From: Florian Westphal <fw@strlen.de>
To: Dan Moulding <dan@danm.net>
Cc: netfilter-devel@vger.kernel.org, pablo@netfilter.org,
regressions@lists.linux.dev
Subject: Re: [REGRESSION] v6.16 system hangs (bisected to nf_conntrack fix)
Date: Tue, 29 Jul 2025 19:38:09 +0200 [thread overview]
Message-ID: <aIkHAZjudod05WaR@strlen.de> (raw)
In-Reply-To: <20250729170228.7286-1-dan@danm.net>
Dan Moulding <dan@danm.net> wrote:
> Ok. I just tried reverting only the changes to nf_conntrack_core.c and
> the hang no longer occurs. This is on top of 6.16.
Strange. Can you completely revert 2d72afb340657f03f7261e9243b44457a9228ac7
and then apply this patch instead?
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -984,6 +984,7 @@ static void __nf_conntrack_insert_prepare(struct nf_conn *ct)
struct nf_conn_tstamp *tstamp;
refcount_inc(&ct->ct_general.use);
+ ct->status |= IPS_CONFIRMED;
/* set conntrack timestamp, if enabled. */
tstamp = nf_conn_tstamp_find(ct);
@@ -1260,8 +1261,6 @@ __nf_conntrack_confirm(struct sk_buff *skb)
* user context, else we insert an already 'dead' hash, blocking
* further use of that particular connection -JM.
*/
- ct->status |= IPS_CONFIRMED;
-
if (unlikely(nf_ct_is_dying(ct))) {
NF_CT_STAT_INC(net, insert_failed);
goto dying;
(the confirm-bit-set moves from the too-early spot in __nf_conntrack_confirm
to __nf_conntrack_insert_prepare).
Unlike 2d72afb340657f03f7261e9243b44457a9228ac7 its still set before
hash insertion, but we no longer set it on entries that were not
inserted into the hash.
Unfortunately I still do not see why setting the bit after hashtable
insertion causes problems. ____nf_conntrack_find() should skip/ignore
the entry, and I don't see how it causes an infinite loop or
double-insert or whatever else is causing this hang.
next prev parent reply other threads:[~2025-07-29 17:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-28 23:25 [REGRESSION] v6.16 system hangs (bisected to nf_conntrack fix) Dan Moulding
2025-07-28 23:47 ` Florian Westphal
2025-07-29 0:25 ` Florian Westphal
2025-07-29 17:02 ` Dan Moulding
2025-07-29 17:38 ` Florian Westphal [this message]
2025-07-31 15:49 ` Florian Westphal
2025-07-31 19:49 ` Dan Moulding
2025-08-30 3:48 ` Dan Moulding
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aIkHAZjudod05WaR@strlen.de \
--to=fw@strlen.de \
--cc=dan@danm.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=regressions@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).