View Issue Details

IDProjectCategoryView StatusLast Update
0005714CentOS-6iptablespublic2012-05-19 10:04
Status newResolutionopen 
Platformx86_64OSCentosOS Version6.2
Product Version6.2 
Target VersionFixed in Version 
Summary0005714: Server crashes when making changes to iptables
DescriptionWhen making changes to iptables on a Linux physical instance the server crashes.

The server does not crash immediately an iptables command is run though within a minute the mouse and keyboard will lock up for 15 to 30 seconds then the server crashes, creates a vmcore and reboots.
Steps To ReproducePerform a variety of iptables commands.
# iptables -F
# service iptables restart
# iptables -A FORWARD -o eth0 -j ACCEPT
# iptables -A FORWARD -o virb0 -j ACCEPT

The same problem has occurred when making changes via system-config-firewall
Additional InformationI have a vmcore for each crash but am struggling to analyse this.
TagsNo tags attached.




2012-05-08 17:57

reporter   ~0015049

Last entry in /var/log/messages prior to the crash is:
May 8 07:33:39 fiddler kernel: ip_tables: (C) 2000-2006 Netfilter Core Team

Followed by:
May 8 07:38:42 fiddler kernel: imklog 4.6.2, log source = /proc/kmsg started.


2012-05-09 20:37

reporter   ~0015058

crash output from vmcore:

      KERNEL: /usr/lib/debug/lib/modules/2.6.32-220.7.1.el6.x86_64/vmlinux
        CPUS: 2
        DATE: Tue May 8 07:34:17 2012
      UPTIME: 00:14:03
LOAD AVERAGE: 0.00, 0.42, 0.68
       TASKS: 356
    NODENAME: master
     RELEASE: 2.6.32-220.7.1.el6.x86_64
     VERSION: #1 SMP Wed Mar 7 00:52:02 GMT 2012
     MACHINE: x86_64 (1297 Mhz)
      MEMORY: 4.9 GB
       PANIC: "Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff8148f073"
         PID: 2883
     COMMAND: "vhost-2864"
        TASK: ffff88015ab1ea80 [THREAD_INFO: ffff88015a1d4000]
         CPU: 0


2012-05-16 18:41

manager   ~0015093

Are your iptables at the last update?
rpm -aq | grep iptables
should return iptables-1.4.7-5.1.el6_2.x86_64
kernel 2.6.32-220.17.1 has been released.
If both packages are up-to-date does your problem still persist?


2012-05-16 22:30

reporter   ~0015095

This issue is still repeatable and the iptables and kernel version are:

# rpm -qa|grep iptables

# uname -r

I need to confirm this but I think the problem disappears if libvirtd is stopped. I'll run some more tests to confirm if this is the case and add a note.


2012-05-17 12:20

reporter   ~0015096

Well for what it's worth libvirtd did appear to be connected to the issue. If libvirt starts automatically and I shut it down the server will still crash though it take a little longer between making a firewall change and it crashing. If I have libvirtd disabled on startup I can make firewall changes without issue, however when I start libvirtd and then make a change it crashes again.

However, I have no upgraded to the kernel listed above and initial tests suggest this could have fixed the issue. I will perform further tests and confirm if this is the case.


2012-05-17 12:28

reporter   ~0015097

I spoke too soon. Literally after posting the last update I logged onto a VM Guest and the host crashed. I will continue with my tests and update again.

I've checked each vmcore produced by each crash and different commands are being identified each time. To analyse the vmcore's further, if they're of any use at all, I will need further instruction.


2012-05-19 10:04

updater   ~0015105

If this is a networking related issue, I wonder if IPv6 is somehow related. might be helpful.

Issue History

Date Modified Username Field Change
2012-05-08 17:54 m223464 New Issue
2012-05-08 17:57 m223464 Note Added: 0015049
2012-05-09 20:37 m223464 Note Added: 0015058
2012-05-16 18:41 tigalch Note Added: 0015093
2012-05-16 22:30 m223464 Note Added: 0015095
2012-05-17 12:20 m223464 Note Added: 0015096
2012-05-17 12:28 m223464 Note Added: 0015097
2012-05-19 10:04 avij Note Added: 0015105