syzbot

 sign-in | mailing list | source | docs
🐞 Open [851]
🐞 Fixed [87]
🐞 Invalid [1297]
Missing Backports [132]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: task hung in __lru_add_drain_all (3)

Status: upstream: reported on 2026/05/01 08:27
Reported-by: syzbot+f86fd46095cba8c1fc12@syzkaller.appspotmail.com
First crash: 1d20h, last: 1d20h
Similar bugs (9)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 INFO: task hung in __lru_add_drain_all (3) 1 4 5d08h 53d 0/3 upstream: reported on 2026/03/10 22:55
linux-6.6 INFO: task hung in __lru_add_drain_all 1 1 179d 179d 0/2 auto-obsoleted due to no activity on 2026/02/12 06:31
linux-6.1 INFO: task hung in __lru_add_drain_all (2) 1 1 335d 335d 0/3 auto-obsoleted due to no activity on 2025/09/09 22:30
linux-5.15 INFO: task hung in __lru_add_drain_all 1 1 1106d 1106d 0/3 auto-obsoleted due to no activity on 2023/08/21 02:18
linux-6.1 INFO: task hung in __lru_add_drain_all 1 1 715d 715d 0/3 auto-obsoleted due to no activity on 2024/08/25 20:43
upstream INFO: task hung in __lru_add_drain_all (2) mm 1 syz error 272 377d 715d 0/29 auto-obsoleted due to no activity on 2025/06/29 18:01
upstream INFO: task hung in __lru_add_drain_all net 1 C done error 71 902d 1702d 0/29 auto-obsoleted due to no activity on 2024/02/20 10:46
linux-5.15 INFO: task hung in __lru_add_drain_all (2) 1 1 646d 646d 0/3 auto-obsoleted due to no activity on 2024/11/03 03:56
android-6-12 INFO: task hung in __lru_add_drain_all 1 1 180d 180d 0/1 auto-obsoleted due to no activity on 2026/02/01 19:21

Sample crash report:
INFO: task syz-executor:5005 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:21968 pid: 5005 ppid:     1 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11ef/0x43c0 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_timeout+0xbd/0x2d0 kernel/time/timer.c:2093
 do_wait_for_common+0x2a2/0x450 kernel/sched/completion.c:85
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x48/0x60 kernel/sched/completion.c:138
 __flush_work+0x15a/0x210 kernel/workqueue.c:3094
 __lru_add_drain_all+0x9ce/0xac0 mm/swap.c:833
 invalidate_bdev+0x8f/0xb0 block/bdev.c:87
 ext4_put_super+0x6f0/0xbc0 fs/ext4/super.c:1253
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x42d/0x4e0 fs/namespace.c:1148
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f587a2f0017
RSP: 002b:00007ffcd274df28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f587a384120 RCX: 00007f587a2f0017
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcd274dfe0
RBP: 00007ffcd274dfe0 R08: 00007ffcd274efe0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcd274f070
R13: 00007f587a384120 R14: 000000000003039d R15: 00007ffcd274f0b0
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:1/13:
 #0: ffff888016c71938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 kernel/workqueue.c:-1
 #1: ffffc90000d27d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 kernel/workqueue.c:2285
 #2: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x82/0xa80 net/wireless/reg.c:2437
1 lock held by khungtaskd/27:
 #0: ffffffff8c31eb20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
2 locks held by getty/3946:
 #0: ffff88814d433098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc900021ce2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5df/0x1a70 drivers/tty/n_tty.c:2158
2 locks held by kworker/1:4/4235:
3 locks held by kworker/u4:6/4275:
 #0: ffff888016dcd938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 kernel/workqueue.c:-1
 #1: ffffc900032ffd00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 kernel/workqueue.c:2285
 #2: ffffffff8d4314d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x148/0xba0 net/core/net_namespace.c:589
3 locks held by kworker/u4:10/4339:
 #0: ffff888016c79138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 kernel/workqueue.c:-1
 #1: ffffc9000343fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 kernel/workqueue.c:2285
 #2: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 net/core/link_watch.c:251
2 locks held by kworker/u4:13/4346:
2 locks held by syz-executor/5005:
 #0: ffff88807b7280e0 (&type->s_umount_key#32){++++}-{3:3}, at: deactivate_super+0xa0/0xd0 fs/super.c:365
 #1: ffffffff8c3b44c8 (lock#4){+.+.}-{3:3}, at: __lru_add_drain_all+0x68/0xac0 mm/swap.c:782
1 lock held by syz-executor/5307:
1 lock held by syz.0.152/5612:
 #0: ffffffff8c3235a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline]
 #0: ffffffff8c3235a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2d1/0x750 kernel/rcu/tree_exp.h:845
1 lock held by syz.5.153/5609:
 #0: ffffffff8c3235a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline]
 #0: ffffffff8c3235a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3a5/0x750 kernel/rcu/tree_exp.h:845
1 lock held by syz-executor/5618:
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 net/core/rtnetlink.c:5684
1 lock held by syz-executor/5619:
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 net/core/rtnetlink.c:5684
1 lock held by syz-executor/5622:
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 net/core/rtnetlink.c:5684
1 lock held by syz-executor/5625:
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 net/core/rtnetlink.c:5684
1 lock held by syz-executor/5651:
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 net/core/rtnetlink.c:5684
1 lock held by dhcpcd/5655:
 #0: ffff88804ecd4120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1744 [inline]
 #0: ffff88804ecd4120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 net/packet/af_packet.c:3213
1 lock held by dhcpcd/5656:
 #0: ffff888025646120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1744 [inline]
 #0: ffff888025646120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 net/packet/af_packet.c:3213
1 lock held by dhcpcd/5657:
 #0: ffff888058d58120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1744 [inline]
 #0: ffff888058d58120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 net/packet/af_packet.c:3213
1 lock held by dhcpcd/5658:
 #0: ffff88807a724120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1744 [inline]
 #0: ffff88807a724120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 net/packet/af_packet.c:3213
1 lock held by dhcpcd/5659:
 #0: ffff88804d4f2120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1744 [inline]
 #0: ffff88804d4f2120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 net/packet/af_packet.c:3213
1 lock held by dhcpcd/5660:
 #0: ffff88804d8ac120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1744 [inline]
 #0: ffff88804d8ac120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 net/packet/af_packet.c:3213
1 lock held by syz-executor/5665:
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 net/core/rtnetlink.c:5684
1 lock held by syz-executor/5670:
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 net/core/rtnetlink.c:5684
1 lock held by syz-executor/5672:
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 net/core/rtnetlink.c:5684
1 lock held by syz-executor/5673:
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 net/core/rtnetlink.c:5684
1 lock held by syz-executor/5677:
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 net/core/rtnetlink.c:5684

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x3a2/0x3d0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x163/0x280 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
 watchdog+0xe0f/0xe50 kernel/hung_task.c:369
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4753 Comm: syz.3.118 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:wants_signal kernel/signal.c:987 [inline]
RIP: 0010:complete_signal+0x2fa/0xa20 kernel/signal.c:1014
Code: 2d 00 41 83 e4 0c 74 0e e8 63 b3 2d 00 eb 71 e8 5c b3 2d 00 eb 6a 4c 89 ef e8 12 20 07 00 41 89 c4 31 ff 89 c6 e8 a6 b6 2d 00 <45> 85 e4 0f 85 4a 01 00 00 4c 89 ef be 08 00 00 00 e8 90 d3 72 00
RSP: 0000:ffffc9000424fb58 EFLAGS: 00000006
RAX: ffffffff814b814a RBX: fffffffffffff988 RCX: ffff88807b4d0000
RDX: 0000000000010000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 1ffff1100416fc3e R08: dffffc0000000000 R09: 1ffffffff203aa1a
R10: dffffc0000000000 R11: fffffbfff203aa1b R12: 0000000000000001
R13: ffff88807b4d0000 R14: 0000000100000000 R15: ffff888020b7e1f0
FS:  00007f2f0c3526c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000000bd038 CR3: 000000005b025000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 send_sigqueue+0x3e9/0x620 kernel/signal.c:1999
 posix_timer_event kernel/time/posix-timers.c:360 [inline]
 posix_timer_fn+0x16a/0x3d0 kernel/time/posix-timers.c:386
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x4f2/0xb70 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline]
 __sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
 sysvec_apic_timer_interrupt+0x4d/0xc0 arch/x86/kernel/apic/apic.c:1108
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0033:0x7f2f0e0f8dd7
Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89
RSP: 002b:00007f2f0c3520e8 EFLAGS: 00000246
RAX: 00000000000000ca RBX: 00007f2f0e371fa8 RCX: 00007f2f0e0f8dd9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2f0e371fa8
RBP: 00007f2f0e371fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2f0e372038 R14: 00007fffab32c280 R15: 00007fffab32c368
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/01 08:27 linux-5.15.y ef251c45f1cd 753c55b9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan INFO: task hung in __lru_add_drain_all
* Struck through repros no longer work on HEAD.