0

On a hypervisor host I have a scripts which uses iptables to setup all the firewall rules for allowing and passing connections across various fabrics and VMs.

At the top of the script, I flush the tables:

iptables -t filter -F

Recently, this has been causing the kernel to hang and start throwing abrt messages:

Message from syslogd@node09 at July 5 14:09:52 ...
 kernel:NMI watchdog: BUG: soft lockup - CPU#10 stuck for 23s! [iptables:23172]

This message is printed multiple times with different core numbers, and only appears after seemingly minutes, not 23s.

Why would iptables be causing the kernel to hang like this?

Matt Clark
  • 685
  • 1
  • 10
  • 26
  • It's been years since I've seen that. I'm about 90% sure it's a kernel bug that was fixed quite some time ago. Are you sure your system is up to date? – Michael Hampton Jul 05 '20 at 18:20
  • Hmm, I guess my kernel version is older - `3.10.0` - will be whatever was on the install media for Centos7.7. I can try updating the kernel. – Matt Clark Jul 05 '20 at 18:25
  • The system appears much more happy after upgrading the kernel. – Matt Clark Aug 11 '20 at 19:21

0 Answers0