Richard Guy Briggs <[email protected]> wrote: > nft_commit_notify(net, NETLINK_CB(skb).portid); > nf_tables_gen_notify(net, skb, NFT_MSG_NEWGEN); > nf_tables_commit_release(net); > > + nf_tables_commit_audit_log(&adl, net->nft.base_seq);
This meeds to be before nf_tables_commit_release() call, afaics this function dereferences data structures that might be free'd already here. -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
