Re: [PATCH V2] io_uring: validate user-controlled cq.head in io_cqe_cache_refill()

Next message: Krzysztof Kozlowski: "Re: [PATCH v2 02/16] dt-bindings: iio: adc: mt6359: add mt6323 PMIC AUXADC"
Previous message: Xu Rao: "Re: [PATCH net v2] ipv6: addrconf: skip autoconf on unregistering devices"
In reply to: Zizhi Wo: "[PATCH V2] io_uring: validate user-controlled cq.head in io_cqe_cache_refill()"
Next in thread: Jens Axboe: "Re: [PATCH V2] io_uring: validate user-controlled cq.head in io_cqe_cache_refill()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jens Axboe

Date: Thu May 14 2026 - 09:24:33 EST

On Thu, 14 May 2026 10:18:47 +0800, Zizhi Wo wrote:
> [BUG]
> A fuzzing run reproduced an unkillable io_uring task stuck at ~100% CPU:
>
> [root@fedora io_uring_stress]# ps -ef | grep io_uring
> root 1240 1 99 13:36 ? 00:01:35 [io_uring_stress] <defunct>
>
> The task loops inside io_cqring_wait() and never returns to userspace, and
> SIGKILL has no effect.
>
> [...]

Applied, thanks!

[1/1] io_uring: validate user-controlled cq.head in io_cqe_cache_refill()
commit: f44d38a31f1802b7222adaea9ee69f9d280f698a

Best regards,
--
Jens Axboe