On Wed, 2009-11-04 at 15:01 +0100, Patrick McHardy wrote: > I can't find anything which could cause this. Please post full > information (all netfilter rules, ping version, qdiscs and whatever > else might seem important). > > Also, your kernel is already tainted (D), please retry with > a cleanly booted kernel. I reproduce right after a reboot, and it's still tainted, how do I remove that? The only strange thing at boot would be some vga= option in lilo that fails (because of a wrong value) and asks me for a mode. It might be worth noting that the kernel is patched with IMQ, latest version from linux-imq.net, but the IMQ device is not used. Versions: - Everything Debian Lenny except for the kernel and iptables - Linux 2.6.30.9 SMP-PREEMPT (also happened with older 2.6.30 versions) - iptables v1.4.4 patched with IMQ # ping -V ping utility, iputils-sss20071127 Hardware: - Reproduced on an HP-ML110 and some man-made gigabyte motherboards with old dual-cores and realtek eths. - Could not reproduce in QEMU/KVM with the exact same SW versions. My script running right before the command that causes panic is: # cleanup iptables -t mangle -F iptables -t nat -F iptables -t filter -F tc qdisc del dev eth0 root tc qdisc del dev eth1 root ip address flush dev eth0 ip address flush dev eth1 ip rule flush ip route flush # configure ip rule add prio 32766 from all lookup main ip rule add prio 32767 from all lookup default ip address add dev eth0 192.168.10.218/24 brd + ip route add default via 192.168.10.1 The exact commands I run are: # iptables -I OUTPUT -j QUEUE # ping google.com Appart from a ping command, anything generating traffic will provoque the panic like an ssh command or just waiting for some incoming packets. It does not happen at the very first packet, as I have results when I do the following from a remote machine (by ssh): # iptables -I OUTPUT -j QUEUE; cat /proc/net/netfilter/nf_queue 0 NONE 1 NONE 2 NONE 3 NONE 4 NONE 5 NONE 6 NONE 7 NONE 8 NONE 9 NONE 10 NONE 11 NONE 12 NONE Thanks, François. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
