[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#599816: Kernel panic on 36 and more encapsulated GRE tunnels



On Mon, 2010-10-11 at 16:53 +0200, Beatrice Barbe wrote:
> Package: Debian GNU/Linux
> Version: 5.0.6
> 
> When creating 36 or more GRE tunnels, with the script attached to the
> mail, and sending a packet, I got a kernel panic.
> The last line in syslog is: “GRE over IPv4 tunneling driver”
> 
> #tunels.sh 37
> 
> %ping -I 192.168.9.1 192.168.10.1
> ->kernel panic

Hmm, that's a weird bug.  I can reproduce it in Debian stable (Linux
2.6.26) though it is fixed in testing (Linux 2.6.32).

The panic messages I get are:

[   71.391683] BUG: scheduling while atomic: ping/2163/0xd7a8f000
[   71.392047] Pid: 2163, comm: ping Not tainted 2.6.26-2-686 #1
[   71.392047]  [<c02b86f2>] schedule+0x70/0x66f
[   71.392047]  [<c0126372>] sys_gettimeofday+0x27/0x53
[   71.392047]  [<c0103976>] work_resched+0x5/0x28
[   71.392047]  =======================
[   71.392047] BUG: unable to handle kernel paging request at 5c3b6400
[   71.392047] IP: [<c01187e9>] cpuacct_charge+0x29/0x34
[   71.392047] *pde = 00000000 
[   71.392047] Oops: 0000 [#1] SMP 
[   71.392047] Modules linked in: ip_gre loop snd_pcm snd_timer snd soundcore snd_page_alloc parport_pc parport serio_raw pcspkr psmouse i2c_piix4 button i2c_core evdev ext3 jbd mbcache ide_cd_mod cdrom ide_disk ata_generic libata scsi_mod dock floppy e1000 piix ide_pci_generic ide_core thermal processor fan thermal_sys [last unloaded: scsi_wait_scan]
[   71.392047] 
[   71.392047] Pid: 2163, comm: ping Not tainted (2.6.26-2-686 #1)
[   71.392047] EIP: 0060:[<c01187e9>] EFLAGS: 00010086 CPU: 0
[   71.392047] EIP is at cpuacct_charge+0x29/0x34
[   71.392047] EAX: df80b200 EBX: 00000000 ECX: 003ca62e EDX: df2eac80
[   71.392047] ESI: df89fa00 EDI: 08050440 EBP: df89fa00 ESP: de845f54
[   71.392047]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[   71.392047] Process ping (pid: 2163, ti=de844000 task=df89fa00 task.ti=de844000)
[   71.392047] Stack: df89fa28 c1409ffc c011f6ee c1409fc0 00000040 c02b8999 00000040 00000003 
[   71.392047]        00000040 df89fb90 c1409fc0 00000000 00000003 0804f2c0 00000000 00000003 
[   71.392047]        0804f2c0 00000000 c0126372 4cb52b61 00000010 00000040 08050440 de844000 
[   71.392047] Call Trace:
[   71.392047]  [<c011f6ee>] put_prev_task_fair+0x17/0x37
[   71.392047]  [<c02b8999>] schedule+0x317/0x66f
[   71.392047]  [<c0126372>] sys_gettimeofday+0x27/0x53
[   71.392047]  [<c0103976>] work_resched+0x5/0x28
[   71.392047]  =======================
[   71.392047] Code: 14 c3 83 3d b0 10 35 c0 00 56 89 c6 53 89 cb 89 d1 74 20 8b 80 d8 03 00 00 8b 40 28 85 c0 74 13 8b 56 04 8b 40 0c 8b 52 10 f7 d0 <8b> 04 90 01 08 11 58 04 5b 5e c3 55 57 bf 3f 00 00 00 56 53 83 
[   71.392047] EIP: [<c01187e9>] cpuacct_charge+0x29/0x34 SS:ESP 0068:de845f54
[   71.392047] Kernel panic - not syncing: Fatal exception in interrupt

It looks like the send() call returns with a spinlock held.  I haven't
yet found the change between versions 2.6.26 and 2.6.32 that fixed this,
but I will keep looking.

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: