From nobody Sat Feb 7 15:09:50 2026 Received: from mail-oo1-f72.google.com (mail-oo1-f72.google.com [209.85.161.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F44E30E0FD for ; Sun, 18 Jan 2026 22:53:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.72 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768776825; cv=none; b=H3fwmC5tEu34zfj4ZUg9WajTqFe7Z1129tbApEtIgCpM4IKB69mZfwdNkQF6OEKju68lBSUx3STcK3XItV9Lxhqm2rYgCazo9HBQXZzse8Mtq8qfq0Ln1JoCb0eULai97MmG6MaU2cLM4ueAJvRYWytSMOyihcjlA5j0OShzZIs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768776825; c=relaxed/simple; bh=ztlqaQlCpf/FmcgHCR+ufIgd8G43UQSFpMXIaFyPOnE=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=Fb9cF1g7G9j3JNNP7DMbBwbmgsL87TGljxERPJgmyLHyEN9m5T2osCd/nSvj8NUQpqSbd3IA3Oe/9W0bUWb2XLaq2XGeUME3gRqETHbSyczCtgfSExxlUCuB92N82TGhvyzHuAoDjCsEHWZX/dIY8MovCrsSFU+6pIa1PxW9HCg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.161.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-oo1-f72.google.com with SMTP id 006d021491bc7-66111b1efc2so8940632eaf.2 for ; Sun, 18 Jan 2026 14:53:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768776823; x=1769381623; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1CgXM4179OgA1hLZNnORjjik0XvZljAq5e6tPYbLwHQ=; b=kPY3SrfgI5mj3w1dN3mx8WeyxJYiwFvvVm4w8VL8QWsKGUqi7ePtyUBUKcY3vCa0Cq dVfSiRoYIOQVVHAIKLrIVEbeeg6GtUr+eqwHJfcp912CLwXSngxmwaGIMc7FqToC7+uQ 2GD+ZjsMEQIyTSO4bMjwE5SSkfJBIDjJm/hXzNR5Nl9YEbaPUSBSUC0dBEgf5/fz4aEL 51m9vsNwtUPgs+MlBdmidugFblOIoXwRcSFgsbP5OXwrnvvPw+Ily45nBTry1S4R2kdM COnHJ3cw8VRF1wPKvQ0HFT2xQCih4o/x4546bnO6pcvdfPAxM0h/KERrdeGtyx3b7sKR VMlg== X-Gm-Message-State: AOJu0YxJZx6flkr5YG2QuAi1RXtwjSBvO8tne8Q4Hx6nVCRsa6/HuwGH HulUwvba59Bi1ab0R7RHtC5RNrzRR15Rly5ITSLhBd7VjpiWws4Z1WBsJOewVX8MtSNiBnXAOXE Mcusagk31hc2EhbwuJrc1cDv6jM/m1H9a1ZPXVKTDePubtqxu9igwMiWmwy0= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:2002:b0:65d:1bf8:bb74 with SMTP id 006d021491bc7-661179f713emr4281043eaf.61.1768776823380; Sun, 18 Jan 2026 14:53:43 -0800 (PST) Date: Sun, 18 Jan 2026 14:53:43 -0800 In-Reply-To: <66e96979.050a0220.252d9a.000a.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <696d6477.a70a0220.34546f.0352.GAE@google.com> Subject: Forwarded: Private message regarding: [syzbot] [mm?] INFO: rcu detected stall in sys_execve (6) From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: Private message regarding: [syzbot] [mm?] INFO: rcu detected stall= in sys_execve (6) Author: kapoorarnav43@gmail.com #syz test From 533b3d1bb14517adf13a2a99aedb60ecf9fb8402 Mon Sep 17 00:00:00 2001 From: Arnav Kapoor Date: Mon, 19 Jan 2026 04:22:49 +0530 Subject: [PATCH] netfilter: nf_conntrack: limit buckets processed per gc_worker call The gc_worker may process many hash buckets in a single call, leading to long execution times and workqueue lockups. Limit the number of buckets processed per call to 10 to ensure timely completion and rescheduling. This complements the existing time-based limit and cond_resched() calls to prevent stalls. Reported-by: syzbot+8bb3e2bee8a429cc76dd@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D8bb3e2bee8a429cc76dd --- net/netfilter/nf_conntrack_core.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/netfilter/nf_conntrack_core.c=20 b/net/netfilter/nf_conntrack_core.c index a3ef8eae7..8a2cdd172 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1517,6 +1517,7 @@ static void gc_worker(struct work_struct *work) struct conntrack_gc_work *gc_work; unsigned int expired_count =3D 0; unsigned long next_run; + unsigned int bucket_count =3D 0; s32 delta_time; long count; =20 @@ -1617,6 +1618,7 @@ static void gc_worker(struct work_struct *work) */ rcu_read_unlock(); cond_resched(); + bucket_count++; i++; =20 delta_time =3D nfct_time_stamp - end_time; @@ -1626,6 +1628,10 @@ static void gc_worker(struct work_struct *work) gc_work->next_bucket =3D i; next_run =3D 0; goto early_exit; + if (bucket_count > 10) { + gc_work->next_bucket =3D i; + goto early_exit; + } } } while (i < hashsz); =20 --=20 2.43.0 On Monday, 19 January 2026 at 04:19:03 UTC+5:30 syzbot wrote: Hello,=20 syzbot has tested the proposed patch but the reproducer is still triggering=20 an issue:=20 BUG: workqueue lockup=20 BUG: workqueue lockup - pool cpus=3D1 node=3D0 flags=3D0x0 nice=3D-20 stuck= for=20 141s!=20 Showing busy workqueues and worker pools:=20 workqueue events: flags=3D0x100=20 pwq 2: cpus=3D0 node=3D0 flags=3D0x0 nice=3D0 active=3D6 refcnt=3D7=20 pending: 3*nsim_dev_hwstats_traffic_work, psi_avgs_work, vmstat_shepherd,=20 ovs_dp_masks_rebalance=20 pwq 6: cpus=3D1 node=3D0 flags=3D0x2 nice=3D0 active=3D4 refcnt=3D5=20 in-flight: 5940:nsim_fib_event_work nsim_fib_event_work=20 ,39:nsim_fib_event_work nsim_fib_event_work=20 workqueue events_long: flags=3D0x100=20 pwq 2: cpus=3D0 node=3D0 flags=3D0x0 nice=3D0 active=3D4 refcnt=3D5=20 pending: 4*defense_work_handler=20 workqueue events_unbound: flags=3D0x2=20 pwq 8: cpus=3D0-1 flags=3D0x6 nice=3D0 active=3D2 refcnt=3D3=20 in-flight: 3887:toggle_allocation_gate=20 pending: flush_memcg_stats_dwork=20 workqueue events_unbound: flags=3D0x2=20 pwq 8: cpus=3D0-1 flags=3D0x6 nice=3D0 active=3D8 refcnt=3D9=20 in-flight: 60:cfg80211_wiphy_work ,3910:nsim_dev_trap_report_work=20 ,1136:nsim_dev_trap_report_work ,4325:nsim_dev_trap_report_work=20 ,3517:cfg80211_wiphy_work ,1101:nsim_dev_trap_report_work ,3469:crng_reseed=20 pending: nsim_dev_trap_report_work=20 workqueue events_freezable: flags=3D0x104=20 pwq 2: cpus=3D0 node=3D0 flags=3D0x0 nice=3D0 active=3D1 refcnt=3D2=20 pending: update_balloon_stats_func=20 workqueue events_power_efficient: flags=3D0x180=20 pwq 2: cpus=3D0 node=3D0 flags=3D0x0 nice=3D0 active=3D8 refcnt=3D9=20 in-flight: 794:reg_check_chans_work=20 pending: neigh_managed_work, neigh_periodic_work, 2*check_lifetime,=20 do_cache_clean, 2*check_lifetime=20 pwq 6: cpus=3D1 node=3D0 flags=3D0x2 nice=3D0 active=3D2 refcnt=3D3=20 in-flight: 5865:neigh_periodic_work ,24:gc_worker=20 workqueue kvfree_rcu_reclaim: flags=3D0xa=20 pwq 8: cpus=3D0-1 flags=3D0x6 nice=3D0 active=3D2 refcnt=3D3=20 in-flight: 1013:kfree_rcu_monitor=20 pending: kfree_rcu_monitor=20 pwq 8: cpus=3D0-1 flags=3D0x6 nice=3D0 active=3D1 refcnt=3D2=20 in-flight: 1141:kfree_rcu_monitor=20 workqueue mm_percpu_wq: flags=3D0x8=20 pwq 2: cpus=3D0 node=3D0 flags=3D0x0 nice=3D0 active=3D1 refcnt=3D2=20 pending: vmstat_update=20 workqueue writeback: flags=3D0x4a=20 pwq 8: cpus=3D0-1 flags=3D0x6 nice=3D0 active=3D1 refcnt=3D2=20 in-flight: 4346:wb_workfn=20 workqueue kblockd: flags=3D0x18=20 pwq 3: cpus=3D0 node=3D0 flags=3D0x0 nice=3D-20 active=3D1 refcnt=3D2=20 pending: blk_mq_run_work_fn=20 pwq 7: cpus=3D1 node=3D0 flags=3D0x0 nice=3D-20 active=3D2 refcnt=3D3=20 pending: blk_mq_timeout_work, blk_mq_requeue_work=20 workqueue ipv6_addrconf: flags=3D0x6000a=20 pwq 8: cpus=3D0-1 flags=3D0x6 nice=3D0 active=3D1 refcnt=3D231=20 in-flight: 340:addrconf_dad_work=20 inactive: 221*addrconf_dad_work, addrconf_verify_work, addrconf_dad_work,=20 4*addrconf_verify_work=20 workqueue krxrpcd: flags=3D0x2001a=20 pwq 9: cpus=3D0-1 node=3D0 flags=3D0x4 nice=3D-20 active=3D1 refcnt=3D9=20 pending: rxrpc_peer_keepalive_worker=20 inactive: 5*rxrpc_peer_keepalive_worker=20 workqueue bat_events: flags=3D0x6000a=20 pwq 8: cpus=3D0-1 flags=3D0x6 nice=3D0 active=3D1 refcnt=3D40=20 pending: batadv_mcast_mla_update=20 inactive: 4*batadv_mcast_mla_update,=20 7*batadv_iv_send_outstanding_bat_ogm_packet, 5*batadv_purge_orig,=20 5*batadv_iv_send_outstanding_bat_ogm_packet, 5*batadv_tt_purge,=20 batadv_dat_purge, 2*batadv_bla_periodic_work, batadv_dat_purge,=20 batadv_bla_periodic_work, batadv_dat_purge, batadv_bla_periodic_work,=20 batadv_dat_purge, batadv_bla_periodic_work, batadv_dat_purge=20 workqueue hci0: flags=3D0x20012=20 pwq 9: cpus=3D0-1 node=3D0 flags=3D0x4 nice=3D-20 active=3D1 refcnt=3D4=20 pending: hci_conn_timeout=20 workqueue hci2: flags=3D0x20012=20 pwq 9: cpus=3D0-1 node=3D0 flags=3D0x4 nice=3D-20 active=3D1 refcnt=3D4=20 pending: hci_conn_timeout=20 workqueue wg-kex-wg0: flags=3D0x124=20 pwq 6: cpus=3D1 node=3D0 flags=3D0x2 nice=3D0 active=3D1 refcnt=3D2=20 pending: wg_packet_handshake_receive_worker=20 workqueue wg-kex-wg0: flags=3D0x6=20 pwq 8: cpus=3D0-1 flags=3D0x6 nice=3D0 active=3D1 refcnt=3D2=20 pending: wg_packet_handshake_send_worker=20 workqueue wg-crypt-wg0: flags=3D0x128=20 pwq 6: cpus=3D1 node=3D0 flags=3D0x2 nice=3D0 active=3D1 refcnt=3D2=20 pending: wg_packet_encrypt_worker=20 workqueue wg-crypt-wg1: flags=3D0x128=20 pwq 2: cpus=3D0 node=3D0 flags=3D0x0 nice=3D0 active=3D1 refcnt=3D2=20 in-flight: 9:wg_packet_tx_worker=20 workqueue wg-kex-wg2: flags=3D0x6=20 pwq 8: cpus=3D0-1 flags=3D0x6 nice=3D0 active=3D1 refcnt=3D2=20 pending: wg_packet_handshake_send_worker=20 workqueue wg-crypt-wg2: flags=3D0x128=20 pwq 2: cpus=3D0 node=3D0 flags=3D0x0 nice=3D0 active=3D2 refcnt=3D3=20 in-flight: 5963:wg_packet_tx_worker=20 pending: wg_packet_encrypt_worker=20 pwq 6: cpus=3D1 node=3D0 flags=3D0x2 nice=3D0 active=3D5 refcnt=3D6=20 in-flight: 6465:wg_packet_encrypt_worker wg_packet_encrypt_worker=20 ,5964:wg_packet_tx_worker wg_packet_tx_worker=20 pending: wg_packet_decrypt_worker=20 workqueue wg-kex-wg0: flags=3D0x6=20 pwq 8: cpus=3D0-1 flags=3D0x6 nice=3D0 active=3D3 refcnt=3D4=20 in-flight: 1045:wg_packet_handshake_send_worker=20 ,13:wg_packet_handshake_send_worker wg_packet_handshake_send_worker=20 workqueue wg-crypt-wg1: flags=3D0x128=20 pwq 6: cpus=3D1 node=3D0 flags=3D0x2 nice=3D0 active=3D2 refcnt=3D3=20 pending: wg_packet_tx_worker, wg_packet_encrypt_worker=20 pool 2: cpus=3D0 node=3D0 flags=3D0x0 nice=3D0 hung=3D64s workers=3D6 idle:= 5889 5941=20 10=20 pool 6: cpus=3D1 node=3D0 flags=3D0x2 nice=3D0 hung=3D65s workers=3D7 manag= er: 128=20 pool 8: cpus=3D0-1 flags=3D0x6 nice=3D0 hung=3D65s workers=3D18 manager: 36= idle: 12=20 1341 50=20 Showing backtraces of running workers in stalled CPU-bound worker pools:=20 Tested on:=20 commit: f40ddcc0 Revert "nfc/nci: Add the inconsistency check ..=20 git tree: net=20 console output: https://syzkaller.appspot.com/x/log.txt?x=3D15a7db9a580000=20 kernel config: https://syzkaller.appspot.com/x/.config?x=3D323fe5bdde2384a5=20 dashboard link: https://syzkaller.appspot.com/bug?extid=3D8bb3e2bee8a429cc7= 6dd=20 compiler: Debian clang version 20.1.8=20 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD=20 20.1.8=20 patch: https://syzkaller.appspot.com/x/patch.diff?x=3D143ff522580000