From nobody Sat Feb 7 13:41:34 2026 Received: from mail-oo1-f72.google.com (mail-oo1-f72.google.com [209.85.161.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A48926CE0A for ; Sun, 18 Jan 2026 22:24:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.72 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768775087; cv=none; b=beYYF2JWDFPD3ga6BaF7jKLYkDReSDXlBy4pl+iwaty79rFi0OQBq9K0zrsZNDLeOrE+gXnMEicqsMJL6H9zR4SouL85q1KfU+wLMR8Q6BBJFH1/nndkhYIiJHeNjNLvWrd4xtiVA/kx1kb/viDvFhqrKT/Dw2RqNBbOfsCFAfQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768775087; c=relaxed/simple; bh=4HA/hTSgMKN/kqB2hvNPaOuVpMVwtXKrPR/dMm4sloo=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=cy78crGaryE7z2uR45UcDq8iWlwZSPiBi2jFrbuvkz0XlQVjaBqGu+ba1f4+Rn6/yW+x1zw3dQmbnP6DO+kaODuOEKOhtTqEIUGsL63E0jIdH6eihlr+mcQXzSEP4MGO1bhbe92pGAY0au+OT1uW54FYKl2tLwlseyQC9Ha+K/0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.161.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-oo1-f72.google.com with SMTP id 006d021491bc7-66108d1cd11so10986416eaf.2 for ; Sun, 18 Jan 2026 14:24:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768775084; x=1769379884; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jMAFgtn/akx0ekTsgu4mjDHgkzbZAw18J4gzKJw+beE=; b=HQOcfI9EuQA0R4sFv38Bc5r9ng61tAEF7PE4cK9MOYgXcJsmxyCEKGQBPZM/haIZ4B S1ohU13rITNr3vzFWK/t7vXUfpT8P+aP05dKMTi0AvwkUleJ9F4ZX0XL9hf2IiMdgwSA SBbFEYJmz7cPIwMkuP1uY1wb4zsR8t+8GTDXjBJdJsQj4PZJJD9gEDZNu2DfHIDqXnk+ K1/tJYt0ZUZdoDU8Ka03U8ueivfqTtEC1mrpYQCnRbxGxxghMWgUIl0NtrkqONlDK77u pr8EsMISs5APeB3PB7LMaHz1KAOfi5Aj7iFzM+LrkFRKv97asdB+/m7XXPVAO4hdUwZ6 7MGg== X-Gm-Message-State: AOJu0YzpHewyWT6a8yoTEI95e8PuD8OO7TbzbIj51Lo8tjSfPI0AKzHP 5P1E6M0AbmYoz7iCU2ivNlCTT6tiYH/N7EE2PDzRmy6wEYe1v+g5B8wZ0OBTn92UNgD1KNu+CFe KPTo8gw2uuNCVG1kCEY4Vc7NR5tDTprjHKiJB53j437hbOC/XAoJNBBBC2RE= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:1688:b0:65f:5b1d:30dd with SMTP id 006d021491bc7-6611797157dmr3753769eaf.33.1768775084336; Sun, 18 Jan 2026 14:24:44 -0800 (PST) Date: Sun, 18 Jan 2026 14:24:44 -0800 In-Reply-To: <66e96979.050a0220.252d9a.000a.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <696d5dac.a70a0220.34546f.0345.GAE@google.com> Subject: Forwarded: Private message regarding: [syzbot] [mm?] INFO: rcu detected stall in sys_execve (6) From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: Private message regarding: [syzbot] [mm?] INFO: rcu detected stall= in sys_execve (6) Author: kapoorarnav43@gmail.com #syz test From be1f91fc995cb0dc6a78b89a970c69640ad9e629 Mon Sep 17 00:00:00 2001 From: Arnav Kapoor Date: Mon, 19 Jan 2026 03:53:16 +0530 Subject: [PATCH] netfilter: nf_conntrack: add cond_resched() in gc_worker to prevent RCU stalls The gc_worker processes conntrack entries in batches, and for large hash buckets, it can hold RCU read lock for extended periods without yielding, leading to RCU stalls. Add cond_resched() inside the entry processing loop to allow scheduler preemption and RCU grace periods to complete. Reported-by: syzbot+8bb3e2bee8a429cc76dd@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D8bb3e2bee8a429cc76dd --- net/netfilter/nf_conntrack_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/nf_conntrack_core.c=20 b/net/netfilter/nf_conntrack_core.c index d1f8eb725..a3ef8eae7 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1608,6 +1608,7 @@ static void gc_worker(struct work_struct *work) } =20 nf_ct_put(tmp); + cond_resched(); } =20 /* could check get_nulls_value() here and restart if ct --=20 2.43.0 On Monday, 19 January 2026 at 03:51:05 UTC+5:30 syzbot wrote: Hello,=20 syzbot has tested the proposed patch but the reproducer is still triggering=20 an issue:=20 INFO: rcu detected stall in worker_thread=20 rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:=20 rcu: 0-...0: (1 ticks this GP) idle=3D1544/1/0x4000000000000000=20 softirq=3D21116/21116 fqs=3D7=20 rcu: hardirqs softirqs csw/system=20 rcu: number: 0 0 0=20 rcu: cputime: 0 0 0 =3D=3D> 21980(ms)=20 rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6477/1:b..l=20 rcu: (detected by 1, t=3D10502 jiffies, g=3D15529, q=3D2686 ncpus=3D2)=20 Sending NMI from CPU 1 to CPUs 0:=20 NMI backtrace for cpu 0=20 CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0=20 PREEMPT(full)=20 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS=20 Google 10/25/2025=20 Workqueue: events_power_efficient gc_worker=20 RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:23 [inline]=20 RIP: 0010:raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457=20 [inline]=20 RIP: 0010:atomic_read include/linux/atomic/atomic-instrumented.h:33=20 [inline]=20 RIP: 0010:queued_spin_is_locked include/asm-generic/qspinlock.h:57 [inline]=20 RIP: 0010:debug_spin_unlock kernel/locking/spinlock_debug.c:101 [inline]=20 RIP: 0010:do_raw_spin_unlock+0x59/0x240 kernel/locking/spinlock_debug.c:141=20 Code: 84 01 00 00 41 81 3e ad 4e ad de 0f 85 f3 00 00 00 48 89 df be 04 00=20 00 00 e8 53 8a 88 00 48 89 d8 48 c1 e8 03 42 0f b6 04 20 <84> c0 0f 85 74=20 01 00 00 83 3b 00 0f 84 ea 00 00 00 4c 8d 73 10 4d=20 RSP: 0018:ffffc90000007c28 EFLAGS: 00000806=20 RAX: 0000000000000000 RBX: ffff888030b1e2a8 RCX: ffffffff819e93bd=20 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888030b1e2a8=20 RBP: ffff88805a66a150 R08: ffff888030b1e2ab R09: 1ffff11006163c55=20 R10: dffffc0000000000 R11: ffffed1006163c56 R12: dffffc0000000000=20 R13: ffff888030b1e000 R14: ffff888030b1e2ac R15: ffff88805d10fc00=20 FS: 0000000000000000(0000) GS:ffff888125e1e000(0000) knlGS:0000000000000000=20 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033=20 CR2: 00007ffdb6036498 CR3: 000000000dd3a000 CR4: 00000000003526f0=20 Call Trace:=20 =20 __raw_spin_unlock include/linux/spinlock_api_smp.h:142 [inline]=20 _raw_spin_unlock+0x1e/0x50 kernel/locking/spinlock.c:186=20 spin_unlock include/linux/spinlock.h:391 [inline]=20 advance_sched+0x99f/0xc90 net/sched/sch_taprio.c:987=20 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]=20 __hrtimer_run_queues+0x51c/0xc30 kernel/time/hrtimer.c:1841=20 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1903=20 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]=20 __sysvec_apic_timer_interrupt+0x102/0x3e0 arch/x86/kernel/apic/apic.c:1062=20 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]=20 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1056=20 =20 =20 asm_sysvec_apic_timer_interrupt+0x1a/0x20=20 arch/x86/include/asm/idtentry.h:697=20 RIP: 0010:seqcount_lockdep_reader_access+0xed/0x100=20 include/linux/seqlock.h:75=20 Code: 00 75 11 e8 05 82 3e f8 4d 85 f6 75 16 e8 fb 81 3e f8 eb 15 e8 f4 81=20 3e f8 e8 5f 7a d7 01 4d 85 f6 74 ea e8 e5 81 3e f8 fb 5b <41> 5e e9 4c 59=20 da 01 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90=20 RSP: 0018:ffffc900000e7910 EFLAGS: 00000293=20 RAX: ffffffff898276cb RBX: 0000000000000001 RCX: ffff88801c2c8000=20 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000=20 RBP: ffffc900000e7a70 R08: ffffffff8f822e77 R09: 1ffffffff1f045ce=20 R10: dffffc0000000000 R11: fffffbfff1f045cf R12: ffff8880b863a080=20 R13: ffff88801be91418 R14: 0000000000000200 R15: 0000000000040000=20 nf_conntrack_get_ht include/net/netfilter/nf_conntrack.h:342 [inline]=20 gc_worker+0x308/0x1380 net/netfilter/nf_conntrack_core.c:1548=20 process_one_work kernel/workqueue.c:3257 [inline]=20 process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340=20 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421=20 kthread+0x711/0x8a0 kernel/kthread.c:463=20 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158=20 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246=20 =20 task:dhcpcd-run-hook state:R running task stack:27640 pid:6477 tgid:6477=20 ppid:6464 task_flags:0x40004c flags:0x00080000=20 Call Trace:=20 =20 context_switch kernel/sched/core.c:5256 [inline]=20 __schedule+0x149b/0x4fd0 kernel/sched/core.c:6863=20 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7190=20 irqentry_exit+0x5e3/0x670 kernel/entry/common.c:216=20 asm_sysvec_apic_timer_interrupt+0x1a/0x20=20 arch/x86/include/asm/idtentry.h:697=20 RIP: 0010:lock_acquire+0x222/0x340 kernel/locking/lockdep.c:5872=20 Code: ff ff ff e8 70 00 bc 09 f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65=20 48 8b 05 5a 2f e2 10 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d=20 41 5e 41 5f 5d e9 3f df be 09 cc 48 8d 3d 97 82 e7=20 RSP: 0018:ffffc900031073f8 EFLAGS: 00000282=20 RAX: 8aa7093569192b00 RBX: 0000000000000000 RCX: 0000000000000046=20 RDX: 00000000bfbdb79f RSI: ffffffff8d9774de RDI: ffffffff8bc086e0=20 RBP: ffffffff8173fdd5 R08: ffffffff8173fdd5 R09: ffffffff8df41aa0=20 R10: ffffc90003107558 R11: ffffffff81acf4d0 R12: 0000000000000002=20 R13: ffffffff8df41aa0 R14: 0000000000000000 R15: 0000000000000246=20 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]=20 rcu_read_lock include/linux/rcupdate.h:867 [inline]=20 class_rcu_constructor include/linux/rcupdate.h:1195 [inline]=20 unwind_next_frame+0xc2/0x23d0 arch/x86/kernel/unwind_orc.c:495=20 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25=20 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122=20 kasan_save_stack mm/kasan/common.c:57 [inline]=20 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78=20 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584=20 poison_slab_object mm/kasan/common.c:253 [inline]=20 __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285=20 kasan_slab_free include/linux/kasan.h:235 [inline]=20 slab_free_hook mm/slub.c:2540 [inline]=20 slab_free mm/slub.c:6670 [inline]=20 kmem_cache_free+0x197/0x620 mm/slub.c:6781=20 anon_vma_chain_free mm/rmap.c:146 [inline]=20 unlink_anon_vmas+0x2cc/0x670 mm/rmap.c:420=20 free_pgtables+0x57f/0x9d0 mm/memory.c:399=20 exit_mmap+0x431/0xb10 mm/mmap.c:1288=20 __mmput+0x118/0x430 kernel/fork.c:1173=20 exit_mm+0x169/0x230 kernel/exit.c:581=20 do_exit+0x627/0x22f0 kernel/exit.c:959=20 do_group_exit+0x21c/0x2d0 kernel/exit.c:1112=20 __do_sys_exit_group kernel/exit.c:1123 [inline]=20 __se_sys_exit_group kernel/exit.c:1121 [inline]=20 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121=20 x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232=20 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]=20 do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94=20 entry_SYSCALL_64_after_hwframe+0x77/0x7f=20 RIP: 0033:0x7fe808c126c5=20 RSP: 002b:00007ffdb60363a8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7=20 RAX: ffffffffffffffda RBX: 00007ffdb6036604 RCX: 00007fe808c126c5=20 RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000=20 RBP: 0000000000000003 R08: 00007ffdb60364a0 R09: 0000000000000002=20 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000=20 R13: 00007ffdb60366e0 R14: 00007fe808e22000 R15: 000055f28d607d98=20 =20 rcu: rcu_preempt kthread starved for 2154 jiffies! g15529 f0x0=20 RCU_GP_WAIT_FQS(5) ->state=3D0x0 ->cpu=3D1=20 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now=20 expected behavior.=20 rcu: RCU grace-period kthread stack dump:=20 task:rcu_preempt state:R running task stack:27480 pid:16 tgid:16 ppid:2=20 task_flags:0x208040 flags:0x00080000=20 Call Trace:=20 =20 context_switch kernel/sched/core.c:5256 [inline]=20 __schedule+0x149b/0x4fd0 kernel/sched/core.c:6863=20 __schedule_loop kernel/sched/core.c:6945 [inline]=20 schedule+0x165/0x360 kernel/sched/core.c:6960=20 schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99=20 rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083=20 rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285=20 kthread+0x711/0x8a0 kernel/kthread.c:463=20 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158=20 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246=20 =20 rcu: Stack dump where RCU GP kthread last ran:=20 CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0=20 PREEMPT(full)=20 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS=20 Google 10/25/2025=20 Workqueue: writeback wb_workfn (flush-8:0)=20 RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline]=20 RIP: 0010:smp_call_function_many_cond+0xcc5/0x1260 kernel/smp.c:877=20 Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 d4 97 0b 00 41 83 e5 01 49 bd=20 00 00 00 00 00 fc ff df 75 07 e8 7f 93 0b 00 eb 38 f3 90 <42> 0f b6 04 2b=20 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 63 93=20 RSP: 0018:ffffc90000126540 EFLAGS: 00000293=20 RAX: ffffffff81b5654d RBX: 1ffff110170c856d RCX: ffff88801c2f0000=20 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000=20 RBP: ffffc90000126670 R08: ffff888076e16d87 R09: 1ffff1100edc2db0=20 R10: dffffc0000000000 R11: ffffffff8175f0c0 R12: ffff8880b8642b68=20 R13: dffffc0000000000 R14: ffff8880b873bb00 R15: 0000000000000000=20 FS: 0000000000000000(0000) GS:ffff888125f1e000(0000) knlGS:0000000000000000=20 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033=20 CR2: 00007f8357b4de9c CR3: 0000000075acc000 CR4: 00000000003526f0=20 Call Trace:=20 =20 on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1043=20 __flush_tlb_multi arch/x86/include/asm/paravirt.h:91 [inline]=20 flush_tlb_multi arch/x86/mm/tlb.c:1382 [inline]=20 flush_tlb_mm_range+0x60a/0x1170 arch/x86/mm/tlb.c:1472=20 flush_tlb_page arch/x86/include/asm/tlbflush.h:324 [inline]=20 ptep_clear_flush+0x120/0x170 mm/pgtable-generic.c:103=20 page_vma_mkclean_one+0x401/0x790 mm/rmap.c:1017=20 page_mkclean_one+0x1c0/0x280 mm/rmap.c:1065=20 __rmap_walk_file+0x467/0x620 mm/rmap.c:2927=20 rmap_walk mm/rmap.c:2971 [inline]=20 folio_mkclean+0x297/0x390 mm/rmap.c:1097=20 folio_clear_dirty_for_io+0x1a5/0x710 mm/page-writeback.c:2932=20 mpage_submit_folio+0x86/0x2b0 fs/ext4/inode.c:2068=20 mpage_map_and_submit_buffers fs/ext4/inode.c:2330 [inline]=20 mpage_map_and_submit_extent fs/ext4/inode.c:2520 [inline]=20 ext4_do_writepages+0x1fe9/0x4500 fs/ext4/inode.c:2932=20 ext4_writepages+0x203/0x350 fs/ext4/inode.c:3026=20 do_writepages+0x32e/0x550 mm/page-writeback.c:2598=20 __writeback_single_inode+0x133/0x1240 fs/fs-writeback.c:1737=20 writeback_sb_inodes+0x93a/0x1870 fs/fs-writeback.c:2030=20 __writeback_inodes_wb+0x111/0x240 fs/fs-writeback.c:2107=20 wb_writeback+0x43f/0xaa0 fs/fs-writeback.c:2218=20 wb_check_old_data_flush fs/fs-writeback.c:2322 [inline]=20 wb_do_writeback fs/fs-writeback.c:2375 [inline]=20 wb_workfn+0xad2/0xed0 fs/fs-writeback.c:2403=20 process_one_work kernel/workqueue.c:3257 [inline]=20 process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340=20 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421=20 kthread+0x711/0x8a0 kernel/kthread.c:463=20 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158=20 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246=20 =20 Tested on:=20 commit: f40ddcc0 Revert "nfc/nci: Add the inconsistency check ..=20 git tree: net=20 console output: https://syzkaller.appspot.com/x/log.txt?x=3D105ff522580000=20 kernel config: https://syzkaller.appspot.com/x/.config?x=3D323fe5bdde2384a5=20 dashboard link: https://syzkaller.appspot.com/bug?extid=3D8bb3e2bee8a429cc7= 6dd=20 compiler: Debian clang version 20.1.8=20 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD=20 20.1.8=20 patch: https://syzkaller.appspot.com/x/patch.diff?x=3D1077f522580000