[pkg-netfilter-team] Bug#959158: iptables: ip6tables-restore dumps core

Matej Marusak mmarusak at redhat.com
Thu Apr 30 08:19:40 BST 2020 

Package: iptables
Version: 1.8.4-3
Severity: normal

Dear Maintainer,

In cockpit tests [1] we are seeing ip6tables-restore dumping core often.
It only happens on debian-testing and only in one specific test. Also
it does not happen always, around 1/3 of runs actually hit this.
I tried to get some commandline reproduced, but even slightly tweaking
our tests and it stopped being reproducible. So my gut feeling is that
this is timing related and our tests hit it just right.

Please see [1] to see backtrace, journal and core.

The core backtrace:
#0  0x00007f16d2993679 in nftnl_table_list_free (list=0x0) at table.c:393  
#1  0x00005613a6503fa9 in flush_cache (h=0x7fff89baf4e0, c=0x7fff89baf550, tablename=0x0) at nft-cache.c:622
#2  0x00005613a65044f9 in flush_cache (tablename=0x0, c=<optimized out>, h=<optimized out>) at nft-cache.c:651
#3  nft_release_cache (h=<optimized out>) at nft-cache.c:651


As I mentioned, I am unfortunatelly not able to find commandline
reproducer, but I am more than happy to provide any outup or try any
command.

Hope it is actionable.
Regards,
MM


[1] https://github.com/cockpit-project/bots/issues/809

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.5.0-1-cloud-amd64 (SMP w/1 CPU core)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages iptables depends on:
ii  libc6                    2.30-4
ii  libip4tc2                1.8.4-3
ii  libip6tc2                1.8.4-3
ii  libmnl0                  1.0.4-3
ii  libnetfilter-conntrack3  1.0.8-1
ii  libnfnetlink0            1.0.1-3+b1
ii  libnftnl11               1.1.6-1
ii  libxtables12             1.8.4-3
ii  netbase                  6.1

Versions of packages iptables recommends:
pn  nftables  <none>

Versions of packages iptables suggests:
ii  firewalld  0.8.2-1
ii  kmod       27-2

-- no debconf information

More information about the pkg-netfilter-team mailing list