public inbox for linux-efi@vger.kernel.org
 help / color / mirror / Atom feed
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: syzbot <syzbot+019072ad24ab1d948228@syzkaller.appspotmail.com>,
	 ardb@kernel.org, jk@ozlabs.org, linux-efi@vger.kernel.org,
	 linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [efi?] [fs?] possible deadlock in efivarfs_actor
Date: Mon, 10 Mar 2025 12:50:46 -0400	[thread overview]
Message-ID: <8cf7d7efdc069772d69f913b02e5f67feadce18e.camel@HansenPartnership.com> (raw)
In-Reply-To: <67cd0276.050a0220.14db68.006c.GAE@google.com>

On Sat, 2025-03-08 at 18:52 -0800, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    e056da87c780 Merge remote-tracking branch 'will/for-
> next/p..
> git tree:      
> git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-
> kernelci
> console output:
> https://syzkaller.appspot.com/x/log.txt?x=14ce9c64580000
> kernel config: 
> https://syzkaller.appspot.com/x/.config?x=d6b7e15dc5b5e776
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=019072ad24ab1d948228
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for
> Debian) 2.40
> userspace arch: arm64
> syz repro:     
> https://syzkaller.appspot.com/x/repro.syz?x=111ed7a0580000
> C reproducer:  
> https://syzkaller.appspot.com/x/repro.c?x=13b97c64580000
> 
> Downloadable assets:
> disk image:
> https://storage.googleapis.com/syzbot-assets/3d8b1b7cc4c0/disk-e056da87.raw.xz
> vmlinux:
> https://storage.googleapis.com/syzbot-assets/b84c04cff235/vmlinux-e056da87.xz
> kernel image:
> https://storage.googleapis.com/syzbot-assets/2ae4d0525881/Image-e056da87.gz.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit:
> Reported-by: syzbot+019072ad24ab1d948228@syzkaller.appspotmail.com
> 
> efivarfs: resyncing variable state
> ============================================
> WARNING: possible recursive locking detected
> 6.14.0-rc4-syzkaller-ge056da87c780 #0 Not tainted
> --------------------------------------------
> syz-executor772/6443 is trying to acquire lock:
> ffff0000c6826558 (&sb->s_type->i_mutex_key#16){++++}-{4:4}, at:
> inode_lock include/linux/fs.h:877 [inline]
> ffff0000c6826558 (&sb->s_type->i_mutex_key#16):4}, at:
> iterate_dir+0x3b4/0x5f4 fs/readdir.c:101
> 
> other info that might help us debug this:
>  Possible unsafe locking scenario:
> 
>        CPU0
>        ----
>   lock(&sb->s_type->i_mutex_key#16);
>   lock(&sb->s_type->i_mutex_key#16);
> 
>  *** DEADLOCK ***

I can't figure out how you got here.  the shared lock in readdir.c is
on the directory and the inode_lock in the actor is on the files within
the directory.  The only way to get those to be the same is if the
actor gets called on the '.' element, which efivarfs_pm_notify is
supposed to skip with the 

	file->f_pos = 2;	/* skip . and .. */

line.  Emitting the '.' and '..' in positions 0 and 1 is hard coded
into libfs.c:dcache_readdir() unless you're also applying a patch that
alters that behaviour?

Regards,

James


  parent reply	other threads:[~2025-03-10 16:50 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-09  2:52 [syzbot] [efi?] [fs?] possible deadlock in efivarfs_actor syzbot
2025-03-10  7:21 ` Ard Biesheuvel
2025-03-10 16:50 ` James Bottomley [this message]
2025-03-10 18:21   ` Ard Biesheuvel
2025-03-10 18:24     ` Ard Biesheuvel
2025-03-10 23:25       ` Al Viro
2025-03-10 23:58     ` Al Viro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8cf7d7efdc069772d69f913b02e5f67feadce18e.camel@HansenPartnership.com \
    --to=james.bottomley@hansenpartnership.com \
    --cc=ardb@kernel.org \
    --cc=jk@ozlabs.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzbot+019072ad24ab1d948228@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox