./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1072466397 <...> [ 76.785049][ T56] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.10.39' (ED25519) to the list of known hosts. execve("./syz-executor1072466397", ["./syz-executor1072466397"], 0x7ffc9c4d5ae0 /* 10 vars */) = 0 brk(NULL) = 0x555584d83000 brk(0x555584d83d00) = 0x555584d83d00 arch_prctl(ARCH_SET_FS, 0x555584d83380) = 0 set_tid_address(0x555584d83650) = 5082 set_robust_list(0x555584d83660, 24) = 0 rseq(0x555584d83ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1072466397", 4096) = 28 getrandom("\x82\x2c\x31\xfb\xef\x7f\x50\x5d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555584d83d00 brk(0x555584da4d00) = 0x555584da4d00 brk(0x555584da5000) = 0x555584da5000 mprotect(0x7f4e210cd000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/video37", O_RDWR) = 3 [ 77.553367][ T5082] vivid-007: ================= START STATUS ================= [ 77.561162][ T5082] vivid-007: Boolean: [ 77.561204][ T5082] [ 77.567543][ T5082] ====================================================== [ 77.574533][ T5082] WARNING: possible circular locking dependency detected [ 77.581525][ T5082] 6.9.0-rc5-syzkaller-00159-gc942a0cd3603 #0 Not tainted [ 77.588534][ T5082] ------------------------------------------------------ [ 77.595527][ T5082] syz-executor107/5082 is trying to acquire lock: [ 77.601916][ T5082] ffff8880275c06e0 (vivid_ctrls:1606:(hdl_user_gen)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 77.614261][ T5082] [ 77.614261][ T5082] but task is already holding lock: [ 77.621616][ T5082] ffff8880275c4a30 (vivid_ctrls:1636:(hdl_meta_cap)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x11f/0x540 [ 77.633951][ T5082] [ 77.633951][ T5082] which lock already depends on the new lock. [ 77.633951][ T5082] [ 77.644330][ T5082] [ 77.644330][ T5082] the existing dependency chain (in reverse order) is: [ 77.653320][ T5082] [ 77.653320][ T5082] -> #1 (vivid_ctrls:1636:(hdl_meta_cap)->_lock){+.+.}-{3:3}: [ 77.662940][ T5082] lock_acquire+0x1ed/0x550 [ 77.667943][ T5082] __mutex_lock+0x136/0xd70 [ 77.673139][ T5082] find_ref_lock+0x5b/0x470 [ 77.678141][ T5082] handler_new_ref+0x102/0x940 [ 77.683406][ T5082] v4l2_ctrl_add_handler+0x1a1/0x290 [ 77.689190][ T5082] vivid_create_controls+0x2c10/0x3580 [ 77.695155][ T5082] vivid_probe+0x4289/0x6fa0 [ 77.700248][ T5082] platform_probe+0x13a/0x1c0 [ 77.705424][ T5082] really_probe+0x2b8/0xad0 [ 77.710423][ T5082] __driver_probe_device+0x1a2/0x390 [ 77.716211][ T5082] driver_probe_device+0x50/0x430 [ 77.721735][ T5082] __driver_attach+0x45f/0x710 [ 77.727003][ T5082] bus_for_each_dev+0x239/0x2b0 [ 77.732352][ T5082] bus_add_driver+0x347/0x620 [ 77.737525][ T5082] driver_register+0x23a/0x320 [ 77.742784][ T5082] vivid_init+0x3d/0x70 [ 77.747443][ T5082] do_one_initcall+0x248/0x880 [ 77.752707][ T5082] do_initcall_level+0x157/0x210 [ 77.758148][ T5082] do_initcalls+0x3f/0x80 [ 77.762975][ T5082] kernel_init_freeable+0x435/0x5d0 [ 77.768671][ T5082] kernel_init+0x1d/0x2b0 [ 77.773513][ T5082] ret_from_fork+0x4b/0x80 [ 77.778429][ T5082] ret_from_fork_asm+0x1a/0x30 [ 77.783694][ T5082] [ 77.783694][ T5082] -> #0 (vivid_ctrls:1606:(hdl_user_gen)->_lock){+.+.}-{3:3}: [ 77.793312][ T5082] validate_chain+0x18cb/0x58e0 [ 77.798663][ T5082] __lock_acquire+0x1346/0x1fd0 [ 77.804009][ T5082] lock_acquire+0x1ed/0x550 [ 77.809024][ T5082] __mutex_lock+0x136/0xd70 [ 77.814025][ T5082] v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 77.820421][ T5082] v4l2_ctrl_log_status+0xe3/0x100 [ 77.826040][ T5082] vidioc_log_status+0x63/0x110 [ 77.831399][ T5082] v4l_log_status+0x8f/0x110 [ 77.836495][ T5082] __video_do_ioctl+0xc26/0xde0 [ 77.841854][ T5082] video_usercopy+0x899/0x1180 [ 77.847124][ T5082] v4l2_ioctl+0x18c/0x1e0 [ 77.851957][ T5082] __se_sys_ioctl+0xfc/0x170 [ 77.857072][ T5082] do_syscall_64+0xf5/0x240 [ 77.862077][ T5082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.868468][ T5082] [ 77.868468][ T5082] other info that might help us debug this: [ 77.868468][ T5082] [ 77.878689][ T5082] Possible unsafe locking scenario: [ 77.878689][ T5082] [ 77.886116][ T5082] CPU0 CPU1 [ 77.891457][ T5082] ---- ---- [ 77.896795][ T5082] lock(vivid_ctrls:1636:(hdl_meta_cap)->_lock); [ 77.903188][ T5082] lock(vivid_ctrls:1606:(hdl_user_gen)->_lock); [ 77.912101][ T5082] lock(vivid_ctrls:1636:(hdl_meta_cap)->_lock); [ 77.921010][ T5082] lock(vivid_ctrls:1606:(hdl_user_gen)->_lock); [ 77.927400][ T5082] [ 77.927400][ T5082] *** DEADLOCK *** [ 77.927400][ T5082] [ 77.935517][ T5082] 2 locks held by syz-executor107/5082: [ 77.941036][ T5082] #0: ffff8880275c5aa8 (&dev->mutex#3){+.+.}-{3:3}, at: __video_do_ioctl+0x4ed/0xde0 [ 77.950586][ T5082] #1: ffff8880275c4a30 (vivid_ctrls:1636:(hdl_meta_cap)->_lock){+.+.}-{3:3}, at: v4l2_ctrl_handler_log_status+0x11f/0x540 [ 77.963350][ T5082] [ 77.963350][ T5082] stack backtrace: [ 77.969225][ T5082] CPU: 0 PID: 5082 Comm: syz-executor107 Not tainted 6.9.0-rc5-syzkaller-00159-gc942a0cd3603 #0 [ 77.979607][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 77.989641][ T5082] Call Trace: [ 77.992901][ T5082] [ 77.995811][ T5082] dump_stack_lvl+0x241/0x360 [ 78.000470][ T5082] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.005649][ T5082] ? print_circular_bug+0x130/0x1a0 [ 78.010829][ T5082] check_noncircular+0x36a/0x4a0 [ 78.015748][ T5082] ? __pfx_check_noncircular+0x10/0x10 [ 78.021186][ T5082] ? lockdep_lock+0x123/0x2b0 [ 78.025840][ T5082] ? desc_read+0x1a2/0x3f0 [ 78.030237][ T5082] ? _find_first_zero_bit+0xd4/0x100 [ 78.035504][ T5082] validate_chain+0x18cb/0x58e0 [ 78.040339][ T5082] ? _prb_read_valid+0xa39/0xac0 [ 78.045258][ T5082] ? __pfx_validate_chain+0x10/0x10 [ 78.050442][ T5082] ? __pfx__prb_read_valid+0x10/0x10 [ 78.055707][ T5082] ? mark_lock+0x9a/0x350 [ 78.060014][ T5082] ? mark_lock+0x9a/0x350 [ 78.064321][ T5082] __lock_acquire+0x1346/0x1fd0 [ 78.069154][ T5082] lock_acquire+0x1ed/0x550 [ 78.073636][ T5082] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 78.079687][ T5082] ? __pfx_lock_acquire+0x10/0x10 [ 78.084688][ T5082] ? irq_work_queue+0xd1/0x150 [ 78.089430][ T5082] ? __pfx___might_resched+0x10/0x10 [ 78.094690][ T5082] ? __wake_up_klogd+0xd5/0x110 [ 78.099523][ T5082] ? vprintk_emit+0x631/0x770 [ 78.104179][ T5082] ? __pfx_vprintk_emit+0x10/0x10 [ 78.109199][ T5082] __mutex_lock+0x136/0xd70 [ 78.113699][ T5082] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 78.119758][ T5082] ? _printk+0xd5/0x120 [ 78.123901][ T5082] ? v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 78.129955][ T5082] ? __pfx_vprintk_emit+0x10/0x10 [ 78.134963][ T5082] ? __pfx___mutex_lock+0x10/0x10 [ 78.139965][ T5082] ? rcu_is_watching+0x15/0xb0 [ 78.144711][ T5082] v4l2_ctrl_handler_log_status+0x2f3/0x540 [ 78.150589][ T5082] v4l2_ctrl_log_status+0xe3/0x100 [ 78.155691][ T5082] vidioc_log_status+0x63/0x110 [ 78.160544][ T5082] v4l_log_status+0x8f/0x110 [ 78.165131][ T5082] __video_do_ioctl+0xc26/0xde0 [ 78.169980][ T5082] ? __pfx___video_do_ioctl+0x10/0x10 [ 78.175346][ T5082] video_usercopy+0x899/0x1180 [ 78.180098][ T5082] ? __pfx___video_do_ioctl+0x10/0x10 [ 78.185452][ T5082] ? __pfx_video_usercopy+0x10/0x10 [ 78.190634][ T5082] ? __pfx_ptrace_notify+0x10/0x10 [ 78.195724][ T5082] v4l2_ioctl+0x18c/0x1e0 [ 78.200033][ T5082] ? __pfx_v4l2_ioctl+0x10/0x10 [ 78.204863][ T5082] __se_sys_ioctl+0xfc/0x170 [ 78.209434][ T5082] do_syscall_64+0xf5/0x240 [ 78.213918][ T5082] ? clear_bhb_loop+0x35/0x90 [ 78.218574][ T5082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.224445][ T5082] RIP: 0033:0x7f4e2105a2a9 [ 78.228836][ T5082] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 78.248437][ T5082] RSP: 002b:00007fff5c425bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.256840][ T5082] RAX: ffffffffffffffda RBX: 00007fff5c425d88 RCX: 00007f4e2105a2a9 [ 78.264790][ T5082] RDX: 0000000000000000 RSI: 0000000000005646 RDI: 0000000000000003 [ 78.272739][ T5082] RBP: 00007f4e210cd610 R08: 0000000000000000 R09: 00007fff5c425d88 [ 78.280690][ T5082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.288638][ T5082] R13: 00007fff5c425d78 R14: 0000000000000001 R15: 0000000000000001 [ 78.296604][ T5082] [ 78.300180][ T5082] true [ 78.302881][ T5082] vivid-007: Integer 32 Bits: 0 [ 78.307783][ T5082] vivid-007: Integer 64 Bits: 0 [ 78.312653][ T5082] vivid-007: Menu: Menu Item 3 [ 78.317457][ T5082] vivid-007: String: [ 78.321611][ T5082] vivid-007: Bitmask: 0x80002000 [ 78.326561][ T5082] vivid-007: Integer Menu: 5 [ 78.331153][ T5082] vivid-007: U32 1 Element Array: [1] 24 [ 78.336813][ T5082] vivid-007: U16 8x16 Matrix: [8][16] 24 [ 78.342470][ T5082] vivid-007: U8 2x3x4x5 Array: [2][3][4][5] 24 [ 78.348662][ T5082] vivid-007: Area: unknown type 262 [ 78.353889][ T5082] vivid-007: Read-Only Integer 32 Bits: 0 [ 78.359590][ T5082] vivid-007: U32 Dynamic Array: [100] 50 [ 78.365242][ T5082] vivid-007: U8 Pixel Array: [640][368] 128 [ 78.371161][ T5082] vivid-007: S32 2 Element Array: [2] 2 [ 78.376734][ T5082] vivid-007: S64 5 Element Array: [5] 4 [ 78.382297][ T5082] vivid-007: Wrap Sequence Number: false [ 78.387961][ T5082] vivid-007: Wrap Timestamp: None [ 78.392987][ T5082] vivid-007: Percentage of Dropped Buffers: 0 [ 78.399066][ T5082] vivid-007: Generate PTS: true ioctl(3, VIDIOC_LOG_STATUS, 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 78.403946][ T5082] vivid-007: Generat