./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3644096372 <...> Warning: Permanently added '10.128.0.28' (ED25519) to the list of known hosts. execve("./syz-executor3644096372", ["./syz-executor3644096372"], 0x7ffd9bb19230 /* 10 vars */) = 0 brk(NULL) = 0x55558607d000 brk(0x55558607dd00) = 0x55558607dd00 arch_prctl(ARCH_SET_FS, 0x55558607d380) = 0 set_tid_address(0x55558607d650) = 5079 set_robust_list(0x55558607d660, 24) = 0 rseq(0x55558607dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3644096372", 4096) = 28 getrandom("\xc9\x67\xb7\xe6\xc4\x5a\xe5\x9e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558607dd00 brk(0x55558609ed00) = 0x55558609ed00 brk(0x55558609f000) = 0x55558609f000 mprotect(0x7fda9eb8e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/vbi2", O_RDWR) = 3 [ 59.847423][ T5079] vivid-001: ================= START STATUS ================= [ 59.855377][ T5079] vivid-001: Boolean: [ 59.855419][ T5079] [ 59.861765][ T5079] ====================================================== [ 59.868757][ T5079] WARNING: possible circular locking dependency detected [ 59.875760][ T5079] 6.9.0-rc4-syzkaller-00164-gdbe0a7be2838 #0 Not tainted [ 59.882768][ T5079] ------------------------------------------------------ [ 59.889768][ T5079] syz-executor364/5079 is trying to acquire lock: [ 59.896167][ T5079] ffff888025bc06e0 (vivid_ctrls:1606:(hdl_user_gen)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 59.908529][ T5079] [ 59.908529][ T5079] but task is already holding lock: [ 59.915892][ T5079] ffff888025bc24b0 (vivid_ctrls:1625:(hdl_vbi_cap)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x11f/0x540 [ 59.928132][ T5079] [ 59.928132][ T5079] which lock already depends on the new lock. [ 59.928132][ T5079] [ 59.938683][ T5079] [ 59.938683][ T5079] the existing dependency chain (in reverse order) is: [ 59.947686][ T5079] [ 59.947686][ T5079] -> #1 (vivid_ctrls:1625:(hdl_vbi_cap)->_lock){+.+.}-{3:3}: [ 59.957239][ T5079] lock_acquire+0x1ed/0x550 [ 59.962265][ T5079] __mutex_lock+0x136/0xd70 [ 59.967426][ T5079] find_ref_lock+0x5b/0x470 [ 59.972453][ T5079] handler_new_ref+0x102/0x940 [ 59.977723][ T5079] v4l2_ctrl_add_handler+0x1a1/0x290 [ 59.983540][ T5079] vivid_create_controls+0x27ab/0x3580 [ 59.989518][ T5079] vivid_probe+0x4289/0x6fa0 [ 59.994615][ T5079] platform_probe+0x13a/0x1c0 [ 59.999795][ T5079] really_probe+0x2b8/0xad0 [ 60.004801][ T5079] __driver_probe_device+0x1a2/0x390 [ 60.010848][ T5079] driver_probe_device+0x50/0x430 [ 60.016578][ T5079] __driver_attach+0x45f/0x710 [ 60.021856][ T5079] bus_for_each_dev+0x239/0x2b0 [ 60.027216][ T5079] bus_add_driver+0x347/0x620 [ 60.032393][ T5079] driver_register+0x23a/0x320 [ 60.037653][ T5079] vivid_init+0x3d/0x70 [ 60.042342][ T5079] do_one_initcall+0x248/0x880 [ 60.047613][ T5079] do_initcall_level+0x157/0x210 [ 60.053048][ T5079] do_initcalls+0x3f/0x80 [ 60.057873][ T5079] kernel_init_freeable+0x435/0x5d0 [ 60.063567][ T5079] kernel_init+0x1d/0x2b0 [ 60.068394][ T5079] ret_from_fork+0x4b/0x80 [ 60.073381][ T5079] ret_from_fork_asm+0x1a/0x30 [ 60.078678][ T5079] [ 60.078678][ T5079] -> #0 (vivid_ctrls:1606:(hdl_user_gen)->_lock){+.+.}-{3:3}: [ 60.088327][ T5079] validate_chain+0x18cb/0x58e0 [ 60.093686][ T5079] __lock_acquire+0x1346/0x1fd0 [ 60.099039][ T5079] lock_acquire+0x1ed/0x550 [ 60.104038][ T5079] __mutex_lock+0x136/0xd70 [ 60.109040][ T5079] v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 60.115434][ T5079] v4l2_ctrl_log_status+0xe3/0x100 [ 60.121048][ T5079] vidioc_log_status+0x63/0x110 [ 60.126483][ T5079] v4l_log_status+0x8f/0x110 [ 60.131671][ T5079] __video_do_ioctl+0xc26/0xde0 [ 60.137022][ T5079] video_usercopy+0x899/0x1180 [ 60.142285][ T5079] v4l2_ioctl+0x18c/0x1e0 [ 60.147116][ T5079] __se_sys_ioctl+0xfc/0x170 [ 60.152219][ T5079] do_syscall_64+0xf5/0x240 [ 60.157243][ T5079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.163838][ T5079] [ 60.163838][ T5079] other info that might help us debug this: [ 60.163838][ T5079] [ 60.174139][ T5079] Possible unsafe locking scenario: [ 60.174139][ T5079] [ 60.181581][ T5079] CPU0 CPU1 [ 60.186923][ T5079] ---- ---- [ 60.192285][ T5079] lock(vivid_ctrls:1625:(hdl_vbi_cap)->_lock); [ 60.198604][ T5079] lock(vivid_ctrls:1606:(hdl_user_gen)->_lock); [ 60.207540][ T5079] lock(vivid_ctrls:1625:(hdl_vbi_cap)->_lock); [ 60.216385][ T5079] lock(vivid_ctrls:1606:(hdl_user_gen)->_lock); [ 60.222787][ T5079] [ 60.222787][ T5079] *** DEADLOCK *** [ 60.222787][ T5079] [ 60.230909][ T5079] 2 locks held by syz-executor364/5079: [ 60.236454][ T5079] #0: ffff888025bc5aa8 (&dev->mutex#3){+.+.}-{3:3}, at: __video_do_ioctl+0x4ed/0xde0 [ 60.246018][ T5079] #1: ffff888025bc24b0 (vivid_ctrls:1625:(hdl_vbi_cap)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x11f/0x540 [ 60.258688][ T5079] [ 60.258688][ T5079] stack backtrace: [ 60.264578][ T5079] CPU: 1 PID: 5079 Comm: syz-executor364 Not tainted 6.9.0-rc4-syzkaller-00164-gdbe0a7be2838 #0 [ 60.275474][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 60.285709][ T5079] Call Trace: [ 60.288989][ T5079] [ 60.291922][ T5079] dump_stack_lvl+0x241/0x360 [ 60.296633][ T5079] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.301841][ T5079] ? print_circular_bug+0x130/0x1a0 [ 60.307049][ T5079] check_noncircular+0x36a/0x4a0 [ 60.311988][ T5079] ? __pfx_check_noncircular+0x10/0x10 [ 60.317431][ T5079] ? lockdep_lock+0x123/0x2b0 [ 60.322090][ T5079] ? desc_read+0x1a2/0x3f0 [ 60.326495][ T5079] ? _find_first_zero_bit+0xd4/0x100 [ 60.331791][ T5079] validate_chain+0x18cb/0x58e0 [ 60.336640][ T5079] ? _prb_read_valid+0xa39/0xac0 [ 60.341563][ T5079] ? __pfx_validate_chain+0x10/0x10 [ 60.346748][ T5079] ? __pfx__prb_read_valid+0x10/0x10 [ 60.352014][ T5079] ? mark_lock+0x9a/0x350 [ 60.356329][ T5079] ? mark_lock+0x9a/0x350 [ 60.360647][ T5079] __lock_acquire+0x1346/0x1fd0 [ 60.365476][ T5079] lock_acquire+0x1ed/0x550 [ 60.369958][ T5079] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 60.376033][ T5079] ? __pfx_lock_acquire+0x10/0x10 [ 60.381062][ T5079] ? irq_work_queue+0xd1/0x150 [ 60.385834][ T5079] ? __pfx___might_resched+0x10/0x10 [ 60.391287][ T5079] ? __wake_up_klogd+0xd5/0x110 [ 60.396127][ T5079] ? vprintk_emit+0x631/0x770 [ 60.400792][ T5079] ? __pfx_vprintk_emit+0x10/0x10 [ 60.405800][ T5079] __mutex_lock+0x136/0xd70 [ 60.410283][ T5079] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 60.416347][ T5079] ? _printk+0xd5/0x120 [ 60.420481][ T5079] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 60.426530][ T5079] ? __pfx_vprintk_emit+0x10/0x10 [ 60.431972][ T5079] ? __pfx___mutex_lock+0x10/0x10 [ 60.436978][ T5079] ? rcu_is_watching+0x15/0xb0 [ 60.441722][ T5079] v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 60.447601][ T5079] v4l2_ctrl_log_status+0xe3/0x100 [ 60.452694][ T5079] vidioc_log_status+0x63/0x110 [ 60.457532][ T5079] v4l_log_status+0x8f/0x110 [ 60.462101][ T5079] __video_do_ioctl+0xc26/0xde0 [ 60.466939][ T5079] ? __pfx___video_do_ioctl+0x10/0x10 [ 60.472299][ T5079] video_usercopy+0x899/0x1180 [ 60.477057][ T5079] ? __pfx___video_do_ioctl+0x10/0x10 [ 60.482407][ T5079] ? __pfx_video_usercopy+0x10/0x10 [ 60.487587][ T5079] ? __pfx_ptrace_notify+0x10/0x10 [ 60.492676][ T5079] v4l2_ioctl+0x18c/0x1e0 [ 60.496985][ T5079] ? __pfx_v4l2_ioctl+0x10/0x10 [ 60.501814][ T5079] __se_sys_ioctl+0xfc/0x170 [ 60.506401][ T5079] do_syscall_64+0xf5/0x240 [ 60.510886][ T5079] ? clear_bhb_loop+0x35/0x90 [ 60.515542][ T5079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.521448][ T5079] RIP: 0033:0x7fda9eb1b0e9 [ 60.525850][ T5079] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.545447][ T5079] RSP: 002b:00007fff4f9beba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.553850][ T5079] RAX: ffffffffffffffda RBX: 00007fff4f9bed78 RCX: 00007fda9eb1b0e9 [ 60.561799][ T5079] RDX: 0000000000000000 RSI: 0000000000005646 RDI: 0000000000000003 [ 60.569786][ T5079] RBP: 00007fda9eb8e610 R08: 00236962762f7665 R09: 00007fff4f9bed78 [ 60.577734][ T5079] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000001 [ 60.585769][ T5079] R13: 00007fff4f9bed68 R14: 0000000000000001 R15: 0000000000000001 [ 60.593724][ T5079] [ 60.597762][ T5079] true [ 60.600543][ T5079] vivid-001: Integer 32 Bits: 0 [ 60.605420][ T5079] vivid-001: Integer 64 Bits: 0 [ 60.610329][ T5079] vivid-001: Menu: Menu Item 3 [ 60.615080][ T5079] vivid-001: String: [ 60.619304][ T5079] vivid-001: Bitmask: 0x80002000 [ 60.624265][ T5079] vivid-001: Integer Menu: 5 [ 60.628862][ T5079] vivid-001: U32 1 Element Array: [1] 24 [ 60.634590][ T5079] vivid-001: U16 8x16 Matrix: [8][16] 24 [ 60.640383][ T5079] vivid-001: U8 2x3x4x5 Array: [2][3][4][5] 24 [ 60.646623][ T5079] vivid-001: Area: unknown type 262 [ 60.651887][ T5079] vivid-001: Read-Only Integer 32 Bits: 0 [ 60.657629][ T5079] vivid-001: U32 Dynamic Array: [100] 50 [ 60.663349][ T5079] vivid-001: U8 Pixel Array: [640][368] 128 [ 60.669280][ T5079] vivid-001: S32 2 Element Array: [2] 2 [ 60.674880][ T5079] vivid-001: S64 5 Element Array: [5] 4 [ 60.680478][ T5079] vivid-001: Interlaced VBI Format: false [ 60.686187][ T5079] vivid-001: Loop Video: false [ 60.690985][ T5079] vivid-001: Wrap Sequence Number: false ioctl(3, VIDIOC_LOG_STATUS, 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 60.696629][ T5079] vivid-001: Wr