Bug 517823 - close the firewall when a vm boot,host panic.
Summary: close the firewall when a vm boot,host panic.
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.5
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Red Hat Kernel Manager
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks: 533192
TreeView+ depends on / blocked
 
Reported: 2009-08-17 11:32 UTC by jiyang
Modified: 2013-01-09 21:51 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-02 21:49:28 UTC


Attachments (Terms of Use)
failed log from serial console (6.61 KB, application/octet-stream)
2009-08-17 11:32 UTC, jiyang
no flags Details

Description jiyang 2009-08-17 11:32:56 UTC
Created attachment 357636 [details]
failed log from serial console

Description of problem
boot a vm when iptables of the host open,then try to close the firewall,the host panic.if close the firewall when no vm running,it's OK.

Version-Release number of selected component (if applicable)
host(RHEL5U4)--kernel:2.6.18-162.el5
               kvm version:kvm-83-106.el5
guest:RHEL5.3-Server-32

CLI::/usr/libexec/qemu-kvm -no-hpet -usbdevice tablet -rtc-td-hack -smp 2 -m 2G -uuid `uuidgen` -net nic,model=virtio,macaddr=22:44:66:88:00:17,vlan=0 -net tap,vlan=0,script=/etc/qemu-ifup -cpu qemu64,+sse2 -drive file=/media/RHEL-Server-5.3-32.raw,if=ide -boot c -vnc :3

How reproducible:
50%
when nic=rtl8139,I try three times,it's OK
when nic=e1000,almost when the second time,the issue happend
when nic=virtio,almost when the second time,the issue happend

Steps to Reproduce:
1.run #service iptables status to check the firewall's status,ensure the firewall is open
2.boot a vm
3.run #service iptables stop try to close the firewall
  
Actual results:
sometimes the host system panic,can not do any operation 

Expected results:
after 3:the firewall is closed,no abnormal happend

Additional info:
network config files:
[root@dhcp-66-70-28 network-scripts]# cat ifcfg-breth0 
DEVICE=breth0
TYPE=Bridge
PEERNTP=yes
DELAY=0
BOOTPROTO=dhcp
ONBOOT=yes

[root@dhcp-66-70-28 network-scripts]# cat ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BRIDGE=breth0
HWADDR=00:23:AE:8D:8B:87

[root@dhcp-66-70-28 network-scripts]# cat /etc/qemu-ifup 
#!/bin/sh
switch=breth0
/sbin/ifconfig $1 0.0.0.0 up
/usr/sbin/brctl addif ${switch} $1

Comment 2 Dor Laor 2009-09-01 11:12:24 UTC
Was the net.bridge.bridge-nf-call disabled?

Comment 3 Alan Pevec 2009-09-04 12:03:46 UTC
Is this reproducible on RHEV-H ?
On RHEV-H we set
/etc/sysctl.conf/net.bridge.bridge-nf-call-* to 0 
and
/etc/sysconfig/iptables-config/IPTABLES_MODULES_UNLOAD no


Note You need to log in before you can comment on or make changes to this bug.