[CentOS] netfilter kernel crash in ip_ct_refresh_acct / ip_conntrack with centos 5.x

Mon Sep 22 10:46:51 UTC 2008
Pasi Kärkkäinen <pasik at iki.fi>

On Mon, Sep 22, 2008 at 11:53:36AM +0300, Pasi Kärkkäinen wrote:
> On Fri, Sep 19, 2008 at 03:55:22PM -0400, Jake Holmquist wrote:
> > > Hello!
> > >
> > > Has anyone seen this netfilter kernel crash?
> > >
> > > Images from the console of the crashed firewall:
> > > http://pasik.reaktio.net/centos5-kernel-crash/
> > >
> > > Firewall is HP DL360 G4 server running CentOS 5.x 32 bit.
> > >
> > > I've seen this firewall crashing multiple times, but I only started
> > investigating it lately..
> > >
> > > It has happened using CentOS 5.0, 5.1 and now also with 5.2. I'm not sure
> > if
> > > it was the same bug earlier, but at least the last two times (with CentOS
> > 5.2)
> > > it has been the same, see screenshots.
> > >
> > > Last lines of the console output:
> > >
> > > EIP: [<f8af2c5c>] __ip_ct_refresh_acct+0xa1/0x129 [ip_conntrack] SS:ESP
> > 0068:c0724e4c
> > >  <0>Kernel panic - not syncing: Fatal exception in interrupt
> > >
> > > At the moment firewall is running CentOS 5.2, Linux kernel
> > 2.6.18-92.1.10.el5.centos.plus.
> > >
> > > Any tips how to resolve this?
> > 
> > 
> > Take a look here:
> > https://bugzilla.redhat.com/show_bug.cgi?id=433661
> > 
> > Looks like a test kernel is available....
> > 
> > 
> > We've been having this problem for quite some time - actually moved our
> > production box to RHEL 4.x
> > 
> 
> Thanks! This looks like a same bug I'm seeing.. 
> 
> I think I'll try latest RHEL 5.3 test kernel on that fw box..
> 

Just a followup to netfilter-devel too.. as it was missing from CC field.

So this seems to be Redhat/RHEL bug: https://bugzilla.redhat.com/show_bug.cgi?id=433661

-- Pasi