netfilter: conntrack: warn when cleanup is stuck

nf_conntrack_cleanup_net_list() calls schedule() so it does not show up as a hung task. Add an explicit check to make debugging leaked skbs/conntack references more obvious. Acked-by: Florian Westphal <fw@strlen.de> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20251207010942.1672972-5-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Jakub Kicinski <kuba@kernel.org> 2025-12-06 17:09:42 -0800
committer: Jakub Kicinski <kuba@kernel.org> 2025-12-10 01:15:27 -0800
commit: 92df4c56cf5b739c2977001c581badeaf82b9857 (patch)
tree: e84afd235ba47350a3981cfc3f770aa5dd32bb5b
parent: 006a5035b495dec008805df249f92c22c89c3d2e (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 0b95f226f211..d1f8eb725d42 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2487,6 +2487,7 @@ void nf_conntrack_cleanup_net(struct net *net)
 void nf_conntrack_cleanup_net_list(struct list_head *net_exit_list)
 {
 	struct nf_ct_iter_data iter_data = {};
+	unsigned long start = jiffies;
 	struct net *net;
 	int busy;
 
@@ -2507,6 +2508,8 @@ i_see_dead_people:
 			busy = 1;
 	}
 	if (busy) {
+		DEBUG_NET_WARN_ONCE(time_after(jiffies, start + 60 * HZ),
+				    "conntrack cleanup blocked for 60s");
 		schedule();
 		goto i_see_dead_people;
 	}
author	Jakub Kicinski <kuba@kernel.org>	2025-12-06 17:09:42 -0800
committer	Jakub Kicinski <kuba@kernel.org>	2025-12-10 01:15:27 -0800
commit	92df4c56cf5b739c2977001c581badeaf82b9857 (patch)
tree	e84afd235ba47350a3981cfc3f770aa5dd32bb5b
parent	006a5035b495dec008805df249f92c22c89c3d2e (diff)