============================================ WARNING: possible recursive locking detected 4.19.211-syzkaller #0 Not tainted -------------------------------------------- syz-executor.2/16286 is trying to acquire lock: 0000000032edac12 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline] 0000000032edac12 (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006 but task is already holding lock: 00000000b21cdb7b (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline] 00000000b21cdb7b (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&type->i_mutex_dir_key#8); lock(&type->i_mutex_dir_key#8); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by syz-executor.2/16286: #0: 000000004a807fcc (&fc->killsb){++++}, at: fuse_notify_delete fs/fuse/dev.c:1582 [inline] #0: 000000004a807fcc (&fc->killsb){++++}, at: fuse_notify fs/fuse/dev.c:1819 [inline] #0: 000000004a807fcc (&fc->killsb){++++}, at: fuse_dev_do_write+0x2343/0x2bc0 fs/fuse/dev.c:1894 #1: 00000000b21cdb7b (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline] #1: 00000000b21cdb7b (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987 stack backtrace: CPU: 1 PID: 16286 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_deadlock_bug kernel/locking/lockdep.c:1764 [inline] check_deadlock kernel/locking/lockdep.c:1808 [inline] validate_chain kernel/locking/lockdep.c:2404 [inline] __lock_acquire.cold+0x121/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_write+0x34/0x90 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:748 [inline] fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006 fuse_notify_delete fs/fuse/dev.c:1585 [inline] fuse_notify fs/fuse/dev.c:1819 [inline] fuse_dev_do_write+0x239e/0x2bc0 fs/fuse/dev.c:1894 fuse_dev_write+0x153/0x1e0 fs/fuse/dev.c:1978 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 IPVS: ftp: loaded support on port[0] = 21 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f79205fd0a9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f791eb4e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f792071d050 RCX: 00007f79205fd0a9 RDX: 000000000000002a RSI: 0000000020000080 RDI: 0000000000000003 RBP: 00007f7920658ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffd864924f R14: 00007f791eb4e300 R15: 0000000000022000 audit: type=1804 audit(1672316582.280:16): pid=16360 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir3119321820/syzkaller.duKLIp/397/bus" dev="sda1" ino=14746 res=1 audit: type=1804 audit(1672316583.610:17): pid=16413 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir3119321820/syzkaller.duKLIp/398/bus" dev="sda1" ino=14803 res=1 audit: type=1804 audit(1672316585.180:18): pid=16467 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir3119321820/syzkaller.duKLIp/399/bus" dev="sda1" ino=14809 res=1 netlink: 96 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1804 audit(1672316586.470:19): pid=16518 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir3119321820/syzkaller.duKLIp/400/bus" dev="sda1" ino=14826 res=1 audit: type=1804 audit(1672316586.561:20): pid=16529 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1564755693/syzkaller.7roLJn/375/file0/bus" dev="ramfs" ino=51515 res=1 nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. IPVS: ftp: loaded support on port[0] = 21 Context (ID=0x1) not attached to queue pair (handle=0x0:0x0)