View Issue Details

IDProjectCategoryView StatusLast Update
0003250CentOS-5kernelpublic2008-11-19 13:42
Reporterrep_movsd Assigned To 
PrioritynormalSeveritycrashReproducibilityhave not tried
Status closedResolutionduplicate 
Product Version5.0 - i386 
Summary0003250: Restarting the iptables service caused a kernel panic
DescriptionFresh iptables rules were added and the service was restarted and a kernel panic happened.

Additional Information
A fresh iptables ruleset was created with the following commands

# iptables -F
# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
# iptables -P OUTPUT ACCEPT
# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

To drop everything incoming by default except external ssh and localhost access and allow outgoing to anywhere.

Then the following commands were run

[root@mortgage /etc/sysconfig]# /sbin/service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@mortgage /etc/sysconfig]# cat iptables
# Generated by iptables-save v1.2.11 on Wed Nov 19 06:44:44 2008
*filter
:INPUT DROP [21:1944]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [399:103384]
:acctboth - [0:0]
:icmpchk - [0:0]
:input_custom - [0:0]
:ipdrop_global - [0:0]
:output_custom - [0:0]
:tcpchk - [0:0]
:udpchk - [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Nov 19 06:44:44 2008
[root@mortgage /etc/sysconfig]# /sbin/service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules:



On another ssh console where the command "tail -f /var/log/messages" was running, the following output was seen :


Nov 19 06:51:35 mortgage iptables: succeeded
Nov 19 06:51:35 mortgage iptables: succeeded
Nov 19 06:51:36 mortgage kernel: Unable to handle kernel paging request at virtual address f8a415e8
Nov 19 06:51:36 mortgage kernel: printing eip:
Nov 19 06:51:36 mortgage kernel: c0294afa
Nov 19 06:51:36 mortgage kernel: *pde = 00000000
Nov 19 06:51:36 mortgage kernel: Oops: 0000 [#1]
Nov 19 06:51:36 mortgage kernel: SMP
Nov 19 06:51:36 mortgage kernel: Modules linked in: ip_conntrack md5 ipv6 autofs4 cpufreq_powersave dm_mirror dm_mod button battery ac uhci_hcd ehci_hcd i3000_edac edac_mc tg3 floppy ext3 jbd ata_piix libata sd_mod scsi_mod
Nov 19 06:51:36 mortgage kernel: CPU: 1
Nov 19 06:51:36 mortgage kernel: EIP: 0060:[<c0294afa>] Not tainted VLI
Nov 19 06:51:36 mortgage kernel: EFLAGS: 00010212 (2.6.9-78.0.5.ELsmp)
Nov 19 06:51:36 mortgage kernel: EIP is at nf_unregister_sockopt+0x48/0x83
Nov 19 06:51:36 mortgage kernel: eax: 00000002 ebx: c035e784 ecx: f6ef3a00 edx: f8a415e0
Nov 19 06:51:36 mortgage kernel: esi: f8a6c7e0 edi: 00000000 ebp: dc0b8000 esp: dc0b8f5c
Nov 19 06:51:36 mortgage kernel: ds: 007b es: 007b ss: 0068
Nov 19 06:51:36 mortgage kernel: Process modprobe (pid: 29580, threadinfo=dc0b8000 task=efc552f0)
Nov 19 06:51:36 mortgage kernel: Stack: 00000000 c0337ba8 f8a63769 f8a6cc80 c01373ce 00000000 635f7069 746e6e6f
Nov 19 06:51:36 mortgage kernel: 6b636172 c0151e00 f7305944 f516fac4 c01521f2 b7f07000 b7f08000 b7f08000
Nov 19 06:51:36 mortgage kernel: b7f08000 f7026494 f7305900 f7305930 00000000 dc0b8000 09052840 00000000
Nov 19 06:51:36 mortgage kernel: Call Trace:
Nov 19 06:51:36 mortgage kernel: [<f8a63769>] init_or_cleanup+0x1e6/0x1ea [ip_conntrack]
Nov 19 06:51:36 mortgage kernel: [<c01373ce>] sys_delete_module+0x13b/0x184
Nov 19 06:51:36 mortgage kernel: [<c0151e00>] free_pgtables+0x12/0x7b
Nov 19 06:51:36 mortgage kernel: [<c01521f2>] do_munmap+0x108/0x116
Nov 19 06:51:36 mortgage kernel: [<c02e09b7>] syscall_call+0x7/0xb
Nov 19 06:51:36 mortgage kernel: Code: 04 00 89 d9 f0 ff 0d 84 e7 35 c0 0f 88 93 0c 00 00 8b 0d 9c e7 35 c0 8b 01 0f 18 00 90 81 f9 9c e7 35 c0 74 2f 8b 51 08 8b 46 08 <39> 42 08 8b 11 75 1e 8b 41 04 89 42 04 89 10 89 c8 c7 01 00 01
Nov 19 06:51:36 mortgage kernel: <0>Fatal exception: panic in 5 seconds
TagsNo tags attached.

Relationships

duplicate of 0003131 resolvedJohnnyHughes CentOS-4 kernel-2.6.9-78.0.1 panics when unloading iptables (via service iptables stop or shutdown) 

Activities

rep_movsd

rep_movsd

2008-11-19 13:03

reporter   ~0008303

Distro was CentOS 4.7 not 5, Sorry

user430

2008-11-19 13:42

  ~0008304

Duplicate of #3131 - closing

Issue History

Date Modified Username Field Change
2008-11-19 12:44 rep_movsd New Issue
2008-11-19 13:03 rep_movsd Note Added: 0008303
2008-11-19 13:42 user430 Relationship added duplicate of 0003131
2008-11-19 13:42 user430 Status new => closed
2008-11-19 13:42 user430 Note Added: 0008304
2008-11-19 13:42 user430 Resolution open => duplicate