Qingjie Xing <xqjcool@xxxxxxxxx> wrote: > With an iptables-configured TFTP helper in place, a UDP packet > (10.65.41.36:1069 → 10.65.36.2:69, TFTP RRQ) triggered creation of an expectation. > Later, iptables changes removed the rule’s per-rule template nf_conn. > When the expectation’s timer expired, nf_ct_unlink_expect_report() > ran and dereferenced the freed master, causing a crash. Sorry, I do not see the problem. A template should never be listed as exp->master. Can you make a reproducer/selftest for this bug? I worry we paper over a different bug.
