[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.79' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.994189] [ 32.995820] ============================================ [ 33.001249] WARNING: possible recursive locking detected [ 33.006678] 4.19.211-syzkaller #0 Not tainted [ 33.011144] -------------------------------------------- [ 33.016568] syz-executor410/8111 is trying to acquire lock: [ 33.022252] 00000000889d2034 (&type->i_mutex_dir_key#7){++++}, at: fuse_reverse_inval_entry+0x2e1/0x660 [ 33.031771] [ 33.031771] but task is already holding lock: [ 33.037715] 000000002dcc6122 (&type->i_mutex_dir_key#7){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 [ 33.047139] [ 33.047139] other info that might help us debug this: [ 33.053783] Possible unsafe locking scenario: [ 33.053783] [ 33.059814] CPU0 [ 33.062372] ---- [ 33.064926] lock(&type->i_mutex_dir_key#7); [ 33.069395] lock(&type->i_mutex_dir_key#7); [ 33.073866] [ 33.073866] *** DEADLOCK *** [ 33.073866] [ 33.079903] May be due to missing lock nesting notation [ 33.079903] [ 33.086806] 2 locks held by syz-executor410/8111: [ 33.091619] #0: 00000000c09bad4f (&fc->killsb){.+.+}, at: fuse_dev_do_write+0x2343/0x2bc0 [ 33.100009] #1: 000000002dcc6122 (&type->i_mutex_dir_key#7){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 [ 33.109879] [ 33.109879] stack backtrace: [ 33.114375] CPU: 1 PID: 8111 Comm: syz-executor410 Not tainted 4.19.211-syzkaller #0 [ 33.122229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 33.131556] Call Trace: [ 33.134127] dump_stack+0x1fc/0x2ef [ 33.137735] __lock_acquire.cold+0x121/0x57e [ 33.142127] ? mark_held_locks+0xf0/0xf0 [ 33.146169] ? lock_downgrade+0x720/0x720 [ 33.150295] ? lock_acquire+0x170/0x3c0 [ 33.154252] ? d_walk+0x310/0x990 [ 33.157686] ? check_preemption_disabled+0x41/0x280 [ 33.162680] ? do_raw_spin_unlock+0x171/0x230 [ 33.167150] ? _raw_spin_unlock+0x29/0x40 [ 33.171276] ? d_walk+0x526/0x990 [ 33.174708] ? __x32_compat_sys_ppoll+0x150/0x150 [ 33.179529] lock_acquire+0x170/0x3c0 [ 33.183308] ? fuse_reverse_inval_entry+0x2e1/0x660 [ 33.188304] down_write+0x34/0x90 [ 33.191737] ? fuse_reverse_inval_entry+0x2e1/0x660 [ 33.196730] fuse_reverse_inval_entry+0x2e1/0x660 [ 33.201550] ? fuse_update_attributes+0xc0/0xc0 [ 33.206195] ? fuse_dev_do_write+0x2343/0x2bc0 [ 33.210757] fuse_dev_do_write+0x239e/0x2bc0 [ 33.215145] ? futex_wait_queue_me+0x404/0x5e0 [ 33.219707] ? mark_held_locks+0xf0/0xf0 [ 33.223745] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 33.228825] ? fuse_dev_read+0x1f0/0x1f0 [ 33.232860] ? futex_wait+0x48e/0x610 [ 33.236640] ? lock_downgrade+0x720/0x720 [ 33.240786] ? check_preemption_disabled+0x41/0x280 [ 33.245781] ? check_preemption_disabled+0x41/0x280 [ 33.250778] ? aa_file_perm+0x417/0xd20 [ 33.254730] fuse_dev_write+0x153/0x1e0 [ 33.258685] ? fuse_dev_splice_write+0xa00/0xa00 [ 33.263418] ? do_futex+0x171/0x1880 [ 33.267108] ? iov_iter_init+0xb8/0x1d0 [ 33.271058] __vfs_write+0x51b/0x770 [ 33.274751] ? kernel_read+0x110/0x110 [ 33.278620] ? security_file_permission+0x1c0/0x220 [ 33.283612] vfs_write+0x1f3/0x540 [ 33.287132] ksys_write+0x12b/0x2a0 [ 33.290736] ? __ia32_sys_read+0xb0/0xb0 [ 33.294777] ? trace_hardirqs_off_caller+0x6e/0x210 [ 33.299774] ? do_syscall_64+0x21/0x620 [ 33.303725] do_syscall_64+0xf9/0x620 [ 33.308128] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.313301] RIP: 0033:0x7f1afebf6769 [ 33.316992] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 33.335869] RSP: 002b:00007f1afeba82f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 33.343551] RAX: fffff