Re: Fw: [Bugme-new] [Bug 5803] New: Bridge code Oops with 2.6.14.2

Herbert Xu Fri, 20 Jan 2006 23:32:15 -0800

On Fri, Jan 20, 2006 at 11:35:46AM +0000, Andrew Morton wrote:
> 
> Looks like br_netfilter went splat.


It's not surprising that it went splat.  What does puzzle me is how
on earth did no one see this before.

The bridge code is just broken when it comes to removing a live interface
from a bridge.  Look, del_nbp can be called at any time when user space
asks us to remove an interface from a bridge.  The first thing it does
is set dev->br_port to NULL.  Now if dev is a live interface and receiving
a packet at that point in time, then we can have someone sitting in
br_nf_forward_ip and just about to dereference dev->br_port.

Stephen, you've got your work cut out :)
 
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
>  printing eip:
> f8be14f4
> *pde = 00000000
> Oops: 0000 [#1]
> SMP 
> Modules linked in: autofs4 tun ipv6 bridge floppy pcspkr hw_random 
> i2c_amd8111 
> generic amd74xx shpchp pci_hotplug ohci_hcd usbcore raid1 md_mod dm_mod rtc 
> w83627hf eeprom lm85 hwmon_vid i2c_isa i2c_amd756 i2c_core tg3 e100 mii 
> psmouse ide_generic ide_disk ide_cd cdrom ide_core unix
> CPU:    1
> EIP:    0060:[<f8be14f4>]    Not tainted VLI
> EFLAGS: 00010287   (2.6.14.2-skas3-v8.2) 
> EIP is at br_nf_forward_ip+0xa2/0x16a [bridge]
> eax: 00000000   ebx: d7b59dc0   ecx: ea4a5380   edx: 00000080
> esi: 00000002   edi: 00000002   ebp: f8bdbdb7   esp: e172bcc8
> ds: 007b   es: 007b   ss: 0068
> Process linux-2.6.7-02- (pid: 4049, threadinfo=e172a000 task=e99ed550)
> Stack: 80000000 c03e7350 c02d44e7 00000002 e172bd58 f8be1334 80000000 
> ea4a5380 
>        e172bd40 80000000 c03e7350 c02d44e7 00000002 e172bd7c f2641000 
> efd7e800 
>        f8bdbdb7 00000002 e172bd7c c03e7350 f8bdbdb7 c02d4564 c03e7350 
> e172bd7c 

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Fw: [Bugme-new] [Bug 5803] New: Bridge code Oops with 2.6.14.2

Reply via email to