On Fri, 7 Jun 2024 11:55:24 +1000
David Gibson
Flow table entries need to be fully initialised before returning to the main epoll loop. Commit 0060acd1 ("flow: Clarify and enforce flow state transitions") now enforces that: once a flow is allocated we must either cancel it, or activate it before returning to the main loop, or we will hit an ASSERT().
Some error paths in tcp_conn_from_tap() weren't correctly updated for this requirement - we can exit with a flow entry incompletely initialised. Correct that by cancelling the flows in those situations.
I don't have enough information to be certain if this is the cause for podman bug 22925, but it plausibly could be.
Fixes: 0060acd1 ("flow: Clarify and enforce flow state transitions") Link: https://github.com/containers/podman/issues/22925
Signed-off-by: David Gibson
Applied. -- Stefano