FAULT_INJECTION: forcing a failure.
name fail_usercopy, interval 1, probability 0, space 0, times 1
======================================================
WARNING: possible circular locking dependency detected
5.15.171-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor204/4855 is trying to acquire lock:
ffffffff8c7fc4b8 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:138
but task is already holding lock:
ffff8880b913a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&rq->__lock){-.-.}-{2:2}:
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
_raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:368
raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
raw_spin_rq_lock kernel/sched/sched.h:1326 [inline]
rq_lock kernel/sched/sched.h:1621 [inline]
task_fork_fair+0x5d/0x350 kernel/sched/fair.c:11484
sched_cgroup_fork+0x2d3/0x330 kernel/sched/core.c:4463
copy_process+0x224a/0x3ef0 kernel/fork.c:2317
kernel_clone+0x210/0x960 kernel/fork.c:2601
kernel_thread+0x168/0x1e0 kernel/fork.c:2653
rest_init+0x21/0x330 init/main.c:706
start_kernel+0x48c/0x540 init/main.c:1140
secondary_startup_64_no_verify+0xb1/0xbb
-> #1 (&p->pi_lock){-.-.}-{2:2}:
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
try_to_wake_up+0xae/0x1300 kernel/sched/core.c:4027
up+0x6e/0x90 kernel/locking/semaphore.c:190
__up_console_sem+0x11a/0x1e0 kernel/printk/printk.c:256
console_unlock+0x1145/0x12b0 kernel/printk/printk.c:2760
vprintk_emit+0xbf/0x150 kernel/printk/printk.c:2274
dev_vprintk_emit+0x2aa/0x330 drivers/base/core.c:4618
dev_printk_emit+0xd9/0x120 drivers/base/core.c:4629
_dev_warn+0x11e/0x170 drivers/base/core.c:4685
firmware_fallback_sysfs+0x681/0xc90 drivers/base/firmware_loader/fallback.c:654
_request_firmware+0xc72/0x12c0 drivers/base/firmware_loader/main.c:876
request_firmware_work_func+0x126/0x270 drivers/base/firmware_loader/main.c:1127
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:334
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
-> #0 ((console_sem).lock){-...}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:138
__down_trylock_console_sem+0x105/0x250 kernel/printk/printk.c:239
console_trylock kernel/printk/printk.c:2575 [inline]
console_trylock_spinning+0x8a/0x3f0 kernel/printk/printk.c:1867
vprintk_emit+0xa6/0x150 kernel/printk/printk.c:2273
_printk+0xd1/0x120 kernel/printk/printk.c:2299
fail_dump lib/fault-inject.c:45 [inline]
should_fail+0x36c/0x4c0 lib/fault-inject.c:146
strncpy_from_user+0x32/0x370 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:295
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:194 [inline]
____bpf_probe_read_user_str kernel/trace/bpf_trace.c:203 [inline]
bpf_probe_read_user_str+0x26/0x70 kernel/trace/bpf_trace.c:200
bpf_prog_bc7c5c6b9645592f+0x35/0xf98
bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
__bpf_prog_run include/linux/filter.h:628 [inline]
bpf_prog_run include/linux/filter.h:635 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1916
trace_sched_switch include/trace/events/sched.h:220 [inline]
__schedule+0x1e8d/0x45b0 kernel/sched/core.c:6370
preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:6549
preempt_schedule+0xd9/0xe0 kernel/sched/core.c:6574
preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:34
unwind_next_frame+0x144d/0x1fa0 arch/x86/kernel/unwind_orc.c:616
arch_stack_walk+0x10d/0x140 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x113/0x1c0 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track+0x4b/0x80 mm/kasan/common.c:46
kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
____kasan_slab_free+0xd8/0x120 mm/kasan/common.c:366
kasan_slab_free include/linux/kasan.h:230 [inline]
slab_free_hook mm/slub.c:1705 [inline]
slab_free_freelist_hook+0xdd/0x160 mm/slub.c:1731
slab_free mm/slub.c:3499 [inline]
kmem_cache_free+0x91/0x1f0 mm/slub.c:3515
file_free fs/file_table.c:55 [inline]
__fput+0x66d/0x8e0 fs/file_table.c:293
task_work_run+0x129/0x1a0 kernel/task_work.c:188
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:181
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
__syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
syscall_exit_to_user_mode+0x5d/0x240 kernel/entry/common.c:307
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x66/0xd0
other info that might help us debug this:
Chain exists of:
(console_sem).lock --> &p->pi_lock --> &rq->__lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rq->__lock);
lock(&p->pi_lock);
lock(&rq->__lock);
lock((console_sem).lock);
*** DEADLOCK ***
2 locks held by syz-executor204/4855:
#0: ffff8880b913a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
#1: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
stack backtrace:
CPU: 1 PID: 4855 Comm: syz-executor204 Not tainted 5.15.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
check_noncircular+0x2f8/0x3b0 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:138
__down_trylock_console_sem+0x105/0x250 kernel/printk/printk.c:239
console_trylock kernel/printk/printk.c:2575 [inline]
console_trylock_spinning+0x8a/0x3f0 kernel/printk/printk.c:1867
vprintk_emit+0xa6/0x150 kernel/printk/printk.c:2273
_printk+0xd1/0x120 kernel/printk/printk.c:2299
fail_dump lib/fault-inject.c:45 [inline]
should_fail+0x36c/0x4c0 lib/fault-inject.c:146
strncpy_from_user+0x32/0x370 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:295
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:194 [inline]
____bpf_probe_read_user_str kernel/trace/bpf_trace.c:203 [inline]
bpf_probe_read_user_str+0x26/0x70 kernel/trace/bpf_trace.c:200
bpf_prog_bc7c5c6b9645592f+0x35/0xf98
bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
__bpf_prog_run include/linux/filter.h:628 [inline]
bpf_prog_run include/linux/filter.h:635 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1916
trace_sched_switch include/trace/events/sched.h:220 [inline]
__schedule+0x1e8d/0x45b0 kernel/sched/core.c:6370
preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:6549
preempt_schedule+0xd9/0xe0 kernel/sched/core.c:6574
preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:34
unwind_next_frame+0x144d/0x1fa0 arch/x86/kernel/unwind_orc.c:616
arch_stack_walk+0x10d/0x140 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x113/0x1c0 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track+0x4b/0x80 mm/kasan/common.c:46
kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
____kasan_slab_free+0xd8/0x120 mm/kasan/common.c:366
kasan_slab_free include/linux/kasan.h:230 [inline]
slab_free_hook mm/slub.c:1705 [inline]
slab_free_freelist_hook+0xdd/0x160 mm/slub.c:1731
slab_free mm/slub.c:3499 [inline]
kmem_cache_free+0x91/0x1f0 mm/slub.c:3515
file_free fs/file_table.c:55 [inline]
__fput+0x66d/0x8e0 fs/file_table.c:293
task_work_run+0x129/0x1a0 kernel/task_work.c:188
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:181
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
__syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
syscall_exit_to_user_mode+0x5d/0x240 kernel/entry/common.c:307
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fbdbf6661da
Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 d3 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 33 80 02 00 8b 44 24
RSP: 002b:00007fffad559c00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fbdbf6661da
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000031 R09: 0000000000000031
R10: 00007fffad559987 R11: 0000000000000293 R12: 00007fffad559c3c
R13: 000000000000014b R14: 431bde82d7b634db R15: 00007fffad559c70
</TASK>
CPU: 1 PID: 4855 Comm: syz-executor204 Not tainted 5.15.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
fail_dump lib/fault-inject.c:52 [inline]
should_fail+0x38a/0x4c0 lib/fault-inject.c:146
strncpy_from_user+0x32/0x370 lib/strncpy_from_user.c:118
strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:295
bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:194 [inline]
____bpf_probe_read_user_str kernel/trace/bpf_trace.c:203 [inline]
bpf_probe_read_user_str+0x26/0x70 kernel/trace/bpf_trace.c:200
bpf_prog_bc7c5c6b9645592f+0x35/0xf98
bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
__bpf_prog_run include/linux/filter.h:628 [inline]
bpf_prog_run include/linux/filter.h:635 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1916
trace_sched_switch include/trace/events/sched.h:220 [inline]
__schedule+0x1e8d/0x45b0 kernel/sched/core.c:6370
preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:6549
preempt_schedule+0xd9/0xe0 kernel/sched/core.c:6574
preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:34
unwind_next_frame+0x144d/0x1fa0 arch/x86/kernel/unwind_orc.c:616
arch_stack_walk+0x10d/0x140 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x113/0x1c0 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track+0x4b/0x80 mm/kasan/common.c:46
kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
____kasan_slab_free+0xd8/0x120 mm/kasan/common.c:366
kasan_slab_free include/linux/kasan.h:230 [inline]
slab_free_hook mm/slub.c:1705 [inline]
slab_free_freelist_hook+0xdd/0x160 mm/slub.c:1731
slab_free mm/slub.c:3499 [inline]
kmem_cache_free+0x91/0x1f0 mm/slub.c:3515
file_free fs/file_table.c:55 [inline]
__fput+0x66d/0x8e0 fs/file_table.c:293
task_work_run+0x129/0x1a0 kernel/task_work.c:188
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:181
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
__syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
syscall_exit_to_user_mode+0x5d/0x240 kernel/entry/common.c:307
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fbdbf6661da
Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 d3 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 33 80 02 00 8b 44 24
RSP: 002b:00007fffad559c00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fbdbf6661da
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000031 R09: 0000000000000031
R10: 00007fffad559987 R11: 0000000000000293 R12: 00007fffad559c3c
R13: 000000000000014b R14: 431bde82d7b634db R15: 00007fffad559c70
</TASK>