> +#define push_rcu(stack, p, len) ({ \ > + if (rcu_access_pointer(p)) { \ > + BUG_ON(len >= 128); \ > + stack[len++] = rcu_dereference_raw(p); \ > + } \ > + true; \ > + }) > +static void root_free_rcu(struct rcu_head *rcu) > +{ > + struct allowedips_node *node, *stack[128] = { > + container_of(rcu, struct allowedips_node, rcu) }; > + unsigned int len = 1; > + > + while (len > 0 && (node = stack[--len]) && > + push_rcu(stack, node->bit[0], len) && > + push_rcu(stack, node->bit[1], len)) > + kfree(node); > +} Hi Jason I see this BUG_ON() is still here. It really needs to be removed. It does not look like you need to crash the kernel here. Can you add in a test of len >= 128, do a WARN and then return. I think you then leak some memory, but i would much prefer that to a crashed machine. Andrew