============================================
WARNING: possible recursive locking detected
4.19.211-syzkaller #0 Not tainted
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
--------------------------------------------
syz-executor.4/12180 is trying to acquire lock:
000000003688c976 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
000000003688c976 (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006

but task is already holding lock:
000000003047f8c6 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
000000003047f8c6 (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&type->i_mutex_dir_key#8);
  lock(&type->i_mutex_dir_key#8);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

2 locks held by syz-executor.4/12180:
 #0: 0000000055001afd (&fc->killsb){++++}, at: fuse_notify_delete fs/fuse/dev.c:1582 [inline]
 #0: 0000000055001afd (&fc->killsb){++++}, at: fuse_notify fs/fuse/dev.c:1819 [inline]
 #0: 0000000055001afd (&fc->killsb){++++}, at: fuse_dev_do_write+0x2343/0x2bc0 fs/fuse/dev.c:1894
 #1: 000000003047f8c6 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
 #1: 000000003047f8c6 (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987

stack backtrace:
CPU: 0 PID: 12180 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_deadlock_bug kernel/locking/lockdep.c:1764 [inline]
 check_deadlock kernel/locking/lockdep.c:1808 [inline]
 validate_chain kernel/locking/lockdep.c:2404 [inline]
 __lock_acquire.cold+0x121/0x57e kernel/locking/lockdep.c:3416
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 down_write+0x34/0x90 kernel/locking/rwsem.c:70
 inode_lock include/linux/fs.h:748 [inline]
 fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006
 fuse_notify_delete fs/fuse/dev.c:1585 [inline]
 fuse_notify fs/fuse/dev.c:1819 [inline]
 fuse_dev_do_write+0x239e/0x2bc0 fs/fuse/dev.c:1894
 fuse_dev_write+0x153/0x1e0 fs/fuse/dev.c:1978
 call_write_iter include/linux/fs.h:1821 [inline]
 new_sync_write fs/read_write.c:474 [inline]
 __vfs_write+0x51b/0x770 fs/read_write.c:487
 vfs_write+0x1f3/0x540 fs/read_write.c:549
 ksys_write+0x12b/0x2a0 fs/read_write.c:599
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f97782025a9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9776775168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f9778322f80 RCX: 00007f97782025a9
RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 00007f977825d7b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcef6f68ff R14: 00007f9776775300 R15: 0000000000022000
audit: type=1800 audit(1667059519.136:20): pid=12178 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=98307 res=0
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
F2FS-fs (loop5): Found nat_bits in checkpoint
audit: type=1800 audit(1667059519.266:21): pid=12229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=196613 res=0
audit: type=1800 audit(1667059519.316:22): pid=12229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=262151 res=0
F2FS-fs (loop5): Mounted with checkpoint version = 3e17dab1
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
audit: type=1800 audit(1667059519.406:23): pid=12244 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="SYSV00000000" dev="hugetlbfs" ino=294917 res=0
audit: type=1800 audit(1667059519.456:24): pid=12244 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="SYSV00000000" dev="hugetlbfs" ino=360455 res=0
audit: type=1800 audit(1667059519.456:25): pid=12247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=327689 res=0
audit: type=1800 audit(1667059519.486:26): pid=12247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=393227 res=0
audit: type=1800 audit(1667059519.606:27): pid=12264 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="SYSV00000000" dev="hugetlbfs" ino=458762 res=0
futex_wake_op: syz-executor.0 tries to shift op by -257; fix this program
audit: type=1800 audit(1667059519.656:28): pid=12264 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="SYSV00000000" dev="hugetlbfs" ino=524300 res=0
netlink: 'syz-executor.1': attribute type 21 has an invalid length.
netlink: 'syz-executor.1': attribute type 21 has an invalid length.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 'syz-executor.1': attribute type 21 has an invalid length.
device batadv0 entered promiscuous mode
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
device batadv0 left promiscuous mode
netlink: 'syz-executor.1': attribute type 21 has an invalid length.
device batadv0 entered promiscuous mode
device batadv0 entered promiscuous mode
IPVS: ftp: loaded support on port[0] = 21
device batadv0 left promiscuous mode
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
device batadv0 entered promiscuous mode
device batadv0 left promiscuous mode
device batadv0 left promiscuous mode
device batadv0 entered promiscuous mode
device batadv0 entered promiscuous mode
device batadv0 left promiscuous mode
device batadv0 left promiscuous mode
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
device batadv0 entered promiscuous mode
device batadv0 left promiscuous mode
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
IPVS: ftp: loaded support on port[0] = 21
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
IPVS: ftp: loaded support on port[0] = 21
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
IPVS: ftp: loaded support on port[0] = 21
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
kauditd_printk_skb: 22 callbacks suppressed
audit: type=1800 audit(1667059527.287:51): pid=13176 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=14400 res=0
audit: type=1800 audit(1667059527.447:52): pid=13198 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=13887 res=0
device vxlan0 entered promiscuous mode
audit: type=1800 audit(1667059527.567:53): pid=13217 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=14371 res=0
audit: type=1800 audit(1667059527.667:54): pid=13233 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=14371 res=0
ip6t_REJECT: TCP_RESET illegal for non-tcp
sctp: [Deprecated]: syz-executor.1 (pid 13262) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge0 entered promiscuous mode
device vxlan0 entered promiscuous mode
audit: type=1804 audit(1667059528.597:55): pid=13301 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2741401064/syzkaller.c1mqJN/116/file0" dev="sda1" ino=14404 res=1
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/09/12 12:00 (1000)
ip6t_REJECT: TCP_RESET illegal for non-tcp