On Wed, 2017-09-20 at 11:22 -0700, Cong Wang wrote: > but dmesg at this time shows nothing about interfaces or flaps. > > This is very odd. > > We only free netdevice in free_netdev() and it is only called when > we unregister a netdevice. Otherwise pcpu_refcnt is impossible > to be NULL.
If there is a missing dev_hold() or one dev_put() in excess, this would allow the netdev to be freed too soon. -> Use after free. memory holding netdev could be reallocated-cleared by some other kernel user.
