netfilter: conntrack: warn when cleanup is stuck

kuba-moo · kuba-moo · commit 92df4c56cf5b · 2025-12-10T01:15:27.000-08:00
nf_conntrack_cleanup_net_list() calls schedule() so it does not show up as a hung task. Add an explicit check to make debugging leaked skbs/conntack references more obvious. Acked-by: Florian Westphal <fw@strlen.de> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20251207010942.1672972-5-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
@@ -2487,6 +2487,7 @@ void nf_conntrack_cleanup_net(struct net *net)
 void nf_conntrack_cleanup_net_list(struct list_head *net_exit_list)
 {
 	struct nf_ct_iter_data iter_data = {};
+	unsigned long start = jiffies;
 	struct net *net;
 	int busy;
 
@@ -2507,6 +2508,8 @@ void nf_conntrack_cleanup_net_list(struct list_head *net_exit_list)
 			busy = 1;
 	}
 	if (busy) {
+		DEBUG_NET_WARN_ONCE(time_after(jiffies, start + 60 * HZ),
+				    "conntrack cleanup blocked for 60s");
 		schedule();
 		goto i_see_dead_people;
 	}

Original file line number	Diff line number	Diff line change
`@@ -2487,6 +2487,7 @@ void nf_conntrack_cleanup_net(struct net *net)`
`2487`	`2487`	`void nf_conntrack_cleanup_net_list(struct list_head *net_exit_list)`
`2488`	`2488`	`{`
`2489`	`2489`	`struct nf_ct_iter_data iter_data = {};`
	`2490`	`+ unsigned long start = jiffies;`
`2490`	`2491`	`struct net *net;`
`2491`	`2492`	`int busy;`
`2492`	`2493`
`@@ -2507,6 +2508,8 @@ void nf_conntrack_cleanup_net_list(struct list_head *net_exit_list)`
`2507`	`2508`	`busy = 1;`
`2508`	`2509`	`}`
`2509`	`2510`	`if (busy) {`
	`2511`	`+ DEBUG_NET_WARN_ONCE(time_after(jiffies, start + 60 * HZ),`
	`2512`	`+ "conntrack cleanup blocked for 60s");`
`2510`	`2513`	`schedule();`
`2511`	`2514`	`goto i_see_dead_people;`
`2512`	`2515`	`}`