Re: [syzbot] WARNING in __nf_unregister_net_hook (4)

From: syzbot
Date: Thu Sep 30 2021 - 13:27:36 EST


syzbot has found a reproducer for the following issue on:

HEAD commit: 02d5e016800d Merge tag 'sound-5.15-rc4' of git://git.kerne..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=160132c0b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=9290a409049988d4
dashboard link: https://syzkaller.appspot.com/bug?extid=154bd5be532a63aa778b
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1400bf0f300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=144eaf17300000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+154bd5be532a63aa778b@xxxxxxxxxxxxxxxxxxxxxxxxx

------------[ cut here ]------------
WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 __nf_unregister_net_hook+0x4b1/0x600 net/netfilter/core.c:468
Modules linked in:
CPU: 0 PID: 2648 Comm: kworker/u4:6 Not tainted 5.15.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
RIP: 0010:__nf_unregister_net_hook+0x4b1/0x600 net/netfilter/core.c:468
Code: 00 00 00 e8 41 e9 16 fa 41 83 fc 05 74 5e e8 f6 e1 16 fa 44 89 e6 bf 05 00 00 00 e8 29 e9 16 fa e9 f5 fd ff ff e8 df e1 16 fa <0f> 0b 48 c7 c7 80 dd 17 8d e8 c1 a8 d7 01 e9 b1 fe ff ff 48 89 f7
RSP: 0018:ffffc9000b10f658 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888070c20b98 RCX: 0000000000000000
RDX: ffff888024aa9c80 RSI: ffffffff875f1991 RDI: 0000000000000003
RBP: 0000000000000005 R08: 0000000000000000 R09: ffffc9000b10f597
R10: ffffffff875f159f R11: 000000000000000e R12: 0000000000000001
R13: ffff88801d2b43d8 R14: 0000000000000000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2f45ae09b0 CR3: 000000000b68e000 CR4: 0000000000350ef0
Call Trace:
nf_unregister_net_hook+0xd5/0x110 net/netfilter/core.c:502
nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [inline]
nf_tables_unregister_hook.part.0+0x1ab/0x200 net/netfilter/nf_tables_api.c:273
nf_tables_unregister_hook include/net/netfilter/nf_tables.h:1090 [inline]
__nft_release_basechain+0x138/0x640 net/netfilter/nf_tables_api.c:9524
nft_netdev_event net/netfilter/nft_chain_filter.c:351 [inline]
nf_tables_netdev_event+0x521/0x8a0 net/netfilter/nft_chain_filter.c:382
notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1996
call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
call_netdevice_notifiers net/core/dev.c:2022 [inline]
unregister_netdevice_many+0x951/0x1790 net/core/dev.c:11043
ieee80211_remove_interfaces+0x394/0x820 net/mac80211/iface.c:2140
ieee80211_unregister_hw+0x47/0x1f0 net/mac80211/main.c:1391
mac80211_hwsim_del_radio drivers/net/wireless/mac80211_hwsim.c:3457 [inline]
hwsim_exit_net+0x50e/0xca0 drivers/net/wireless/mac80211_hwsim.c:4217
ops_exit_list+0xb0/0x160 net/core/net_namespace.c:168
cleanup_net+0x4ea/0xb00 net/core/net_namespace.c:591
process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297
worker_thread+0x658/0x11f0 kernel/workqueue.c:2444
kthread+0x3e5/0x4d0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295