View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005714||CentOS-6||iptables||public||2012-05-08 17:54||2012-05-19 10:04|
|Target Version||Fixed in Version|
|Summary||0005714: Server crashes when making changes to iptables|
|Description||When making changes to iptables on a Linux physical instance the server crashes.|
The server does not crash immediately an iptables command is run though within a minute the mouse and keyboard will lock up for 15 to 30 seconds then the server crashes, creates a vmcore and reboots.
|Steps To Reproduce||Perform a variety of iptables commands.|
# iptables -F
# service iptables restart
# iptables -A FORWARD -o eth0 -j ACCEPT
# iptables -A FORWARD -o virb0 -j ACCEPT
The same problem has occurred when making changes via system-config-firewall
|Additional Information||I have a vmcore for each crash but am struggling to analyse this.|
|Tags||No tags attached.|
Last entry in /var/log/messages prior to the crash is:
May 8 07:33:39 fiddler kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
May 8 07:38:42 fiddler kernel: imklog 4.6.2, log source = /proc/kmsg started.
crash output from vmcore:
DUMPFILE: vmcore [PARTIAL DUMP]
DATE: Tue May 8 07:34:17 2012
LOAD AVERAGE: 0.00, 0.42, 0.68
VERSION: #1 SMP Wed Mar 7 00:52:02 GMT 2012
MACHINE: x86_64 (1297 Mhz)
MEMORY: 4.9 GB
PANIC: "Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff8148f073"
TASK: ffff88015ab1ea80 [THREAD_INFO: ffff88015a1d4000]
STATE: TASK_RUNNING (PANIC)
Are your iptables at the last update?
rpm -aq | grep iptables
should return iptables-1.4.7-5.1.el6_2.x86_64
kernel 2.6.32-220.17.1 has been released.
If both packages are up-to-date does your problem still persist?
This issue is still repeatable and the iptables and kernel version are:
# rpm -qa|grep iptables
# uname -r
I need to confirm this but I think the problem disappears if libvirtd is stopped. I'll run some more tests to confirm if this is the case and add a note.
Well for what it's worth libvirtd did appear to be connected to the issue. If libvirt starts automatically and I shut it down the server will still crash though it take a little longer between making a firewall change and it crashing. If I have libvirtd disabled on startup I can make firewall changes without issue, however when I start libvirtd and then make a change it crashes again.
However, I have no upgraded to the kernel listed above and initial tests suggest this could have fixed the issue. I will perform further tests and confirm if this is the case.
I spoke too soon. Literally after posting the last update I logged onto a VM Guest and the host crashed. I will continue with my tests and update again.
I've checked each vmcore produced by each crash and different commands are being identified each time. To analyse the vmcore's further, if they're of any use at all, I will need further instruction.
|If this is a networking related issue, I wonder if IPv6 is somehow related. http://wiki.centos.org/FAQ/CentOS6#head-d47139912868bcb9d754441ecb6a8a10d41781df might be helpful.|
|2012-05-08 17:54||m223464||New Issue|
|2012-05-08 17:57||m223464||Note Added: 0015049|
|2012-05-09 20:37||m223464||Note Added: 0015058|
|2012-05-16 18:41||tigalch||Note Added: 0015093|
|2012-05-16 22:30||m223464||Note Added: 0015095|
|2012-05-17 12:20||m223464||Note Added: 0015096|
|2012-05-17 12:28||m223464||Note Added: 0015097|
|2012-05-19 10:04||avij||Note Added: 0015105|