Fedora xen - Aug 2006 - FC5/xen/iptables kernel panic -- further testing

The current rpms of kernel 2.6.17-1.2174_FC5xen0 and xen-3.0.2-3.FC5 seem
to have a problem. If I use shorewall to create a set of iptables rules
and xend is running, I get a kernel panic whenever network IO occurs,
usually within seconds. If I shut xend down, no panic.

As an experiment, I installed the fc6 kernel -- 2.6.17-1.2517.fc6xen as
well as the somewhat later fc6 kernel and the problem was solved. However,
due to the mismatch between the kernel and xen (and the fact this is an
fc5 system), no guests will start. They crash right when init should be
starting.

So, somewhere between the 2174 and 2517 kernel versions, this bug was
fixed but is not available as an fc5 rpm set. Hence, there doesn''t seem
to
be a working fc5/xen/iptables combo available. Or maybe there is something
else wrong on the system. Given the 2517 kernel solved the problem, this
seems unlikely.

Does anyone have any information on when/if this fix will be backported
into fc5? As of now, I''m stuck. I can either run xen and no iptables,
or
no xen and have a firewall.

I played around trying to get a later rpm version of xen installed, but
there were just too many dependencies.

I need the 2.6.17 kernel for the improved raid5 support.

Thanks,

Dave

Am Sonntag, 27. August 2006 06:25 schrieb
master@bradleyland.com:
> 2.6.17-1.2517.fc6xen
Hello,

where can I get this Kernel source?



Regards Roland

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Fedora bugzilla 204220 filed. Anything else I can try in the meantime?

Captured the panic with a serial console:

kernel BUG at net/core/dev.c:1206!
invalid opcode: 0000 [#1]
SMP
Modules linked in: xt_tcpudp xt_state xt_pkttype iptable_raw xt_CLASSIFY
xt_CONNMARK xt_MARK xt_length xt_connmark xt_physdev xt_policy xt_multiport
xt_conntrack ipt_ULOG ipt_TTL ipt_ttl ipt_TOS ipt_tos ipt_TCPMSS ipt_SAME
ipt_REJECT ipt_REDIRECT ipt_recent ipt_owner ipt_NETMAP ipt_MASQUERADE
ipt_LOG
ipt_iprange ipt_hashlimit ipt_ECN ipt_ecn ipt_DSCP ipt_dscp ipt_CLUSTERIP
ipt_ah ipt_addrtype ip_nat_irc ip_nat_tftp ip_nat_ftp ip_conntrack_irc
ip_conntrack_tftp ip_conntrack_ftp iptable_nat ip_nat ip_conntrack nfnetlink
iptable_mangle iptable_filter ip_tables x_tables bridge ipv6 autofs4 it87
hwmon_vid hwmon i2c_isa hidp l2cap bluetooth sunrpc video button battery
ac lp
parport_pc parport i2c_sis630 serio_raw sis900 i2c_sis96x mii r8169 i2c_core
dm_snapshot dm_zero dm_mirror dm_mod raid5 xor ext3 jbd
CPU:    0
EIP:    0061:[<c05af58e>]    Not tainted VLI
EFLAGS: 00210297   (2.6.17-1.2174_FC5xen0 #1)
EIP is at skb_gso_segment+0x29/0xc9
eax: 00000000   ebx: f20bf424   ecx: 00000180   edx: c066b780
esi: f20bf424   edi: 00000008   ebp: c18ff000   esp: f20bdb54
ds: 007b   es: 007b   ss: 0069
Process smbd (pid: 4153, threadinfo=f20bc000 task=f3256df0)
Stack: <0>f2f26700 f20bf424 00000002 c05b06f5 f20bf424 00000180 00000002
c18ff000
       f20bf424 00000000 c18ff180 c05bef18 f20bf424 c18ff000 c1b6ec00
00000000
       c18ff000 f20bc000 f20bf424 c05b233c c18ff000 f20bf424 f2b81400
f20bf424
Call Trace:
 <c05b06f5> dev_hard_start_xmit+0x16a/0x1f9  <c05bef18>
__qdisc_run+0xde/0x198
 <c05b233c> dev_queue_xmit+0x1be/0x2a2  <f4aaddde>
br_dev_queue_push_xmit+0xb7/0xbe [bridge]
 <f4aade22> br_forward_finish+0x3d/0x41 [bridge]  <f4aade7b>
__br_forward+0x55/0x57 [bridge]
 <f4aae89f> br_handle_frame_finish+0xb8/0xd8 [bridge]  <f4aaea4d>
br_handle_frame+0x18e/0x1a5 [bridge]
 <c05b0310> netif_receive_skb+0x197/0x298  <c05ce0bf>
ip_finish_output+0x0/0x17a
 <c05b1e97> process_backlog+0xb0/0x199  <c05b204d>
net_rx_action+0xcd/0x1fe
 <c042238b> __do_softirq+0x70/0xef  <c042244a> do_softirq+0x40/0x67
 <c0422789> local_bh_enable+0x6c/0x78  <c05b2419>
dev_queue_xmit+0x29b/0x2a2
 <c05cf35c> ip_output+0x1b6/0x1ee  <c05cebf8>
ip_queue_xmit+0x374/0x3b3
 <c0404d79> hypervisor_callback+0x3d/0x48  <c05dc31e>
tcp_transmit_skb+0x5d2/0x602
 <c05ddcaf> __tcp_push_pending_frames+0x6b7/0x789  <c04dbfb7>
copy_from_user+0x5c/0x90
 <c05d46c4> tcp_sendmsg+0x8ce/0x9ca  <c05a6a19>
do_sock_write+0xa3/0xac
 <c05a6ef7> sock_aio_write+0x56/0x63  <c045f265>
do_sync_write+0xc0/0xf3
 <c042f167> autoremove_wake_function+0x0/0x3a  <c0474df9>
dput+0x35/0x20e
 <c045faf9> vfs_write+0xad/0x136  <c04600d6> sys_write+0x3b/0x64
 <c0404ba7> syscall_call+0x7/0xb
Code: eb a6 57 56 53 8b 5c 24 10 8b 83 a0 00 00 00 0f b7 7b 76 83 78 10 00 74
08 0f 0b b5 04 a5 aa 64 c0 8a 43 74 83 e0 0c 3c 04 74 08 <0f> 0b b6 04 a5
aa 64
c0 8b 83 98 00 00 00 8b 53 20 89 43 24 29
EIP: [<c05af58e>] skb_gso_segment+0x29/0xc9 SS:ESP 0069:f20bdb54
 <0>Kernel panic - not syncing: Fatal exception in interrupt
 (XEN) Domain 0 crashed: rebooting machine in 5 seconds.


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users