CVE-2023-53671 in Linuxinformation

Résumé

par VulDB • 30/05/2026

Based on the kernel log snippet provided, here is an analysis of the issue:

### **Summary** The system is experiencing a **hung task** (kernel thread blocked for >122 seconds). The blocked task is `kworker/u16:1` (PID 24), which is executing the work function `fsnotify_mark_destroy_workfn`. This indicates a problem in the **filesystem notification (fsnotify) subsystem**, specifically during the cleanup/destruction of fsnotify marks.

---

### **Key Details from the Log**

1. **Hung Task Detection**: ``` INFO: task kworker/u16:1:24 blocked for more than 122 seconds. Not tainted 6.1.0-rc1 #1 ``` - The kernel’s hung task detector has triggered. - The kernel version is `6.1.0-rc1` (a release candidate, which may contain regressions).

2. **Blocked Task**: ``` task:kworker/u16:1 state:D stack:0 pid:24 ppid:2 flags:0x00000800 Workqueue: events_unbound fsnotify_mark_destroy_workfn ``` - **Task**: `kworker/u16:1` (a workqueue worker thread). - **State**: `D` (uninterruptible sleep, typically waiting for I/O or a lock). - **Workqueue**: `events_unbound` (a high-priority, unbound workqueue). - **Function**: `fsnotify_mark_destroy_workfn` — This function is responsible for cleaning up fsnotify marks (used by tools like `inotify`, `fanotify`, etc.).

3. **Call Trace**: ``` Call Trace: [c0000000166736e0] [c00000004fd91000] 0xc00000004fd91000 (unreliable)
[c0000000166738d0] [c00000001001dec0] __switch_to+0x130/0x220
[c000000016673930] [c000000010f607b8] __schedule+0x1f8/0x...
``` - The trace is truncated, but it shows the task is stuck in `__schedule`, meaning it is waiting for a resource (likely a lock or I/O completion). - The first entry is marked `(unreliable)`, which often happens when the stack is corrupted or the kernel is in an unusual state.

4. **Architecture**: - The register dump (`GPR0`, `NIP`, `LR`, etc.) and the format of the addresses suggest this is an **PowerPC (PPC64)** system. - The `NIP` (Next Instruction Pointer) is `0x7fffa47d5ba4`, which is in user-space address space, but the interrupt frame suggests a kernel context. This might indicate a fault or an unusual state.

---

### **Possible Causes**

1. **Lock Contention in fsnotify**: - The `fsnotify_mark_destroy_workfn` function may be waiting for a lock (e.g., `fsnotify_mark_lock`) that is held by another thread for an extended period. - This could happen if another thread is stuck in a long-running fsnotify operation or if there is a deadlock.

2. **I/O Stall**: - If the filesystem is experiencing severe I/O latency or is unresponsive, the workqueue thread may block while trying to access filesystem metadata.

3. **Kernel Bug in 6.1.0-rc1**: - Since this is a release candidate, there may be a regression in the fsnotify or workqueue subsystems. - Known issues in 6.1-rc kernels related to fsnotify include race conditions in mark destruction.

4. **User-Space Application Issue**: - An application using `inotify` or `fanotify` may have created a large number of marks or is holding a reference that prevents cleanup. - Check for applications that are heavily using file monitoring (e.g., IDEs, backup tools, antivirus software).

---

### **Recommended Actions**

1. **Check for User-Space Causes**: - Identify which processes are using `inotify` or `fanotify`: ```bash

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

Linux

Réserver

07/10/2025

Divulgation

07/10/2025

Modérer

accepté

Entrée

VDB-327459

CPE

prêt

EPSS

0.00134

KEV

non

Activités

très faible

Sources

Do you know our Splunk app?

Download it now for free!