bond0: Enslaving netdevsim2 as an active interface with an up link ============================================ WARNING: possible recursive locking detected 4.19.211-syzkaller #0 Not tainted -------------------------------------------- syz-executor.5/18800 is trying to acquire lock: 00000000ddc3fa0a (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline] 00000000ddc3fa0a (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006 but task is already holding lock: 00000000c0733394 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline] 00000000c0733394 (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987 other info that might help us debug this: Possible unsafe locking scenario: CPU0 netlink: 'syz-executor.2': attribute type 10 has an invalid length. ---- lock(&type->i_mutex_dir_key#8); lock(&type->i_mutex_dir_key#8); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by syz-executor.5/18800: #0: 00000000e8b03651 (&fc->killsb){++++}, at: fuse_notify_delete fs/fuse/dev.c:1582 [inline] #0: 00000000e8b03651 (&fc->killsb){++++}, at: fuse_notify fs/fuse/dev.c:1819 [inline] #0: 00000000e8b03651 (&fc->killsb){++++}, at: fuse_dev_do_write+0x2343/0x2bc0 fs/fuse/dev.c:1894 #1: 00000000c0733394 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline] #1: 00000000c0733394 (&type->i_mutex_dir_key#8){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987 stack backtrace: CPU: 1 PID: 18800 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_deadlock_bug kernel/locking/lockdep.c:1764 [inline] check_deadlock kernel/locking/lockdep.c:1808 [inline] validate_chain kernel/locking/lockdep.c:2404 [inline] __lock_acquire.cold+0x121/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_write+0x34/0x90 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:748 [inline] fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006 fuse_notify_delete fs/fuse/dev.c:1585 [inline] fuse_notify fs/fuse/dev.c:1819 [inline] fuse_dev_do_write+0x239e/0x2bc0 fs/fuse/dev.c:1894 fuse_dev_write+0x153/0x1e0 fs/fuse/dev.c:1978 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f482072a199 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f481f09f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f482083cf60 RCX: 00007f482072a199 RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 00007f482078413b R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd4d20835f R14: 00007f481f09f300 R15: 0000000000022000 EXT4-fs (sda1): re-mounted. Opts: commit=0x0000000000000000,,errors=continue netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. EXT4-fs (sda1): re-mounted. Opts: commit=0x0000000000000000,,errors=continue netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 'syz-executor.2': attribute type 10 has an invalid length. IPVS: ftp: loaded support on port[0] = 21 netlink: 'syz-executor.2': attribute type 10 has an invalid length. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. EXT4-fs (sda1): re-mounted. Opts: commit=0x0000000000000000,,errors=continue netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. EXT4-fs (sda1): re-mounted. Opts: commit=0x0000000000000000,,errors=continue TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 'syz-executor.5': attribute type 4 has an invalid length. IPVS: ftp: loaded support on port[0] = 21 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. netlink: 'syz-executor.5': attribute type 4 has an invalid length. netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 'syz-executor.4': attribute type 4 has an invalid length. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready IPVS: ftp: loaded support on port[0] = 21 netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready netlink: 'syz-executor.5': attribute type 4 has an invalid length. netlink: 'syz-executor.4': attribute type 4 has an invalid length. sctp: [Deprecated]: syz-executor.2 (pid 19016) Use of int in maxseg socket option. Use struct sctp_assoc_value instead IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPVS: ftp: loaded support on port[0] = 21 IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 1 (only 16 groups) EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 1 (only 16 groups) netlink: 'syz-executor.5': attribute type 4 has an invalid length. EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 1 (only 16 groups) EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 1 (only 16 groups) sctp: [Deprecated]: syz-executor.2 (pid 19060) Use of int in maxseg socket option. Use struct sctp_assoc_value instead IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready xt_recent: hitcount (518) is larger than allowed maximum (255) IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 1 (only 16 groups) EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 1 (only 16 groups) xt_recent: hitcount (518) is larger than allowed maximum (255) EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 1 (only 16 groups) xt_recent: hitcount (518) is larger than allowed maximum (255) xt_recent: hitcount (518) is larger than allowed maximum (255) EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 1 (only 16 groups) EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 1 (only 16 groups) EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 1 (only 16 groups) sctp: [Deprecated]: syz-executor.2 (pid 19099) Use of int in maxseg socket option. Use struct sctp_assoc_value instead IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. sctp: [Deprecated]: syz-executor.2 (pid 19139) Use of int in maxseg socket option. Use struct sctp_assoc_value instead validate_nla: 1 callbacks suppressed netlink: 'syz-executor.1': attribute type 10 has an invalid length.