lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20251009085515.8396-1-hdanton@sina.com>
Date: Thu,  9 Oct 2025 16:55:14 +0800
From: Hillf Danton <hdanton@...a.com>
To: syzbot <syzbot+27727256237e6bdd3649@...kaller.appspotmail.com>
Cc: linux-kernel@...r.kernel.org,
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [fuse?] possible deadlock in __folio_end_writeback

> Date: Tue, 07 Oct 2025 14:19:29 -0700	[thread overview]
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    cbf33b8e0b36 Merge tag 'bpf-fixes' of git://git.kernel.org..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=17a25ee2580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=1b4263e12240e6e1
> dashboard link: https://syzkaller.appspot.com/bug?extid=27727256237e6bdd3649
> compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14eaea7c580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=134c4304580000

#syz test

--- x/include/linux/flex_proportions.h
+++ y/include/linux/flex_proportions.h
@@ -31,7 +31,7 @@ struct fprop_global {
 	/* Current period */
 	unsigned int period;
 	/* Synchronization with period transitions */
-	seqcount_t sequence;
+	seqlock_t sequence;
 };
 
 int fprop_global_init(struct fprop_global *p, gfp_t gfp);
--- x/lib/flex_proportions.c
+++ y/lib/flex_proportions.c
@@ -44,7 +44,7 @@ int fprop_global_init(struct fprop_globa
 	err = percpu_counter_init(&p->events, 1, gfp);
 	if (err)
 		return err;
-	seqcount_init(&p->sequence);
+	seqlock_init(&p->sequence);
 	return 0;
 }
 
@@ -64,21 +64,20 @@ void fprop_global_destroy(struct fprop_g
 bool fprop_new_period(struct fprop_global *p, int periods)
 {
 	s64 events = percpu_counter_sum(&p->events);
+	unsigned long flags;
 
 	/*
 	 * Don't do anything if there are no events.
 	 */
 	if (events <= 1)
 		return false;
-	preempt_disable_nested();
-	write_seqcount_begin(&p->sequence);
+	write_seqlock_irqsave(&p->sequence, flags);
 	if (periods < 64)
 		events -= events >> periods;
 	/* Use addition to avoid losing events happening between sum and set */
 	percpu_counter_add(&p->events, -events);
 	p->period += periods;
-	write_seqcount_end(&p->sequence);
-	preempt_enable_nested();
+	write_sequnlock_irqrestore(&p->sequence, flags);
 
 	return true;
 }
@@ -148,15 +147,15 @@ void fprop_fraction_percpu(struct fprop_
 			   struct fprop_local_percpu *pl,
 			   unsigned long *numerator, unsigned long *denominator)
 {
-	unsigned int seq;
+	unsigned seq;
 	s64 num, den;
 
 	do {
-		seq = read_seqcount_begin(&p->sequence);
+		seq = read_seqbegin(&p->sequence);
 		fprop_reflect_period_percpu(p, pl);
 		num = percpu_counter_read_positive(&pl->events);
 		den = percpu_counter_read_positive(&p->events);
-	} while (read_seqcount_retry(&p->sequence, seq));
+	} while (read_seqretry(&p->sequence, seq));
 
 	/*
 	 * Make fraction <= 1 and denominator > 0 even in presence of percpu
--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ