Re: [syzbot] [netfilter?] WARNING in nf_conntrack_cleanup_net_list

Next message: Greg KH: "Re: [PATCH RFC] soc: qcom: socinfo: Re-implement in Rust"
Previous message: Greg KH: "Re: [PATCH] rust: conclude the Rust experiment"
In reply to: Jakub Kicinski: "Re: [syzbot] [netfilter?] WARNING in nf_conntrack_cleanup_net_list"
Next in thread: Eric Dumazet: "Re: [syzbot] [netfilter?] WARNING in nf_conntrack_cleanup_net_list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Florian Westphal

Date: Sat Dec 13 2025 - 08:27:45 EST

Jakub Kicinski <kuba@xxxxxxxxxx> wrote:
> On Thu, 11 Dec 2025 10:38:31 -0800 syzbot wrote:
> > ------------[ cut here ]------------
> > conntrack cleanup blocked for 60s
> > WARNING: net/netfilter/nf_conntrack_core.c:2512 at
>
> Yes, I was about to comment on the patch which added the warning..
>
> There is still a leak somewhere. Running ip_defrag.sh and then load /
> unload ipvlan repros this (modprobe ipvlan is a quick check if the
> cleanup thread is wedged, if it is modprobe will hang, if it isn't
> run ip_defrag.sh, again etc).
>
> I looked around last night but couldn't find an skb stuck anywhere.
> The nf_conntrack_net->count was == 1

Its caused skb skb fraglist skbs that still hold nf_conn references
on the softnet data defer lists.

setting net.core.skb_defer_max=0 makes the hang disappear for me.