lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID:
	<PS1PPF7E1D7501FF44F32813DD517B57442AB9BA@PS1PPF7E1D7501F.apcprd02.prod.outlook.com>
Date: Tue, 3 Feb 2026 09:36:32 +0000
From: 是参差 <shicenci@...il.com>
To: "x86@...nel.org" <x86@...nel.org>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"peterz@...radead.org" <peterz@...radead.org>, "jpoimboe@...nel.org"
	<jpoimboe@...nel.org>, "dave.hansen@...ux.intel.com"
	<dave.hansen@...ux.intel.com>
Subject: [BUG] hung task in arch_jump_label_transform_queue

Hi,




I am reporting a hung task issue triggered by a syzkaller reproducer on

Linux 6.19.0-rc7. The system gets stuck with multiple tasks blocked, and

one kworker is hung in arch_jump_label_transform_queue() while running

toggle_allocation_gate() from events_unbound workqueue.



This looks like a potential deadlock / lock inversion between jump label

(static key) updates and perf/trace/kprobe teardown paths during task

exit (coredump).

Reproducer:

C reproducer: https://pastebin.com/raw/QFJxV3wN

console output: https://pastebin.com/raw/JutBVgbK

kernel config: https://pastebin.com/raw/qBYGyUzD

Kernel:

HEAD commit: 63804fed149a6750ffd28610c5c1c98cce6bd377

 git tree: torvalds/linux  

kernel version: 6.19.0-rc7 #2 PREEMPT(voluntary) (QEMU Ubuntu 24.10)


rcu_tasks_wait_gp: rcu_tasks grace period number 77 (since boot) is 130793 jiffies old.
INFO: task kworker/u8:9:178781 blocked for more than 143 seconds.
      Tainted: G S 6.19.0-rc7 #2
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:9 state:D stack:23584 pid:178781 tgid:178781 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: events_unbound toggle_allocation_gate
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x1224/0x3f50 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0xd1/0x260 kernel/sched/core.c:6964
 schedule_preempt_disabled+0x10/0x20 kernel/sched/core.c:7021
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0x10e0/0x2440 kernel/locking/mutex.c:776
 arch_jump_label_transform_queue+0x70/0x110 arch/x86/kernel/jump_label.c:136
 __jump_label_update+0x94/0x260 kernel/jump_label.c:513
 jump_label_update+0x339/0x410 kernel/jump_label.c:919
 static_key_enable_cpuslocked+0x1b7/0x270 kernel/jump_label.c:210
 static_key_enable+0x1a/0x20 kernel/jump_label.c:223
 toggle_allocation_gate mm/kfence/core.c:879 [inline]
 toggle_allocation_gate+0xfa/0x2a0 mm/kfence/core.c:871
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x549/0x1910 kernel/workqueue.c:3340
 worker_thread+0x5a9/0xd10 kernel/workqueue.c:3421
 kthread+0x43c/0x860 kernel/kthread.c:463
 ret_from_fork+0x5d3/0x6f0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:246
 </TASK>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ