886682 – starting a ipv6-enabled libvirt network breaks host networking

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 886682 - starting a ipv6-enabled libvirt network breaks host networking

Summary: starting a ipv6-enabled libvirt network breaks host networking

Keywords:
Status:	CLOSED DUPLICATE of bug 884957
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	6.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Michal Privoznik
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-12-12 21:14 UTC by Gerd Hoffmann
Modified:	2012-12-21 08:50 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-12-20 20:05:21 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Gerd Hoffmann 2012-12-12 21:14:28 UTC

Description of problem:
$subject

Version-Release number of selected component (if applicable):
kernel-2.6.32-348.el6.x86_64
libvirt-0.10.2-12.el6.x86_64
dnsmasq-2.48-10.el6.x86_64
radvd-1.6-1.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Create a network with ipv6 support.  Both adding ipv6 addresses
   to the default network and creating a separate ipv6-only network
   trigger this bug.
2. Start the network.

Actual results:
Host networking stops working.  At least.
Can't ssh into the machine any more.
Machine has no serial line unfortunaly, which
makes investigation a bit difficuilt :(

Expected results:
Everything works fine.

Additional info:

Comment 3 Gerd Hoffmann 2012-12-13 07:37:41 UTC

Downgrading dnsmasq and libvirt gets things going again.  Known good versions:

dnsmasq-2.48-7.el6.x86_64
libvirt-0.10.2-10.el6.x86_64

Comment 5 Gerd Hoffmann 2012-12-13 07:44:50 UTC

Upgraded dnsmasq to dnsmasq-2.48-10.el6.x86_64 -- still working.

Comment 6 Gerd Hoffmann 2012-12-13 07:54:34 UTC

Upgraded libvirt to libvirt-0.10.2-11.el6.x86_64 -> FAIL.

Comment 7 Laine Stump 2012-12-13 09:37:49 UTC

Okay. Can you try this dnsmasq scratch build and see if it fixes things for you:

https://brewweb.devel.redhat.com/taskinfo?taskID=5185194

Comment 8 Gerd Hoffmann 2012-12-13 09:59:47 UTC

(In reply to comment #7)
> Okay. Can you try this dnsmasq scratch build and see if it fixes things for
> you:
> 
> https://brewweb.devel.redhat.com/taskinfo?taskID=5185194

It doesn't, still broken (when combined with latest libvirt).

Comment 9 Laine Stump 2012-12-13 18:20:14 UTC

Is it broken in the same way? Or differently? I've finally been able to test that scratch build myself and found that DHCP for the guests works, and everything about the host's networking remains fine, but just the DNS service provided by dnsmasq isn't responding to the guest's DNS requests (see Bug 884957)

If the IP addresses on your host interfaces are getting deleted (as your earlier ifconfig output indicates) you are apparently experiencing something much worse than either Eric or I. Can you think of anything out of the ordinary on that machine's config (note that my machine has both IPv6+IPv4 networks and IPv6-only networks, so that's apparently not the cause, or at least not the *only* cause).

Comment 10 yanbing du 2012-12-14 03:51:04 UTC

I'm trying to reproduce this bug, but can't.
# rpm -q libvirt
libvirt-0.10.2-12.el6.x86_64
# rpm -q dnsmasq
dnsmasq-2.48-10.el6.x86_64
# rpm -q radvd
radvd-1.6-1.el6.x86_64

1. Add a ip address to 'default' network and define&start a ipv6-only network
 
# virsh net-list --all
Name                 State      Autostart     Persistent
--------------------------------------------------
default              active     yes           yes
ipv6                 active     no            yes

# virsh net-dumpxml default
<network>
  <name>default</name>
  <uuid>efba4d2c-ba6b-4e4a-8cfe-03dd6bdb41d0</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='on' delay='0' />
  <mac address='52:54:00:61:41:C3'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254' />
    </dhcp>
  </ip>
  <ip family='ipv6' address='2002:db8:ac10:fe01::2' prefix='64'>
  </ip>
</network>

# virsh net-dumpxml ipv6
<network>
  <name>ipv6</name>
  <uuid>cbf4a523-152d-286c-56cf-a0e71b006686</uuid>
  <forward mode='nat'/>
  <bridge name='virbr6' stp='on' delay='0' />
  <mac address='52:54:00:E3:D6:A4'/>
  <ip family='ipv6' address='2002:db8:ac10:fe01::1' prefix='64'>
  </ip>
</network>

2. Another problem.
When start the 'default' network without ipv6 support, then it will start a dnsmasq process, but after start the ipv6 network, this process will disappear.

# virsh net-start default
Network default started

# virsh net-dumpxml default
<network>
  <name>default</name>
  <uuid>efba4d2c-ba6b-4e4a-8cfe-03dd6bdb41d0</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='on' delay='0' />
  <mac address='52:54:00:61:41:C3'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254' />
    </dhcp>
  </ip>
</network>

# ps aux|grep dnsmasq
nobody    4649  0.0  0.0  12888   588 ?        S    11:46   0:00 /usr/sbin/dnsmasq --strict-order --local=// --domain-needed --pid-file=/var/run/libvirt/network/default.pid --conf-file= --bind-dynamic --interface virbr0 --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases --dhcp-lease-max=253 --dhcp-no-override --dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile --addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
root      4651  0.0  0.0 103244   808 pts/0    S+   11:46   0:00 grep dnsmasq

# virsh net-start ipv6
Network ipv6 started

# virsh net-dumpxml ipv6
<network>
  <name>ipv6</name>
  <uuid>cbf4a523-152d-286c-56cf-a0e71b006686</uuid>
  <forward mode='nat'/>
  <bridge name='virbr6' stp='on' delay='0' />
  <mac address='52:54:00:E3:D6:A4'/>
  <ip family='ipv6' address='2002:db8:ac10:fe01::1' prefix='64'>
  </ip>
</network>

# ps aux|grep dnsmasq
root      4742  0.0  0.0 103244   808 pts/0    S+   11:48   0:00 grep dnsmasq

Comment 11 Gerd Hoffmann 2012-12-14 07:17:19 UTC

(In reply to comment #9)
> Is it broken in the same way? Or differently?

Same way, host network seems to be seriously busted.

Meanwhile tried the same on a box with serial console.  There are no kernel messages, but a simple "ip link ls" hangs even when typed at the serial console, so it's not just the ssh connection which is broken.

> If the IP addresses on your host interfaces are getting deleted (as your
> earlier ifconfig output indicates) you are apparently experiencing something
> much worse than either Eric or I.

Oh, that is the output without libvirt networks started.  With libvirt networks started I can't list it (see above), at least not with a libvirt version installed which starts dnsmasq with the new --bind-dynamic switch.

> Can you think of anything out of the
> ordinary on that machine's config (note that my machine has both IPv6+IPv4
> networks and IPv6-only networks, so that's apparently not the cause, or at
> least not the *only* cause).

The machine has native ipv6 connectivity and is configured as ipv6 router.

Comment 16 Laine Stump 2012-12-20 20:05:21 UTC

This was apparently another bit of fallout from the fist attempted fix to CVE-2012-3411 - see Bug 884957

*** This bug has been marked as a duplicate of bug 884957 ***

Note You need to log in before you can comment on or make changes to this bug.