lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4a32f6c1-8d81-4a51-beed-caf8bc52fcc2@kernel.dk>
Date: Wed, 13 Aug 2025 08:32:33 -0600
From: Jens Axboe <axboe@...nel.dk>
To: syzbot <syzbot+e328767eafd849df0a78@...kaller.appspotmail.com>
Cc: anna-maria@...utronix.de, asml.silence@...il.com, frederic@...nel.org,
 io-uring@...r.kernel.org, linux-input@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
 syzkaller-bugs@...glegroups.com, tglx@...utronix.de
Subject: Re: [syzbot] [input?] [usb?] [io-uring?] INFO: task hung in
 io_wq_put_and_exit (5)

On Wed, Jul 23, 2025 at 8:44?AM syzbot <syzbot+e328767eafd849df0a78@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    bf61759db409 Merge tag 'sched_ext-for-6.16-rc6-fixes' of g..
> git tree:       upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=12b877d4580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=415e83411fefd73f
> dashboard link: https://syzkaller.appspot.com/bug?extid=e328767eafd849df0a78
> compiler:       gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=110b938c580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1622a38c580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/22c5f1286a72/disk-bf61759d.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/cc79af4d966c/vmlinux-bf61759d.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/b2e6d621f424/bzImage-bf61759d.xz
>
> The issue was bisected to:
>
> commit e5598d6ae62626d261b046a2f19347c38681ff51
> Author: Pavel Begunkov <asml.silence@...il.com>
> Date:   Thu Aug 24 22:53:31 2023 +0000
>
>     io_uring: compact SQ/CQ heads/tails
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=12c92b82580000
> final oops:     https://syzkaller.appspot.com/x/report.txt?x=11c92b82580000
> console output: https://syzkaller.appspot.com/x/log.txt?x=16c92b82580000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+e328767eafd849df0a78@...kaller.appspotmail.com
> Fixes: e5598d6ae626 ("io_uring: compact SQ/CQ heads/tails")
>
> INFO: task syz-executor971:5849 blocked for more than 143 seconds.
>       Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0
>       Blocked by coredump.
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor971 state:D stack:26488 pid:5849  tgid:5849  ppid:5844   task_flags:0x400148 flags:0x00024002
> Call Trace:
>  <TASK>
>  context_switch kernel/sched/core.c:5397 [inline]
>  __schedule+0x116a/0x5de0 kernel/sched/core.c:6786
>  __schedule_loop kernel/sched/core.c:6864 [inline]
>  schedule+0xe7/0x3a0 kernel/sched/core.c:6879
>  schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75
>  do_wait_for_common kernel/sched/completion.c:95 [inline]
>  __wait_for_common+0x2ff/0x4e0 kernel/sched/completion.c:116
>  io_wq_exit_workers io_uring/io-wq.c:1319 [inline]
>  io_wq_put_and_exit+0x271/0x8d0 io_uring/io-wq.c:1347
>  io_uring_clean_tctx+0x10d/0x190 io_uring/tctx.c:203
>  io_uring_cancel_generic+0x69c/0x9a0 io_uring/io_uring.c:3212
>  io_uring_files_cancel include/linux/io_uring.h:19 [inline]
>  do_exit+0x2ce/0x2bd0 kernel/exit.c:911
>  do_group_exit+0xd3/0x2a0 kernel/exit.c:1105
>  __do_sys_exit_group kernel/exit.c:1116 [inline]
>  __se_sys_exit_group kernel/exit.c:1114 [inline]
>  __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1114
>  x64_sys_call+0x1530/0x1730 arch/x86/include/generated/asm/syscalls_64.h:232
>  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
>  do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f141ec08e39
> RSP: 002b:00007ffcd1b0b6e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
> RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f141ec08e39
> RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
> RBP: 00007f141ec843b0 R08: ffffffffffffffb8 R09: 0000000000000000
> R10: 000000000000000e R11: 0000000000000246 R12: 00007f141ec843b0
> R13: 0000000000000000 R14: 00007f141ec880c0 R15: 00007f141ebd7020
>  </TASK>
> INFO: task syz-executor971:5850 blocked for more than 143 seconds.
>       Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0
>       Blocked by coredump.

I took a look at this one, and it's simply waiting on nullb0 timeouts
that it's flooded the queue with. Since it's flooding the nullb0 device
which has been configured to time out IO, we'll have a lot of io-wq
workers that are sitting blocked waiting on making progress. That can
obviously take a long time, which then in turn triggers the io_uring
cancelation/exit warning because of that. It all seems to be working as
it should.

I don't think there's a bug here because of that, the only thing that's
"stuck" is because each timeout takes 30s to trigger and there are tons
of them.

#syz invalid

-- 
Jens Axboe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ