On 07/09/2018 04:43 AM, Florian Westphal wrote: > Eric Dumazet reports: > Here is a reproducer of an annoying bug detected by syzkaller on our production kernel > [..] > ./b78305423 enable_conntrack > Then : > sleep 60 > dmesg | tail -10 > [ 171.599093] unregister_netdevice: waiting for lo to become free. Usage count = 2 > [ 181.631024] unregister_netdevice: waiting for lo to become free. Usage count = 2 > [ 191.687076] unregister_netdevice: waiting for lo to become free. Usage count = 2 > [ 201.703037] unregister_netdevice: waiting for lo to become free. Usage count = 2 > [ 211.711072] unregister_netdevice: waiting for lo to become free. Usage count = 2 > [ 221.959070] unregister_netdevice: waiting for lo to become free. Usage count = 2 > > Reproducer sends ipv6 fragment that hits nfct defrag via LOCAL_OUT hook. > skb gets queued until frag timer expiry -- 1 minute. > > Normally nf_conntrack_reasm gets called during prerouting, so skb has > no dst yet which might explain why this wasn't spotted earlier. > > Reported-by: Eric Dumazet <eric.dumazet@xxxxxxxxx> > Reported-by: John Sperbeck <jsperbeck@xxxxxxxxxx> > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Tested-by: Eric Dumazet <edumazet@xxxxxxxxxx> Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx> Thanks ! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
