======================================================
WARNING: possible circular locking dependency detected
6.6.0-rc6-syzkaller-g78124b0c1d10 #0 Not tainted
------------------------------------------------------
syz-executor.5/6034 is trying to acquire lock:
ffff80008e2509b8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x28/0xd8 kernel/locking/semaphore.c:139

but task is already holding lock:
ffff0001b41d0d58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:558 [inline]
ffff0001b41d0d58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1372 [inline]
ffff0001b41d0d58 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1681 [inline]
ffff0001b41d0d58 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2d8/0x23b4 kernel/sched/core.c:6612

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&rq->__lock){-.-.}-{2:2}:
       _raw_spin_lock_nested+0x50/0x6c kernel/locking/spinlock.c:378
       raw_spin_rq_lock_nested+0x2c/0x44 kernel/sched/core.c:558
       raw_spin_rq_lock kernel/sched/sched.h:1372 [inline]
       rq_lock kernel/sched/sched.h:1681 [inline]
       task_fork_fair+0x74/0x128 kernel/sched/fair.c:12416
       sched_cgroup_fork+0x38c/0x464 kernel/sched/core.c:4816
       copy_process+0x24bc/0x34b8 kernel/fork.c:2609
       kernel_clone+0x1d8/0x80c kernel/fork.c:2909
       user_mode_thread+0x110/0x178 kernel/fork.c:2987
       rest_init+0x2c/0x2f4 init/main.c:691
       start_kernel+0x0/0x4e8 init/main.c:823
       start_kernel+0x3e8/0x4e8 init/main.c:1068
       __primary_switched+0xb8/0xc0 arch/arm64/kernel/head.S:523

-> #1 (&p->pi_lock){-.-.}-{2:2}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x5c/0x7c kernel/locking/spinlock.c:162
       class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:518 [inline]
       try_to_wake_up+0xb0/0xe80 kernel/sched/core.c:4230
       wake_up_process+0x18/0x24 kernel/sched/core.c:4478
       __up+0x11c/0x148 kernel/locking/semaphore.c:278
       up+0x90/0xb0 kernel/locking/semaphore.c:191
       __up_console_sem kernel/printk/printk.c:346 [inline]
       __console_unlock kernel/printk/printk.c:2718 [inline]
       console_unlock+0x174/0x3d4 kernel/printk/printk.c:3037
       do_fb_ioctl+0x948/0xd24 drivers/video/fbdev/core/fb_chrdev.c:127
       fb_ioctl+0xec/0x134 drivers/video/fbdev/core/fb_chrdev.c:169
       vfs_ioctl fs/ioctl.c:51 [inline]
       __do_sys_ioctl fs/ioctl.c:871 [inline]
       __se_sys_ioctl fs/ioctl.c:857 [inline]
       __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:857
       __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
       invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
       el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
       do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
       el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
       el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595

-> #0 ((console_sem).lock){-.-.}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain kernel/locking/lockdep.c:3868 [inline]
       __lock_acquire+0x3370/0x75e8 kernel/locking/lockdep.c:5136
       lock_acquire+0x23c/0x71c kernel/locking/lockdep.c:5753
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x5c/0x7c kernel/locking/spinlock.c:162
       down_trylock+0x28/0xd8 kernel/locking/semaphore.c:139
       __down_trylock_console_sem+0x58/0xf8 kernel/printk/printk.c:329
       console_trylock kernel/printk/printk.c:2671 [inline]
       console_trylock_spinning+0xd8/0x3d8 kernel/printk/printk.c:1927
       vprintk_emit+0x134/0x2e8 kernel/printk/printk.c:2306
       vprintk_default+0xa0/0xe4 kernel/printk/printk.c:2322
       vprintk+0x200/0x2d4 kernel/printk/printk_safe.c:45
       _printk+0xdc/0x128 kernel/printk/printk.c:2332
       pick_eevdf+0x610/0x618 kernel/sched/fair.c:976
       pick_next_entity kernel/sched/fair.c:5278 [inline]
       pick_next_task_fair+0x104/0x930 kernel/sched/fair.c:8222
       __pick_next_task kernel/sched/core.c:6004 [inline]
       pick_next_task kernel/sched/core.c:6514 [inline]
       __schedule+0x638/0x23b4 kernel/sched/core.c:6659
       preempt_schedule_irq+0x80/0x188 kernel/sched/core.c:7007
       arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:267 [inline]
       __el1_irq arch/arm64/kernel/entry-common.c:505 [inline]
       el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:517
       el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:522
       el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:591
       __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:176 [inline]
       arch_local_irq_restore arch/arm64/include/asm/irqflags.h:196 [inline]
       lock_release+0x4f4/0x9ac kernel/locking/lockdep.c:5776
       __fs_reclaim_release mm/page_alloc.c:3556 [inline]
       fs_reclaim_release mm/page_alloc.c:3582 [inline]
       might_alloc include/linux/sched/mm.h:304 [inline]
       prepare_alloc_pages+0x190/0x554 mm/page_alloc.c:4197
       __alloc_pages+0x150/0x698 mm/page_alloc.c:4415
       __alloc_pages_bulk+0x624/0xb04 mm/page_alloc.c:4374
       alloc_pages_bulk_array_mempolicy+0x764/0xa18 mm/mempolicy.c:2393
       vm_area_alloc_pages mm/vmalloc.c:3028 [inline]
       __vmalloc_area_node mm/vmalloc.c:3139 [inline]
       __vmalloc_node_range+0x538/0xebc mm/vmalloc.c:3320
       __vmalloc_node mm/vmalloc.c:3385 [inline]
       vzalloc+0xb4/0xdc mm/vmalloc.c:3458
       xt_counters_alloc+0x50/0x60 net/netfilter/x_tables.c:1379
       __do_replace+0xb0/0x9ac net/ipv4/netfilter/ip_tables.c:1046
       do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
       do_ip6t_set_ctl+0xd3c/0x2f84 net/ipv6/netfilter/ip6_tables.c:1636
       nf_setsockopt+0x270/0x290 net/netfilter/nf_sockopt.c:101
       ipv6_setsockopt+0x168/0x1a4 net/ipv6/ipv6_sockglue.c:1017
       tcp_setsockopt+0xcc/0xe8 net/ipv4/tcp.c:3671
       sock_common_setsockopt+0xb0/0xcc net/core/sock.c:3699
       __sys_setsockopt+0x388/0x654 net/socket.c:2325
       __do_sys_setsockopt net/socket.c:2336 [inline]
       __se_sys_setsockopt net/socket.c:2333 [inline]
       __arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2333
       __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
       invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
       el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
       do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
       el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
       el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595

other info that might help us debug this:

Chain exists of:
  (console_sem).lock --> &p->pi_lock --> &rq->__lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&rq->__lock);
                               lock(&p->pi_lock);
                               lock(&rq->__lock);
  lock((console_sem).lock);

 *** DEADLOCK ***

1 lock held by syz-executor.5/6034:
 #0: ffff0001b41d0d58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:558 [inline]
 #0: ffff0001b41d0d58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1372 [inline]
 #0: ffff0001b41d0d58 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1681 [inline]
 #0: ffff0001b41d0d58 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2d8/0x23b4 kernel/sched/core.c:6612

stack backtrace:
CPU: 0 PID: 6034 Comm: syz-executor.5 Not tainted 6.6.0-rc6-syzkaller-g78124b0c1d10 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
 show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 dump_stack+0x1c/0x28 lib/dump_stack.c:113
 print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2060
 check_noncircular+0x310/0x404 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain kernel/locking/lockdep.c:3868 [inline]
 __lock_acquire+0x3370/0x75e8 kernel/locking/lockdep.c:5136
 lock_acquire+0x23c/0x71c kernel/locking/lockdep.c:5753
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x5c/0x7c kernel/locking/spinlock.c:162
 down_trylock+0x28/0xd8 kernel/locking/semaphore.c:139
 __down_trylock_console_sem+0x58/0xf8 kernel/printk/printk.c:329
 console_trylock kernel/printk/printk.c:2671 [inline]
 console_trylock_spinning+0xd8/0x3d8 kernel/printk/printk.c:1927
 vprintk_emit+0x134/0x2e8 kernel/printk/printk.c:2306
 vprintk_default+0xa0/0xe4 kernel/printk/printk.c:2322
 vprintk+0x200/0x2d4 kernel/printk/printk_safe.c:45
 _printk+0xdc/0x128 kernel/printk/printk.c:2332
 pick_eevdf+0x610/0x618 kernel/sched/fair.c:976
 pick_next_entity kernel/sched/fair.c:5278 [inline]
 pick_next_task_fair+0x104/0x930 kernel/sched/fair.c:8222
 __pick_next_task kernel/sched/core.c:6004 [inline]
 pick_next_task kernel/sched/core.c:6514 [inline]
 __schedule+0x638/0x23b4 kernel/sched/core.c:6659
 preempt_schedule_irq+0x80/0x188 kernel/sched/core.c:7007
 arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:267 [inline]
 __el1_irq arch/arm64/kernel/entry-common.c:505 [inline]
 el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:517
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:522
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:591
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:176 [inline]
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:196 [inline]
 lock_release+0x4f4/0x9ac kernel/locking/lockdep.c:5776
 __fs_reclaim_release mm/page_alloc.c:3556 [inline]
 fs_reclaim_release mm/page_alloc.c:3582 [inline]
 might_alloc include/linux/sched/mm.h:304 [inline]
 prepare_alloc_pages+0x190/0x554 mm/page_alloc.c:4197
 __alloc_pages+0x150/0x698 mm/page_alloc.c:4415
 __alloc_pages_bulk+0x624/0xb04 mm/page_alloc.c:4374
 alloc_pages_bulk_array_mempolicy+0x764/0xa18 mm/mempolicy.c:2393
 vm_area_alloc_pages mm/vmalloc.c:3028 [inline]
 __vmalloc_area_node mm/vmalloc.c:3139 [inline]
 __vmalloc_node_range+0x538/0xebc mm/vmalloc.c:3320
 __vmalloc_node mm/vmalloc.c:3385 [inline]
 vzalloc+0xb4/0xdc mm/vmalloc.c:3458
 xt_counters_alloc+0x50/0x60 net/netfilter/x_tables.c:1379
 __do_replace+0xb0/0x9ac net/ipv4/netfilter/ip_tables.c:1046
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0xd3c/0x2f84 net/ipv6/netfilter/ip6_tables.c:1636
 nf_setsockopt+0x270/0x290 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x168/0x1a4 net/ipv6/ipv6_sockglue.c:1017
 tcp_setsockopt+0xcc/0xe8 net/ipv4/tcp.c:3671
 sock_common_setsockopt+0xb0/0xcc net/core/sock.c:3699
 __sys_setsockopt+0x388/0x654 net/socket.c:2325
 __do_sys_setsockopt net/socket.c:2336 [inline]
 __se_sys_setsockopt net/socket.c:2333 [inline]
 __arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2333
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595