[CentOS] netfilter kernel crash in ip_ct_refresh_acct / ip_conntrack with centos 5.x

Tue Sep 16 07:38:21 UTC 2008
Pasi Kärkkäinen <pasik at iki.fi>


Has anyone seen this netfilter kernel crash? 

Images from the console of the crashed firewall:

Firewall is HP DL360 G4 server running CentOS 5.x 32 bit. 

I've seen this firewall crashing multiple times, but I only started investigating it lately..

It has happened using CentOS 5.0, 5.1 and now also with 5.2. I'm not sure if
it was the same bug earlier, but at least the last two times (with CentOS 5.2) 
it has been the same, see screenshots.

Last lines of the console output:

EIP: [<f8af2c5c>] __ip_ct_refresh_acct+0xa1/0x129 [ip_conntrack] SS:ESP 0068:c0724e4c
 <0>Kernel panic - not syncing: Fatal exception in interrupt

At the moment firewall is running CentOS 5.2, Linux kernel 2.6.18-92.1.10.el5.centos.plus.

Any tips how to resolve this? 

-- Pasi