David Miller <davemdavemloft!net> wrote:
> From: Leonardo Bras <leonardo@xxxxxxxxxxxxx>
> Date: Tue, 27 Aug 2019 14:34:14 -0300
>
> > I could reproduce this bug on a host ('ipv6.disable=1') starting a
> > guest with a virtio-net interface with 'filterref' over a virtual
> > bridge. It crashes the host during guest boot (just before login).
> >
> > By that I could understand that a guest IPv6 network traffic
> > (viavirtio-net) may cause this kernel panic.
>
> Really this is bad and I suspected bridging to be involved somehow.
Thats a good point -- Leonardo, is the
"net.bridge.bridge-nf-call-ip6tables" sysctl on?
As much as i'd like to send a patch to remove br_netfilter, I fear
we can't even stop passing ipv6 packets up to netfilter if
ipv6.disable=1 is set because users might be using ip6tables for
bridged traffic.
