38/0x44 kernel/printk/printk.c:2322 vprintk+0x17c/0x1bc kernel/printk/printk_safe.c:45 _printk+0xa8/0xe0 kernel/printk/printk.c:2332 register_console+0x4b0/0xb10 kernel/printk/printk.c:3524 uart_configure_port drivers/tty/serial/serial_core.c:2605 [inline] serial_core_add_one_port drivers/tty/serial/serial_core.c:3132 [inline] serial_core_register_port+0xf6c/0x1514 drivers/tty/serial/serial_core.c:3360 serial_ctrl_register_port+0x10/0x1c drivers/tty/serial/serial_ctrl.c:41 uart_add_one_port+0x10/0x1c drivers/tty/serial/serial_port.c:75 pl011_register_port+0x10c/0x2ac drivers/tty/serial/amba-pl011.c:2780 pl011_probe+0x490/0x5f4 drivers/tty/serial/amba-pl011.c:2845 amba_probe+0x1c0/0x358 drivers/amba/bus.c:307 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x170/0x98c drivers/base/dd.c:658 __driver_probe_device+0x15c/0x3c4 drivers/base/dd.c:800 driver_probe_device+0x5c/0x170 drivers/base/dd.c:830 __device_attach_driver+0x16c/0x270 drivers/base/dd.c:958 bus_for_each_drv+0x104/0x18c drivers/base/bus.c:457 __device_attach+0x168/0x360 drivers/base/dd.c:1030 device_initial_probe+0x14/0x20 drivers/base/dd.c:1079 bus_probe_device+0x128/0x160 drivers/base/bus.c:532 device_add+0xc8c/0x130c drivers/base/core.c:3624 amba_device_add+0x64/0x104 drivers/amba/bus.c:569 of_amba_device_create drivers/of/platform.c:294 [inline] of_platform_bus_create+0x554/0x764 drivers/of/platform.c:414 of_platform_populate+0x58/0x160 drivers/of/platform.c:511 of_platform_default_populate drivers/of/platform.c:530 [inline] of_platform_default_populate_init+0x100/0x130 drivers/of/platform.c:628 do_one_initcall+0x140/0x770 init/main.c:1232 do_initcall_level init/main.c:1294 [inline] do_initcalls init/main.c:1310 [inline] do_basic_setup init/main.c:1329 [inline] kernel_init_freeable+0x56c/0xb9c init/main.c:1547 kernel_init+0x24/0x1dc init/main.c:1437 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:857 -> #0 (console_owner){-.-.}-{0:0}: check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3868 [inline] __lock_acquire+0x2cac/0x6b70 kernel/locking/lockdep.c:5136 lock_acquire kernel/locking/lockdep.c:5753 [inline] lock_acquire+0x480/0x7c8 kernel/locking/lockdep.c:5718 console_lock_spinning_enable kernel/printk/printk.c:1858 [inline] console_emit_next_record kernel/printk/printk.c:2904 [inline] console_flush_all+0x360/0x920 kernel/printk/printk.c:2966 console_unlock+0xc8/0x1d8 kernel/printk/printk.c:3035 vprintk_emit+0x270/0x4e4 kernel/printk/printk.c:2307 vprintk_default+0x38/0x44 kernel/printk/printk.c:2322 vprintk+0x17c/0x1bc kernel/printk/printk_safe.c:45 _printk+0xa8/0xe0 kernel/printk/printk.c:2332 pick_eevdf kernel/sched/fair.c:976 [inline] pick_next_entity kernel/sched/fair.c:5278 [inline] pick_next_task_fair+0x1a4/0xd3c kernel/sched/fair.c:8222 __pick_next_task kernel/sched/core.c:6004 [inline] pick_next_task kernel/sched/core.c:6514 [inline] __schedule+0x3b8/0x2ae4 kernel/sched/core.c:6659 preempt_schedule_irq+0x80/0x1a8 kernel/sched/core.c:7007 arm64_preempt_schedule_irq+0x3c/0x54 arch/arm64/kernel/entry-common.c:267 __el1_irq arch/arm64/kernel/entry-common.c:505 [inline] el1_interrupt+0x3c/0x54 arch/arm64/kernel/entry-common.c:517 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:522 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:591 tomoyo_check_acl+0x98/0x37c security/tomoyo/domain.c:173 tomoyo_path_permission security/tomoyo/file.c:586 [inline] tomoyo_path_permission+0x1c8/0x32c security/tomoyo/file.c:573 tomoyo_path_perm+0x290/0x350 security/tomoyo/file.c:838 tomoyo_inode_getattr+0x1c/0x28 security/tomoyo/tomoyo.c:122 security_inode_getattr+0xc4/0x124 security/security.c:2153 vfs_getattr fs/stat.c:169 [inline] vfs_statx+0xec/0x32c fs/stat.c:244 vfs_fstatat+0x118/0x184 fs/stat.c:295 __do_sys_newfstatat+0xa0/0xfc fs/stat.c:459 __se_sys_newfstatat fs/stat.c:453 [inline] __arm64_sys_newfstatat+0x88/0xc8 fs/stat.c:453 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:51 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:136 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x58/0x140 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 other info that might help us debug this: Chain exists of: console_owner --> &p->pi_lock --> &rq->__lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&rq->__lock); lock(&p->pi_lock); lock(&rq->__lock); lock(console_owner); *** DEADLOCK *** 4 locks held by syz-executor.0/3116: #0: ffff80008693d450 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_path_perm+0x1a8/0x350 security/tomoyo/file.c:847 #1: ffff00006a8fe758 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:558 [inline] #1: ffff00006a8fe758 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1372 [inline] #1: ffff00006a8fe758 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1681 [inline] #1: ffff00006a8fe758 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x268/0x2ae4 kernel/sched/core.c:6612 #2: ffff800086527220 (console_lock){+.+.}-{0:0}, at: vprintk_default+0x38/0x44 kernel/printk/printk.c:2322 #3: ffff800086527370 (console_srcu){....}-{0:0}, at: console_is_usable kernel/printk/printk.c:2709 [inline] #3: ffff800086527370 (console_srcu){....}-{0:0}, at: console_flush_all+0x100/0x920 kernel/printk/printk.c:2962 stack backtrace: CPU: 1 PID: 3116 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00312-g4d7b04c0cda3 #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x9c/0x11c arch/arm64/kernel/stacktrace.c:233 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:240 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x74/0xd4 lib/dump_stack.c:106 dump_stack+0x1c/0x28 lib/dump_stack.c:113 print_circular_bug+0x420/0x6f8 kernel/locking/lockdep.c:2060 check_noncircular+0x2dc/0x364 kernel/locking/lockdep.c:2187 check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3868 [inline] __lock_acquire+0x2cac/0x6b70 kernel/locking/lockdep.c:5136 lock_acquire kernel/locking/lockdep.c:5753 [inline] lock_acquire+0x480/0x7c8 kernel/locking/lockdep.c:5718 console_lock_spinning_enable kernel/printk/printk.c:1858 [inline] console_emit_next_record kernel/printk/printk.c:2904 [inline] console_flush_all+0x360/0x920 kernel/printk/printk.c:2966 console_unlock+0xc8/0x1d8 kernel/printk/printk.c:3035 vprintk_emit+0x270/0x4e4 kernel/printk/printk.c:2307 vprintk_default+0x38/0x44 kernel/printk/printk.c:2322 vprintk+0x17c/0x1bc kernel/printk/printk_safe.c:45 _printk+0xa8/0xe0 kernel/printk/printk.c:2332 pick_eevdf kernel/sched/fair.c:976 [inline] pick_next_entity kernel/sched/fair.c:5278 [inline] pick_next_task_fair+0x1a4/0xd3c kernel/sched/fair.c:8222 __pick_next_task kernel/sched/core.c:6004 [inline] pick_next_task kernel/sched/core.c:6514 [inline] __schedule+0x3b8/0x2ae4 kernel/sched/core.c:6659 preempt_schedule_irq+0x80/0x1a8 kernel/sched/core.c:7007 arm64_preempt_schedule_irq+0x3c/0x54 arch/arm64/kernel/entry-common.c:267 __el1_irq arch/arm64/kernel/entry-common.c:505 [inline] el1_interrupt+0x3c/0x54 arch/arm64/kernel/entry-common.c:517 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:522 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:591 tomoyo_check_acl+0x98/0x37c security/tomoyo/domain.c:173 tomoyo_path_permission security/tomoyo/file.c:586 [inline] tomoyo_path_permission+0x1c8/0x32c security/tomoyo/file.c:573 tomoyo_path_perm+0x290/0x350 security/tomoyo/file.c:838 tomoyo_inode_getattr+0x1c/0x28 security/tomoyo/tomoyo.c:122 security_inode_getattr+0xc4/0x124 security/security.c:2153 vfs_getattr fs/stat.c:169 [inline] vfs_statx+0xec/0x32c fs/stat.c:244 vfs_fstatat+0x118/0x184 fs/stat.c:295 __do_sys_newfstatat+0xa0/0xfc fs/stat.c:459 __se_sys_newfstatat fs/stat.c:453 [inline] __arm64_sys_newfstatat+0x88/0xc8 fs/stat.c:453 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:51 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:136 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x58/0x140 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595