From nobody Sat Feb  7 13:41:38 2026
Received: from mail-oo1-f69.google.com (mail-oo1-f69.google.com
 [209.85.161.69])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 409033191C0
	for <linux-kernel@vger.kernel.org>; Sun, 18 Jan 2026 23:19:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.161.69
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1768778359; cv=none;
 b=nu9VIeV1yVORqbuQgfkhZbOUdbOHopRL0CEtnTSqWaDC/wme4Xj8VWeV9JuBAfvIf9FQ+i4vkW1EYic2RgaDZfwDFCdaKCqOpKE0bJlyCPTM3IXckNpmKNHt5cze0KURojidQq817SByeMW6Zgj/53/ktC1k5WuVOlycfm8WERY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1768778359; c=relaxed/simple;
	bh=1advkwcBlVFZuvHTI0GT+G56u4dQnR4SctYVhcq01hE=;
	h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To:
	 Content-Type;
 b=lam+5GXxTECUJ2Ut/Ar5rVGMIbNa9Dp3ag+THnA9K+hyMjiClB+VxQ1plj3qm1A1XG1ot980D6Q6E5ll1um+9yJpko7C0ykx8aXZ6uhB7Z5HBcdjq2Q+qk4RROx4lH70O/JR7zCjWjnEiXdxc+sm4fzfBf4Kdigs6EefjZ8xVa4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com;
 spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com;
 arc=none smtp.client-ip=209.85.161.69
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com
Received: by mail-oo1-f69.google.com with SMTP id
 006d021491bc7-661094d05b7so6618875eaf.1
        for <linux-kernel@vger.kernel.org>;
 Sun, 18 Jan 2026 15:19:18 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768778357; x=1769383157;
        h=to:from:subject:message-id:in-reply-to:date:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Oxg8RdWWVCOa5rSXr/8eib6uzwjLJt+j6cyZehitW9I=;
        b=cIYtJyScezUnnWDp8Ymb4vpU/bPNlu0wdy0dpeHZ6t2DVDBEQu5aC1GCwjTCRAyX/C
         5IrT+kg1HGrxZde+bBnI1EKSG8cH/LsAno2ZKRQ1jqjI+XThM0cwPmC1aQCrtaVXzxPJ
         O9cLV93QaMx3nJlmfLN6rhpVfU5NW/b7/Rxp3ZtTsyLkJLnaXNIBAyx/EvH3aCI80mvk
         TuBQayHP1nscY7u9kpW4MBj4z3h1gJe+ZlP6R/yF17d/cx8Y1vvIKvf6pZWhIJ7vFbVa
         /na2wTfuh4qhQhDEGobRThKWBIVoya4uhlqashcGFArBtnAfMSanXMAWmGiKCV5PPx81
         E7Vg==
X-Gm-Message-State: AOJu0YyNAAZaPUv7iXD2DFzKVKtIOQxL53NG9A93MbSyxp4nNcDLK2LZ
	pA1Bkpxu8g08bjNIGCI2Cmsa457DPFGIgPiffBEFsam0raxr0fniXygUTKKCn7KxfjNUTovKHdj
	Jc31ekkitV/vgzEu6cwsv0g+uYJaW7Fo/2Qf9mKgUvYdUWraVuBgP1/ed0uY=
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Received: by 2002:a4a:e901:0:b0:65b:29af:b56b with SMTP id
 006d021491bc7-6611891538fmr3613286eaf.34.1768778357300; Sun, 18 Jan 2026
 15:19:17 -0800 (PST)
Date: Sun, 18 Jan 2026 15:19:17 -0800
In-Reply-To: <66e96979.050a0220.252d9a.000a.GAE@google.com>
X-Google-Appengine-App-Id: s~syzkaller
X-Google-Appengine-App-Id-Alias: syzkaller
Message-ID: <696d6a75.a70a0220.34546f.035b.GAE@google.com>
Subject: Forwarded: Private message regarding: [syzbot] [mm?] INFO: rcu
 detected stall in sys_execve (6)
From: syzbot <syzbot+8bb3e2bee8a429cc76dd@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Private message regarding: [syzbot] [mm?] INFO: rcu detected stall=
 in sys_execve (6)
Author: kapoorarnav43@gmail.com

#syz test

From e0dd0088f4b871d8c44d5b9ba17dd9eba1f770a0 Mon Sep 17 00:00:00 2001
From: Arnav Kapoor <kapoorarnav43@gmail.com>
Date: Mon, 19 Jan 2026 04:48:19 +0530
Subject: [PATCH] netfilter: nf_conntrack: add entry limit and cond_resched=20
in
 gc_worker

Further limit the gc_worker to process at most 100 entries per bucket
and add cond_resched() at the start of each entry processing to ensure
frequent yielding and prevent RCU stalls.

Reported-by: syzbot+8bb3e2bee8a429cc76dd@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3D8bb3e2bee8a429cc76dd
---
 net/netfilter/nf_conntrack_core.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/netfilter/nf_conntrack_core.c=20
b/net/netfilter/nf_conntrack_core.c
index 8a2cdd172..ff901a2b4 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1552,13 +1552,17 @@ static void gc_worker(struct work_struct *work)
                        break;
                }
=20
+                int entry_count =3D 0;
                hlist_nulls_for_each_entry_rcu(h, n, &ct_hash[i], hnnode) {
                        struct nf_conntrack_net *cnet;
                        struct net *net;
                        long expires;
=20
                        tmp =3D nf_ct_tuplehash_to_ctrack(h);
+                        entry_count++;
=20
+                        if (entry_count > 100) break;
+                        cond_resched();
                        if (expired_count > GC_SCAN_EXPIRED_MAX) {
                                rcu_read_unlock();
=20
--=20
2.43.0

On Monday, 19 January 2026 at 04:46:07 UTC+5:30 syzbot wrote:

Hello,=20

syzbot has tested the proposed patch but the reproducer is still triggering=20
an issue:=20
INFO: rcu detected stall in corrupted=20

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:=20
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6251/3:b..l=20
rcu: (detected by 0, t=3D10502 jiffies, g=3D16273, q=3D1513 ncpus=3D2)=20
task:udevd state:R running task stack:25432 pid:6251 tgid:6251 ppid:5199=20
task_flags:0x400140 flags:0x00080000=20
Call Trace:=20
<TASK>=20
context_switch kernel/sched/core.c:5256 [inline]=20
__schedule+0x149b/0x4fd0 kernel/sched/core.c:6863=20
preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7047=20
preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12=20
__raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]=20
_raw_spin_unlock+0x3f/0x50 kernel/locking/spinlock.c:186=20
spin_unlock include/linux/spinlock.h:391 [inline]=20
filemap_map_pages+0x192d/0x1fd0 mm/filemap.c:3931=20
do_fault_around mm/memory.c:5713 [inline]=20
do_read_fault mm/memory.c:5746 [inline]=20
do_fault mm/memory.c:5889 [inline]=20
do_pte_missing+0x20b0/0x3330 mm/memory.c:4401=20
handle_pte_fault mm/memory.c:6273 [inline]=20
__handle_mm_fault mm/memory.c:6411 [inline]=20
handle_mm_fault+0x1b26/0x32b0 mm/memory.c:6580=20
do_user_addr_fault+0xa7c/0x1380 arch/x86/mm/fault.c:1336=20
handle_page_fault arch/x86/mm/fault.c:1476 [inline]=20
exc_page_fault+0x71/0xd0 arch/x86/mm/fault.c:1532=20
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618=20
RIP: 0033:0x7fdbcbf6be80=20
RSP: 002b:00007ffc0ad89938 EFLAGS: 00010246=20
RAX: 0000000000000006 RBX: 00005588ef53c568 RCX: 0000000000000019=20
RDX: 0000000000000191 RSI: 00007fdbcb9f1ca0 RDI: 00005589070c4e70=20
RBP: 00005589070a7910 R08: 0000000002000000 R09: 0000000000000003=20
R10: 0000000000000000 R11: 0000000000000297 R12: 00005588ef53c588=20
R13: 00007ffc0ad899b0 R14: 0000000000000000 R15: 0000000000000000=20
</TASK>=20
rcu: rcu_preempt kthread starved for 7525 jiffies! g16273 f0x0=20
RCU_GP_WAIT_FQS(5) ->state=3D0x0 ->cpu=3D0=20
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now=20
expected behavior.=20
rcu: RCU grace-period kthread stack dump:=20
task:rcu_preempt state:R running task stack:28008 pid:16 tgid:16 ppid:2=20
task_flags:0x208040 flags:0x00080000=20
Call Trace:=20
<TASK>=20
context_switch kernel/sched/core.c:5256 [inline]=20
__schedule+0x149b/0x4fd0 kernel/sched/core.c:6863=20
__schedule_loop kernel/sched/core.c:6945 [inline]=20
schedule+0x165/0x360 kernel/sched/core.c:6960=20
schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99=20
rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083=20
rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285=20
kthread+0x711/0x8a0 kernel/kthread.c:463=20
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158=20
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246=20
</TASK>=20
rcu: Stack dump where RCU GP kthread last ran:=20
CPU: 0 UID: 0 PID: 6318 Comm: udevd Not tainted syzkaller #0 PREEMPT(full)=20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS=20
Google 10/25/2025=20
RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline]=20
RIP: 0010:smp_call_function_many_cond+0xcce/0x1260 kernel/smp.c:877=20
Code: 01 31 ff e8 d4 97 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75=20
07 e8 7f 93 0b 00 eb 38 f3 90 42 0f b6 04 2b 84 c0 75 11 <41> f7 04 24 01=20
00 00 00 74 1e e8 63 93 0b 00 eb e4 44 89 e1 80 e1=20
RSP: 0000:ffffc90003d0f820 EFLAGS: 00000246=20
RAX: 0000000000000000 RBX: 1ffff110170e8129 RCX: ffff888026fc3d00=20
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000=20
RBP: ffffc90003d0f950 R08: ffffffff8f822e77 R09: 1ffffffff1f045ce=20
R10: dffffc0000000000 R11: fffffbfff1f045cf R12: ffff8880b8740948=20
R13: dffffc0000000000 R14: ffff8880b863bb00 R15: 0000000000000001=20
FS: 00007fdbcbf47880(0000) GS:ffff888125e1e000(0000) knlGS:0000000000000000=20
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033=20
CR2: 00005589070d6f28 CR3: 0000000076b96000 CR4: 00000000003526f0=20
Call Trace:=20
<TASK>=20
on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1043=20
__flush_tlb_multi arch/x86/include/asm/paravirt.h:91 [inline]=20
flush_tlb_multi arch/x86/mm/tlb.c:1382 [inline]=20
flush_tlb_mm_range+0x60a/0x1170 arch/x86/mm/tlb.c:1472=20
flush_tlb_page arch/x86/include/asm/tlbflush.h:324 [inline]=20
ptep_clear_flush+0x120/0x170 mm/pgtable-generic.c:103=20
wp_page_copy mm/memory.c:3785 [inline]=20
do_wp_page+0x1bb1/0x5810 mm/memory.c:4180=20
handle_pte_fault mm/memory.c:6289 [inline]=20
__handle_mm_fault mm/memory.c:6411 [inline]=20
handle_mm_fault+0x14c5/0x32b0 mm/memory.c:6580=20
do_user_addr_fault+0xa7c/0x1380 arch/x86/mm/fault.c:1336=20
handle_page_fault arch/x86/mm/fault.c:1476 [inline]=20
exc_page_fault+0x71/0xd0 arch/x86/mm/fault.c:1532=20
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618=20
RIP: 0033:0x7fdbcb8b5b69=20
Code: 10 48 81 f9 ff 03 00 00 76 28 48 8b 57 20 48 85 d2 74 1f 48 3b 7a 28=20
75 76 48 8b 4f 28 48 3b 79 20 75 6c 48 83 78 20 00 74 17 <48> 89 4a 28 48=20
89 51 20 48 83 c4 08 c3 66 2e 0f 1f 84 00 00 00 00=20
RSP: 002b:00007ffc0ad89870 EFLAGS: 00010202=20
RAX: 00007fdbcb9f2070 RBX: 00000000000009b0 RCX: 00005589070d6f00=20
RDX: 00005589070d6f00 RSI: 00007fdbcb9f2070 RDI: 00005589070d6f00=20
RBP: 00007fdbcb9f1ac0 R08: 00000000000009b0 R09: 0000000000000000=20
R10: 0000000000000000 R11: 0000000000000202 R12: 00005589070d47a0=20
R13: 00007fdbcb9f1ac0 R14: 00000000000009b0 R15: 00007fdbcb9f1ac0=20
</TASK>=20


Tested on:=20

commit: f40ddcc0 Revert "nfc/nci: Add the inconsistency check ..=20
git tree: net=20
console output: https://syzkaller.appspot.com/x/log.txt?x=3D160153fa580000=20
kernel config: https://syzkaller.appspot.com/x/.config?x=3D323fe5bdde2384a5=20
dashboard link: https://syzkaller.appspot.com/bug?extid=3D8bb3e2bee8a429cc7=
6dd=20
compiler: Debian clang version 20.1.8=20
(++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD=20
20.1.8=20
patch: https://syzkaller.appspot.com/x/patch.diff?x=3D118fa852580000