From: Florian Westphal <fw@strlen.de>
To: Jakub Kicinski <kuba@kernel.org>
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [TEST] conntrack_reverse_clash.sh flakes
Date: Mon, 8 Dec 2025 15:48:18 +0100 [thread overview]
Message-ID: <aTblMlbPfxuac2eg@strlen.de> (raw)
In-Reply-To: <20251206175135.4a56591b@kernel.org>
Jakub Kicinski <kuba@kernel.org> wrote:
> We have a new faster NIPA setup, and now on non-debug builds we see
> a few (4 a week to be exact) flakes in conntrack_reverse_clash.sh
>
> List of flakes from the last 100 runs:
> https://netdev.bots.linux.dev/contest.html?pass=0&test=conntrack-reverse-clash-sh
>
> Example:
>
> # selftests: net/netfilter: conntrack_reverse_clash.sh
> # Port number changed, wanted 56789 got 5950
> # ERROR: SNAT performed without any matching snat rule
> # kill: sending signal to 16051 failed: No such process
> not ok 1 selftests: net/netfilter: conntrack_reverse_clash.sh # exit=1
>
> Looks like the test also occasionally flaked on the old setup ("remote"
> column with "metal" instead of "virt") which is now shut down:
>
> # selftests: net/netfilter: conntrack_reverse_clash.sh
> # Port number changed, wanted 56789 got 54630
> # Port number changed, wanted 56790 got 25814
> # ERROR: SNAT performed without any matching snat rule
> not ok 1 selftests: net/netfilter: conntrack_reverse_clash.sh # exit=1
>
> so this isn't new, just more likely now..
>
> Could you TAL when you have spare cycles? (BTW the new setup is owned
> by netdev foundation so I can give you access if that helps).
No need, I can reproduce this:
# selftests: conntrack_reverse_clash.sh
# Port number changed, wanted 56790 got 64562 from 127.0.0.12
# ERROR: SNAT performed without any matching snat rule
# udp 17 30 src=127.0.0.11 dst=127.0.0.12 sport=56789 dport=56790 [UNREPLIED] src=127.0.0.12 dst=127.0.0.11 sport=56790 dport=56789 mark=0 use=1
# conntrack v1.4.8 (conntrack-tools): 1 flow entries have been shown.
# cpu=0 found=0 invalid=0 insert=0 insert_failed=0 drop=0 early_drop=0 error=0 search_restart=0 clash_resolve=0 chaintoolong=0
...
Looks like an actual bug to me, will need some time to investigate this.
If its too annoying consider disabling this particular test for now.
Thanks for reporting.
prev parent reply other threads:[~2025-12-08 14:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-07 1:51 [TEST] conntrack_reverse_clash.sh flakes Jakub Kicinski
2025-12-07 1:56 ` Jakub Kicinski
2025-12-07 10:40 ` Florian Westphal
2025-12-08 14:48 ` Florian Westphal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aTblMlbPfxuac2eg@strlen.de \
--to=fw@strlen.de \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).