On Wed, 3 May 2017 16:35:45 +0000 Anton Kovalenko <Anton.Kovalenko@xxxxxxxxxxx> wrote: > The problem (accessing session->conn_list after freeing session) was discovered using valgrind. > > Note that while list_for_each_entry_safe is safe against current list element destruction, > it is UNSAFE against the traversed list_head (third argument) becoming invalid during iteration. > That's exactly what happens when the last connection of a session goes away (conn_exit -> session_put -> use-after-free). Great catch, applied both. Any other places like this? Thanks a lot! -- To unsubscribe from this list: send the line "unsubscribe stgt" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html