On Tue, May 17, 2022 at 10:50:36PM +0200, Florian Westphal wrote: > syzbot reports: > BUG: KASAN: slab-out-of-bounds in __list_del_entry_valid+0xcc/0xf0 lib/list_debug.c:42 > [..] > list_del include/linux/list.h:148 [inline] > cttimeout_net_exit+0x211/0x540 net/netfilter/nfnetlink_cttimeout.c:617 > > No reproducer so far. Looking at recent changes in this area > its clear that the free_head must not be at the end of the > structure because nf_ct_timeout structure has variable size. Applied, thanks
