Re: [PATCH v2 1/2] netfilter: ip_tables: guard ipt_unregister_table_pre_exit against NULL ops

Next message: Dave Jiang: "Re:"
Previous message: Anisa Su: "Re: [RFC PATCH 0/4] cxl/extent: Enable and validate multi-extent DCDs"
In reply to: Tristan Madani: "Re: [PATCH v2 1/2] netfilter: ip_tables: guard ipt_unregister_table_pre_exit against NULL ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Florian Westphal

Date: Fri May 01 2026 - 18:01:17 EST

Tristan Madani <tristmd@xxxxxxxxx> wrote:
> That said, the crash is real -- KASAN shows ops=NULL in
> pre_exit during cleanup_net -- so something is reaching that
> path. The V2 guard handles it regardless of the root cause:
> if ops is NULL in pre_exit, we should not pass it to
> nf_unregister_net_hooks.
>
> I will share any PoC/repro if I get one.

Thanks. I have a patch series that should close all
races, I need to retest it tomorrow and then I'll post it
so sashiko, syzbot etc. can have a go at it.

I found a few other problems in the general area so it should
be a good improvement over the current state of affairs.