Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752986AbcJKAae (ORCPT ); Mon, 10 Oct 2016 20:30:34 -0400 Received: from shards.monkeyblade.net ([184.105.139.130]:46114 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752499AbcJKAad (ORCPT ); Mon, 10 Oct 2016 20:30:33 -0400 Date: Mon, 10 Oct 2016 20:30:19 -0400 (EDT) Message-Id: <20161010.203019.388602181022157591.davem@davemloft.net> To: torvalds@linux-foundation.org Cc: aconole@redhat.com, fw@strlen.de, viro@zeniv.linux.org.uk, akpm@linux-foundation.org, axboe@fb.com, tytso@mit.edu, cl@linux.com, pablo@netfilter.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: Re: slab corruption with current -git From: David Miller In-Reply-To: References: X-Mailer: Mew version 6.7 on Emacs 24.5 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Mon, 10 Oct 2016 17:30:29 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 861 Lines: 24 From: Linus Torvalds Date: Mon, 10 Oct 2016 12:05:17 -0700 > David - I think that also explains what was wrong with the old code. > In the old code, this loop: > > while (hooks_entry && nf_entry_dereference(hooks_entry->next)) { > > would exit with "hooks_entry" pointing to the last list entry (because > ->next was NULL). Nothing was ever unlinked in the loop itself, > because it never actually found a matching entry, but then after the > loop it would free that last entry because it *thought* that was the > match. It only does this when the ops don't match, but yes it can happen. Linus can you add some extra info to that: WARN(1, "nf_unregister_net_hook: hook not found!\n"); diagnostic, such as the reg->pf and reg->hooknum values? That might help track down why this is happening in the first place.