On Mon, 10 Oct 2016, Linus Torvalds wrote: > But the fact that it reacts _so_ badly to double-freeing issues when > the freelist has become corrupted due to an object being free'd and > then modified is clearly very fragile and not great. Yup that is why the debug options move the freepointer after the object and verify that the pointers in the chain point to valid objects in the slab page. slub_debug has special logic to detect double freeing and that option can be enabled separatelhy. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
