bridge deletion BUG triggered.

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* bridge deletion BUG triggered.
@ 2015-03-25  1:29 Dave Jones
  0 siblings, 0 replies; only message in thread
From: Dave Jones @ 2015-03-25  1:29 UTC (permalink / raw)
  To: netdev

I'm working on a dumb network ioctl fuzzer, and
seem to be able to trigger this pretty easily..


tried to remove device eth1 from br1.2
------------[ cut here ]------------
kernel BUG at net/core/dev.c:5053!
invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC 
CPU: 0 PID: 12154 Comm: brctl Not tainted 4.0.0-rc5+ #4
task: ffff8800adef4350 ti: ffff8800ad1b4000 task.ti: ffff8800ad1b4000
RIP: 0010:[<ffffffffb88923cb>]  [<ffffffffb88923cb>] __netdev_adjacent_dev_remove+0xab/0x290
RSP: 0018:ffff8800ad1b7cc8  EFLAGS: 00010202
RAX: 0000000000000026 RBX: ffff8800b3d5c0b8 RCX: 0000000000000000
RDX: ffff8800bf5cf070 RSI: ffffffffb814eda1 RDI: ffffffffb814e71f
RBP: ffff8800ad1b7cf8 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000001 R12: ffff8800ad3133e0
R13: ffff8800b3d5c000 R14: ffff8800b3d5c0e0 R15: 0000000000000000
FS:  00007fb0e1d66700(0000) GS:ffff8800bf400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007fb0e18d0550 CR3: 00000000abd5e000 CR4: 00000000000007f0
Stack:
 ffff8800b3d5c000 ffff8800b3d5c0b0 ffff8800ad1b7cf8 ffff8800ad3133e0
 ffff8800b3d5c000 ffff8800ad2942a0 ffff8800ad1b7d18 ffffffffb88925d6
 ffff8800ad294370 ffff8800bafc0c40 ffff8800ad1b7d78 ffffffffb88927a5
Call Trace:
 [<ffffffffb88925d6>] __netdev_adjacent_dev_unlink+0x26/0x50
 [<ffffffffb88927a5>] netdev_upper_dev_unlink+0x135/0x1c0
 [<ffffffffc0d31175>] ? br_manage_promisc+0xd5/0x190 [bridge]
 [<ffffffffc0d31412>] del_nbp+0x132/0x1f0 [bridge]
 [<ffffffffc0d31525>] br_dev_delete+0x55/0xf0 [bridge]
 [<ffffffffc0d316fa>] br_del_bridge+0x7a/0xb0 [bridge]
 [<ffffffffc0d343d3>] br_ioctl_deviceless_stub+0x193/0x470 [bridge]
 [<ffffffffb8133dbe>] ? put_lock_stats.isra.18+0x1e/0x50
 [<ffffffffb8866aa1>] sock_ioctl+0x2d1/0x370
 [<ffffffffb8336d35>] do_vfs_ioctl+0x3b5/0x8f0
 [<ffffffffb815c5b4>] ? rcu_read_lock_held+0x94/0xa0
 [<ffffffffb834ae8e>] ? __fget_light+0x14e/0x190
 [<ffffffffb8337321>] SyS_ioctl+0xb1/0xf0
 [<ffffffffb8a979f2>] system_call_fastpath+0x12/0x17
Code: 48 89 35 59 7c 3a 02 4c 89 e2 4c 89 ee 48 c7 c7 f8 a5 04 b9 48 83 05 54 7c 3a 02 01 31 c0 e8 38 4a 1f 00 48 83 05 4d 7c 3a 02 01 <0f> 0b 48 83 05 4b 7c 3a 02 01 0f 1f 00 4c 89 0d 29 7c 3a 02 48 
RIP  [<ffffffffb88923cb>] __netdev_adjacent_dev_remove+0xab/0x290
 RSP <ffff8800ad1b7cc8>
---[ end trace da3f5abac9e6dfcf ]---


Another variant of the same trace showed..

tried to remove device eth1 from vlan0001

I'll try and coax it into spitting out what the
actual network configuration was before it hit these cases.

	Dave

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-03-25  1:29 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-03-25  1:29 bridge deletion BUG triggered Dave Jones

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).