============================================ WARNING: possible recursive locking detected 4.19.211-syzkaller #0 Not tainted -------------------------------------------- syz-executor.1/16638 is trying to acquire lock: 0000000097b1a50b (&type->i_mutex_dir_key#14){++++}, at: inode_lock include/linux/fs.h:748 [inline] 0000000097b1a50b (&type->i_mutex_dir_key#14){++++}, at: fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006 but task is already holding lock: 000000005e3682c1 (&type->i_mutex_dir_key#14){++++}, at: inode_lock include/linux/fs.h:748 [inline] 000000005e3682c1 (&type->i_mutex_dir_key#14){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&type->i_mutex_dir_key#14); lock(&type->i_mutex_dir_key#14); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by syz-executor.1/16638: #0: 000000006d34f36c (&fc->killsb){++++}, at: fuse_notify_delete fs/fuse/dev.c:1582 [inline] #0: 000000006d34f36c (&fc->killsb){++++}, at: fuse_notify fs/fuse/dev.c:1819 [inline] #0: 000000006d34f36c (&fc->killsb){++++}, at: fuse_dev_do_write+0x2343/0x2bc0 fs/fuse/dev.c:1894 #1: 000000005e3682c1 (&type->i_mutex_dir_key#14){++++}, at: inode_lock include/linux/fs.h:748 [inline] #1: 000000005e3682c1 (&type->i_mutex_dir_key#14){++++}, at: fuse_reverse_inval_entry+0xaa/0x660 fs/fuse/dir.c:987 stack backtrace: CPU: 0 PID: 16638 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_deadlock_bug kernel/locking/lockdep.c:1764 [inline] check_deadlock kernel/locking/lockdep.c:1808 [inline] validate_chain kernel/locking/lockdep.c:2404 [inline] __lock_acquire.cold+0x121/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_write+0x34/0x90 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:748 [inline] fuse_reverse_inval_entry+0x2e1/0x660 fs/fuse/dir.c:1006 fuse_notify_delete fs/fuse/dev.c:1585 [inline] fuse_notify fs/fuse/dev.c:1819 [inline] fuse_dev_do_write+0x239e/0x2bc0 fs/fuse/dev.c:1894 fuse_dev_write+0x153/0x1e0 fs/fuse/dev.c:1978 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f0073e4b0a9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f007239c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f0073f6b050 RCX: 00007f0073e4b0a9 RDX: 000000000000002a RSI: 0000000020000080 RDI: 0000000000000003 RBP: 00007f0073ea6ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc7316290f R14: 00007f007239c300 R15: 0000000000022000 device wlan0 entered promiscuous mode device wlan0 left promiscuous mode device wlan0 entered promiscuous mode device wlan0 left promiscuous mode device wlan0 entered promiscuous mode device wlan0 left promiscuous mode kauditd_printk_skb: 1 callbacks suppressed audit: type=1326 audit(1672749932.399:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=16818 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f5e72e0a9 code=0xffff0000 syz-executor.4 (16813): drop_caches: 2 syz-executor.4 (16813): drop_caches: 2 audit: type=1326 audit(1672749933.809:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=16852 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f5e72e0a9 code=0xffff0000 syz-executor.4 (16859): drop_caches: 2 syz-executor.4 (16859): drop_caches: 2 syz-executor.4 (16871): drop_caches: 2 syz-executor.4 (16871): drop_caches: 2 syz-executor.5 (16876): drop_caches: 2 syz-executor.5 (16876): drop_caches: 2 syz-executor.4 (16879): drop_caches: 2 syz-executor.4 (16879): drop_caches: 2 syz-executor.5 (16887): drop_caches: 2 syz-executor.5 (16887): drop_caches: 2 audit: type=1326 audit(1672749934.139:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=16889 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6f64b450a9 code=0xffff0000 syz-executor.5 (16897): drop_caches: 2 syz-executor.5 (16897): drop_caches: 2 audit: type=1326 audit(1672749934.669:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=16908 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f5e72e0a9 code=0xffff0000 audit: type=1326 audit(1672749934.999:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=16942 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6f64b450a9 code=0xffff0000 audit: type=1326 audit(1672749935.529:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=16958 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f5e72e0a9 code=0xffff0000 audit: type=1800 audit(1672749935.689:134): pid=16962 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=14794 res=0 audit: type=1804 audit(1672749935.729:135): pid=16962 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2545992848/syzkaller.j5Aw8x/155/file0" dev="sda1" ino=14794 res=1 audit: type=1326 audit(1672749935.859:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=16989 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6f64b450a9 code=0xffff0000 audit: type=1800 audit(1672749936.049:137): pid=16995 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=14545 res=0 bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state device bridge0 entered promiscuous mode IPVS: ftp: loaded support on port[0] = 21 BTRFS info (device loop4): using free space tree BTRFS info (device loop4): has skinny extents kauditd_printk_skb: 9 callbacks suppressed audit: type=1800 audit(1672749937.449:147): pid=17065 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=14065 res=0 audit: type=1804 audit(1672749937.479:148): pid=17065 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2545992848/syzkaller.j5Aw8x/158/file0" dev="sda1" ino=14065 res=1 BTRFS info (device loop4): using free space tree BTRFS info (device loop4): has skinny extents device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor.3 (17123) device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by systemd-udevd (17152) IPVS: ftp: loaded support on port[0] = 21 BTRFS info (device loop4): using free space tree BTRFS info (device loop4): has skinny extents BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor.3 (17191) BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by systemd-udevd (17208) IPVS: ftp: loaded support on port[0] = 21 bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state device bridge0 entered promiscuous mode BTRFS info (device loop4): using free space tree IPVS: ftp: loaded support on port[0] = 21 BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor.3 (17260) BTRFS info (device loop4): has skinny extents