netlink: 52 bytes leftover after parsing attributes in process `syz-executor.1'. ============================================ WARNING: possible recursive locking detected 4.19.211-syzkaller #0 Not tainted -------------------------------------------- syz-executor.5/12111 is trying to acquire lock: 00000000cdd2d9b4 (&type->i_mutex_dir_key#11){++++}, at: inode_lock include/linux/fs.h:748 [inline] 00000000cdd2d9b4 (&type->i_mutex_dir_key#11){++++}, at: fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006 but task is already holding lock: 000000002b810711 (&type->i_mutex_dir_key#11){++++}, at: inode_lock include/linux/fs.h:748 [inline] 000000002b810711 (&type->i_mutex_dir_key#11){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&type->i_mutex_dir_key#11); lock(&type->i_mutex_dir_key#11); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by syz-executor.5/12111: #0: 00000000735e9b0b (&fc->killsb){.+.+}, at: fuse_notify_delete fs/fuse/dev.c:1582 [inline] #0: 00000000735e9b0b (&fc->killsb){.+.+}, at: fuse_notify fs/fuse/dev.c:1819 [inline] #0: 00000000735e9b0b (&fc->killsb){.+.+}, at: fuse_dev_do_write+0x2343/0x2bc0 fs/fuse/dev.c:1894 #1: 000000002b810711 (&type->i_mutex_dir_key#11){++++}, at: inode_lock include/linux/fs.h:748 [inline] #1: 000000002b810711 (&type->i_mutex_dir_key#11){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987 stack backtrace: CPU: 0 PID: 12111 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_deadlock_bug kernel/locking/lockdep.c:1764 [inline] check_deadlock kernel/locking/lockdep.c:1808 [inline] validate_chain kernel/locking/lockdep.c:2404 [inline] __lock_acquire.cold+0x121/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_write+0x34/0x90 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:748 [inline] fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006 fuse_notify_delete fs/fuse/dev.c:1585 [inline] fuse_notify fs/fuse/dev.c:1819 [inline] fuse_dev_do_write+0x239e/0x2bc0 fs/fuse/dev.c:1894 fuse_dev_write+0x153/0x1e0 fs/fuse/dev.c:1978 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fc74da9c5a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fc74c00f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fc74dbbcf80 RCX: 00007fc74da9c5a9 RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 00007fc74daf77b0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffee696387f R14: 00007fc74c00f300 R15: 0000000000022000 netlink: 52 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 52 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 52 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 52 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 52 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 52 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 52 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 52 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 52 bytes leftover after parsing attributes in process `syz-executor.5'. wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) nla_parse: 8 callbacks suppressed netlink: 52 bytes leftover after parsing attributes in process `syz-executor.1'.