Observed below kernel oops on "Linux version 4.9.0-9-2-amd64" from Debian 9.
This was observed when bridge vlan netdevs were getting deleted while packets were being received. I observed this only once, but wanted to put it out there for the record. Below is the decoded call path. It appears to be in the elementary pkt handling function. I searched for upstream commits for any patches around this code but could not find anything. Any thoughts on what it might be about while I try to figure out the test case to simulate the panic condition again. process_backlog() ---- __skb_dequeue() --- __skb_unlink() -- next->prev = prev; (Panic) [12106.283243] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [12106.292014] IP: [<ffffffff9ab1265c>] process_backlog+0x7c/0x130 [12106.298643] PGD 0 [12106.300691] [12106.302356] Oops: 0002 1 SMP <SNIP> [12106.456408] task: ffff8a0aad1ed140 task.stack: ffff950741980000 [12106.463027] RIP: 0010:[<ffffffff9ab1265c>] [<ffffffff9ab1265c>] process_backlog+0x7c/0x130 <SNIP> [12106.584667] Call Trace: [12106.587403] [<ffffffff9ab11df6>] ? net_rx_action+0x246/0x380 [12106.593827] [<ffffffff9ac1e81d>] ? __do_softirq+0x10d/0x2b0 [12106.600152] [<ffffffff9a69d560>] ? sort_range+0x20/0x20 [12106.606090] [<ffffffff9a67ff5e>] ? run_ksoftirqd+0x1e/0x40 [12106.612318] [<ffffffff9a69d66e>] ? smpboot_thread_fn+0x10e/0x160 [12106.619130] [<ffffffff9a699dd9>] ? kthread+0xd9/0xf0 [12106.624776] [<ffffffff9a699d00>] ? kthread_park+0x60/0x60 [12106.630908] [<ffffffff9ac1aeb7>] ? ret_from_fork+0x57/0x70
