Hillf Danton <hdanton@xxxxxxxx> wrote: > > lock trans mutex returns > > flush work > > free A > > unlock trans mutex > > > If your patch is correct, it should survive a warning. > > #syz test https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git 1c5fc27bc48a > > --- x/net/netfilter/nf_tables_api.c > +++ y/net/netfilter/nf_tables_api.c > @@ -11552,9 +11552,10 @@ static int nft_rcv_nl_event(struct notif > > gc_seq = nft_gc_seq_begin(nft_net); > > - if (!list_empty(&nf_tables_destroy_list)) > - nf_tables_trans_destroy_flush_work(); > + nf_tables_trans_destroy_flush_work(); > again: > + WARN_ON(!list_empty(&nft_net->commit_list)); > + You could officially submit this patch to nf-next, this is a slow path and the transaction list must be empty here. I think this change might be useful as it also documents this requirement.