[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.990306] [ 31.991942] ============================================ [ 31.997364] WARNING: possible recursive locking detected [ 32.002806] 4.19.211-syzkaller #0 Not tainted [ 32.007277] -------------------------------------------- [ 32.012702] syz-executor491/8077 is trying to acquire lock: [ 32.018386] 00000000e805cb71 (&type->i_mutex_dir_key#7){++++}, at: fuse_reverse_inval_entry+0x2e1/0x660 [ 32.027906] [ 32.027906] but task is already holding lock: [ 32.033853] 0000000037f30d18 (&type->i_mutex_dir_key#7){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 [ 32.043290] [ 32.043290] other info that might help us debug this: [ 32.049947] Possible unsafe locking scenario: [ 32.049947] [ 32.055997] CPU0 [ 32.058561] ---- [ 32.061126] lock(&type->i_mutex_dir_key#7); [ 32.065595] lock(&type->i_mutex_dir_key#7); [ 32.070070] [ 32.070070] *** DEADLOCK *** [ 32.070070] [ 32.076105] May be due to missing lock nesting notation [ 32.076105] [ 32.083008] 2 locks held by syz-executor491/8077: [ 32.087845] #0: 00000000145fd2a5 (&fc->killsb){.+.+}, at: fuse_dev_do_write+0x2343/0x2bc0 [ 32.096252] #1: 0000000037f30d18 (&type->i_mutex_dir_key#7){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 [ 32.106119] [ 32.106119] stack backtrace: [ 32.110603] CPU: 1 PID: 8077 Comm: syz-executor491 Not tainted 4.19.211-syzkaller #0 [ 32.118462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 32.127793] Call Trace: [ 32.130370] dump_stack+0x1fc/0x2ef [ 32.133980] __lock_acquire.cold+0x121/0x57e [ 32.138373] ? mark_held_locks+0xf0/0xf0 [ 32.142412] ? lock_downgrade+0x720/0x720 [ 32.146540] ? lock_acquire+0x170/0x3c0 [ 32.150499] ? d_walk+0x310/0x990 [ 32.153967] ? check_preemption_disabled+0x41/0x280 [ 32.158968] ? do_raw_spin_unlock+0x171/0x230 [ 32.163449] ? _raw_spin_unlock+0x29/0x40 [ 32.167585] ? d_walk+0x526/0x990 [ 32.171027] ? __x32_compat_sys_ppoll+0x150/0x150 [ 32.175878] lock_acquire+0x170/0x3c0 [ 32.179663] ? fuse_reverse_inval_entry+0x2e1/0x660 [ 32.184661] down_write+0x34/0x90 [ 32.188096] ? fuse_reverse_inval_entry+0x2e1/0x660 [ 32.193093] fuse_reverse_inval_entry+0x2e1/0x660 [ 32.197912] ? fuse_update_attributes+0xc0/0xc0 [ 32.202556] ? fuse_dev_do_write+0x2343/0x2bc0 [ 32.207124] fuse_dev_do_write+0x239e/0x2bc0 [ 32.211511] ? futex_wait_queue_me+0x404/0x5e0 [ 32.216073] ? mark_held_locks+0xf0/0xf0 [ 32.220111] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 32.225194] ? fuse_dev_read+0x1f0/0x1f0 [ 32.229231] ? futex_wait+0x48e/0x610 [ 32.233009] ? lock_downgrade+0x720/0x720 [ 32.237134] ? check_preemption_disabled+0x41/0x280 [ 32.242133] ? check_preemption_disabled+0x41/0x280 [ 32.247127] ? aa_file_perm+0x417/0xd20 [ 32.251081] fuse_dev_write+0x153/0x1e0 [ 32.255049] ? fuse_dev_splice_write+0xa00/0xa00 [ 32.259798] ? do_futex+0x171/0x1880 [ 32.263492] ? iov_iter_init+0xb8/0x1d0 [ 32.267444] __vfs_write+0x51b/0x770 [ 32.271136] ? kernel_read+0x110/0x110 [ 32.275004] ? security_file_permission+0x1c0/0x220 [ 32.279995] vfs_write+0x1f3/0x540 [ 32.283530] ksys_write+0x12b/0x2a0 [ 32.287134] ? __ia32_sys_read+0xb0/0xb0 [ 32.291173] ? trace_hardirqs_off_caller+0x6e/0x210 [ 32.296168] ? do_syscall_64+0x21/0x620 [ 32.300118] do_syscall_64+0xf9/0x620 [ 32.303898] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.309065] RIP: 0033:0x7f0c56d23769 [ 32.312758] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 32.331636] RSP: 002b:00007f0c56cd52f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 32.339336] RAX: ffffffffff