[Kernel Bug] INFO: task hung in xt_find

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Kernel Bug] INFO: task hung in xt_find_table
@ 2026-06-09 11:55 Longxing Li
  2026-06-09 20:44 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Longxing Li @ 2026-06-09 11:55 UTC (permalink / raw)
  To: syzkaller, pablo, edumazet, kuba, pabeni, horms, netfilter-devel,
	coreteam, netdev, linux-kernel

Dear Linux kernel developers and maintainers,

We would like to report a new kernel bug found by our tool. INFO: task
hung in xt_find_table. Details are as follows.

Kernel commit: v7.0.6
Kernel config: see attachment
report: see attachment

We are currently analyzing the root cause and  working on a
reproducible PoC. We will provide further updates in this thread as
soon as we have more information.

Best regards,
Longxing Li

==================================================================
https://drive.google.com/file/d/1Bx2unEf-QntjVi8g6Zw7QNO6OP4cjGO_/view?usp=drive_link

https://drive.google.com/file/d/1ELWnHa1fKJSXMFMNxMzw-Yje3XSETRBt/view?usp=drive_link

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Kernel Bug] INFO: task hung in xt_find_table
  2026-06-09 11:55 [Kernel Bug] INFO: task hung in xt_find_table Longxing Li
@ 2026-06-09 20:44 ` Pablo Neira Ayuso
  2026-06-10  7:14   ` Longxing Li
  0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2026-06-09 20:44 UTC (permalink / raw)
  To: Longxing Li
  Cc: syzkaller, edumazet, kuba, pabeni, horms, netfilter-devel,
	coreteam, netdev, linux-kernel

Hi,

On Tue, Jun 09, 2026 at 07:55:34PM +0800, Longxing Li wrote:
> Dear Linux kernel developers and maintainers,
> 
> We would like to report a new kernel bug found by our tool. INFO: task
> hung in xt_find_table. Details are as follows.
> 
> Kernel commit: v7.0.6
> Kernel config: see attachment
> report: see attachment
> 
> We are currently analyzing the root cause and  working on a
> reproducible PoC. We will provide further updates in this thread as
> soon as we have more information.

No links to external web, please, inline in plain text to this email
the description of what you found.

Thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Kernel Bug] INFO: task hung in xt_find_table
  2026-06-09 20:44 ` Pablo Neira Ayuso
@ 2026-06-10  7:14   ` Longxing Li
  2026-06-10  9:26     ` Jiayuan Chen
  0 siblings, 1 reply; 4+ messages in thread
From: Longxing Li @ 2026-06-10  7:14 UTC (permalink / raw)
  To: Pablo Neira Ayuso
  Cc: syzkaller, edumazet, kuba, pabeni, horms, netfilter-devel,
	coreteam, netdev, linux-kernel

sorry for not containing report plain text in last email. the report
is as follows:

INFO: task syz-executor.4:42949 blocked for more than 143 seconds.
      Not tainted 7.0.6 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:26456 pid:42949 tgid:42937
ppid:9759   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0x1006/0x5f00 kernel/sched/core.c:6911
 __schedule_loop kernel/sched/core.c:6993 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7008
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0xd9e/0x1df0 kernel/locking/mutex.c:776
 xt_find_table+0x59/0x1a0 net/netfilter/x_tables.c:1245
 ip6t_unregister_table_exit+0x22/0x50 net/ipv6/netfilter/ip6_tables.c:1808
 ops_exit_list net/core/net_namespace.c:199 [inline]
 ops_undo_list+0x2dd/0xa50 net/core/net_namespace.c:252
 setup_net+0x1f3/0x3a0 net/core/net_namespace.c:462
 copy_net_ns+0x351/0x7c0 net/core/net_namespace.c:579
 create_new_namespaces+0x3f6/0xac0 kernel/nsproxy.c:130
 copy_namespaces+0x45c/0x580 kernel/nsproxy.c:195
 copy_process+0x30cc/0x76d0 kernel/fork.c:2227
 kernel_clone+0xea/0x8f0 kernel/fork.c:2655
 __do_sys_clone+0xce/0x120 kernel/fork.c:2796
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x11b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x471ecd
RSP: 002b:00007f51f163e008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 000000000059bf80 RCX: 0000000000471ecd
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040080020
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 000000000059bf8c
R13: 000000000000000b R14: 000000000059bf80 R15: 00007f51f161e000
 </TASK>

Showing all locks held in the system:
2 locks held by kthreadd/2:
 #0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
1 lock held by khungtaskd/25:
 #0: ffffffff8e5e6ce0 (rcu_read_lock){....}-{1:3}, at:
rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff8e5e6ce0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock
include/linux/rcupdate.h:850 [inline]
 #0: ffffffff8e5e6ce0 (rcu_read_lock){....}-{1:3}, at:
debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
4 locks held by kworker/u4:4/53:
 #0: ffff88801c73c948
((wq_completion)ext4-rsv-conversion){+.+.}-{0:0}, at:
process_one_work+0x139e/0x1c60 kernel/workqueue.c:3263
 #1: ffffc9000100fd08
((work_completion)(&ei->i_rsv_conversion_work)){+.+.}-{0:0}, at:
process_one_work+0x938/0x1c60 kernel/workqueue.c:3264
 #2: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
7 locks held by kworker/u4:5/74:
 #0: ffff88801c723148 ((wq_completion)writeback){+.+.}-{0:0}, at:
process_one_work+0x139e/0x1c60 kernel/workqueue.c:3263
 #1: ffffc9000125fd08
((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at:
process_one_work+0x938/0x1c60 kernel/workqueue.c:3264
 #2: ffff888025a820e0 (&type->s_umount_key#56){++++}-{4:4}, at:
super_trylock_shared+0x21/0x100 fs/super.c:565
 #3: ffff888025a80c18 (&sbi->s_writepages_rwsem){++++}-{0:0}, at:
do_writepages+0x242/0x5b0 mm/page-writeback.c:2575
 #4: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
 #5: ffff88802b266260 (&ei->i_data_sem){++++}-{4:4}, at:
ext4_map_blocks+0x54c/0xcc0 fs/ext4/inode.c:818
 #6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
2 locks held by kswapd1/79:
 #0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
balance_pgdat+0xc0b/0x1b60 mm/vmscan.c:7083
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
5 locks held by kworker/u4:6/340:
4 locks held by kworker/u4:7/3543:
 #0: ffff88801b894948 ((wq_completion)events_unbound#2){+.+.}-{0:0},
at: process_one_work+0x139e/0x1c60 kernel/workqueue.c:3263
 #1: ffffc9000b77fd08
((work_completion)(&sub_info->work)){+.+.}-{0:0}, at:
process_one_work+0x938/0x1c60 kernel/workqueue.c:3264
 #2: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #2: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #2: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #2: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
1 lock held by jbd2/sda-8/5138:
 #0: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #0: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #0: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #0: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
4 locks held by systemd-journal/5165:
 #0: ffff88804ebcbd08 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
 #1: ffff888025a82518 (sb_pagefaults){.+.+}-{0:0}, at:
do_page_mkwrite+0x17a/0x390 mm/memory.c:3602
 #2: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #3: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
2 locks held by systemd-udevd/5178:
2 locks held by cron/9006:
 #0: ffffffff8f04c678 (tomoyo_ss){.+.+}-{0:0}, at: srcu_lock_acquire
include/linux/srcu.h:187 [inline]
 #0: ffffffff8f04c678 (tomoyo_ss){.+.+}-{0:0}, at: srcu_read_lock
include/linux/srcu.h:294 [inline]
 #0: ffffffff8f04c678 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_read_lock
security/tomoyo/common.h:1112 [inline]
 #0: ffffffff8f04c678 (tomoyo_ss){.+.+}-{0:0}, at:
tomoyo_path_perm+0x223/0x420 security/tomoyo/file.c:826
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
1 lock held by in:imklog/9071:
5 locks held by rs:main Q:Reg/9072:
 #0: ffff888050036d38 (&f->f_pos_lock){+.+.}-{4:4}, at:
fdget_pos+0x2a0/0x370 fs/file.c:1261
 #1: ffff888025a82420 (sb_writers#4){.+.+}-{0:0}, at:
ksys_write+0x121/0x240 fs/read_write.c:740
 #2: ffff88802b2663d0 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at:
inode_lock include/linux/fs.h:1028 [inline]
 #2: ffff88802b2663d0 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at:
ext4_buffered_write_iter+0xab/0x430 fs/ext4/file.c:295
 #3: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-fuzzer/9743:
 #0: ffff88804ea40bc8 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
5 locks held by syz-executor.2/9744:
 #0: ffff888025a412b8 (&f->f_pos_lock){+.+.}-{4:4}, at:
fdget_pos+0x2a0/0x370 fs/file.c:1261
 #1: ffff88804cd26d68 (&type->i_mutex_dir_key#3){++++}-{4:4}, at:
iterate_dir+0x197/0xb00 fs/readdir.c:101
 #2: ffff888025a82420 (sb_writers#4){.+.+}-{0:0}, at: file_accessed
include/linux/fs.h:2261 [inline]
 #2: ffff888025a82420 (sb_writers#4){.+.+}-{0:0}, at:
iterate_dir+0x869/0xb00 fs/readdir.c:111
 #3: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.0/9745:
3 locks held by syz-executor.4/9759:
 #0: ffff8880469e2d08 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.6/9760:
 #0: ffff8880501b4bc8 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
5 locks held by syz-executor.3/9761:
 #0: ffff888020c5ed38 (&f->f_pos_lock){+.+.}-{4:4}, at:
fdget_pos+0x2a0/0x370 fs/file.c:1261
 #1: ffff88804745e3d0 (&type->i_mutex_dir_key#3){++++}-{4:4}, at:
iterate_dir+0x197/0xb00 fs/readdir.c:101
 #2: ffff888025a82420 (sb_writers#4){.+.+}-{0:0}, at: file_accessed
include/linux/fs.h:2261 [inline]
 #2: ffff888025a82420 (sb_writers#4){.+.+}-{0:0}, at:
iterate_dir+0x869/0xb00 fs/readdir.c:111
 #3: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.1/9765:
 #0: ffff888022db2d88 (&xt[i].mutex){+.+.}-{4:4}, at:
xt_find_table_lock+0x5f/0x540 net/netfilter/x_tables.c:1266
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.7/9772:
 #0: ffff88804d15cd08 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
5 locks held by syz-executor.5/9790:
 #0: ffffffff8e71f1d0 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm
kernel/fork.c:1531 [inline]
 #0: ffffffff8e71f1d0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm
kernel/fork.c:1584 [inline]
 #0: ffffffff8e71f1d0 (dup_mmap_sem){.+.+}-{0:0}, at:
copy_process+0x6535/0x76d0 kernel/fork.c:2224
 #1: ffff888012e54cc0 (&mm->mmap_lock){++++}-{4:4}, at:
mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline]
 #1: ffff888012e54cc0 (&mm->mmap_lock){++++}-{4:4}, at:
dup_mmap+0x124/0x2330 mm/mmap.c:1740
 #2: ffff88805c1cccc0 (&mm->mmap_lock/1){+.+.}-{4:4}, at:
mmap_write_lock_nested include/linux/mmap_lock.h:544 [inline]
 #2: ffff88805c1cccc0 (&mm->mmap_lock/1){+.+.}-{4:4}, at:
dup_mmap+0x1c6/0x2330 mm/mmap.c:1747
 #3: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #3: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #3: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #3: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #4: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
2 locks held by kworker/0:8/11473:
7 locks held by kworker/u4:8/12707:
 #0: ffff88801c723148 ((wq_completion)writeback){+.+.}-{0:0}, at:
process_one_work+0x139e/0x1c60 kernel/workqueue.c:3263
 #1: ffffc9000bfdfd08
((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at:
process_one_work+0x938/0x1c60 kernel/workqueue.c:3264
 #2: ffff888025a820e0 (&type->s_umount_key#56){++++}-{4:4}, at:
super_trylock_shared+0x21/0x100 fs/super.c:565
 #3: ffff888025a80c18 (&sbi->s_writepages_rwsem){++++}-{0:0}, at:
do_writepages+0x242/0x5b0 mm/page-writeback.c:2575
 #4: ffff888025a86950 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0xe33/0x12d0 fs/jbd2/transaction.c:444
 #5: ffff8880475115a0 (&ei->i_data_sem){++++}-{4:4}, at:
ext4_map_blocks+0x54c/0xcc0 fs/ext4/inode.c:818
 #6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #6: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
2 locks held by kworker/u4:9/15616:
 #0: ffff88801b894948 ((wq_completion)events_unbound#2){+.+.}-{0:0},
at: process_one_work+0x139e/0x1c60 kernel/workqueue.c:3263
 #1: ffffc9001a077d08
((work_completion)(&sub_info->work)){+.+.}-{0:0}, at:
process_one_work+0x938/0x1c60 kernel/workqueue.c:3264
6 locks held by kworker/0:6/31120:
2 locks held by syz-executor.0/42951:
 #0: ffffffff903e44b0 (pernet_ops_rwsem){++++}-{4:4}, at:
copy_net_ns+0x335/0x7c0 net/core/net_namespace.c:575
 #1: ffff888022db2d88 (&xt[i].mutex){+.+.}-{4:4}, at:
xt_find_table+0x59/0x1a0 net/netfilter/x_tables.c:1245
2 locks held by syz-executor.4/42949:
 #0: ffffffff903e44b0 (pernet_ops_rwsem){++++}-{4:4}, at:
copy_net_ns+0x335/0x7c0 net/core/net_namespace.c:575
 #1: ffff888022db2d88 (&xt[i].mutex){+.+.}-{4:4}, at:
xt_find_table+0x59/0x1a0 net/netfilter/x_tables.c:1245
3 locks held by modprobe/43044:
 #0: ffff8880501b41c8 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.7/43046:
 #0: ffff888049241808 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
2 locks held by syz-executor.7/43047:
 #0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #0: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #1: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533
3 locks held by syz-executor.6/43050:
 #0: ffff88804d7b8a88 (vm_lock){++++}-{0:0}, at:
lock_vma_under_rcu+0x118/0x5a0 mm/mmap_lock.c:310
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim
mm/page_alloc.c:4429 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_direct_reclaim mm/page_alloc.c:4454 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_pages_slowpath mm/page_alloc.c:4854 [inline]
 #1: ffffffff8e7a78a0 (fs_reclaim){+.+.}-{0:0}, at:
__alloc_frozen_pages_noprof+0x860/0x27e0 mm/page_alloc.c:5271
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1422
[inline]
 #2: ffffe8ffffc27170 (&per_cpu_ptr(pool->acomp_ctx,
cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0x875/0x2710 mm/zswap.c:1533

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 25 Comm: khungtaskd Not tainted 7.0.6 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x2a0/0x350 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x133/0x180 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xeac/0x11e0 kernel/hung_task.c:515
 kthread+0x38d/0x4a0 kernel/kthread.c:436
 ret_from_fork+0x942/0xe50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Pablo Neira Ayuso <pablo@netfilter.org> 于2026年6月10日周三 04:44写道：
>
> Hi,
>
> On Tue, Jun 09, 2026 at 07:55:34PM +0800, Longxing Li wrote:
> > Dear Linux kernel developers and maintainers,
> >
> > We would like to report a new kernel bug found by our tool. INFO: task
> > hung in xt_find_table. Details are as follows.
> >
> > Kernel commit: v7.0.6
> > Kernel config: see attachment
> > report: see attachment
> >
> > We are currently analyzing the root cause and  working on a
> > reproducible PoC. We will provide further updates in this thread as
> > soon as we have more information.
>
> No links to external web, please, inline in plain text to this email
> the description of what you found.
>
> Thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Kernel Bug] INFO: task hung in xt_find_table
  2026-06-10  7:14   ` Longxing Li
@ 2026-06-10  9:26     ` Jiayuan Chen
  0 siblings, 0 replies; 4+ messages in thread
From: Jiayuan Chen @ 2026-06-10  9:26 UTC (permalink / raw)
  To: Longxing Li, Pablo Neira Ayuso
  Cc: syzkaller, edumazet, kuba, pabeni, horms, netfilter-devel,
	coreteam, netdev, linux-kernel


On 6/10/26 3:14 PM, Longxing Li wrote:
> sorry for not containing report plain text in last email. the report
> is as follows:
>
> INFO: task syz-executor.4:42949 blocked for more than 143 seconds.
>        Not tainted 7.0.6 #1
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor.4  state:D stack:26456 pid:42949 tgid:42937
> ppid:9759   task_flags:0x400140 flags:0x00080002
> Call Trace:
>   <TASK>
>   context_switch kernel/sched/core.c:5298 [inline]
>   __schedule+0x1006/0x5f00 kernel/sched/core.c:6911
>   __schedule_loop kernel/sched/core.c:6993 [inline]
>   schedule+0xe7/0x3a0 kernel/sched/core.c:7008
>   schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
>   __mutex_lock_common kernel/locking/mutex.c:692 [inline]
>   __mutex_lock+0xd9e/0x1df0 kernel/locking/mutex.c:776
>   xt_find_table+0x59/0x1a0 net/netfilter/x_tables.c:1245
>   ip6t_unregister_table_exit+0x22/0x50 net/ipv6/netfilter/ip6_tables.c:1808
>   ops_exit_list net/core/net_namespace.c:199 [inline]
>   ops_undo_list+0x2dd/0xa50 net/core/net_namespace.c:252
>   setup_net+0x1f3/0x3a0 net/core/net_namespace.c:462
>   copy_net_ns+0x351/0x7c0 net/core/net_namespace.c:579
>   create_new_namespaces+0x3f6/0xac0 kernel/nsproxy.c:130
>   copy_namespaces+0x45c/0x580 kernel/nsproxy.c:195
>   copy_process+0x30cc/0x76d0 kernel/fork.c:2227
>   kernel_clone+0xea/0x8f0 kernel/fork.c:2655
>   __do_sys_clone+0xce/0x120 kernel/fork.c:2796
>   do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
>   do_syscall_64+0x11b/0xf80 arch/x86/entry/syscall_64.c:94
>   entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x471ecd
> RSP: 002b:00007f51f163e008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
> RAX: ffffffffffffffda RBX: 000000000059bf80 RCX: 0000000000471ecd
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040080020
> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000202 R12: 000000000059bf8c
> R13: 000000000000000b R14: 000000000059bf80 R15: 00007f51f161e000
>   </TASK>



This is not a deadlock — there's no lock cycle.

The runner is simply under heavy pressure on all three axes: CPU (zswap 
compression) + memory (direct reclaim) + IO (swap).

The hung task is just a victim. The actual holder is another task that 
took the mutex and then fell into direct reclaim.

Likely stack of the holder:
get_entries
   xt_find_table_lock
   copy_entries_to_user
     alloc_counters
        vzalloc  -> direct reclaim

"INFO: task hung" reports of this kind are common on the official 
syzkaller dashboard https://syzkaller.appspot.com/upstream/



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-06-10  9:26 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-09 11:55 [Kernel Bug] INFO: task hung in xt_find_table Longxing Li
2026-06-09 20:44 ` Pablo Neira Ayuso
2026-06-10  7:14   ` Longxing Li
2026-06-10  9:26     ` Jiayuan Chen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.