./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1904046058 <...> Warning: Permanently added '10.128.0.201' (ED25519) to the list of known hosts. execve("./syz-executor1904046058", ["./syz-executor1904046058"], 0x7ffe44105ac0 /* 10 vars */) = 0 brk(NULL) = 0x5555571b8000 brk(0x5555571b8d00) = 0x5555571b8d00 arch_prctl(ARCH_SET_FS, 0x5555571b8380) = 0 set_tid_address(0x5555571b8650) = 5068 set_robust_list(0x5555571b8660, 24) = 0 rseq(0x5555571b8ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1904046058", 4096) = 28 getrandom("\xe9\x95\xf1\x6c\xcf\xdf\x41\x46", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555571b8d00 brk(0x5555571d9d00) = 0x5555571d9d00 brk(0x5555571da000) = 0x5555571da000 mprotect(0x7fc706098000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/swradio0", O_RDWR) = 3 [ 72.351467][ T5068] vivid-000: ================= START STATUS ================= [ 72.359420][ T5068] vivid-000: Boolean: [ 72.359482][ T5068] [ 72.365851][ T5068] ====================================================== [ 72.372878][ T5068] WARNING: possible circular locking dependency detected [ 72.379890][ T5068] 6.8.0-rc3-next-20240208-syzkaller #0 Not tainted [ 72.386382][ T5068] ------------------------------------------------------ [ 72.393574][ T5068] syz-executor190/5068 is trying to acquire lock: [ 72.399992][ T5068] ffff8880253306e0 (vivid_ctrls:1606:(hdl_user_gen)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 72.412356][ T5068] [ 72.412356][ T5068] but task is already holding lock: [ 72.419707][ T5068] ffff888025334278 (vivid_ctrls:1634:(hdl_sdr_cap)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x11f/0x540 [ 72.431965][ T5068] [ 72.431965][ T5068] which lock already depends on the new lock. [ 72.431965][ T5068] [ 72.442353][ T5068] [ 72.442353][ T5068] the existing dependency chain (in reverse order) is: [ 72.451353][ T5068] [ 72.451353][ T5068] -> #1 (vivid_ctrls:1634:(hdl_sdr_cap)->_lock){+.+.}-{3:3}: [ 72.460907][ T5068] lock_acquire+0x1e4/0x530 [ 72.465930][ T5068] __mutex_lock+0x136/0xd70 [ 72.470957][ T5068] find_ref_lock+0x5b/0x470 [ 72.475981][ T5068] handler_new_ref+0x102/0x940 [ 72.481267][ T5068] v4l2_ctrl_add_handler+0x1a1/0x290 [ 72.487062][ T5068] vivid_create_controls+0x2b3c/0x3580 [ 72.493040][ T5068] vivid_probe+0x4289/0x6fa0 [ 72.498141][ T5068] platform_probe+0x13a/0x1c0 [ 72.503335][ T5068] really_probe+0x29e/0xc50 [ 72.508359][ T5068] __driver_probe_device+0x1a2/0x3e0 [ 72.514166][ T5068] driver_probe_device+0x50/0x430 [ 72.519710][ T5068] __driver_attach+0x45f/0x710 [ 72.524990][ T5068] bus_for_each_dev+0x239/0x2b0 [ 72.530361][ T5068] bus_add_driver+0x347/0x620 [ 72.535558][ T5068] driver_register+0x23a/0x320 [ 72.540840][ T5068] vivid_init+0x3d/0x70 [ 72.545514][ T5068] do_one_initcall+0x238/0x830 [ 72.550799][ T5068] do_initcall_level+0x157/0x210 [ 72.556264][ T5068] do_initcalls+0x3f/0x80 [ 72.561106][ T5068] kernel_init_freeable+0x430/0x5d0 [ 72.566837][ T5068] kernel_init+0x1d/0x2b0 [ 72.571691][ T5068] ret_from_fork+0x4b/0x80 [ 72.576630][ T5068] ret_from_fork_asm+0x1a/0x30 [ 72.581915][ T5068] [ 72.581915][ T5068] -> #0 (vivid_ctrls:1606:(hdl_user_gen)->_lock){+.+.}-{3:3}: [ 72.591555][ T5068] validate_chain+0x18cb/0x58e0 [ 72.596922][ T5068] __lock_acquire+0x1346/0x1fd0 [ 72.602283][ T5068] lock_acquire+0x1e4/0x530 [ 72.607301][ T5068] __mutex_lock+0x136/0xd70 [ 72.612321][ T5068] v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 72.618729][ T5068] v4l2_ctrl_log_status+0xe3/0x100 [ 72.624528][ T5068] vidioc_log_status+0x63/0x110 [ 72.629902][ T5068] v4l_log_status+0x8f/0x110 [ 72.635009][ T5068] __video_do_ioctl+0xc26/0xde0 [ 72.640375][ T5068] video_usercopy+0x899/0x1180 [ 72.645652][ T5068] v4l2_ioctl+0x18c/0x1e0 [ 72.650498][ T5068] __se_sys_ioctl+0xfc/0x170 [ 72.655622][ T5068] do_syscall_64+0xfb/0x240 [ 72.660658][ T5068] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 72.667075][ T5068] [ 72.667075][ T5068] other info that might help us debug this: [ 72.667075][ T5068] [ 72.677293][ T5068] Possible unsafe locking scenario: [ 72.677293][ T5068] [ 72.684760][ T5068] CPU0 CPU1 [ 72.690112][ T5068] ---- ---- [ 72.695466][ T5068] lock(vivid_ctrls:1634:(hdl_sdr_cap)->_lock); [ 72.701791][ T5068] lock(vivid_ctrls:1606:(hdl_user_gen)->_lock); [ 72.710728][ T5068] lock(vivid_ctrls:1634:(hdl_sdr_cap)->_lock); [ 72.719566][ T5068] lock(vivid_ctrls:1606:(hdl_user_gen)->_lock); [ 72.725975][ T5068] [ 72.725975][ T5068] *** DEADLOCK *** [ 72.725975][ T5068] [ 72.734107][ T5068] 2 locks held by syz-executor190/5068: [ 72.739725][ T5068] #0: ffff888025335a58 (&dev->mutex#3){+.+.}-{3:3}, at: __video_do_ioctl+0x4ed/0xde0 [ 72.749306][ T5068] #1: ffff888025334278 (vivid_ctrls:1634:(hdl_sdr_cap)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x11f/0x540 [ 72.762010][ T5068] [ 72.762010][ T5068] stack backtrace: [ 72.767888][ T5068] CPU: 0 PID: 5068 Comm: syz-executor190 Not tainted 6.8.0-rc3-next-20240208-syzkaller #0 [ 72.777767][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 72.787814][ T5068] Call Trace: [ 72.791085][ T5068] [ 72.794008][ T5068] dump_stack_lvl+0x241/0x360 [ 72.798690][ T5068] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.803891][ T5068] ? print_circular_bug+0x130/0x1a0 [ 72.809090][ T5068] check_noncircular+0x36a/0x4a0 [ 72.814038][ T5068] ? __pfx_check_noncircular+0x10/0x10 [ 72.819515][ T5068] ? lockdep_lock+0x123/0x2b0 [ 72.824197][ T5068] ? desc_read+0x1a2/0x3f0 [ 72.828611][ T5068] ? _find_first_zero_bit+0xd4/0x100 [ 72.833898][ T5068] validate_chain+0x18cb/0x58e0 [ 72.838752][ T5068] ? _prb_read_valid+0xa39/0xac0 [ 72.843682][ T5068] ? __pfx_validate_chain+0x10/0x10 [ 72.848878][ T5068] ? __pfx__prb_read_valid+0x10/0x10 [ 72.854159][ T5068] ? mark_lock+0x9a/0x350 [ 72.858576][ T5068] ? mark_lock+0x9a/0x350 [ 72.862905][ T5068] __lock_acquire+0x1346/0x1fd0 [ 72.867764][ T5068] lock_acquire+0x1e4/0x530 [ 72.872263][ T5068] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 72.878327][ T5068] ? __pfx_lock_acquire+0x10/0x10 [ 72.883435][ T5068] ? irq_work_queue+0xd1/0x150 [ 72.888206][ T5068] ? __pfx___might_resched+0x10/0x10 [ 72.893488][ T5068] ? __wake_up_klogd+0xd5/0x110 [ 72.898338][ T5068] ? vprintk_emit+0x631/0x770 [ 72.903014][ T5068] ? __pfx_vprintk_emit+0x10/0x10 [ 72.908038][ T5068] __mutex_lock+0x136/0xd70 [ 72.912536][ T5068] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 72.918612][ T5068] ? _printk+0xd5/0x120 [ 72.922851][ T5068] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 72.928915][ T5068] ? __pfx_vprintk_emit+0x10/0x10 [ 72.933943][ T5068] ? __pfx___mutex_lock+0x10/0x10 [ 72.938962][ T5068] ? rcu_is_watching+0x15/0xb0 [ 72.943726][ T5068] v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 72.949631][ T5068] v4l2_ctrl_log_status+0xe3/0x100 [ 72.954742][ T5068] vidioc_log_status+0x63/0x110 [ 72.959594][ T5068] v4l_log_status+0x8f/0x110 [ 72.964190][ T5068] __video_do_ioctl+0xc26/0xde0 [ 72.969041][ T5068] ? __pfx___video_do_ioctl+0x10/0x10 [ 72.974408][ T5068] video_usercopy+0x899/0x1180 [ 72.979168][ T5068] ? __pfx___video_do_ioctl+0x10/0x10 [ 72.984530][ T5068] ? __pfx_video_usercopy+0x10/0x10 [ 72.989725][ T5068] ? __pfx_ptrace_notify+0x10/0x10 [ 72.994852][ T5068] v4l2_ioctl+0x18c/0x1e0 [ 72.999183][ T5068] ? __pfx_v4l2_ioctl+0x10/0x10 [ 73.004036][ T5068] __se_sys_ioctl+0xfc/0x170 [ 73.008799][ T5068] do_syscall_64+0xfb/0x240 [ 73.013307][ T5068] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 73.019193][ T5068] RIP: 0033:0x7fc7060250e9 [ 73.023611][ T5068] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.043213][ T5068] RSP: 002b:00007fff130f5498 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.051622][ T5068] RAX: ffffffffffffffda RBX: 00007fff130f5668 RCX: 00007fc7060250e9 [ 73.059590][ T5068] RDX: 0000000000000000 RSI: 0000000000005646 RDI: 0000000000000003 [ 73.067563][ T5068] RBP: 00007fc706098610 R08: 00236f6964617277 R09: 00007fff130f5668 [ 73.075533][ T5068] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001 [ 73.083497][ T5068] R13: 00007fff130f5658 R14: 0000000000000001 R15: 0000000000000001 [ 73.091469][ T5068] [ 73.094823][ T5068] true [ 73.097539][ T5068] vivid-000: Integer 32 Bits: 0 [ 73.102533][ T5068] vivid-000: Integer 64 Bits: 0 [ 73.107431][ T5068] vivid-000: Menu: Menu Item 3 [ 73.112303][ T5068] vivid-000: String: [ 73.116488][ T5068] vivid-000: Bitmask: 0x80002000 [ 73.121532][ T5068] vivid-000: Integer Menu: 5 [ 73.126159][ T5068] vivid-000: U32 1 Element Array: [1] 24 [ 73.131842][ T5068] vivid-000: U16 8x16 Matrix: [8][16] 24 [ 73.137527][ T5068] vivid-000: U8 2x3x4x5 Array: [2][3][4][5] 24 [ 73.143765][ T5068] vivid-000: Area: unknown type 262 [ 73.148990][ T5068] vivid-000: Read-Only Integer 32 Bits: 0 [ 73.154756][ T5068] vivid-000: U32 Dynamic Array: [100] 50 [ 73.160429][ T5068] vivid-000: U8 Pixel Array: [640][368] 128 [ 73.166392][ T5068] vivid-000: S32 2 Element Array: [2] 2 [ 73.172011][ T5068] vivid-000: S64 5 Element Array: [5] 4 [ 73.177578][ T5068] vivid-000: Wrap Sequence Number: false [ 73.183277][ T5068] vivid-000: Wrap Timestamp: None [ 73.188331][ T5068] vivid-000: Percentage of Dropped Buffers: 0 [ 73.194437][ T5068] vivid-000: FM Deviation: 75000 ioctl(3, VIDIOC_LOG_STATUS, 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 73.199399][ T5068] vivid-000: ================== END STATUS ========