Update: I need to retract the br_netfilter theory from my earlier comment(s) on this bug.
I applied `install br_netfilter /bin/false` plus `DOCKER_IGNORE_BR_NETFILTER_ERROR=1` and confirmed both were active (module unloaded, dockerd running without it) - but the SUnreclaim/skbuff_head_cache+skbuff_small_head bursts continued, including multiple 15-28GB spikes with ZERO Docker containers running. This turned out to be unrelated to Docker entirely. Root cause: my Intel BE200 Wi-Fi 7 NIC's firmware was crashing repeatedly (iwlwifi "Error sending SYSTEM_STATISTICS_CMD: time out after 2000ms" -> "Device error - SW reset"), and the iwlmld driver (Wi-Fi 7/MLO mode) does not stop mac80211 TX queues during firmware error recovery, causing a massive transient skb buildup that inflates SUnreclaim by 8-28GB for ~7-10 seconds before draining. Filing a separate bug for the actual iwlwifi/BE200 issue. Apologies for the noise - leaving this here for anyone who finds this bug via the same symptoms (SUnreclaim/skbuff slab spikes) so they don't go down the same Docker/br_netfilter rabbit hole I did. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2151248 Title: skbuff slab memory leak (~28GB) when Docker bridge networking (br_netfilter) is active To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2151248/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
