View Issue Details

IDProjectCategoryView StatusLast Update
0005714CentOS-6iptablespublic2012-05-19 10:04
Reporterm223464 
PrioritynormalSeveritycrashReproducibilityalways
Status newResolutionopen 
Platformx86_64OSCentosOS Version6.2
Product Version6.2 
Target VersionFixed in Version 
Summary0005714: Server crashes when making changes to iptables
DescriptionWhen making changes to iptables on a Linux physical instance the server crashes.

The server does not crash immediately an iptables command is run though within a minute the mouse and keyboard will lock up for 15 to 30 seconds then the server crashes, creates a vmcore and reboots.
Steps To ReproducePerform a variety of iptables commands.
e.g.
# iptables -F
# service iptables restart
# iptables -A FORWARD -o eth0 -j ACCEPT
# iptables -A FORWARD -o virb0 -j ACCEPT

The same problem has occurred when making changes via system-config-firewall
Additional InformationI have a vmcore for each crash but am struggling to analyse this.
TagsNo tags attached.

Activities

m223464

m223464

2012-05-08 17:57

reporter   ~0015049

Last entry in /var/log/messages prior to the crash is:
May 8 07:33:39 fiddler kernel: ip_tables: (C) 2000-2006 Netfilter Core Team

Followed by:
May 8 07:38:42 fiddler kernel: imklog 4.6.2, log source = /proc/kmsg started.
m223464

m223464

2012-05-09 20:37

reporter   ~0015058

crash output from vmcore:

      KERNEL: /usr/lib/debug/lib/modules/2.6.32-220.7.1.el6.x86_64/vmlinux
    DUMPFILE: vmcore [PARTIAL DUMP]
        CPUS: 2
        DATE: Tue May 8 07:34:17 2012
      UPTIME: 00:14:03
LOAD AVERAGE: 0.00, 0.42, 0.68
       TASKS: 356
    NODENAME: master
     RELEASE: 2.6.32-220.7.1.el6.x86_64
     VERSION: #1 SMP Wed Mar 7 00:52:02 GMT 2012
     MACHINE: x86_64 (1297 Mhz)
      MEMORY: 4.9 GB
       PANIC: "Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff8148f073"
         PID: 2883
     COMMAND: "vhost-2864"
        TASK: ffff88015ab1ea80 [THREAD_INFO: ffff88015a1d4000]
         CPU: 0
       STATE: TASK_RUNNING (PANIC)
tigalch

tigalch

2012-05-16 18:41

manager   ~0015093

Are your iptables at the last update?
rpm -aq | grep iptables
should return iptables-1.4.7-5.1.el6_2.x86_64
kernel 2.6.32-220.17.1 has been released.
If both packages are up-to-date does your problem still persist?
m223464

m223464

2012-05-16 22:30

reporter   ~0015095

This issue is still repeatable and the iptables and kernel version are:

# rpm -qa|grep iptables
iptables-ipv6-1.4.7-5.1.el6_2.x86_64
iptables-1.4.7-5.1.el6_2.x86_64

# uname -r
2.6.32-220.13.1.el6.x86_64

I need to confirm this but I think the problem disappears if libvirtd is stopped. I'll run some more tests to confirm if this is the case and add a note.
m223464

m223464

2012-05-17 12:20

reporter   ~0015096

Well for what it's worth libvirtd did appear to be connected to the issue. If libvirt starts automatically and I shut it down the server will still crash though it take a little longer between making a firewall change and it crashing. If I have libvirtd disabled on startup I can make firewall changes without issue, however when I start libvirtd and then make a change it crashes again.

However, I have no upgraded to the kernel listed above and initial tests suggest this could have fixed the issue. I will perform further tests and confirm if this is the case.
m223464

m223464

2012-05-17 12:28

reporter   ~0015097

I spoke too soon. Literally after posting the last update I logged onto a VM Guest and the host crashed. I will continue with my tests and update again.

I've checked each vmcore produced by each crash and different commands are being identified each time. To analyse the vmcore's further, if they're of any use at all, I will need further instruction.
avij

avij

2012-05-19 10:04

manager   ~0015105

If this is a networking related issue, I wonder if IPv6 is somehow related. http://wiki.centos.org/FAQ/CentOS6#head-d47139912868bcb9d754441ecb6a8a10d41781df might be helpful.

Issue History

Date Modified Username Field Change
2012-05-08 17:54 m223464 New Issue
2012-05-08 17:57 m223464 Note Added: 0015049
2012-05-09 20:37 m223464 Note Added: 0015058
2012-05-16 18:41 tigalch Note Added: 0015093
2012-05-16 22:30 m223464 Note Added: 0015095
2012-05-17 12:20 m223464 Note Added: 0015096
2012-05-17 12:28 m223464 Note Added: 0015097
2012-05-19 10:04 avij Note Added: 0015105