* [Kernel Bug] INFO: task hung in xt_find_table
@ 2026-06-09 11:55 Longxing Li
2026-06-09 20:44 ` Pablo Neira Ayuso
0 siblings, 1 reply; 4+ messages in thread
From: Longxing Li @ 2026-06-09 11:55 UTC (permalink / raw)
To: syzkaller, pablo, edumazet, kuba, pabeni, horms, netfilter-devel,
coreteam, netdev, linux-kernel
Dear Linux kernel developers and maintainers,
We would like to report a new kernel bug found by our tool. INFO: task
hung in xt_find_table. Details are as follows.
Kernel commit: v7.0.6
Kernel config: see attachment
report: see attachment
We are currently analyzing the root cause and working on a
reproducible PoC. We will provide further updates in this thread as
soon as we have more information.
Best regards,
Longxing Li
==================================================================
https://drive.google.com/file/d/1Bx2unEf-QntjVi8g6Zw7QNO6OP4cjGO_/view?usp=drive_link
https://drive.google.com/file/d/1ELWnHa1fKJSXMFMNxMzw-Yje3XSETRBt/view?usp=drive_link
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Kernel Bug] INFO: task hung in xt_find_table
2026-06-09 11:55 [Kernel Bug] INFO: task hung in xt_find_table Longxing Li
@ 2026-06-09 20:44 ` Pablo Neira Ayuso
2026-06-10 7:14 ` Longxing Li
0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2026-06-09 20:44 UTC (permalink / raw)
To: Longxing Li
Cc: syzkaller, edumazet, kuba, pabeni, horms, netfilter-devel,
coreteam, netdev, linux-kernel
Hi,
On Tue, Jun 09, 2026 at 07:55:34PM +0800, Longxing Li wrote:
> Dear Linux kernel developers and maintainers,
>
> We would like to report a new kernel bug found by our tool. INFO: task
> hung in xt_find_table. Details are as follows.
>
> Kernel commit: v7.0.6
> Kernel config: see attachment
> report: see attachment
>
> We are currently analyzing the root cause and working on a
> reproducible PoC. We will provide further updates in this thread as
> soon as we have more information.
No links to external web, please, inline in plain text to this email
the description of what you found.
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Kernel Bug] INFO: task hung in xt_find_table
2026-06-09 20:44 ` Pablo Neira Ayuso
@ 2026-06-10 7:14 ` Longxing Li
2026-06-10 9:26 ` Jiayuan Chen
0 siblings, 1 reply; 4+ messages in thread
From: Longxing Li @ 2026-06-10 7:14 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: syzkaller, edumazet, kuba, pabeni, horms, netfilter-devel,
coreteam, netdev, linux-kernel
sorry for not containing report plain text in last email. the report
is as follows:
INFO: task syz-executor.4:42949 blocked for more than 143 seconds.
Not tainted 7.0.6 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4 state:D stack:26456 pid:42949 tgid:42937
ppid:9759 task_flags:0x400140 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x1006/0x5f00 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7008
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xd9e/0x1df0 kernel/locking/mutex.c:776
xt_find_table+0x59/0x1a0 net/netfilter/x_tables.c:1245
ip6t_unregister_table_exit+0x22/0x50 net/ipv6/netfilter/ip6_tables.c:1808
ops_exit_list net/core/net_namespace.c:199 [inline]
ops_undo_list+0x2dd/0xa50 net/core/net_namespace.c:252
setup_net+0x1f3/0x3a0 net/core/net_namespace.c:462
copy_net_ns+0x351/0x7c0 net/core/net_namespace.c:579
create_new_namespaces+0x3f6/0xac0 kernel/nsproxy.c:130
copy_namespaces+0x45c/0x580 kernel/nsproxy.c:195
copy_process+0x30cc/0x76d0 kernel/fork.c:2227
kernel_clone+0xea/0x8f0 kernel/fork.c:2655
__do_sys_clone+0xce/0x120 kernel/fork.c:2796
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x11b/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x471ecd
RSP: 002b:00007f51f163e008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 000000000059bf80 RCX: 0000000000471ecd
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040080020
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 000000000059bf8c
R13: 000000000000000b R14: 000000000059bf80 R15: 00007f51f161e000
</TASK>
Showing all locks held in the system:
2 locks held by kthreadd/2:
#0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
1 lock held by khungtaskd/25:
#0: ffffffff8e5e6ce0 (rcu_read_lock){....}-{1:3}, at:
rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
#0: ffffffff8e5e6ce0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock
include/linux/rcupdate.h:850 [inline]
#0: ffffffff8e5e6ce0 (rcu_read_lock){....}-{1:3}, at:
debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
4 locks held by kworker/u4:4/53:
#0: ffff88801c73c948
((wq_completion)ext4-rsv-conversion){+.+.}-{0:0}, at:
process_one_work+0x139e/0x1c60 kernel/workqueue.c:3263
#1: ffffc9000100fd08
((work_completion)(&ei->i_rsv_conversion_work)){+.+.}-{0:0}, at:
process_one_work+0x938/0x1c60 kernel/workqueue.c:3264
#2: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
7 locks held by kworker/u4:5/74:
#0: ffff88801c723148 ((wq_completion)writeback){+.+.}-{0:0}, at:
process_one_work+0x139e/0x1c60 kernel/workqueue.c:3263
#1: ffffc9000125fd08
((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at:
process_one_work+0x938/0x1c60 kernel/workqueue.c:3264
#2: ffff888025a820e0 (&type->s_umount_key#56){++++}-{4:4}, at:
super_trylock_shared+0x21/0x100 fs/super.c:565
#3: ffff888025a80c18 (&sbi->s_writepages_rwsem){++++}-{0:0}, at:
do_writepages+0x242/0x5b0 mm/page-writeback.c:2575
#4: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
#5: ffff88802b266260 (&ei->i_data_sem){++++}-{4:4}, at:
ext4_map_blocks+0x54c/0xcc0 fs/ext4/inode.c:818
#6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
2 locks held by kswapd1/79:
#0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
balance_pgdat+0xc0b/0x1b60 mm/vmscan.c:7083
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
5 locks held by kworker/u4:6/340:
4 locks held by kworker/u4:7/3543:
#0: ffff88801b894948 ((wq_completion)events_unbound#2){+.+.}-{0:0},
at: process_one_work+0x139e/0x1c60 kernel/workqueue.c:3263
#1: ffffc9000b77fd08
((work_completion)(&sub_info->work)){+.+.}-{0:0}, at:
process_one_work+0x938/0x1c60 kernel/workqueue.c:3264
#2: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#2: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#2: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#2: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
1 lock held by jbd2/sda-8/5138:
#0: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#0: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#0: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#0: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
4 locks held by systemd-journal/5165:
#0: ffff88804ebcbd08 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
#1: ffff888025a82518 (sb_pagefaults){.+.+}-{0:0}, at:
do_page_mkwrite+0x17a/0x390 mm/memory.c:3602
#2: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
2 locks held by systemd-udevd/5178:
2 locks held by cron/9006:
#0: ffffffff8f04c678 (tomoyo_ss){.+.+}-{0:0}, at: srcu_lock_acquire
include/linux/srcu.h:187 [inline]
#0: ffffffff8f04c678 (tomoyo_ss){.+.+}-{0:0}, at: srcu_read_lock
include/linux/srcu.h:294 [inline]
#0: ffffffff8f04c678 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_read_lock
security/tomoyo/common.h:1112 [inline]
#0: ffffffff8f04c678 (tomoyo_ss){.+.+}-{0:0}, at:
tomoyo_path_perm+0x223/0x420 security/tomoyo/file.c:826
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
1 lock held by in:imklog/9071:
5 locks held by rs:main Q:Reg/9072:
#0: ffff888050036d38 (&f->f_pos_lock){+.+.}-{4:4}, at:
fdget_pos+0x2a0/0x370 fs/file.c:1261
#1: ffff888025a82420 (sb_writers#4){.+.+}-{0:0}, at:
ksys_write+0x121/0x240 fs/read_write.c:740
#2: ffff88802b2663d0 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at:
inode_lock include/linux/fs.h:1028 [inline]
#2: ffff88802b2663d0 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at:
ext4_buffered_write_iter+0xab/0x430 fs/ext4/file.c:295
#3: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-fuzzer/9743:
#0: ffff88804ea40bc8 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
5 locks held by syz-executor.2/9744:
#0: ffff888025a412b8 (&f->f_pos_lock){+.+.}-{4:4}, at:
fdget_pos+0x2a0/0x370 fs/file.c:1261
#1: ffff88804cd26d68 (&type->i_mutex_dir_key#3){++++}-{4:4}, at:
iterate_dir+0x197/0xb00 fs/readdir.c:101
#2: ffff888025a82420 (sb_writers#4){.+.+}-{0:0}, at: file_accessed
include/linux/fs.h:2261 [inline]
#2: ffff888025a82420 (sb_writers#4){.+.+}-{0:0}, at:
iterate_dir+0x869/0xb00 fs/readdir.c:111
#3: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.0/9745:
3 locks held by syz-executor.4/9759:
#0: ffff8880469e2d08 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.6/9760:
#0: ffff8880501b4bc8 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
5 locks held by syz-executor.3/9761:
#0: ffff888020c5ed38 (&f->f_pos_lock){+.+.}-{4:4}, at:
fdget_pos+0x2a0/0x370 fs/file.c:1261
#1: ffff88804745e3d0 (&type->i_mutex_dir_key#3){++++}-{4:4}, at:
iterate_dir+0x197/0xb00 fs/readdir.c:101
#2: ffff888025a82420 (sb_writers#4){.+.+}-{0:0}, at: file_accessed
include/linux/fs.h:2261 [inline]
#2: ffff888025a82420 (sb_writers#4){.+.+}-{0:0}, at:
iterate_dir+0x869/0xb00 fs/readdir.c:111
#3: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.1/9765:
#0: ffff888022db2d88 (&xt[i].mutex){+.+.}-{4:4}, at:
xt_find_table_lock+0x5f/0x540 net/netfilter/x_tables.c:1266
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.7/9772:
#0: ffff88804d15cd08 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
5 locks held by syz-executor.5/9790:
#0: ffffffff8e71f1d0 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm
kernel/fork.c:1531 [inline]
#0: ffffffff8e71f1d0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm
kernel/fork.c:1584 [inline]
#0: ffffffff8e71f1d0 (dup_mmap_sem){.+.+}-{0:0}, at:
copy_process+0x6535/0x76d0 kernel/fork.c:2224
#1: ffff888012e54cc0 (&mm->mmap_lock){++++}-{4:4}, at:
mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline]
#1: ffff888012e54cc0 (&mm->mmap_lock){++++}-{4:4}, at:
dup_mmap+0x124/0x2330 mm/mmap.c:1740
#2: ffff88805c1cccc0 (&mm->mmap_lock/1){+.+.}-{4:4}, at:
mmap_write_lock_nested include/linux/mmap_lock.h:544 [inline]
#2: ffff88805c1cccc0 (&mm->mmap_lock/1){+.+.}-{4:4}, at:
dup_mmap+0x1c6/0x2330 mm/mmap.c:1747
#3: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#3: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#3: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#3: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
2 locks held by kworker/0:8/11473:
7 locks held by kworker/u4:8/12707:
#0: ffff88801c723148 ((wq_completion)writeback){+.+.}-{0:0}, at:
process_one_work+0x139e/0x1c60 kernel/workqueue.c:3263
#1: ffffc9000bfdfd08
((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at:
process_one_work+0x938/0x1c60 kernel/workqueue.c:3264
#2: ffff888025a820e0 (&type->s_umount_key#56){++++}-{4:4}, at:
super_trylock_shared+0x21/0x100 fs/super.c:565
#3: ffff888025a80c18 (&sbi->s_writepages_rwsem){++++}-{0:0}, at:
do_writepages+0x242/0x5b0 mm/page-writeback.c:2575
#4: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
#5: ffff8880475115a0 (&ei->i_data_sem){++++}-{4:4}, at:
ext4_map_blocks+0x54c/0xcc0 fs/ext4/inode.c:818
#6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
2 locks held by kworker/u4:9/15616:
#0: ffff88801b894948 ((wq_completion)events_unbound#2){+.+.}-{0:0},
at: process_one_work+0x139e/0x1c60 kernel/workqueue.c:3263
#1: ffffc9001a077d08
((work_completion)(&sub_info->work)){+.+.}-{0:0}, at:
process_one_work+0x938/0x1c60 kernel/workqueue.c:3264
6 locks held by kworker/0:6/31120:
2 locks held by syz-executor.0/42951:
#0: ffffffff903e44b0 (pernet_ops_rwsem){++++}-{4:4}, at:
copy_net_ns+0x335/0x7c0 net/core/net_namespace.c:575
#1: ffff888022db2d88 (&xt[i].mutex){+.+.}-{4:4}, at:
xt_find_table+0x59/0x1a0 net/netfilter/x_tables.c:1245
2 locks held by syz-executor.4/42949:
#0: ffffffff903e44b0 (pernet_ops_rwsem){++++}-{4:4}, at:
copy_net_ns+0x335/0x7c0 net/core/net_namespace.c:575
#1: ffff888022db2d88 (&xt[i].mutex){+.+.}-{4:4}, at:
xt_find_table+0x59/0x1a0 net/netfilter/x_tables.c:1245
3 locks held by modprobe/43044:
#0: ffff8880501b41c8 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.7/43046:
#0: ffff888049241808 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
2 locks held by syz-executor.7/43047:
#0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.6/43050:
#0: ffff88804d7b8a88 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
#1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
#2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 25 Comm: khungtaskd Not tainted 7.0.6 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x2a0/0x350 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x133/0x180 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xeac/0x11e0 kernel/hung_task.c:515
kthread+0x38d/0x4a0 kernel/kthread.c:436
ret_from_fork+0x942/0xe50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Pablo Neira Ayuso <pablo@netfilter.org> 于2026年6月10日周三 04:44写道:
>
> Hi,
>
> On Tue, Jun 09, 2026 at 07:55:34PM +0800, Longxing Li wrote:
> > Dear Linux kernel developers and maintainers,
> >
> > We would like to report a new kernel bug found by our tool. INFO: task
> > hung in xt_find_table. Details are as follows.
> >
> > Kernel commit: v7.0.6
> > Kernel config: see attachment
> > report: see attachment
> >
> > We are currently analyzing the root cause and working on a
> > reproducible PoC. We will provide further updates in this thread as
> > soon as we have more information.
>
> No links to external web, please, inline in plain text to this email
> the description of what you found.
>
> Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Kernel Bug] INFO: task hung in xt_find_table
2026-06-10 7:14 ` Longxing Li
@ 2026-06-10 9:26 ` Jiayuan Chen
0 siblings, 0 replies; 4+ messages in thread
From: Jiayuan Chen @ 2026-06-10 9:26 UTC (permalink / raw)
To: Longxing Li, Pablo Neira Ayuso
Cc: syzkaller, edumazet, kuba, pabeni, horms, netfilter-devel,
coreteam, netdev, linux-kernel
On 6/10/26 3:14 PM, Longxing Li wrote:
> sorry for not containing report plain text in last email. the report
> is as follows:
>
> INFO: task syz-executor.4:42949 blocked for more than 143 seconds.
> Not tainted 7.0.6 #1
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor.4 state:D stack:26456 pid:42949 tgid:42937
> ppid:9759 task_flags:0x400140 flags:0x00080002
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5298 [inline]
> __schedule+0x1006/0x5f00 kernel/sched/core.c:6911
> __schedule_loop kernel/sched/core.c:6993 [inline]
> schedule+0xe7/0x3a0 kernel/sched/core.c:7008
> schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
> __mutex_lock_common kernel/locking/mutex.c:692 [inline]
> __mutex_lock+0xd9e/0x1df0 kernel/locking/mutex.c:776
> xt_find_table+0x59/0x1a0 net/netfilter/x_tables.c:1245
> ip6t_unregister_table_exit+0x22/0x50 net/ipv6/netfilter/ip6_tables.c:1808
> ops_exit_list net/core/net_namespace.c:199 [inline]
> ops_undo_list+0x2dd/0xa50 net/core/net_namespace.c:252
> setup_net+0x1f3/0x3a0 net/core/net_namespace.c:462
> copy_net_ns+0x351/0x7c0 net/core/net_namespace.c:579
> create_new_namespaces+0x3f6/0xac0 kernel/nsproxy.c:130
> copy_namespaces+0x45c/0x580 kernel/nsproxy.c:195
> copy_process+0x30cc/0x76d0 kernel/fork.c:2227
> kernel_clone+0xea/0x8f0 kernel/fork.c:2655
> __do_sys_clone+0xce/0x120 kernel/fork.c:2796
> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
> do_syscall_64+0x11b/0xf80 arch/x86/entry/syscall_64.c:94
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x471ecd
> RSP: 002b:00007f51f163e008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
> RAX: ffffffffffffffda RBX: 000000000059bf80 RCX: 0000000000471ecd
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040080020
> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000202 R12: 000000000059bf8c
> R13: 000000000000000b R14: 000000000059bf80 R15: 00007f51f161e000
> </TASK>
This is not a deadlock — there's no lock cycle.
The runner is simply under heavy pressure on all three axes: CPU (zswap
compression) + memory (direct reclaim) + IO (swap).
The hung task is just a victim. The actual holder is another task that
took the mutex and then fell into direct reclaim.
Likely stack of the holder:
get_entries
xt_find_table_lock
copy_entries_to_user
alloc_counters
vzalloc -> direct reclaim
"INFO: task hung" reports of this kind are common on the official
syzkaller dashboard https://syzkaller.appspot.com/upstream/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-06-10 9:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-09 11:55 [Kernel Bug] INFO: task hung in xt_find_table Longxing Li
2026-06-09 20:44 ` Pablo Neira Ayuso
2026-06-10 7:14 ` Longxing Li
2026-06-10 9:26 ` Jiayuan Chen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.