On Thu, May 04, 2023 at 02:55:02PM +0200, Florian Westphal wrote: > I received a bug report (no reproducer so far) where we trip over > > 712 rcu_read_lock(); > 713 ct_hook = rcu_dereference(nf_ct_hook); > 714 BUG_ON(ct_hook == NULL); // here > > In nf_conntrack_destroy(). > > First turn this BUG_ON into a WARN. I think it was triggered > via enable_hooks=1 flag. > > When this flag is turned on, the conntrack hooks are registered > before nf_ct_hook pointer gets assigned. > This opens a short window where packets enter the conntrack machinery, > can have skb->_nfct set up and a subsequent kfree_skb might occur > before nf_ct_hook is set. > > Call nf_conntrack_init_end() to set nf_ct_hook before we register the > pernet ops. Applied to nf, thanks
