FAULT_INJECTION: forcing a failure.
name fail_usercopy, interval 1, probability 0, space 0, times 1
======================================================
WARNING: possible circular locking dependency detected
5.15.171-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor204/4855 is trying to acquire lock:
ffffffff8c7fc4b8 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:138

but task is already holding lock:
ffff8880b913a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&rq->__lock){-.-.}-{2:2}:
       lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
       _raw_spin_lock_nested+0x2d/0x40 kernel/locking/spinlock.c:368
       raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
       raw_spin_rq_lock kernel/sched/sched.h:1326 [inline]
       rq_lock kernel/sched/sched.h:1621 [inline]
       task_fork_fair+0x5d/0x350 kernel/sched/fair.c:11484
       sched_cgroup_fork+0x2d3/0x330 kernel/sched/core.c:4463
       copy_process+0x224a/0x3ef0 kernel/fork.c:2317
       kernel_clone+0x210/0x960 kernel/fork.c:2601
       kernel_thread+0x168/0x1e0 kernel/fork.c:2653
       rest_init+0x21/0x330 init/main.c:706
       start_kernel+0x48c/0x540 init/main.c:1140
       secondary_startup_64_no_verify+0xb1/0xbb

-> #1 (&p->pi_lock){-.-.}-{2:2}:
       lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
       try_to_wake_up+0xae/0x1300 kernel/sched/core.c:4027
       up+0x6e/0x90 kernel/locking/semaphore.c:190
       __up_console_sem+0x11a/0x1e0 kernel/printk/printk.c:256
       console_unlock+0x1145/0x12b0 kernel/printk/printk.c:2760
       vprintk_emit+0xbf/0x150 kernel/printk/printk.c:2274
       dev_vprintk_emit+0x2aa/0x330 drivers/base/core.c:4618
       dev_printk_emit+0xd9/0x120 drivers/base/core.c:4629
       _dev_warn+0x11e/0x170 drivers/base/core.c:4685
       firmware_fallback_sysfs+0x681/0xc90 drivers/base/firmware_loader/fallback.c:654
       _request_firmware+0xc72/0x12c0 drivers/base/firmware_loader/main.c:876
       request_firmware_work_func+0x126/0x270 drivers/base/firmware_loader/main.c:1127
       process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
       worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
       kthread+0x3f6/0x4f0 kernel/kthread.c:334
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

-> #0 ((console_sem).lock){-...}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3053 [inline]
       check_prevs_add kernel/locking/lockdep.c:3172 [inline]
       validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
       __lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
       lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
       down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:138
       __down_trylock_console_sem+0x105/0x250 kernel/printk/printk.c:239
       console_trylock kernel/printk/printk.c:2575 [inline]
       console_trylock_spinning+0x8a/0x3f0 kernel/printk/printk.c:1867
       vprintk_emit+0xa6/0x150 kernel/printk/printk.c:2273
       _printk+0xd1/0x120 kernel/printk/printk.c:2299
       fail_dump lib/fault-inject.c:45 [inline]
       should_fail+0x36c/0x4c0 lib/fault-inject.c:146
       strncpy_from_user+0x32/0x370 lib/strncpy_from_user.c:118
       strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:295
       bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:194 [inline]
       ____bpf_probe_read_user_str kernel/trace/bpf_trace.c:203 [inline]
       bpf_probe_read_user_str+0x26/0x70 kernel/trace/bpf_trace.c:200
       bpf_prog_bc7c5c6b9645592f+0x35/0xf98
       bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
       __bpf_prog_run include/linux/filter.h:628 [inline]
       bpf_prog_run include/linux/filter.h:635 [inline]
       __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
       bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1916
       trace_sched_switch include/trace/events/sched.h:220 [inline]
       __schedule+0x1e8d/0x45b0 kernel/sched/core.c:6370
       preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:6549
       preempt_schedule+0xd9/0xe0 kernel/sched/core.c:6574
       preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:34
       unwind_next_frame+0x144d/0x1fa0 arch/x86/kernel/unwind_orc.c:616
       arch_stack_walk+0x10d/0x140 arch/x86/kernel/stacktrace.c:25
       stack_trace_save+0x113/0x1c0 kernel/stacktrace.c:122
       kasan_save_stack mm/kasan/common.c:38 [inline]
       kasan_set_track+0x4b/0x80 mm/kasan/common.c:46
       kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
       ____kasan_slab_free+0xd8/0x120 mm/kasan/common.c:366
       kasan_slab_free include/linux/kasan.h:230 [inline]
       slab_free_hook mm/slub.c:1705 [inline]
       slab_free_freelist_hook+0xdd/0x160 mm/slub.c:1731
       slab_free mm/slub.c:3499 [inline]
       kmem_cache_free+0x91/0x1f0 mm/slub.c:3515
       file_free fs/file_table.c:55 [inline]
       __fput+0x66d/0x8e0 fs/file_table.c:293
       task_work_run+0x129/0x1a0 kernel/task_work.c:188
       tracehook_notify_resume include/linux/tracehook.h:189 [inline]
       exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:181
       exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
       __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
       syscall_exit_to_user_mode+0x5d/0x240 kernel/entry/common.c:307
       do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:86
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

other info that might help us debug this:

Chain exists of:
  (console_sem).lock --> &p->pi_lock --> &rq->__lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&rq->__lock);
                               lock(&p->pi_lock);
                               lock(&rq->__lock);
  lock((console_sem).lock);

 *** DEADLOCK ***

2 locks held by syz-executor204/4855:
 #0: ffff8880b913a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
 #1: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311

stack backtrace:
CPU: 1 PID: 4855 Comm: syz-executor204 Not tainted 5.15.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 check_noncircular+0x2f8/0x3b0 kernel/locking/lockdep.c:2133
 check_prev_add kernel/locking/lockdep.c:3053 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
 __lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
 lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
 down_trylock+0x1c/0xa0 kernel/locking/semaphore.c:138
 __down_trylock_console_sem+0x105/0x250 kernel/printk/printk.c:239
 console_trylock kernel/printk/printk.c:2575 [inline]
 console_trylock_spinning+0x8a/0x3f0 kernel/printk/printk.c:1867
 vprintk_emit+0xa6/0x150 kernel/printk/printk.c:2273
 _printk+0xd1/0x120 kernel/printk/printk.c:2299
 fail_dump lib/fault-inject.c:45 [inline]
 should_fail+0x36c/0x4c0 lib/fault-inject.c:146
 strncpy_from_user+0x32/0x370 lib/strncpy_from_user.c:118
 strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:295
 bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:194 [inline]
 ____bpf_probe_read_user_str kernel/trace/bpf_trace.c:203 [inline]
 bpf_probe_read_user_str+0x26/0x70 kernel/trace/bpf_trace.c:200
 bpf_prog_bc7c5c6b9645592f+0x35/0xf98
 bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
 bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1916
 trace_sched_switch include/trace/events/sched.h:220 [inline]
 __schedule+0x1e8d/0x45b0 kernel/sched/core.c:6370
 preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:6549
 preempt_schedule+0xd9/0xe0 kernel/sched/core.c:6574
 preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:34
 unwind_next_frame+0x144d/0x1fa0 arch/x86/kernel/unwind_orc.c:616
 arch_stack_walk+0x10d/0x140 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x113/0x1c0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4b/0x80 mm/kasan/common.c:46
 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
 ____kasan_slab_free+0xd8/0x120 mm/kasan/common.c:366
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:1705 [inline]
 slab_free_freelist_hook+0xdd/0x160 mm/slub.c:1731
 slab_free mm/slub.c:3499 [inline]
 kmem_cache_free+0x91/0x1f0 mm/slub.c:3515
 file_free fs/file_table.c:55 [inline]
 __fput+0x66d/0x8e0 fs/file_table.c:293
 task_work_run+0x129/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x5d/0x240 kernel/entry/common.c:307
 do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fbdbf6661da
Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 d3 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 33 80 02 00 8b 44 24
RSP: 002b:00007fffad559c00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fbdbf6661da
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000031 R09: 0000000000000031
R10: 00007fffad559987 R11: 0000000000000293 R12: 00007fffad559c3c
R13: 000000000000014b R14: 431bde82d7b634db R15: 00007fffad559c70
 </TASK>
CPU: 1 PID: 4855 Comm: syz-executor204 Not tainted 5.15.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 fail_dump lib/fault-inject.c:52 [inline]
 should_fail+0x38a/0x4c0 lib/fault-inject.c:146
 strncpy_from_user+0x32/0x370 lib/strncpy_from_user.c:118
 strncpy_from_user_nofault+0x6c/0x130 mm/maccess.c:295
 bpf_probe_read_user_str_common kernel/trace/bpf_trace.c:194 [inline]
 ____bpf_probe_read_user_str kernel/trace/bpf_trace.c:203 [inline]
 bpf_probe_read_user_str+0x26/0x70 kernel/trace/bpf_trace.c:200
 bpf_prog_bc7c5c6b9645592f+0x35/0xf98
 bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
 bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1916
 trace_sched_switch include/trace/events/sched.h:220 [inline]
 __schedule+0x1e8d/0x45b0 kernel/sched/core.c:6370
 preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:6549
 preempt_schedule+0xd9/0xe0 kernel/sched/core.c:6574
 preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:34
 unwind_next_frame+0x144d/0x1fa0 arch/x86/kernel/unwind_orc.c:616
 arch_stack_walk+0x10d/0x140 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x113/0x1c0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4b/0x80 mm/kasan/common.c:46
 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
 ____kasan_slab_free+0xd8/0x120 mm/kasan/common.c:366
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:1705 [inline]
 slab_free_freelist_hook+0xdd/0x160 mm/slub.c:1731
 slab_free mm/slub.c:3499 [inline]
 kmem_cache_free+0x91/0x1f0 mm/slub.c:3515
 file_free fs/file_table.c:55 [inline]
 __fput+0x66d/0x8e0 fs/file_table.c:293
 task_work_run+0x129/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x5d/0x240 kernel/entry/common.c:307
 do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fbdbf6661da
Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 d3 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 33 80 02 00 8b 44 24
RSP: 002b:00007fffad559c00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fbdbf6661da
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000031 R09: 0000000000000031
R10: 00007fffad559987 R11: 0000000000000293 R12: 00007fffad559c3c
R13: 000000000000014b R14: 431bde82d7b634db R15: 00007fffad559c70
 </TASK>