tests: shell: add test case for chain-in-use-splat

WARNING [.]: at net/netfilter/nf_tables_api.c:1885
6.3.4-201.fc38.x86_64 #1
nft_immediate_destroy+0xc1/0xd0 [nf_tables]
__nf_tables_abort+0x4b9/0xb20 [nf_tables]
nf_tables_abort+0x39/0x50 [nf_tables]
nfnetlink_rcv_batch+0x47c/0x8e0 [nfnetlink]
nfnetlink_rcv+0x179/0x1a0 [nfnetlink]
netlink_unicast+0x19e/0x290

This is because of chain->use underflow, at time destroy
function is called, ->use has wrapped back to -1.

Fixed via
"netfilter: nf_tables: fix chain binding transaction logic".

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/tests/shell/testcases/transactions/anon_chain_loop b/tests/shell/testcases/transactions/anon_chain_loop
new file mode 100755 (executable)
index 0000000..2fd6181
--- /dev/null
+++ b/tests/shell/testcases/transactions/anon_chain_loop
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# anon chains with c1 -> c2 recursive jump, expect failure
+$NFT -f - <<EOF
+table ip t {
+ chain c2 { }
+ chain c1 { }
+}
+
+add t c1 ip saddr 127.0.0.1 jump { jump c2; }
+add t c2 ip saddr 127.0.0.1 jump { jump c1; }
+EOF
+
+if [ $? -eq 0 ] ; then
+        echo "E: able to load bad ruleset" >&2
+        exit 1
+fi
+
+exit 0