I can occasionally reproduce this panic, but not reliably. The machine
in question is running a custom app that uses the bridge ioctls and
netlink sockets directly, so it may be flushing out a bug by doing
something unusual that brctl and /sbin/ip do not normally do.
The kernel is 2.4.19 mostly vanilla. No bridge-nf patches are involved.
There is a patch to the packet socket code, but no packet sockets are
bound to any of the involved interfaces at the time of the panic. This
panic occurs when an interface is being added to a bridge.
It smells like some kind of race, but since I don't have time to dig
into it properly I'm posting it here to see if it makes sense to bridge
or netlink hackers.
Jason
ksymoops 2.4.5 on i686 2.4.19-jl16. Options used
-V (default)
-k /proc/ksyms (default)
-l /proc/modules (default)
-o /lib/modules/2.4.19-jl16/ (default)
-m /boot/System.map-2.4.19-jl16 (default)
Warning: You did not tell me where to find symbol information. I will
assume that the log matches the kernel and modules that are running
right now and I'll use the default options above for symbol resolution.
If the current kernel and/or modules do not match the log, you can get
more accurate output by telling me the kernel version and where to find
map, modules, ksyms etc. ksymoops -h explains the options.
invalid operand: 0000
CPU: 0
EIP: 0010:[<c01299b0>] Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010202
eax: ffffffff ebx: efefc260 ecx: 000001f0 edx: 00000000
esi: 000001f0 edi: efefc260 ebp: 000001f0 esp: e38f19bc
ds: 0018 es: 0018 ss: 0018
Process tako (pid: 213, stackpage=e38f1000)
Stack: efefc260 efefc268 00000246 000001f0 00000004 c0129cd0 efefc260 000001f0
ee990800 e3918800 e3918800 00000004 c01cbcd8 00000050 000001f0 ee990800
e3918800 e3918800 00000004 c01cbe79 e3918800 ee990800 ee990800 e3918800
Call Trace: [<c0129cd0>] [<c01cbcd8>] [<c01cbe79>] [<c01cc296>] [<c012e2b8>]
[<c0124f93>] [<c012dfcd>] [<c012e2b8>] [<c012b7b4>] [<c0122bb2>] [<c012b5c6>]
[<c0122c7d>] [<c0122d2e>] [<c0112f74>] [<c0112e14>] [<c012e2b8>] [<c01cf941>]
[<c0123152>] [<c012369e>] [<c010863c>] [<c0123152>] [<c010863c>] [<c01ce58e>]
[<c01460dc>] [<c01470f4>] [<c01467c4>] [<c01ce3f7>] [<c01ce448>] [<c019bc35>]
[<c019d760>] [<c0194007>] [<c019401b>] [<c019413b>] [<c019c191>] [<c019bc35>]
[<c010752f>] [<c012b7b4>] [<c01ce3f7>] [<c01ce448>] [<c019bc35>] [<c012b7b4>]
[<c019bc35>] [<c019d911>] [<c01cca6c>] [<c01cadee>] [<c0197fd5>] [<c019831d>]
[<c01c212a>] [<c01916a5>] [<c013ce17>] [<c010854b>]
Code: 0f 0b 6a 04 80 ad 1d c0 c7 44 24 10 01 00 00 00 b8 03 00 00
>>EIP; c01299b0 <kmem_cache_grow+44/1d4> <=====
>>eax; ffffffff <END_OF_CODE+f7db9c0/????>
>>ebx; efefc260 <_end+2fc8b434/3058f1d4>
>>edi; efefc260 <_end+2fc8b434/3058f1d4>
>>esp; e38f19bc <_end+23680b90/3058f1d4>
Trace; c0129cd0 <kmalloc+d8/fc>
Trace; c01cbcd8 <new_nbp+18/a4>
Trace; c01cbe79 <br_add_if+61/100>
Trace; c01cc296 <br_ioctl_device+66/620>
Trace; c012e2b8 <shmem_getpage+4c/98>
Trace; c0124f93 <__find_lock_page+13/14>
Trace; c012dfcd <shmem_getpage_locked+51/2f0>
Trace; c012e2b8 <shmem_getpage+4c/98>
Trace; c012b7b4 <__alloc_pages+40/178>
Trace; c0122bb2 <do_no_page+52/17c>
Trace; c012b5c6 <_alloc_pages+16/18>
Trace; c0122c7d <do_no_page+11d/17c>
Trace; c0122d2e <handle_mm_fault+52/b0>
Trace; c0112f74 <do_page_fault+160/490>
Trace; c0112e14 <do_page_fault+0/490>
Trace; c012e2b8 <shmem_getpage+4c/98>
Trace; c01cf941 <rb_insert_color+51/c4>
Trace; c0123152 <__vma_link+62/b0>
Trace; c012369e <do_mmap_pgoff+40e/4cc>
Trace; c010863c <error_code+34/3c>
Trace; c0123152 <__vma_link+62/b0>
Trace; c010863c <error_code+34/3c>
Trace; c01ce58e <clear_user+2e/3c>
Trace; c01460dc <padzero+1c/20>
Trace; c01470f4 <load_elf_binary+930/a80>
Trace; c01467c4 <load_elf_binary+0/a80>
Trace; c01ce3f7 <__delay+13/28>
Trace; c01ce448 <__const_udelay+1c/24>
Trace; c019bc35 <rtnetlink_fill_ifinfo+35d/3b8>
Trace; c019d760 <netlink_unicast+22c/274>
Trace; c0194007 <skb_release_data+6b/74>
Trace; c019401b <kfree_skbmem+b/54>
Trace; c019413b <__kfree_skb+d7/e0>
Trace; c019c191 <rtnetlink_rcv+379/3b0>
Trace; c019bc35 <rtnetlink_fill_ifinfo+35d/3b8>
Trace; c010752f <__down_failed_trylock+7/c>
Trace; c012b7b4 <__alloc_pages+40/178>
Trace; c01ce3f7 <__delay+13/28>
Trace; c01ce448 <__const_udelay+1c/24>
Trace; c019bc35 <rtnetlink_fill_ifinfo+35d/3b8>
Trace; c012b7b4 <__alloc_pages+40/178>
Trace; c019bc35 <rtnetlink_fill_ifinfo+35d/3b8>
Trace; c019d911 <netlink_broadcast+169/1a8>
Trace; c01cca6c <br_ioctl+5c/70>
Trace; c01cadee <br_dev_do_ioctl+7e/90>
Trace; c0197fd5 <dev_ifsioc+355/36c>
Trace; c019831d <dev_ioctl+331/3e8>
Trace; c01c212a <inet_ioctl+1f6/204>
Trace; c01916a5 <sock_ioctl+21/28>
Trace; c013ce17 <sys_ioctl+16b/184>
Trace; c010854b <system_call+33/38>
Code; c01299b0 <kmem_cache_grow+44/1d4>
00000000 <_EIP>:
Code; c01299b0 <kmem_cache_grow+44/1d4> <=====
0: 0f 0b ud2a <=====
Code; c01299b2 <kmem_cache_grow+46/1d4>
2: 6a 04 push $0x4
Code; c01299b4 <kmem_cache_grow+48/1d4>
4: 80 ad 1d c0 c7 44 24 subb $0x24,0x44c7c01d(%ebp)
Code; c01299bb <kmem_cache_grow+4f/1d4>
b: 10 01 adc %al,(%ecx)
Code; c01299bd <kmem_cache_grow+51/1d4>
d: 00 00 add %al,(%eax)
Code; c01299bf <kmem_cache_grow+53/1d4>
f: 00 b8 03 00 00 00 add %bh,0x3(%eax)
<0>Kernel panic: Aiee, killing interrupt handler!
1 warning issued. Results may not be reliable.
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
