We go a crash report pointing at __nf_ct_delete_from_lists.
While I've been unable to reproduce this, there appears to be a race,
IPS_CONFIRMED bit is set too early and can cause datapath or gc worker
to unlink an entry that hasn't been fully initialised.
The last patch is the actual fix, the first 3 patches extend and add
a few more conntrack tests to exercise clash resolution for udp.
Florian Westphal (4):
selftests: netfilter: conntrack_resize.sh: extend resize test
selftests: netfilter: add conntrack clash resolution test case
selftests: netfilter: conntrack_resize.sh: also use udpclash tool
netfilter: nf_conntrack: fix crash due to removal of uninitialised
entry
include/net/netfilter/nf_conntrack.h | 15 +-
net/netfilter/nf_conntrack_core.c | 18 +-
.../selftests/net/netfilter/.gitignore | 1 +
.../testing/selftests/net/netfilter/Makefile | 3 +
.../net/netfilter/conntrack_clash.sh | 175 ++++++++++++++++++
.../net/netfilter/conntrack_resize.sh | 97 +++++++++-
.../selftests/net/netfilter/udpclash.c | 158 ++++++++++++++++
7 files changed, 454 insertions(+), 13 deletions(-)
create mode 100755 tools/testing/selftests/net/netfilter/conntrack_clash.sh
create mode 100644 tools/testing/selftests/net/netfilter/udpclash.c
--
2.49.0
