From nobody Sat Feb 7 15:09:46 2026 Received: from mail-oo1-f71.google.com (mail-oo1-f71.google.com [209.85.161.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 30781500978 for ; Mon, 19 Jan 2026 00:02:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.71 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768780928; cv=none; b=CJ4UMFnptzd/edRh87+kvoWa8xJfUUshdayt/lKuW626gflaI7zDgs0ISZ105wtTz6G7WqYqOo6dDJaOsMSbrm3CWQhVHqo6xGtKxu3kkI/jAvX/4lUZXkgfsOUrH9P1U+0Ty0sN6gl2uosDVLMf6be5LWwPozb5xuokCBUIDMY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768780928; c=relaxed/simple; bh=dJ1k08j81+gDYkBosQJ5AXXp8LGMlqoBGGC/umzUPJo=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=r6sKIETxrGvj7RheRyW8TTgZGjR1SnyWtfHhMQuM/5eEgcfZYC2+M4Tpe10nomMX17zn21SKZMzpwDRt2zyPuHPUj8QyBDgKyHikG5orbWQHtvVw+jOXxOkBd9Vqx7OR03ezwMf7JTAm7xrE7NSd9X6aXDuDThJqjntzzc+92bA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.161.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-oo1-f71.google.com with SMTP id 006d021491bc7-6611157a99dso9296043eaf.0 for ; Sun, 18 Jan 2026 16:02:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768780926; x=1769385726; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cNMh6fKaLuYtHW/T+gv3+uqX2nuse/azn0mMJwS8szo=; b=jWbxUbeyrW3G19BXaTrADo/IxxAeToM8A2zMWYfUEAuJWJ5ix9F7KIpNT1TuDIyc3U xJ1klzT9eFU7fw0I5FvTWSACKff8y6SWZXndBpyKrFlrHN80E7Zgdm/lPZmPbQT+qjTu cl7TMbd8Xt34F7OJza7e1BEVmndBgm9oiLZ6A8qa0c+5J78MKJlyjwqE9N1Km+ju3skq ub3SC9fIlTs9rS9HTmWgLxwf4DHlAAtj67OKc1DA+oPRtlJetA4rSMlSlXrdN0V3Q5vH w+Ph5FI7UBcnR2dTDvEOgU9MQgXV+gduLZDzC3oX0i/ze9TDYQU0SCieJvQwzmJ1dmCW ngKA== X-Gm-Message-State: AOJu0YwdBr52R+ltrjgrdCJU/19Ynfn4v387QBfIjHXZw56lFCKUdSTM ooB8YM0LhL2qJOaH1U26dfYbwavVoyHKTz2SJsElJjbK8YbdIaO8kcFgLjCVlLeybfAZvSC83ol C2AUieuamxQjFj58tpxTkjnAPsvWVFXd2U2BKiqW51zmmBBit7TfNWbWgiSw= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:f004:b0:659:9a49:8feb with SMTP id 006d021491bc7-6611796df12mr4234984eaf.24.1768780926106; Sun, 18 Jan 2026 16:02:06 -0800 (PST) Date: Sun, 18 Jan 2026 16:02:06 -0800 In-Reply-To: <66e96979.050a0220.252d9a.000a.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <696d747e.050a0220.45cdb.5e3e.GAE@google.com> Subject: Forwarded: Private message regarding: [syzbot] [mm?] INFO: rcu detected stall in sys_execve (6) From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: Private message regarding: [syzbot] [mm?] INFO: rcu detected stall= in sys_execve (6) Author: kapoorarnav43@gmail.com #syz test From ec692e7200eec47b1067ac865b5350125acf8c48 Mon Sep 17 00:00:00 2001 From: Arnav Kapoor Date: Mon, 19 Jan 2026 05:30:53 +0530 Subject: [PATCH] netfilter: nf_conntrack: limit total entries processed per gc_worker call Limit the gc_worker to process at most 1000 entries per call to prevent excessive run times and RCU stalls. If the limit is exceeded, reschedule the worker to continue from the next bucket. Reported-by: syzbot+8bb3e2bee8a429cc76dd@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D8bb3e2bee8a429cc76dd --- net/netfilter/nf_conntrack_core.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_conntrack_core.c=20 b/net/netfilter/nf_conntrack_core.c index ff901a2b4..4ca315e8b 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1517,6 +1517,7 @@ static void gc_worker(struct work_struct *work) struct conntrack_gc_work *gc_work; unsigned int expired_count =3D 0; unsigned long next_run; + bool early_break =3D false; unsigned int bucket_count =3D 0; s32 delta_time; long count; @@ -1561,13 +1562,18 @@ static void gc_worker(struct work_struct *work) tmp =3D nf_ct_tuplehash_to_ctrack(h); entry_count++; =20 - if (entry_count > 100) break; + if (entry_count > 1000) { early_break =3D true;=20 break; } cond_resched(); if (expired_count > GC_SCAN_EXPIRED_MAX) { rcu_read_unlock(); =20 gc_work->next_bucket =3D i; gc_work->avg_timeout =3D next_run; + if (early_break) { + rcu_read_unlock(); + gc_work->next_bucket =3D i; + goto early_exit; + } gc_work->count =3D count; =20 delta_time =3D nfct_time_stamp -=20 gc_work->start_time; --=20 2.43.0 On Monday, 19 January 2026 at 05:29:05 UTC+5:30 syzbot wrote: Hello,=20 syzbot has tested the proposed patch but the reproducer is still triggering=20 an issue:=20 INFO: rcu detected stall in worker_thread=20 rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:=20 rcu: 1-...!: (1 GPs behind) idle=3D3fa4/1/0x4000000000000000=20 softirq=3D23801/23814 fqs=3D1=20 rcu: (detected by 0, t=3D10503 jiffies, g=3D17209, q=3D7435 ncpus=3D2)=20 Sending NMI from CPU 0 to CPUs 1:=20 NMI backtrace for cpu 1=20 CPU: 1 UID: 0 PID: 5941 Comm: kworker/1:5 Not tainted syzkaller #0=20 PREEMPT(full)=20 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS=20 Google 10/25/2025=20 Workqueue: events_power_efficient gc_worker=20 RIP: 0010:check_region_inline mm/kasan/generic.c:185 [inline]=20 RIP: 0010:kasan_check_range+0x19/0x2c0 mm/kasan/generic.c:200=20 Code: cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 55 41=20 57 41 56 41 55 41 54 53 b0 01 48 85 f6 0f 84 ba 01 00 00 <4c> 8d 04 37 49=20 39 f8 0f 82 82 02 00 00 49 b9 00 00 00 00 00 80 ff=20 RSP: 0018:ffffc90000a08ba8 EFLAGS: 00000002=20 RAX: 00000000ffffff01 RBX: ffffffff99b74750 RCX: ffffffff819e9061=20 RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000a08c20=20 RBP: ffffc90000a08c98 R08: ffffffff99b74753 R09: 1ffffffff336e8ea=20 R10: dffffc0000000000 R11: fffffbfff336e8eb R12: ffffffff99b74760=20 R13: ffffffff99b74758 R14: 1ffffffff336e8ec R15: 1ffffffff336e8eb=20 FS: 0000000000000000(0000) GS:ffff888125f1e000(0000) knlGS:0000000000000000=20 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033=20 CR2: 00007ff7a7c27432 CR3: 0000000073668000 CR4: 00000000003526f0=20 Call Trace:=20 =20 instrument_read_write include/linux/instrumented.h:54 [inline]=20 atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:1301=20 [inline]=20 queued_spin_lock include/asm-generic/qspinlock.h:111 [inline]=20 do_raw_spin_lock+0x121/0x290 kernel/locking/spinlock_debug.c:116=20 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]=20 _raw_spin_lock_irqsave+0x4c/0x60 kernel/locking/spinlock.c:162=20 debug_object_deactivate+0x6d/0x360 lib/debugobjects.c:873=20 debug_hrtimer_deactivate kernel/time/hrtimer.c:443 [inline]=20 debug_deactivate+0x1d/0x1e0 kernel/time/hrtimer.c:483=20 __run_hrtimer kernel/time/hrtimer.c:1745 [inline]=20 __hrtimer_run_queues+0x2b0/0xc30 kernel/time/hrtimer.c:1841=20 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1903=20 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]=20 __sysvec_apic_timer_interrupt+0x102/0x3e0 arch/x86/kernel/apic/apic.c:1062=20 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]=20 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1056=20 =20 =20 asm_sysvec_apic_timer_interrupt+0x1a/0x20=20 arch/x86/include/asm/idtentry.h:697=20 RIP: 0010:rcu_is_watching_curr_cpu include/linux/context_tracking.h:-1=20 [inline]=20 RIP: 0010:rcu_is_watching+0x44/0xb0 kernel/rcu/tree.c:751=20 Code: 73 65 49 bf 00 00 00 00 00 fc ff df 4c 8d 34 dd d0 0d 9b 8d 4c 89 f0=20 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 8c 1d 80 00 <48> c7 c3 d8 56=20 81 92 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38=20 RSP: 0018:ffffc90003d77860 EFLAGS: 00000246=20 RAX: 1ffffffff1b361bb RBX: 0000000000000001 RCX: 0000000080000001=20 RDX: 0000000000000000 RSI: ffffffff8bc086c0 RDI: ffffffff8bc08680=20 RBP: ffffffff8983265b R08: 0000000000000000 R09: 0000000000000000=20 R10: dffffc0000000000 R11: fffffbfff1f045cf R12: 0000000000000002=20 R13: ffffffff8df41aa0 R14: ffffffff8d9b0dd8 R15: dffffc0000000000=20 trace_lock_acquire include/trace/events/lock.h:24 [inline]=20 lock_acquire+0x5f/0x340 kernel/locking/lockdep.c:5831=20 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]=20 rcu_read_lock include/linux/rcupdate.h:867 [inline]=20 gc_worker+0x28c/0x13d0 net/netfilter/nf_conntrack_core.c:1546=20 process_one_work kernel/workqueue.c:3257 [inline]=20 process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340=20 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421=20 kthread+0x711/0x8a0 kernel/kthread.c:463=20 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158=20 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246=20 =20 rcu: rcu_preempt kthread starved for 10479 jiffies! g17209 f0x0=20 RCU_GP_WAIT_FQS(5) ->state=3D0x0 ->cpu=3D0=20 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now=20 expected behavior.=20 rcu: RCU grace-period kthread stack dump:=20 task:rcu_preempt state:R running task stack:27416 pid:16 tgid:16 ppid:2=20 task_flags:0x208040 flags:0x00080000=20 Call Trace:=20 =20 context_switch kernel/sched/core.c:5256 [inline]=20 __schedule+0x149b/0x4fd0 kernel/sched/core.c:6863=20 __schedule_loop kernel/sched/core.c:6945 [inline]=20 schedule+0x165/0x360 kernel/sched/core.c:6960=20 schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99=20 rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083=20 rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285=20 kthread+0x711/0x8a0 kernel/kthread.c:463=20 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158=20 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246=20 =20 rcu: Stack dump where RCU GP kthread last ran:=20 CPU: 0 UID: 0 PID: 6390 Comm: syz-executor Not tainted syzkaller #0=20 PREEMPT(full)=20 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS=20 Google 10/25/2025=20 RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline]=20 RIP: 0010:smp_call_function_many_cond+0xcce/0x1260 kernel/smp.c:877=20 Code: 01 31 ff e8 d4 97 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75=20 07 e8 7f 93 0b 00 eb 38 f3 90 42 0f b6 04 2b 84 c0 75 11 <41> f7 04 24 01=20 00 00 00 74 1e e8 63 93 0b 00 eb e4 44 89 e1 80 e1=20 RSP: 0018:ffffc900031374a0 EFLAGS: 00000246=20 RAX: 0000000000000000 RBX: 1ffff110170e8129 RCX: ffff8880254c9e80=20 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000=20 RBP: ffffc900031375e0 R08: ffffffff8f822e77 R09: 1ffffffff1f045ce=20 R10: dffffc0000000000 R11: fffffbfff1f045cf R12: ffff8880b8740948=20 R13: dffffc0000000000 R14: ffff8880b863bb00 R15: 0000000000000001=20 FS: 0000000000000000(0000) GS:ffff888125e1e000(0000) knlGS:0000000000000000=20 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033=20 CR2: 000055fad049c6d8 CR3: 000000000dd3a000 CR4: 00000000003526f0=20 Call Trace:=20 =20 on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1043=20 __flush_tlb_multi arch/x86/include/asm/paravirt.h:91 [inline]=20 flush_tlb_multi arch/x86/mm/tlb.c:1382 [inline]=20 flush_tlb_mm_range+0x60a/0x1170 arch/x86/mm/tlb.c:1472=20 tlb_flush arch/x86/include/asm/tlb.h:23 [inline]=20 tlb_flush_mmu_tlbonly include/asm-generic/tlb.h:490 [inline]=20 tlb_flush_mmu+0x1a7/0x680 mm/mmu_gather.c:403=20 tlb_finish_mmu+0xc3/0x1d0 mm/mmu_gather.c:497=20 free_ldt_pgtables+0x17b/0x320 arch/x86/kernel/ldt.c:411=20 arch_exit_mmap arch/x86/include/asm/mmu_context.h:234 [inline]=20 exit_mmap+0x174/0xb10 mm/mmap.c:1263=20 __mmput+0x118/0x430 kernel/fork.c:1173=20 exit_mm+0x169/0x230 kernel/exit.c:581=20 do_exit+0x627/0x22f0 kernel/exit.c:959=20 do_group_exit+0x21c/0x2d0 kernel/exit.c:1112=20 get_signal+0x1285/0x1340 kernel/signal.c:3034=20 arch_do_signal_or_restart+0x9a/0x7a0 arch/x86/kernel/signal.c:337=20 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]=20 exit_to_user_mode_loop+0x87/0x4e0 kernel/entry/common.c:75=20 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]=20 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256=20 [inline]=20 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]=20 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]=20 do_syscall_64+0x2c1/0xf80 arch/x86/entry/syscall_64.c:100=20 entry_SYSCALL_64_after_hwframe+0x77/0x7f=20 RIP: 0033:0x7f175fd915dc=20 Code: Unable to access opcode bytes at 0x7f175fd915b2.=20 RSP: 002b:00007ffd6bb31250 EFLAGS: 00000293 ORIG_RAX: 000000000000002c=20 RAX: 0000000000000040 RBX: 00007f1760b14620 RCX: 00007f175fd915dc=20 RDX: 0000000000000040 RSI: 00007f1760b14670 RDI: 0000000000000003=20 RBP: 0000000000000000 R08: 00007ffd6bb312a4 R09: 000000000000000c=20 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003=20 R13: 0000000000000000 R14: 00007f1760b14670 R15: 0000000000000000=20 =20 Tested on:=20 commit: f40ddcc0 Revert "nfc/nci: Add the inconsistency check ..=20 git tree: net=20 console output: https://syzkaller.appspot.com/x/log.txt?x=3D16b06852580000=20 kernel config: https://syzkaller.appspot.com/x/.config?x=3D323fe5bdde2384a5=20 dashboard link: https://syzkaller.appspot.com/bug?extid=3D8bb3e2bee8a429cc7= 6dd=20 compiler: Debian clang version 20.1.8=20 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD=20 20.1.8=20 patch: https://syzkaller.appspot.com/x/patch.diff?x=3D1688eb9a580000