netfilter: conntrack: warn when cleanup is stuck

nf_conntrack_cleanup_net_list() calls schedule() so it does not
show up as a hung task. Add an explicit check to make debugging
leaked skbs/conntack references more obvious.

Acked-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20251207010942.1672972-5-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 0b95f226f2111636870d971b9eb24b02396a49e3..d1f8eb725d4223e042b02ab86ba89b9b7caf75f5 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2487,6 +2487,7 @@ void nf_conntrack_cleanup_net(struct net *net)
 void nf_conntrack_cleanup_net_list(struct list_head *net_exit_list)
 {
        struct nf_ct_iter_data iter_data = {};
+       unsigned long start = jiffies;
        struct net *net;
        int busy;
 
@@ -2507,6 +2508,8 @@ i_see_dead_people:
                        busy = 1;
        }
        if (busy) {
+               DEBUG_NET_WARN_ONCE(time_after(jiffies, start + 60 * HZ),
+                                   "conntrack cleanup blocked for 60s");
                schedule();
                goto i_see_dead_people;
        }