Hi Florian, On 25/10/2024 15:32, Florian Westphal wrote: > On rule delete we get: > WARNING: suspicious RCU usage > net/netfilter/nf_tables_api.c:3420 RCU-list traversed in non-reader section!! > 1 lock held by iptables/134: > #0: ffff888008c4fcc8 (&nft_net->commit_mutex){+.+.}-{3:3}, at: nf_tables_valid_genid (include/linux/jiffies.h:101) nf_tables > > Code is fine, no other CPU can change the list because we're holding > transaction mutex. > > Pass the needed lockdep annotation to the iterator and fix > two comments for functions that are no longer restricted to rcu-only > context. > > This is enough to resolve rule delete, but there are several other > missing annotations, added in followup-patches. Thank you for the patch! (and sorry for having somehow pushed you to open the pandora box for the other cases :) ) I confirm this fix avoids the warning in my case: Tested-by: Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx> Cheers, Matt -- Sponsored by the NGI0 Core fund.