[pkg-netfilter-team] Bug#999758: iptables: segfault at 88 ip 00007ff6a8db8e47 sp 00007fffd39bdf08 error 4 in libnftnl.so.11.3.0[7ff6a8db4000+16000]
Jeremy Sowden
jeremy at azazel.net
Fri Nov 19 18:18:37 GMT 2021
On 2021-11-16, at 09:50:11 +0100, Harald Dunkel wrote:
> Package: iptables
> Version: 1.8.7-1
>
> iptables-nft gives me SIGSEGVs on the nodes of my Kubernetes
> cluster, e.g.
>
> :
> [Fri Nov 12 11:43:46 2021] iptables-save[4166038]: segfault at 80 ip 00007effd99c3964 sp 00007ffee513d5f8 error 4 in libnftnl.so.11.2.0[7effd99be000+19000]
> [Fri Nov 12 11:43:46 2021] Code: 83 c4 08 5b 5d 41 5c 41 5d c3 0f 1f 40 00 48 83 c4 08 31 c0 5b 5d 41 5c 41 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa <48> 8b 87 80 00 00 00 48 83 ef 80 48 39 f8 74 1b 85 f6 75 0c eb 18
> [Fri Nov 12 11:43:46 2021] iptables-save[4166042]: segfault at 80 ip 00007fc431f54964 sp 00007ffd014950e8 error 4 in libnftnl.so.11.2.0[7fc431f4f000+19000]
> [Fri Nov 12 11:43:46 2021] Code: 83 c4 08 5b 5d 41 5c 41 5d c3 0f 1f 40 00 48 83 c4 08 31 c0 5b 5d 41 5c 41 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa <48> 8b 87 80 00 00 00 48 83 ef 80 48 39 f8 74 1b 85 f6 75 0c eb 18
> [Fri Nov 12 12:13:35 2021] iptables-save[9693]: segfault at 80 ip 00007f6b1b7a8964 sp 00007ffeb79a9098 error 4 in libnftnl.so.11.2.0[7f6b1b7a3000+19000]
> [Fri Nov 12 12:13:35 2021] Code: 83 c4 08 5b 5d 41 5c 41 5d c3 0f 1f 40 00 48 83 c4 08 31 c0 5b 5d 41 5c 41 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa <48> 8b 87 80 00 00 00 48 83 ef 80 48 39 f8 74 1b 85 f6 75 0c eb 18
> [Fri Nov 12 12:13:35 2021] iptables-save[9698]: segfault at 80 ip 00007f865a8ad964 sp 00007ffdb51fac98 error 4 in libnftnl.so.11.2.0[7f865a8a8000+19000]
> [Fri Nov 12 12:13:35 2021] Code: 83 c4 08 5b 5d 41 5c 41 5d c3 0f 1f 40 00 48 83 c4 08 31 c0 5b 5d 41 5c 41 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa <48> 8b 87 80 00 00 00 48 83 ef 80 48 39 f8 74 1b 85 f6 75 0c eb 18
> [Fri Nov 12 17:42:57 2021] perf: interrupt took too long (4093 > 4062), lowering kernel.perf_event_max_sample_rate to 48750
> [Sat Nov 13 05:35:44 2021] perf: interrupt took too long (5158 > 5116), lowering kernel.perf_event_max_sample_rate to 38750
> [Sat Nov 13 09:28:43 2021] iptables[1326141]: segfault at 88 ip 00007ff6a8db8e47 sp 00007fffd39bdf08 error 4 in libnftnl.so.11.3.0[7ff6a8db4000+16000]
> [Sat Nov 13 09:28:43 2021] Code: bf 88 00 00 00 48 8b 2f 48 39 df 74 13 4c 89 ee 41 ff d4 85 c0 78 0b 48 89 ef 48 8b 6d 00 eb e8 31 c0 5a 5b 5d 41 5c 41 5d c3 <48> 8b 87 88 00 00 00 48 81 c7 88 00 00 00 48 39 f8 74 0b 85 f6 74
> [Sun Nov 14 22:20:44 2021] iptables[3588851]: segfault at 88 ip 00007ff99f6a0e47 sp 00007ffe44963518 error 4 in libnftnl.so.11.3.0[7ff99f69c000+16000]
> [Sun Nov 14 22:20:44 2021] Code: bf 88 00 00 00 48 8b 2f 48 39 df 74 13 4c 89 ee 41 ff d4 85 c0 78 0b 48 89 ef 48 8b 6d 00 eb e8 31 c0 5a 5b 5d 41 5c 41 5d c3 <48> 8b 87 88 00 00 00 48 81 c7 88 00 00 00 48 39 f8 74 0b 85 f6 74
> [Mon Nov 15 07:49:44 2021] perf: interrupt took too long (6455 > 6447), lowering kernel.perf_event_max_sample_rate to 30750
> [Mon Nov 15 21:16:08 2021] iptables[805097]: segfault at 88 ip 00007f5520b78e47 sp 00007ffdea2e22c8 error 4 in libnftnl.so.11.3.0[7f5520b74000+16000]
> [Mon Nov 15 21:16:08 2021] Code: bf 88 00 00 00 48 8b 2f 48 39 df 74 13 4c 89 ee 41 ff d4 85 c0 78 0b 48 89 ef 48 8b 6d 00 eb e8 31 c0 5a 5b 5d 41 5c 41 5d c3 <48> 8b 87 88 00 00 00 48 81 c7 88 00 00 00 48 39 f8 74 0b 85 f6 74
> [Tue Nov 16 06:44:57 2021] iptables[1385202]: segfault at 88 ip 00007f3834592e47 sp 00007ffdfb74e0f8 error 4 in libnftnl.so.11.3.0[7f383458e000+16000]
> [Tue Nov 16 06:44:57 2021] Code: bf 88 00 00 00 48 8b 2f 48 39 df 74 13 4c 89 ee 41 ff d4 85 c0 78 0b 48 89 ef 48 8b 6d 00 eb e8 31 c0 5a 5b 5d 41 5c 41 5d c3 <48> 8b 87 88 00 00 00 48 81 c7 88 00 00 00 48 39 f8 74 0b 85 f6 74
> :
>
> This is Debian 11 and iptables-nft. My other clusters (running
> Debian 10 and legacy iptables) are fine.
Some of those seg-faults occurred in libnftnl.so.11.2.0, the remainder
in libnftnl.so.11.3.0. Are all those log messages from one node? The
libnftnl11 package in Debian 11 (1.1.9-1) contains libnftnl.so.11.5.0.
What have you got installed?
J.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-netfilter-team/attachments/20211119/3708e95d/attachment.sig>
More information about the pkg-netfilter-team
mailing list