[pkg-netfilter-team] Bug#959158: Bug#959158: iptables: ip6tables-restore dumps core

Arturo Borrero Gonzalez arturo at debian.org
Fri May 1 02:19:38 BST 2020 

On Thu, Apr 30, 2020, 09:21 Matej Marusak <mmarusak at redhat.com> wrote:

> Package: iptables
> Version: 1.8.4-3
> Severity: normal
>
> Dear Maintainer,
>
> In cockpit tests [1] we are seeing ip6tables-restore dumping core often.
> It only happens on debian-testing and only in one specific test. Also
> it does not happen always, around 1/3 of runs actually hit this.
> I tried to get some commandline reproduced, but even slightly tweaking
> our tests and it stopped being reproducible. So my gut feeling is that
> this is timing related and our tests hit it just right.
>
> Please see [1] to see backtrace, journal and core.
>
> The core backtrace:
> #0  0x00007f16d2993679 in nftnl_table_list_free (list=0x0) at table.c:393
> #1  0x00005613a6503fa9 in flush_cache (h=0x7fff89baf4e0, c=0x7fff89baf550,
> tablename=0x0) at nft-cache.c:622
> #2  0x00005613a65044f9 in flush_cache (tablename=0x0, c=<optimized out>,
> h=<optimized out>) at nft-cache.c:651
> #3  nft_release_cache (h=<optimized out>) at nft-cache.c:651
>
>
> As I mentioned, I am unfortunatelly not able to find commandline
> reproducer, but I am more than happy to provide any outup or try any
> command.
>
> Hope it is actionable.
> Regards,
> MM
>
>
> [1] https://github.com/cockpit-project/bots/issues/809
>
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 5.5.0-1-cloud-amd64 (SMP w/1 CPU core)
> Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8
> (charmap=UTF-8)
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages iptables depends on:
> ii  libc6                    2.30-4
> ii  libip4tc2                1.8.4-3
> ii  libip6tc2                1.8.4-3
> ii  libmnl0                  1.0.4-3
> ii  libnetfilter-conntrack3  1.0.8-1
> ii  libnfnetlink0            1.0.1-3+b1
> ii  libnftnl11               1.1.6-1
> ii  libxtables12             1.8.4-3
> ii  netbase                  6.1
>
> Versions of packages iptables recommends:
> pn  nftables  <none>
>
> Versions of packages iptables suggests:
> ii  firewalld  0.8.2-1
> ii  kmod       27-2
>
> -- no debconf information
>
> _______________________________________________
> pkg-netfilter-team mailing list
> pkg-netfilter-team at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-netfilter-team



Thanks for the report.

Could you please provide the ip6tables ruleset that is causing this? i.e,
the ruleset you are trying to restore.

>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-netfilter-team/attachments/20200501/1e78f5ca/attachment.html>

More information about the pkg-netfilter-team mailing list