./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor399983942 <...> Warning: Permanently added '10.128.0.121' (ED25519) to the list of known hosts. execve("./syz-executor399983942", ["./syz-executor399983942"], 0x7fff1584fb20 /* 10 vars */) = 0 brk(NULL) = 0x5555710a6000 brk(0x5555710a6d00) = 0x5555710a6d00 arch_prctl(ARCH_SET_FS, 0x5555710a6380) = 0 set_tid_address(0x5555710a6650) = 5091 set_robust_list(0x5555710a6660, 24) = 0 rseq(0x5555710a6ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor399983942", 4096) = 27 getrandom("\x2c\x68\x53\xf3\xad\x88\xef\x32", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555710a6d00 brk(0x5555710c7d00) = 0x5555710c7d00 brk(0x5555710c8000) = 0x5555710c8000 mprotect(0x7f283bb65000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/vbi2", O_RDWR) = 3 [ 72.547842][ T5091] vivid-001: ================= START STATUS ================= [ 72.555735][ T5091] vivid-001: Boolean: [ 72.555797][ T5091] [ 72.562220][ T5091] ====================================================== [ 72.569265][ T5091] WARNING: possible circular locking dependency detected [ 72.576370][ T5091] 6.9.0-rc3-next-20240412-syzkaller #0 Not tainted [ 72.582869][ T5091] ------------------------------------------------------ [ 72.589896][ T5091] syz-executor399/5091 is trying to acquire lock: [ 72.596300][ T5091] ffff8880260306e0 (vivid_ctrls:1606:(hdl_user_gen)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 72.608676][ T5091] [ 72.608676][ T5091] but task is already holding lock: [ 72.616051][ T5091] ffff8880260324b0 (vivid_ctrls:1625:(hdl_vbi_cap)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x11f/0x540 [ 72.628334][ T5091] [ 72.628334][ T5091] which lock already depends on the new lock. [ 72.628334][ T5091] [ 72.638740][ T5091] [ 72.638740][ T5091] the existing dependency chain (in reverse order) is: [ 72.647761][ T5091] [ 72.647761][ T5091] -> #1 (vivid_ctrls:1625:(hdl_vbi_cap)->_lock){+.+.}-{3:3}: [ 72.657332][ T5091] lock_acquire+0x1ed/0x550 [ 72.662447][ T5091] __mutex_lock+0x136/0xd70 [ 72.667503][ T5091] find_ref_lock+0x5b/0x470 [ 72.672538][ T5091] handler_new_ref+0x102/0x940 [ 72.677834][ T5091] v4l2_ctrl_add_handler+0x1a1/0x290 [ 72.683662][ T5091] vivid_create_controls+0x27ab/0x3580 [ 72.689650][ T5091] vivid_probe+0x4289/0x6fa0 [ 72.694763][ T5091] platform_probe+0x13a/0x1c0 [ 72.699960][ T5091] really_probe+0x2b8/0xad0 [ 72.705015][ T5091] __driver_probe_device+0x1a2/0x390 [ 72.710820][ T5091] driver_probe_device+0x50/0x430 [ 72.716365][ T5091] __driver_attach+0x45f/0x710 [ 72.721646][ T5091] bus_for_each_dev+0x239/0x2b0 [ 72.727080][ T5091] bus_add_driver+0x347/0x620 [ 72.732298][ T5091] driver_register+0x23a/0x320 [ 72.737594][ T5091] vivid_init+0x3d/0x70 [ 72.742298][ T5091] do_one_initcall+0x248/0x880 [ 72.747589][ T5091] do_initcall_level+0x157/0x210 [ 72.753053][ T5091] do_initcalls+0x3f/0x80 [ 72.757904][ T5091] kernel_init_freeable+0x435/0x5d0 [ 72.763625][ T5091] kernel_init+0x1d/0x2b0 [ 72.768504][ T5091] ret_from_fork+0x4b/0x80 [ 72.773473][ T5091] ret_from_fork_asm+0x1a/0x30 [ 72.778760][ T5091] [ 72.778760][ T5091] -> #0 (vivid_ctrls:1606:(hdl_user_gen)->_lock){+.+.}-{3:3}: [ 72.788413][ T5091] validate_chain+0x18cb/0x58e0 [ 72.793799][ T5091] __lock_acquire+0x1346/0x1fd0 [ 72.799193][ T5091] lock_acquire+0x1ed/0x550 [ 72.804221][ T5091] __mutex_lock+0x136/0xd70 [ 72.809268][ T5091] v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 72.815698][ T5091] v4l2_ctrl_log_status+0xe3/0x100 [ 72.821331][ T5091] vidioc_log_status+0x63/0x110 [ 72.826706][ T5091] v4l_log_status+0x8f/0x110 [ 72.831829][ T5091] __video_do_ioctl+0xc26/0xde0 [ 72.837209][ T5091] video_usercopy+0x896/0x1180 [ 72.842508][ T5091] v4l2_ioctl+0x18c/0x1e0 [ 72.847393][ T5091] __se_sys_ioctl+0xfc/0x170 [ 72.852542][ T5091] do_syscall_64+0xfa/0x250 [ 72.857576][ T5091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.863986][ T5091] [ 72.863986][ T5091] other info that might help us debug this: [ 72.863986][ T5091] [ 72.874203][ T5091] Possible unsafe locking scenario: [ 72.874203][ T5091] [ 72.881639][ T5091] CPU0 CPU1 [ 72.886994][ T5091] ---- ---- [ 72.892371][ T5091] lock(vivid_ctrls:1625:(hdl_vbi_cap)->_lock); [ 72.898693][ T5091] lock(vivid_ctrls:1606:(hdl_user_gen)->_lock); [ 72.907623][ T5091] lock(vivid_ctrls:1625:(hdl_vbi_cap)->_lock); [ 72.916465][ T5091] lock(vivid_ctrls:1606:(hdl_user_gen)->_lock); [ 72.922894][ T5091] [ 72.922894][ T5091] *** DEADLOCK *** [ 72.922894][ T5091] [ 72.931045][ T5091] 2 locks held by syz-executor399/5091: [ 72.936588][ T5091] #0: ffff888026035aa8 (&dev->mutex#3){+.+.}-{3:3}, at: __video_do_ioctl+0x4ed/0xde0 [ 72.946182][ T5091] #1: ffff8880260324b0 (vivid_ctrls:1625:(hdl_vbi_cap)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x11f/0x540 [ 72.958903][ T5091] [ 72.958903][ T5091] stack backtrace: [ 72.964784][ T5091] CPU: 0 PID: 5091 Comm: syz-executor399 Not tainted 6.9.0-rc3-next-20240412-syzkaller #0 [ 72.974665][ T5091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 72.984732][ T5091] Call Trace: [ 72.988012][ T5091] [ 72.990946][ T5091] dump_stack_lvl+0x241/0x360 [ 72.995626][ T5091] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.000836][ T5091] ? print_circular_bug+0x130/0x1a0 [ 73.006040][ T5091] check_noncircular+0x36a/0x4a0 [ 73.010984][ T5091] ? __pfx_check_noncircular+0x10/0x10 [ 73.016454][ T5091] ? lockdep_lock+0x123/0x2b0 [ 73.021145][ T5091] ? desc_read+0x1a2/0x3f0 [ 73.025560][ T5091] ? _find_first_zero_bit+0xd4/0x100 [ 73.030852][ T5091] validate_chain+0x18cb/0x58e0 [ 73.035713][ T5091] ? _prb_read_valid+0xa39/0xac0 [ 73.040737][ T5091] ? __pfx_validate_chain+0x10/0x10 [ 73.045941][ T5091] ? __pfx__prb_read_valid+0x10/0x10 [ 73.051272][ T5091] ? mark_lock+0x9a/0x350 [ 73.055600][ T5091] ? mark_lock+0x9a/0x350 [ 73.059929][ T5091] __lock_acquire+0x1346/0x1fd0 [ 73.064782][ T5091] lock_acquire+0x1ed/0x550 [ 73.069289][ T5091] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 73.075393][ T5091] ? __pfx_lock_acquire+0x10/0x10 [ 73.080428][ T5091] ? irq_work_queue+0xd1/0x150 [ 73.085195][ T5091] ? __pfx___might_resched+0x10/0x10 [ 73.090505][ T5091] ? __wake_up_klogd+0xd5/0x110 [ 73.095358][ T5091] ? vprintk_emit+0x631/0x770 [ 73.100040][ T5091] ? __pfx_vprintk_emit+0x10/0x10 [ 73.105066][ T5091] __mutex_lock+0x136/0xd70 [ 73.109575][ T5091] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 73.115647][ T5091] ? _printk+0xd5/0x120 [ 73.119799][ T5091] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 73.125873][ T5091] ? __pfx_vprintk_emit+0x10/0x10 [ 73.130903][ T5091] ? __pfx___mutex_lock+0x10/0x10 [ 73.135932][ T5091] ? rcu_is_watching+0x15/0xb0 [ 73.140698][ T5091] v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 73.146595][ T5091] v4l2_ctrl_log_status+0xe3/0x100 [ 73.151722][ T5091] vidioc_log_status+0x63/0x110 [ 73.156595][ T5091] v4l_log_status+0x8f/0x110 [ 73.161202][ T5091] __video_do_ioctl+0xc26/0xde0 [ 73.166077][ T5091] ? __pfx___video_do_ioctl+0x10/0x10 [ 73.171455][ T5091] video_usercopy+0x896/0x1180 [ 73.176242][ T5091] ? __pfx___video_do_ioctl+0x10/0x10 [ 73.181612][ T5091] ? __pfx_video_usercopy+0x10/0x10 [ 73.186814][ T5091] ? __pfx_ptrace_notify+0x10/0x10 [ 73.191932][ T5091] v4l2_ioctl+0x18c/0x1e0 [ 73.196264][ T5091] ? __pfx_v4l2_ioctl+0x10/0x10 [ 73.201113][ T5091] __se_sys_ioctl+0xfc/0x170 [ 73.205707][ T5091] do_syscall_64+0xfa/0x250 [ 73.210242][ T5091] ? clear_bhb_loop+0x35/0x90 [ 73.214926][ T5091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.220834][ T5091] RIP: 0033:0x7f283baf20e9 [ 73.225244][ T5091] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.244861][ T5091] RSP: 002b:00007ffdd5405bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.253269][ T5091] RAX: ffffffffffffffda RBX: 00007ffdd5405dc8 RCX: 00007f283baf20e9 [ 73.261235][ T5091] RDX: 0000000000000000 RSI: 0000000000005646 RDI: 0000000000000003 [ 73.269209][ T5091] RBP: 00007f283bb65610 R08: 00236962762f7665 R09: 00007ffdd5405dc8 [ 73.277188][ T5091] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001 [ 73.285154][ T5091] R13: 00007ffdd5405db8 R14: 0000000000000001 R15: 0000000000000001 [ 73.293137][ T5091] [ 73.296759][ T5091] true [ 73.299519][ T5091] vivid-001: Integer 32 Bits: 0 [ 73.304403][ T5091] vivid-001: Integer 64 Bits: 0 [ 73.309352][ T5091] vivid-001: Menu: Menu Item 3 [ 73.314139][ T5091] vivid-001: String: [ 73.318333][ T5091] vivid-001: Bitmask: 0x80002000 [ 73.323382][ T5091] vivid-001: Integer Menu: 5 [ 73.328043][ T5091] vivid-001: U32 1 Element Array: [1] 24 [ 73.333720][ T5091] vivid-001: U16 8x16 Matrix: [8][16] 24 [ 73.339429][ T5091] vivid-001: U8 2x3x4x5 Array: [2][3][4][5] 24 [ 73.345653][ T5091] vivid-001: Area: 1000x2000 [ 73.350294][ T5091] vivid-001: Read-Only Integer 32 Bits: 0 [ 73.356044][ T5091] vivid-001: U32 Dynamic Array: [100] 50 [ 73.361754][ T5091] vivid-001: U8 Pixel Array: [640][368] 128 [ 73.367737][ T5091] vivid-001: S32 2 Element Array: [2] 2 [ 73.373334][ T5091] vivid-001: S64 5 Element Array: [5] 4 [ 73.378929][ T5091] vivid-001: Interlaced VBI Format: false [ 73.384680][ T5091] vivid-001: Loop Video: false [ 73.389488][ T5091] vivid-001: Wrap Sequence Number: false [ 73.395146][ T5091] vivid-001: Wrap Timestamp: None ioctl(3, VIDIOC_LOG_STATUS, 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 73.400406][