> > Also you are at the point the tty is closing so the net device may be
> > active. Don't you need to netif_stop_queue() or defer the buffer
> > kfrees until after the network device is unregistered so you don't pee
> > into free memory if you have a transmit occurring ?
>
> I'm pretty sure that
From: One Thousand Gnomes
Date: Thu, 17 Dec 2015 23:47:39 +
> On Thu, 17 Dec 2015 16:05:32 -0500 (EST)
> David Miller wrote:
>
>> From: One Thousand Gnomes
>> Date: Thu, 17 Dec 2015 11:41:04 +
>>
>> >> This report is then followed by a dozen of other use-after-free reports.
>> >>
>>
On Thu, 17 Dec 2015 16:05:32 -0500 (EST)
David Miller wrote:
> From: One Thousand Gnomes
> Date: Thu, 17 Dec 2015 11:41:04 +
>
> >> This report is then followed by a dozen of other use-after-free reports.
> >>
> >> On commit edb42dc7bc0da0125ceacab810a553ce1f0cac8d (Dec 15).
> >>
> >> Tha
On Thu, Dec 17, 2015 at 04:05:32PM -0500, David Miller wrote:
> This should fix it, the only thing I'm unsure of is if we should perhaps
> also use del_timer_sync() here. Anyone?
I think so.
Ralf
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
From: One Thousand Gnomes
Date: Thu, 17 Dec 2015 11:41:04 +
>> This report is then followed by a dozen of other use-after-free reports.
>>
>> On commit edb42dc7bc0da0125ceacab810a553ce1f0cac8d (Dec 15).
>>
>> Thank you
>
> sixpack_close does unregister_netdev(sp->dev), which frees sp as sp
> This report is then followed by a dozen of other use-after-free reports.
>
> On commit edb42dc7bc0da0125ceacab810a553ce1f0cac8d (Dec 15).
>
> Thank you
sixpack_close does unregister_netdev(sp->dev), which frees sp as sp is
actually allocated via alloc_netdev()
Then deletes two timers within s
