============================================ WARNING: possible recursive locking detected 4.19.211-syzkaller #0 Not tainted netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. -------------------------------------------- syz-executor.4/12180 is trying to acquire lock: 000000003688c976 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline] 000000003688c976 (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006 but task is already holding lock: 000000003047f8c6 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline] 000000003047f8c6 (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&type->i_mutex_dir_key#8); lock(&type->i_mutex_dir_key#8); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by syz-executor.4/12180: #0: 0000000055001afd (&fc->killsb){++++}, at: fuse_notify_delete fs/fuse/dev.c:1582 [inline] #0: 0000000055001afd (&fc->killsb){++++}, at: fuse_notify fs/fuse/dev.c:1819 [inline] #0: 0000000055001afd (&fc->killsb){++++}, at: fuse_dev_do_write+0x2343/0x2bc0 fs/fuse/dev.c:1894 #1: 000000003047f8c6 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline] #1: 000000003047f8c6 (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987 stack backtrace: CPU: 0 PID: 12180 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_deadlock_bug kernel/locking/lockdep.c:1764 [inline] check_deadlock kernel/locking/lockdep.c:1808 [inline] validate_chain kernel/locking/lockdep.c:2404 [inline] __lock_acquire.cold+0x121/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_write+0x34/0x90 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:748 [inline] fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006 fuse_notify_delete fs/fuse/dev.c:1585 [inline] fuse_notify fs/fuse/dev.c:1819 [inline] fuse_dev_do_write+0x239e/0x2bc0 fs/fuse/dev.c:1894 fuse_dev_write+0x153/0x1e0 fs/fuse/dev.c:1978 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f97782025a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9776775168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f9778322f80 RCX: 00007f97782025a9 RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 00007f977825d7b0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcef6f68ff R14: 00007f9776775300 R15: 0000000000022000 audit: type=1800 audit(1667059519.136:20): pid=12178 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=98307 res=0 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. F2FS-fs (loop5): Found nat_bits in checkpoint audit: type=1800 audit(1667059519.266:21): pid=12229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=196613 res=0 audit: type=1800 audit(1667059519.316:22): pid=12229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=262151 res=0 F2FS-fs (loop5): Mounted with checkpoint version = 3e17dab1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1800 audit(1667059519.406:23): pid=12244 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="SYSV00000000" dev="hugetlbfs" ino=294917 res=0 audit: type=1800 audit(1667059519.456:24): pid=12244 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="SYSV00000000" dev="hugetlbfs" ino=360455 res=0 audit: type=1800 audit(1667059519.456:25): pid=12247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=327689 res=0 audit: type=1800 audit(1667059519.486:26): pid=12247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=393227 res=0 audit: type=1800 audit(1667059519.606:27): pid=12264 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="SYSV00000000" dev="hugetlbfs" ino=458762 res=0 futex_wake_op: syz-executor.0 tries to shift op by -257; fix this program audit: type=1800 audit(1667059519.656:28): pid=12264 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="SYSV00000000" dev="hugetlbfs" ino=524300 res=0 netlink: 'syz-executor.1': attribute type 21 has an invalid length. netlink: 'syz-executor.1': attribute type 21 has an invalid length. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 'syz-executor.1': attribute type 21 has an invalid length. device batadv0 entered promiscuous mode netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. device batadv0 left promiscuous mode netlink: 'syz-executor.1': attribute type 21 has an invalid length. device batadv0 entered promiscuous mode device batadv0 entered promiscuous mode IPVS: ftp: loaded support on port[0] = 21 device batadv0 left promiscuous mode netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. device batadv0 entered promiscuous mode device batadv0 left promiscuous mode device batadv0 left promiscuous mode device batadv0 entered promiscuous mode device batadv0 entered promiscuous mode device batadv0 left promiscuous mode device batadv0 left promiscuous mode netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. device batadv0 entered promiscuous mode device batadv0 left promiscuous mode IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. IPVS: ftp: loaded support on port[0] = 21 A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. IPVS: ftp: loaded support on port[0] = 21 A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. IPVS: ftp: loaded support on port[0] = 21 A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. kauditd_printk_skb: 22 callbacks suppressed audit: type=1800 audit(1667059527.287:51): pid=13176 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=14400 res=0 audit: type=1800 audit(1667059527.447:52): pid=13198 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=13887 res=0 device vxlan0 entered promiscuous mode audit: type=1800 audit(1667059527.567:53): pid=13217 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=14371 res=0 audit: type=1800 audit(1667059527.667:54): pid=13233 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=14371 res=0 ip6t_REJECT: TCP_RESET illegal for non-tcp sctp: [Deprecated]: syz-executor.1 (pid 13262) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state device bridge0 entered promiscuous mode device vxlan0 entered promiscuous mode audit: type=1804 audit(1667059528.597:55): pid=13301 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2741401064/syzkaller.c1mqJN/116/file0" dev="sda1" ino=14404 res=1 UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/09/12 12:00 (1000) ip6t_REJECT: TCP_RESET illegal for non-tcp