[syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (6)

[syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (6)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    6465e260f487 Linux 6.6-rc3
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1376e3bc680000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8d7d7928f78936aa
dashboard link: https://syzkaller.appspot.com/bug?extid=de4025c006ec68ac56fc
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17f218da680000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=149ff8c6680000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/563852357aa6/disk-6465e260.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/df22793fe953/vmlinux-6465e260.xz
kernel image: https://storage.googleapis.com/syzbot-assets/84c2aad43ae3/bzImage-6465e260.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+de4025c006ec68ac56fc@syzkaller.appspotmail.com

------------[ cut here ]------------
hook not found, pf 2 num 1
WARNING: CPU: 1 PID: 5062 at net/netfilter/core.c:517 __nf_unregister_net_hook+0x1de/0x670 net/netfilter/core.c:517
Modules linked in:
CPU: 1 PID: 5062 Comm: syz-executor417 Not tainted 6.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
RIP: 0010:__nf_unregister_net_hook+0x1de/0x670 net/netfilter/core.c:517
Code: 14 02 4c 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 7a 04 00 00 8b 53 1c 48 c7 c7 c0 d4 a8 8b 8b 74 24 04 e8 b2 ce dc f8 <0f> 0b e9 ec 00 00 00 e8 46 a5 16 f9 48 89 e8 48 c1 e0 04 49 8d 7c
RSP: 0018:ffffc9000355f2b8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8880218dde00 RCX: 0000000000000000
RDX: ffff888019aee000 RSI: ffffffff814cf016 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff92611690
R13: ffff888016fff020 R14: ffff888016fff000 R15: ffff8880218dde1c
FS:  00007f76ca1526c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f76ca1e86b8 CR3: 0000000020292000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 nf_unregister_net_hook+0xd5/0x110 net/netfilter/core.c:539
 __nf_tables_unregister_hook net/netfilter/nf_tables_api.c:361 [inline]
 __nf_tables_unregister_hook+0x1a0/0x220 net/netfilter/nf_tables_api.c:340
 nf_tables_unregister_hook net/netfilter/nf_tables_api.c:368 [inline]
 nf_tables_commit+0x410f/0x59f0 net/netfilter/nf_tables_api.c:9992
 nfnetlink_rcv_batch+0xf36/0x2500 net/netfilter/nfnetlink.c:569
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
 nfnetlink_rcv+0x3bf/0x430 net/netfilter/nfnetlink.c:657
 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
 netlink_unicast+0x536/0x810 net/netlink/af_netlink.c:1368
 netlink_sendmsg+0x93c/0xe40 net/netlink/af_netlink.c:1910
 sock_sendmsg_nosec net/socket.c:730 [inline]
 sock_sendmsg+0xd9/0x180 net/socket.c:753
 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2541
 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2595
 __sys_sendmsg+0x117/0x1e0 net/socket.c:2624
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f76ca192059
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f76ca152208 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f76ca21c3e8 RCX: 00007f76ca192059
RDX: 0000000000000000 RSI: 000000002000c2c0 RDI: 0000000000000004
RBP: 00007f76ca21c3e0 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000000a00 R11: 0000000000000246 R12: 00007f76ca1e917c
R13: 0000000000000001 R14: 0000000000000008 R15: 0200000000000000
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (6)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in __nf_unregister_net_hook

------------[ cut here ]------------
hook not found, pf 2 num 1
WARNING: CPU: 0 PID: 5762 at net/netfilter/core.c:522 __nf_unregister_net_hook+0x1e1/0x6a0 net/netfilter/core.c:522
Modules linked in:
CPU: 0 PID: 5762 Comm: syz-executor.5 Not tainted 6.6.0-rc3-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:__nf_unregister_net_hook+0x1e1/0x6a0 net/netfilter/core.c:522
Code: 14 02 4c 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 9f 04 00 00 8b 53 1c 48 c7 c7 80 d5 a8 8b 8b 74 24 0c e8 ef cc dc f8 <0f> 0b e9 0b 01 00 00 e8 83 a3 16 f9 44 89 e0 48 89 c2 48 c1 e2 04
RSP: 0018:ffffc90002dff2b8 EFLAGS: 00010282

RAX: 0000000000000000 RBX: ffff88802171f400 RCX: 0000000000000000
RDX: ffff888027ec0080 RSI: ffffffff814cf016 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000006
R13: ffff8880786ef2d0 R14: ffff888021deca00 R15: ffff88802171f41c
FS:  00007f7c803336c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f749c681ff8 CR3: 0000000063052000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 nf_unregister_net_hook+0xd5/0x110 net/netfilter/core.c:544
 __nf_tables_unregister_hook net/netfilter/nf_tables_api.c:361 [inline]
 __nf_tables_unregister_hook+0x1a0/0x220 net/netfilter/nf_tables_api.c:340
 nf_tables_unregister_hook net/netfilter/nf_tables_api.c:368 [inline]
 nf_tables_commit+0x410f/0x59f0 net/netfilter/nf_tables_api.c:9992
 nfnetlink_rcv_batch+0xf36/0x2500 net/netfilter/nfnetlink.c:569
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
 nfnetlink_rcv+0x3bf/0x430 net/netfilter/nfnetlink.c:657
 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
 netlink_unicast+0x536/0x810 net/netlink/af_netlink.c:1368
 netlink_sendmsg+0x93c/0xe40 net/netlink/af_netlink.c:1910
 sock_sendmsg_nosec net/socket.c:730 [inline]
 sock_sendmsg+0xd9/0x180 net/socket.c:753
 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2541
 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2595
 __sys_sendmsg+0x117/0x1e0 net/socket.c:2624
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7c7f67cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7c803330c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f7c7f79c050 RCX: 00007f7c7f67cae9
RDX: 0000000000000000 RSI: 000000002000c2c0 RDI: 0000000000000004
RBP: 00007f7c7f6c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f7c7f79c050 R15: 00007ffe393fad78
 </TASK>


Tested on:

commit:         6465e260 Linux 6.6-rc3
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=158da6eb680000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8d7d7928f78936aa
dashboard link: https://syzkaller.appspot.com/bug?extid=de4025c006ec68ac56fc
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1030cd60e80000

Re: [syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (6)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

36819][    T1] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
[    4.642425][    T1] NET: Registered PF_INET protocol family
[    4.653180][    T1] IP idents hash table entries: 131072 (order: 8, 1048576 bytes, vmalloc)
[    4.673990][    T1] tcp_listen_portaddr_hash hash table entries: 4096 (order: 6, 294912 bytes, vmalloc)
[    4.679141][    T1] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, vmalloc)
[    4.686154][    T1] TCP established hash table entries: 65536 (order: 7, 524288 bytes, vmalloc)
[    4.702134][    T1] TCP bind hash table entries: 65536 (order: 11, 9437184 bytes, vmalloc hugepage)
[    4.715835][    T1] TCP: Hash tables configured (established 65536 bind 65536)
[    4.725918][    T1] MPTCP token hash table entries: 8192 (order: 7, 720896 bytes, vmalloc)
[    4.735121][    T1] UDP hash table entries: 4096 (order: 7, 655360 bytes, vmalloc)
[    4.742928][    T1] UDP-Lite hash table entries: 4096 (order: 7, 655360 bytes, vmalloc)
[    4.748791][    T1] NET: Registered PF_UNIX/PF_LOCAL protocol family
[    4.755767][    T1] RPC: Registered named UNIX socket transport module.
[    4.757922][    T1] RPC: Registered udp transport module.
[    4.759137][    T1] RPC: Registered tcp transport module.
[    4.760533][    T1] RPC: Registered tcp-with-tls transport module.
[    4.762569][    T1] RPC: Registered tcp NFSv4.1 backchannel transport module.
[    4.770304][    T1] NET: Registered PF_XDP protocol family
[    4.771660][    T1] pci_bus 0000:00: resource 4 [io  0x0000-0x0cf7 window]
[    4.772804][    T1] pci_bus 0000:00: resource 5 [io  0x0d00-0xffff window]
[    4.774225][    T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[    4.775706][    T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfefff window]
[    4.779891][    T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[    4.781720][    T1] PCI: CLS 0 bytes, default 64
[    4.783062][    T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[    4.785627][    T1] software IO TLB: mapped [mem 0x00000000b5800000-0x00000000b9800000] (64MB)
[    4.787580][    T1] ACPI: bus type thunderbolt registered
[    4.801824][   T59] kworker/u4:3 (59) used greatest stack depth: 28288 bytes left
[    4.803556][   T57] kworker/u4:3 (57) used greatest stack depth: 27936 bytes left
[    4.807247][    T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer
[    4.836525][    T1] kvm_amd: CPU 0 isn't AMD or Hygon
[    4.838378][    T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1fb6feccdd0, max_idle_ns: 440795259471 ns
[    4.840308][    T1] clocksource: Switched to clocksource tsc
[    4.841701][   T60] kworker/u4:4 (60) used greatest stack depth: 27488 bytes left
[    7.942031][    T1] Initialise system trusted keyrings
[    7.950098][    T1] workingset: timestamp_bits=40 max_order=21 bucket_order=0
[    7.953009][    T1] zbud: loaded
[    7.964477][    T1] DLM installed
[    7.971427][    T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    7.981282][    T1] NFS: Registering the id_resolver key type
[    7.982457][    T1] Key type id_resolver registered
[    7.983292][    T1] Key type id_legacy registered
[    7.984197][    T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[    7.985996][    T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[    7.999168][    T1] Key type cifs.spnego registered
[    8.001028][    T1] Key type cifs.idmap registered
[    8.002981][    T1] ntfs: driver 2.1.32 [Flags: R/W].
[    8.004816][    T1] ntfs3: Max link count 4000
[    8.005624][    T1] ntfs3: Enabled Linux POSIX ACLs support
[    8.006545][    T1] ntfs3: Read-only LZX/Xpress compression included
[    8.008379][    T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[    8.009817][    T1] jffs2: version 2.2. (NAND) (SUMMARY)  © 2001-2006 Red Hat, Inc.
[    8.014805][    T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[    8.016201][    T1] QNX4 filesystem 0.2.3 registered.
[    8.017663][    T1] qnx6: QNX6 filesystem 1.0.0 registered.
[    8.019893][    T1] fuse: init (API version 7.39)
[    8.024969][    T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[    8.028357][    T1] orangefs_init: module version upstream loaded
[    8.030312][    T1] JFS: nTxBlock = 8192, nTxLock = 65536
[    8.063381][    T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled
[    8.072453][    T1] 9p: Installing v9fs 9p2000 file system support
[    8.074784][    T1] NILFS version 2 loaded
[    8.075542][    T1] befs: version: 0.9.3
[    8.077453][    T1] ocfs2: Registered cluster interface o2cb
[    8.079215][    T1] ocfs2: Registered cluster interface user
[    8.081170][    T1] OCFS2 User DLM kernel interface loaded
[    8.103497][    T1] gfs2: GFS2 installed
[    8.118728][    T1] ceph: loaded (mds proto 32)
[    8.122243][    T1] 
[    8.122768][    T1] ============================================
[    8.123835][    T1] WARNING: possible recursive locking detected
[    8.124729][    T1] 6.6.0-rc3-syzkaller-dirty #0 Not tainted
[    8.125560][    T1] --------------------------------------------
[    8.126518][    T1] swapper/0/1 is trying to acquire lock:
[    8.126735][    T1] ffffffff8e69c268 (nf_hook_mutex){+.+.}-{3:3}, at: nf_hook_entries_grow+0x580/0x8b0
[    8.126735][    T1] 
[    8.126735][    T1] but task is already holding lock:
[    8.126735][    T1] ffffffff8e69c268 (nf_hook_mutex){+.+.}-{3:3}, at: __nf_register_net_hook+0xef/0x830
[    8.126735][    T1] 
[    8.126735][    T1] other info that might help us debug this:
[    8.126735][    T1]  Possible unsafe locking scenario:
[    8.126735][    T1] 
[    8.126735][    T1]        CPU0
[    8.126735][    T1]        ----
[    8.126735][    T1]   lock(nf_hook_mutex);
[    8.126735][    T1]   lock(nf_hook_mutex);
[    8.126735][    T1] 
[    8.126735][    T1]  *** DEADLOCK ***
[    8.126735][    T1] 
[    8.126735][    T1]  May be due to missing lock nesting notation
[    8.126735][    T1] 
[    8.126735][    T1] 2 locks held by swapper/0/1:
[    8.126735][    T1]  #0: ffffffff8e5e4190 (pernet_ops_rwsem){+.+.}-{3:3}, at: register_pernet_subsys+0x19/0x40
[    8.126735][    T1]  #1: ffffffff8e69c268 (nf_hook_mutex){+.+.}-{3:3}, at: __nf_register_net_hook+0xef/0x830
[    8.126735][    T1] 
[    8.126735][    T1] stack backtrace:
[    8.126735][    T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc3-syzkaller-dirty #0
[    8.126735][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[    8.126735][    T1] Call Trace:
[    8.126735][    T1]  <TASK>
[    8.126735][    T1]  dump_stack_lvl+0xd9/0x1b0
[    8.126735][    T1]  __lock_acquire+0x2971/0x5de0
[    8.126735][    T1]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[    8.126735][    T1]  lock_acquire+0x1ae/0x510
[    8.126735][    T1]  ? nf_hook_entries_grow+0x580/0x8b0
[    8.126735][    T1]  ? lock_sync+0x190/0x190
[    8.126735][    T1]  ? lock_acquire+0x1ae/0x510
[    8.126735][    T1]  ? preempt_count_sub+0x150/0x150
[    8.126735][    T1]  __mutex_lock+0x181/0x1340
[    8.126735][    T1]  ? nf_hook_entries_grow+0x580/0x8b0
[    8.126735][    T1]  ? nf_hook_entries_grow+0x580/0x8b0
[    8.126735][    T1]  ? preempt_count_sub+0x150/0x150
[    8.126735][    T1]  ? mutex_lock_io_nested+0x11a0/0x11a0
[    8.126735][    T1]  ? trace_contention_end+0xd6/0x100
[    8.126735][    T1]  ? __mutex_lock+0x25b/0x1340
[    8.126735][    T1]  ? __lock_acquire+0x182f/0x5de0
[    8.126735][    T1]  ? mutex_lock_io_nested+0x11a0/0x11a0
[    8.126735][    T1]  ? nf_hook_entries_grow+0x580/0x8b0
[    8.126735][    T1]  nf_hook_entries_grow+0x580/0x8b0
[    8.126735][    T1]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[    8.166836][    T1]  __nf_register_net_hook+0x142/0x830
[    8.166836][    T1]  nf_register_net_hook+0x101/0x150
[    8.166836][    T1]  nf_register_net_hooks+0x5d/0xc0
[    8.166836][    T1]  ? selinux_nf_unregister+0x30/0x30
[    8.166836][    T1]  ops_init+0xb9/0x650
[    8.166836][    T1]  register_pernet_operations+0x34b/0x820
[    8.166836][    T1]  ? cleanup_net+0xb20/0xb20
[    8.166836][    T1]  ? rng_is_initialized+0x40/0x40
[    8.166836][    T1]  ? selinux_init+0x320/0x320
[    8.166836][    T1]  register_pernet_subsys+0x28/0x40
[    8.166836][    T1]  selinux_nf_ip_init+0x35/0x80
[    8.166836][    T1]  do_one_initcall+0x117/0x630
[    8.166836][    T1]  ? trace_event_raw_event_initcall_level+0x200/0x200
[    8.166836][    T1]  kernel_init_freeable+0x5c2/0x900
[    8.166836][    T1]  ? rest_init+0x2b0/0x2b0
[    8.166836][    T1]  kernel_init+0x1c/0x2a0
[    8.166836][    T1]  ? rest_init+0x2b0/0x2b0
[    8.166836][    T1]  ret_from_fork+0x45/0x80
[    8.166836][    T1]  ? rest_init+0x2b0/0x2b0
[    8.166836][    T1]  ret_from_fork_asm+0x11/0x20
[    8.166836][    T1]  </TASK>
[  286.966884][   T28] INFO: task swapper/0:1 blocked for more than 143 seconds.
[  286.969104][   T28]       Not tainted 6.6.0-rc3-syzkaller-dirty #0
[  286.971304][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  286.973620][   T28] task:swapper/0       state:D stack:23024 pid:1     ppid:0      flags:0x00004000
[  286.976023][   T28] Call Trace:
[  286.976678][   T28]  <TASK>
[  286.977696][   T28]  __schedule+0xee1/0x5a10
[  286.978895][   T28]  ? rcu_is_watching+0x12/0xb0
[  286.980008][   T28]  ? trace_irq_enable.constprop.0+0xd0/0x100
[  286.981277][   T28]  ? irqentry_enter+0x2c/0x50
[  286.982136][   T28]  ? rcu_is_watching+0x12/0xb0
[  286.982834][   T28]  ? io_schedule_timeout+0x150/0x150
[  286.983837][   T28]  ? rcu_is_watching+0x12/0xb0
[  286.984537][   T28]  ? __mutex_lock+0x964/0x1340
[  286.985252][   T28]  ? do_raw_spin_lock+0x12e/0x2b0
[  286.985953][   T28]  ? spin_bug+0x1d0/0x1d0
[  286.986683][   T28]  schedule+0xe7/0x1b0
[  286.987309][   T28]  schedule_preempt_disabled+0x13/0x20
[  286.992893][   T28]  __mutex_lock+0x969/0x1340
[  286.997691][   T28]  ? nf_hook_entries_grow+0x580/0x8b0
[  287.003162][   T28]  ? preempt_count_sub+0x150/0x150
[  287.008617][   T28]  ? mutex_lock_io_nested+0x11a0/0x11a0
[  287.014340][   T28]  ? trace_contention_end+0xd6/0x100
[  287.019881][   T28]  ? __mutex_lock+0x25b/0x1340
[  287.024740][   T28]  ? __lock_acquire+0x182f/0x5de0
[  287.029819][   T28]  ? mutex_lock_io_nested+0x11a0/0x11a0
[  287.035385][   T28]  ? nf_hook_entries_grow+0x580/0x8b0
[  287.041001][   T28]  nf_hook_entries_grow+0x580/0x8b0
[  287.046464][   T28]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  287.052618][   T28]  __nf_register_net_hook+0x142/0x830
[  287.058143][   T28]  nf_register_net_hook+0x101/0x150
[  287.063352][   T28]  nf_register_net_hooks+0x5d/0xc0
[  287.068504][   T28]  ? selinux_nf_unregister+0x30/0x30
[  287.073863][   T28]  ops_init+0xb9/0x650
[  287.078000][   T28]  register_pernet_operations+0x34b/0x820
[  287.083725][   T28]  ? cleanup_net+0xb20/0xb20
[  287.088364][   T28]  ? rng_is_initialized+0x40/0x40
[  287.093503][   T28]  ? selinux_init+0x320/0x320
[  287.098308][   T28]  register_pernet_subsys+0x28/0x40
[  287.103675][   T28]  selinux_nf_ip_init+0x35/0x80
[  287.108677][   T28]  do_one_initcall+0x117/0x630
[  287.113475][   T28]  ? trace_event_raw_event_initcall_level+0x200/0x200
[  287.120835][   T28]  kernel_init_freeable+0x5c2/0x900
[  287.126412][   T28]  ? rest_init+0x2b0/0x2b0
[  287.130885][   T28]  kernel_init+0x1c/0x2a0
[  287.135437][   T28]  ? rest_init+0x2b0/0x2b0
[  287.139959][   T28]  ret_from_fork+0x45/0x80
[  287.144525][   T28]  ? rest_init+0x2b0/0x2b0
[  287.149056][   T28]  ret_from_fork_asm+0x11/0x20
[  287.153819][   T28]  </TASK>
[  287.157157][   T28] INFO: lockdep is turned off.
[  287.161893][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[  287.167099][   T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.6.0-rc3-syzkaller-dirty #0
[  287.167099][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[  287.167099][   T28] Call Trace:
[  287.167099][   T28]  <TASK>
[  287.167099][   T28]  dump_stack_lvl+0xd9/0x1b0
[  287.167099][   T28]  panic+0x6a6/0x750
[  287.167099][   T28]  ? panic_smp_self_stop+0xa0/0xa0
[  287.167099][   T28]  ? preempt_count_sub+0x150/0x150
[  287.167099][   T28]  ? watchdog+0xd3e/0x1210
[  287.167099][   T28]  watchdog+0xd4f/0x1210
[  287.167099][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[  287.167099][   T28]  ? lockdep_hardirqs_on+0x7d/0x100
[  287.167099][   T28]  ? __kthread_parkme+0x14b/0x220
[  287.167099][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[  287.167099][   T28]  kthread+0x33c/0x440
[  287.167099][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  287.167099][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  287.167099][   T28]  ret_from_fork+0x45/0x80
[  287.167099][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  287.167099][   T28]  ret_from_fork_asm+0x11/0x20
[  287.167099][   T28]  </TASK>
[  287.167099][   T28] Kernel Offset: disabled
[  287.167099][   T28] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1107752955=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)
HEAD detached at 0b6a67ac4
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0b6a67ac4b0dc26f43030c5edd01c9175f13b784 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230913-073137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0b6a67ac4b0dc26f43030c5edd01c9175f13b784 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230913-073137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0b6a67ac4b0dc26f43030c5edd01c9175f13b784 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230913-073137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"0b6a67ac4b0dc26f43030c5edd01c9175f13b784\"


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=15d5cd10e80000


Tested on:

commit:         6465e260 Linux 6.6-rc3
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel config:  https://syzkaller.appspot.com/x/.config?x=8d7d7928f78936aa
dashboard link: https://syzkaller.appspot.com/bug?extid=de4025c006ec68ac56fc
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=10b3d658e80000

Re: [syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (6)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in __nf_unregister_net_hook

------------[ cut here ]------------
hook not found, pf 2 num 1
WARNING: CPU: 1 PID: 6126 at net/netfilter/core.c:517 __nf_unregister_net_hook+0x1de/0x670 net/netfilter/core.c:517
Modules linked in:

CPU: 1 PID: 6126 Comm: syz-executor.1 Not tainted 6.6.0-rc3-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:__nf_unregister_net_hook+0x1de/0x670 net/netfilter/core.c:517
Code: 14 02 4c 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 7a 04 00 00 8b 53 1c 48 c7 c7 c0 d4 a8 8b 8b 74 24 04 e8 b2 ce dc f8 <0f> 0b e9 ec 00 00 00 e8 46 a5 16 f9 48 89 e8 48 c1 e0 04 49 8d 7c
RSP: 0018:ffffc9000378f2b8 EFLAGS: 00010282

RAX: 0000000000000000 RBX: ffff88805fc88800 RCX: 0000000000000000
RDX: ffff88801db5c200 RSI: ffffffff814cf016 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: fffffffffffddb78 R12: ffff888029249250
R13: ffff888064376598 R14: ffff888064376500 R15: ffff88805fc8881c
FS:  00007f560e44d6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555691d938 CR3: 0000000063604000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 nf_unregister_net_hook+0xd5/0x110 net/netfilter/core.c:539
 __nf_tables_unregister_hook net/netfilter/nf_tables_api.c:361 [inline]
 __nf_tables_unregister_hook+0x1a0/0x220 net/netfilter/nf_tables_api.c:340
 nf_tables_unregister_hook net/netfilter/nf_tables_api.c:368 [inline]
 nf_tables_commit+0x410f/0x59f0 net/netfilter/nf_tables_api.c:9992
 nfnetlink_rcv_batch+0xf36/0x2500 net/netfilter/nfnetlink.c:569
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
 nfnetlink_rcv+0x3bf/0x430 net/netfilter/nfnetlink.c:657
 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
 netlink_unicast+0x536/0x810 net/netlink/af_netlink.c:1368
 netlink_sendmsg+0x93c/0xe40 net/netlink/af_netlink.c:1910
 sock_sendmsg_nosec net/socket.c:730 [inline]
 sock_sendmsg+0xd9/0x180 net/socket.c:753
 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2541
 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2595
 __sys_sendmsg+0x117/0x1e0 net/socket.c:2624
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f560d67cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f560e44d0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f560d79c050 RCX: 00007f560d67cae9
RDX: 0000000000000000 RSI: 000000002000c2c0 RDI: 0000000000000004
RBP: 00007f560d6c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f560d79c050 R15: 00007fffbdf48218
 </TASK>


Tested on:

commit:         6465e260 Linux 6.6-rc3
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=104a2e24e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8d7d7928f78936aa
dashboard link: https://syzkaller.appspot.com/bug?extid=de4025c006ec68ac56fc
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=11b643d4e80000

Re: [syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (6)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in __nf_unregister_net_hook

------------[ cut here ]------------
hook not found, pf 2 num 1
WARNING: CPU: 0 PID: 5828 at net/netfilter/core.c:519 __nf_unregister_net_hook+0x1de/0x670 net/netfilter/core.c:519
Modules linked in:
CPU: 0 PID: 5828 Comm: syz-executor.2 Not tainted 6.6.0-rc3-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:__nf_unregister_net_hook+0x1de/0x670 net/netfilter/core.c:519
Code: 14 02 4c 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 7a 04 00 00 8b 53 1c 48 c7 c7 c0 d4 a8 8b 8b 74 24 04 e8 b2 ce dc f8 <0f> 0b e9 ec 00 00 00 e8 46 a5 16 f9 48 89 e8 48 c1 e0 04 49 8d 7c
RSP: 0018:ffffc90003ecf2b8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff888061921800 RCX: 0000000000000000
RDX: ffff88807a4a6180 RSI: ffffffff814cf016 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880772b7250
R13: ffff888023717598 R14: ffff888023717500 R15: ffff88806192181c
FS:  00007f709206d6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2411480420 CR3: 000000001c0be000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 nf_unregister_net_hook+0xd5/0x110 net/netfilter/core.c:541
 __nf_tables_unregister_hook net/netfilter/nf_tables_api.c:361 [inline]
 __nf_tables_unregister_hook+0x1a0/0x220 net/netfilter/nf_tables_api.c:340
 nf_tables_unregister_hook net/netfilter/nf_tables_api.c:368 [inline]
 nf_tables_commit+0x410f/0x59f0 net/netfilter/nf_tables_api.c:9992
 nfnetlink_rcv_batch+0xf36/0x2500 net/netfilter/nfnetlink.c:569
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
 nfnetlink_rcv+0x3bf/0x430 net/netfilter/nfnetlink.c:657
 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
 netlink_unicast+0x536/0x810 net/netlink/af_netlink.c:1368
 netlink_sendmsg+0x93c/0xe40 net/netlink/af_netlink.c:1910
 sock_sendmsg_nosec net/socket.c:730 [inline]
 sock_sendmsg+0xd9/0x180 net/socket.c:753
 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2541
 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2595
 __sys_sendmsg+0x117/0x1e0 net/socket.c:2624
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f709127cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f709206d0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f709139bf80 RCX: 00007f709127cae9
RDX: 0000000000000000 RSI: 000000002000c2c0 RDI: 0000000000000004
RBP: 00007f70912c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f709139bf80 R15: 00007ffca21c8a28
 </TASK>


Tested on:

commit:         6465e260 Linux 6.6-rc3
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=127331b8e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8d7d7928f78936aa
dashboard link: https://syzkaller.appspot.com/bug?extid=de4025c006ec68ac56fc
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=14c46f2f680000

Re: [syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (6)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in __nf_unregister_net_hook

------------[ cut here ]------------
hook not found, pf 2 num 1
WARNING: CPU: 0 PID: 5838 at net/netfilter/core.c:517 __nf_unregister_net_hook+0x1de/0x670 net/netfilter/core.c:517
Modules linked in:

CPU: 0 PID: 5838 Comm: syz-executor.0 Not tainted 6.6.0-rc3-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:__nf_unregister_net_hook+0x1de/0x670 net/netfilter/core.c:517
Code: 14 02 4c 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 7a 04 00 00 8b 53 1c 48 c7 c7 c0 d4 a8 8b 8b 74 24 04 e8 b2 ce dc f8 <0f> 0b e9 ec 00 00 00 e8 46 a5 16 f9 48 89 e8 48 c1 e0 04 49 8d 7c
RSP: 0018:ffffc90003e8f2b8 EFLAGS: 00010282

RAX: 0000000000000000 RBX: ffff8880655a7800 RCX: 0000000000000000
RDX: ffff888020762000 RSI: ffffffff814cf016 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff888027c57290
R13: ffff888065865b98 R14: ffff888065865b00 R15: ffff8880655a781c
FS:  00007f3c5fffe6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3c60d98000 CR3: 0000000079951000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 nf_unregister_net_hook+0xd5/0x110 net/netfilter/core.c:539
 __nf_tables_unregister_hook net/netfilter/nf_tables_api.c:361 [inline]
 __nf_tables_unregister_hook+0x1a0/0x220 net/netfilter/nf_tables_api.c:340
 nf_tables_unregister_hook net/netfilter/nf_tables_api.c:368 [inline]
 nf_tables_commit+0x410f/0x59f0 net/netfilter/nf_tables_api.c:9992
 nfnetlink_rcv_batch+0xf36/0x2500 net/netfilter/nfnetlink.c:569
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
 nfnetlink_rcv+0x3bf/0x430 net/netfilter/nfnetlink.c:657
 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
 netlink_unicast+0x536/0x810 net/netlink/af_netlink.c:1368
 netlink_sendmsg+0x93c/0xe40 net/netlink/af_netlink.c:1910
 sock_sendmsg_nosec net/socket.c:730 [inline]
 sock_sendmsg+0xd9/0x180 net/socket.c:753
 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2541
 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2595
 __sys_sendmsg+0x117/0x1e0 net/socket.c:2624
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3c60c7cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3c5fffe0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f3c60d9c050 RCX: 00007f3c60c7cae9
RDX: 0000000000000000 RSI: 000000002000c2c0 RDI: 0000000000000003
RBP: 00007f3c60cc847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f3c60d9c050 R15: 00007fffd735cc38
 </TASK>


Tested on:

commit:         6465e260 Linux 6.6-rc3
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=127de958e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8d7d7928f78936aa
dashboard link: https://syzkaller.appspot.com/bug?extid=de4025c006ec68ac56fc
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=10447648e80000

Re: [syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (6)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in __nf_unregister_net_hook

------------[ cut here ]------------
hook not found, pf 2 num 1
WARNING: CPU: 1 PID: 5828 at net/netfilter/core.c:517 __nf_unregister_net_hook+0x1de/0x670 net/netfilter/core.c:517
Modules linked in:
CPU: 1 PID: 5828 Comm: syz-executor.3 Not tainted 6.8.0-rc3-syzkaller-00211-g84443741faab #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0010:__nf_unregister_net_hook+0x1de/0x670 net/netfilter/core.c:517
Code: 14 02 4c 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 7a 04 00 00 8b 53 1c 48 c7 c7 a0 ab ab 8b 8b 74 24 04 e8 b2 64 c6 f8 <0f> 0b e9 ec 00 00 00 e8 f6 f9 00 f9 48 89 e8 48 c1 e0 04 49 8d 7c
RSP: 0018:ffffc90003c272b0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff88807dd4da00 RCX: ffffffff814d93f9
RDX: ffff88802c4c9dc0 RSI: ffffffff814d9406 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880699cad90
R13: ffff8880648246f8 R14: ffff888064824660 R15: ffff88807dd4da1c
FS:  00007f51415d46c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f51415b3d58 CR3: 000000007fa81000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 nf_unregister_net_hook+0xd5/0x110 net/netfilter/core.c:539
 __nf_tables_unregister_hook net/netfilter/nf_tables_api.c:362 [inline]
 __nf_tables_unregister_hook+0x1a0/0x220 net/netfilter/nf_tables_api.c:341
 nf_tables_unregister_hook net/netfilter/nf_tables_api.c:369 [inline]
 nf_tables_commit+0x3cdb/0x5ae0 net/netfilter/nf_tables_api.c:10174
 nfnetlink_rcv_batch+0xf3b/0x2510 net/netfilter/nfnetlink.c:569
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
 nfnetlink_rcv+0x3bf/0x430 net/netfilter/nfnetlink.c:657
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0xd5/0x180 net/socket.c:745
 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584
 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638
 __sys_sendmsg+0x117/0x1e0 net/socket.c:2667
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x78/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f514087cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f51415d40c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f514099c050 RCX: 00007f514087cae9
RDX: 0000000000000000 RSI: 000000002000c2c0 RDI: 0000000000000004
RBP: 00007f51408c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f514099c050 R15: 00007ffd31c3ba48
 </TASK>


Tested on:

commit:         84443741 netfilter: nf_tables: fix bidirectional offlo..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=11a08ae8180000
kernel config:  https://syzkaller.appspot.com/x/.config?x=52f6b87f61a6b59c
dashboard link: https://syzkaller.appspot.com/bug?extid=de4025c006ec68ac56fc
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.

Re: [syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (6)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+de4025c006ec68ac56fc@syzkaller.appspotmail.com

Tested on:

commit:         34bfd872 netfilter: nf_tables: raise dormant flag agai..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/fwestphal/nf.git dormant-reset
console output: https://syzkaller.appspot.com/x/log.txt?x=1495c734180000
kernel config:  https://syzkaller.appspot.com/x/.config?x=52f6b87f61a6b59c
dashboard link: https://syzkaller.appspot.com/bug?extid=de4025c006ec68ac56fc
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.
Note: testing is done by a robot and is best-effort only.