On Mon, Dec 13, 2021 at 05:45:44AM -0800, Eric Dumazet wrote: > From: Eric Dumazet <edumazet@xxxxxxxxxx> > > We need to use list_for_each_entry_safe() iterator > because we can not access @catchall after kfree_rcu() call. > > syzbot reported: > > BUG: KASAN: use-after-free in nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline] > BUG: KASAN: use-after-free in nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline] > BUG: KASAN: use-after-free in nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493 > Read of size 8 at addr ffff8880716e5b80 by task syz-executor.3/8871 Applied to nf, thanks
