Re: [Xen-devel] Re: Panic in ipt_do_table with 220.127.116.11-xen
From: Matt Ayres
Date: Tue May 23 2006 - 08:04:30 EST
Keir Fraser wrote:
On 22 May 2006, at 15:43, Patrick McHardy wrote:
The only other thing I can imagine is that something is wrong with
the per-CPU copy of the ruleset, i.e. either smp_processor_id is
returning garbage or for_each_possible_cpu misses a CPU during
initialization. I have no idea if Xen really does touch this code,
but other than that I don't really see what it could break.
Of the options you consider, this sounds most likely. Really we need
some more info from a crash: I'd like to get disassembly from a vmlinux
image if that's possible, Matt.
I have an un-stripped vmlinux built with kernel debugging and the
corresponding System.map. I will be sending these to you privately
shortly. You can see the multiple traces sent to this list.
It appears having the bandwidth accounting being performed by count
rules in the FORWARD chain is causing it for my setup. I suppose I
could optimize this to make the kernel spend as little time in
ipt_do_table in regards to the FORWARD chain. I flushed the FORWARD
chain (normally 100-120 rules) and have not experienced any crashes so
far... disabling bandwidth monitoring is by no means a long term fix.
It might be more generic in the symptoms, perhaps just any chain with
many rules and lots of traffic or It's just the FORWARD one that seems
to be doing it for me as that is where ipt_do_table spends most of it's
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/