Bug#1059891: linux-image-6.1.0-17-amd64: netfilter (nftables) breaks since bookworm
Hi, do you have some new status to this behaviour? regards, Daniel. On 1/8/24 23:08, Daniel Haryo Sugondo wrote: Hi, thank you for your answer. On 1/5/24 20:18, Salvatore Bonaccorso wrote: Control: tags -1 + moreinfo On Wed, Jan 03, 2024 at 07:35:23AM +0100, Daniel Haryo Sugondo wrote: Package: src:linux Version: 6.1.69-1 Severity: normal Dear Maintainer, since Debian 12 (Bookworm) the nft with named set ends with kernel trace and the nft stalled (D) # ps aux root 82373 0.0 0.0 0 0 ? D Jan02 0:00 [nft] The message looks like: [ 3566.525419] [ cut here ] [ 3566.525424] kernel BUG at mm/slub.c:419! [ 3566.529834] invalid opcode: [#1] PREEMPT SMP PTI [ 3566.535474] CPU: 19 PID: 8146 Comm: kworker/19:0 Not tainted 6.1.0-17-amd64 #1 Debian 6.1.69-1 [ 3566.545182] Hardware name: /0X3D66, BIOS 2.2.2 01/16/2014 [ 3566.551304] Workqueue: events nf_tables_trans_destroy_work [nf_tables] [ 3566.558609] RIP: 0010:__slab_free+0x118/0x2d0 [ 3566.563474] Code: 74 35 49 8b 06 48 89 4c 24 20 48 c1 e8 36 4c 8b a4 c3 d8 00 00 00 4c 89 e7 e8 74 6a 71 00 48 8b 4c 24 20 48 89 44 24 18 eb 8f <0f> 0b f7 43 08 00 0d 21 00 75 cd eb c6 80 4c 24 53 80 e9 75 ff ff [ 3566.584431] RSP: 0018:a76066effdb0 EFLAGS: 00010246 [ 3566.590262] RAX: 95430ba21930 RBX: 952b80043300 RCX: 802a001a [ 3566.598223] RDX: a76066effdd8 RSI: eed9a22e8840 RDI: a76066effe18 [ 3566.606189] RBP: 95430ba21900 R08: 0001 R09: c0d89ecc [ 3566.614152] R10: 0013 R11: 0001 R12: a76066effe50 [ 3566.622114] R13: 95430ba21900 R14: eed9a22e8840 R15: 95430ba21900 [ 3566.630079] FS: () GS:955a9fa4() knlGS: [ 3566.639107] CS: 0010 DS: ES: CR0: 80050033 [ 3566.645518] CR2: 7f255e9eb3d8 CR3: 002a6d410006 CR4: 001706e0 [ 3566.653479] Call Trace: [ 3566.656210] [ 3566.658552] ? __die_body.cold+0x1a/0x1f [ 3566.662928] ? die+0x2a/0x50 [ 3566.666144] ? do_trap+0xc5/0x110 [ 3566.669848] ? __slab_free+0x118/0x2d0 [ 3566.674029] ? do_error_trap+0x6a/0x90 [ 3566.678211] ? __slab_free+0x118/0x2d0 [ 3566.682393] ? exc_invalid_op+0x4c/0x60 [ 3566.686676] ? __slab_free+0x118/0x2d0 [ 3566.690857] ? asm_exc_invalid_op+0x16/0x20 [ 3566.695529] ? nf_tables_trans_destroy_work+0x1cc/0x250 [nf_tables] [ 3566.702532] ? __slab_free+0x118/0x2d0 [ 3566.706714] ? obj_cgroup_uncharge_pages+0xd0/0xd0 [ 3566.712066] nf_tables_trans_destroy_work+0x1cc/0x250 [nf_tables] [ 3566.718874] process_one_work+0x1c7/0x380 [ 3566.723351] worker_thread+0x4d/0x380 [ 3566.727436] ? rescuer_thread+0x3a0/0x3a0 [ 3566.731908] kthread+0xda/0x100 [ 3566.735417] ? kthread_complete_and_exit+0x20/0x20 [ 3566.740763] ret_from_fork+0x22/0x30 [ 3566.744759] [ 3566.747195] Modules linked in: xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter bridge 8021q garp stp mrp llc overlay bonding tls nft_nat nft_chain_nat nf_nat nft_log qrtr nft_limit nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables libcrc32c nfnetlink_log nfnetlink binfmt_misc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp nls_ascii nls_cp437 coretemp kvm_intel vfat fat kvm ipmi_ssif irqbypass ghash_clmulni_intel sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel crypto_simd cryptd ipmi_si iTCO_wdt rapl intel_pmc_bxt ipmi_devintf joydev intel_cstate iTCO_vendor_support ipmi_msghandler sg acpi_power_meter watchdog intel_uncore mei_me mei pcspkr evdev parport_pc ppdev lp parport efi_pstore dm_mod fuse loop configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic hid_generic usbhid hid sr_mod cdrom sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif [ 3566.747268] crct10dif_generic mgag200 i2c_algo_bit drm_shmem_helper ahci drm_kms_helper libahci ehci_pci ehci_hcd libata crct10dif_pclmul megaraid_sas drm crct10dif_common crc32_pclmul crc32c_intel usbcore tg3 scsi_mod lpc_ich libphy usb_common scsi_common wmi button [ 3566.870202] ---[ end trace ]--- [ 3566.878075] RIP: 0010:__slab_free+0x118/0x2d0 [ 3566.882954] Code: 74 35 49 8b 06 48 89 4c 24 20 48 c1 e8 36 4c 8b a4 c3 d8 00 00 00 4c 89 e7 e8 74 6a 71 00 48 8b 4c 24 20 48 89 44 24 18 eb 8f <0f> 0b f7 43 08 00 0d 21 00 75 cd eb c6 80 4c 24 53 80 e9 75 ff ff [ 3566.903925] RSP: 0018:a76066effdb0 EFLAGS: 00010246 [ 3566.909772] RAX: 95430ba21930 RBX: 952b80043300 RCX: 802a001a [ 3566.917752] RDX: a76066effdd8 RSI: eed9a22e8840 RDI: a76066effe18 [ 3566.925747] RBP: 95430ba21900 R08: 0001 R09: c0d89ecc [ 3566.933714] R10: 0013 R11: 0001 R12: a76066effe50 [ 3566.941694] R13: 95430ba21900 R14: eed9a22e8840 R15: 95430ba21900 [ 3566.949670] FS: 0
Bug#1059891: linux-image-6.1.0-17-amd64: netfilter (nftables) breaks since bookworm
Hi, thank you for your answer. On 1/5/24 20:18, Salvatore Bonaccorso wrote: Control: tags -1 + moreinfo On Wed, Jan 03, 2024 at 07:35:23AM +0100, Daniel Haryo Sugondo wrote: Package: src:linux Version: 6.1.69-1 Severity: normal Dear Maintainer, since Debian 12 (Bookworm) the nft with named set ends with kernel trace and the nft stalled (D) # ps aux root 82373 0.0 0.0 0 0 ?DJan02 0:00 [nft] The message looks like: [ 3566.525419] [ cut here ] [ 3566.525424] kernel BUG at mm/slub.c:419! [ 3566.529834] invalid opcode: [#1] PREEMPT SMP PTI [ 3566.535474] CPU: 19 PID: 8146 Comm: kworker/19:0 Not tainted 6.1.0-17-amd64 #1 Debian 6.1.69-1 [ 3566.545182] Hardware name: /0X3D66, BIOS 2.2.2 01/16/2014 [ 3566.551304] Workqueue: events nf_tables_trans_destroy_work [nf_tables] [ 3566.558609] RIP: 0010:__slab_free+0x118/0x2d0 [ 3566.563474] Code: 74 35 49 8b 06 48 89 4c 24 20 48 c1 e8 36 4c 8b a4 c3 d8 00 00 00 4c 89 e7 e8 74 6a 71 00 48 8b 4c 24 20 48 89 44 24 18 eb 8f <0f> 0b f7 43 08 00 0d 21 00 75 cd eb c6 80 4c 24 53 80 e9 75 ff ff [ 3566.584431] RSP: 0018:a76066effdb0 EFLAGS: 00010246 [ 3566.590262] RAX: 95430ba21930 RBX: 952b80043300 RCX: 802a001a [ 3566.598223] RDX: a76066effdd8 RSI: eed9a22e8840 RDI: a76066effe18 [ 3566.606189] RBP: 95430ba21900 R08: 0001 R09: c0d89ecc [ 3566.614152] R10: 0013 R11: 0001 R12: a76066effe50 [ 3566.622114] R13: 95430ba21900 R14: eed9a22e8840 R15: 95430ba21900 [ 3566.630079] FS: () GS:955a9fa4() knlGS: [ 3566.639107] CS: 0010 DS: ES: CR0: 80050033 [ 3566.645518] CR2: 7f255e9eb3d8 CR3: 002a6d410006 CR4: 001706e0 [ 3566.653479] Call Trace: [ 3566.656210] [ 3566.658552] ? __die_body.cold+0x1a/0x1f [ 3566.662928] ? die+0x2a/0x50 [ 3566.666144] ? do_trap+0xc5/0x110 [ 3566.669848] ? __slab_free+0x118/0x2d0 [ 3566.674029] ? do_error_trap+0x6a/0x90 [ 3566.678211] ? __slab_free+0x118/0x2d0 [ 3566.682393] ? exc_invalid_op+0x4c/0x60 [ 3566.686676] ? __slab_free+0x118/0x2d0 [ 3566.690857] ? asm_exc_invalid_op+0x16/0x20 [ 3566.695529] ? nf_tables_trans_destroy_work+0x1cc/0x250 [nf_tables] [ 3566.702532] ? __slab_free+0x118/0x2d0 [ 3566.706714] ? obj_cgroup_uncharge_pages+0xd0/0xd0 [ 3566.712066] nf_tables_trans_destroy_work+0x1cc/0x250 [nf_tables] [ 3566.718874] process_one_work+0x1c7/0x380 [ 3566.723351] worker_thread+0x4d/0x380 [ 3566.727436] ? rescuer_thread+0x3a0/0x3a0 [ 3566.731908] kthread+0xda/0x100 [ 3566.735417] ? kthread_complete_and_exit+0x20/0x20 [ 3566.740763] ret_from_fork+0x22/0x30 [ 3566.744759] [ 3566.747195] Modules linked in: xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter bridge 8021q garp stp mrp llc overlay bonding tls nft_nat nft_chain_nat nf_nat nft_log qrtr nft_limit nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables libcrc32c nfnetlink_log nfnetlink binfmt_misc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp nls_ascii nls_cp437 coretemp kvm_intel vfat fat kvm ipmi_ssif irqbypass ghash_clmulni_intel sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel crypto_simd cryptd ipmi_si iTCO_wdt rapl intel_pmc_bxt ipmi_devintf joydev intel_cstate iTCO_vendor_support ipmi_msghandler sg acpi_power_meter watchdog intel_uncore mei_me mei pcspkr evdev parport_pc ppdev lp parport efi_pstore dm_mod fuse loop configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic hid_generic usbhid hid sr_mod cdrom sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif [ 3566.747268] crct10dif_generic mgag200 i2c_algo_bit drm_shmem_helper ahci drm_kms_helper libahci ehci_pci ehci_hcd libata crct10dif_pclmul megaraid_sas drm crct10dif_common crc32_pclmul crc32c_intel usbcore tg3 scsi_mod lpc_ich libphy usb_common scsi_common wmi button [ 3566.870202] ---[ end trace ]--- [ 3566.878075] RIP: 0010:__slab_free+0x118/0x2d0 [ 3566.882954] Code: 74 35 49 8b 06 48 89 4c 24 20 48 c1 e8 36 4c 8b a4 c3 d8 00 00 00 4c 89 e7 e8 74 6a 71 00 48 8b 4c 24 20 48 89 44 24 18 eb 8f <0f> 0b f7 43 08 00 0d 21 00 75 cd eb c6 80 4c 24 53 80 e9 75 ff ff [ 3566.903925] RSP: 0018:a76066effdb0 EFLAGS: 00010246 [ 3566.909772] RAX: 95430ba21930 RBX: 952b80043300 RCX: 802a001a [ 3566.917752] RDX: a76066effdd8 RSI: eed9a22e8840 RDI: a76066effe18 [ 3566.925747] RBP: 95430ba21900 R08: 0001 R09: c0d89ecc [ 3566.933714] R10: 0013 R11: 0001 R12: a76066effe50 [ 3566.941694] R13: 95430ba21900 R14: eed9a22e8840 R15: 95430ba21900 [ 3566.949670] FS: () GS:955a9fa4() knlGS: [ 3566.958717] CS: 0010 DS: ES: CR0: 80050033 [ 3566
Bug#1059891: linux-image-6.1.0-17-amd64: netfilter (nftables) breaks since bookworm
Package: src:linux Version: 6.1.69-1 Severity: normal Dear Maintainer, since Debian 12 (Bookworm) the nft with named set ends with kernel trace and the nft stalled (D) # ps aux root 82373 0.0 0.0 0 0 ?DJan02 0:00 [nft] The message looks like: [ 3566.525419] [ cut here ] [ 3566.525424] kernel BUG at mm/slub.c:419! [ 3566.529834] invalid opcode: [#1] PREEMPT SMP PTI [ 3566.535474] CPU: 19 PID: 8146 Comm: kworker/19:0 Not tainted 6.1.0-17-amd64 #1 Debian 6.1.69-1 [ 3566.545182] Hardware name: /0X3D66, BIOS 2.2.2 01/16/2014 [ 3566.551304] Workqueue: events nf_tables_trans_destroy_work [nf_tables] [ 3566.558609] RIP: 0010:__slab_free+0x118/0x2d0 [ 3566.563474] Code: 74 35 49 8b 06 48 89 4c 24 20 48 c1 e8 36 4c 8b a4 c3 d8 00 00 00 4c 89 e7 e8 74 6a 71 00 48 8b 4c 24 20 48 89 44 24 18 eb 8f <0f> 0b f7 43 08 00 0d 21 00 75 cd eb c6 80 4c 24 53 80 e9 75 ff ff [ 3566.584431] RSP: 0018:a76066effdb0 EFLAGS: 00010246 [ 3566.590262] RAX: 95430ba21930 RBX: 952b80043300 RCX: 802a001a [ 3566.598223] RDX: a76066effdd8 RSI: eed9a22e8840 RDI: a76066effe18 [ 3566.606189] RBP: 95430ba21900 R08: 0001 R09: c0d89ecc [ 3566.614152] R10: 0013 R11: 0001 R12: a76066effe50 [ 3566.622114] R13: 95430ba21900 R14: eed9a22e8840 R15: 95430ba21900 [ 3566.630079] FS: () GS:955a9fa4() knlGS: [ 3566.639107] CS: 0010 DS: ES: CR0: 80050033 [ 3566.645518] CR2: 7f255e9eb3d8 CR3: 002a6d410006 CR4: 001706e0 [ 3566.653479] Call Trace: [ 3566.656210] [ 3566.658552] ? __die_body.cold+0x1a/0x1f [ 3566.662928] ? die+0x2a/0x50 [ 3566.666144] ? do_trap+0xc5/0x110 [ 3566.669848] ? __slab_free+0x118/0x2d0 [ 3566.674029] ? do_error_trap+0x6a/0x90 [ 3566.678211] ? __slab_free+0x118/0x2d0 [ 3566.682393] ? exc_invalid_op+0x4c/0x60 [ 3566.686676] ? __slab_free+0x118/0x2d0 [ 3566.690857] ? asm_exc_invalid_op+0x16/0x20 [ 3566.695529] ? nf_tables_trans_destroy_work+0x1cc/0x250 [nf_tables] [ 3566.702532] ? __slab_free+0x118/0x2d0 [ 3566.706714] ? obj_cgroup_uncharge_pages+0xd0/0xd0 [ 3566.712066] nf_tables_trans_destroy_work+0x1cc/0x250 [nf_tables] [ 3566.718874] process_one_work+0x1c7/0x380 [ 3566.723351] worker_thread+0x4d/0x380 [ 3566.727436] ? rescuer_thread+0x3a0/0x3a0 [ 3566.731908] kthread+0xda/0x100 [ 3566.735417] ? kthread_complete_and_exit+0x20/0x20 [ 3566.740763] ret_from_fork+0x22/0x30 [ 3566.744759] [ 3566.747195] Modules linked in: xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter bridge 8021q garp stp mrp llc overlay bonding tls nft_nat nft_chain_nat nf_nat nft_log qrtr nft_limit nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables libcrc32c nfnetlink_log nfnetlink binfmt_misc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp nls_ascii nls_cp437 coretemp kvm_intel vfat fat kvm ipmi_ssif irqbypass ghash_clmulni_intel sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel crypto_simd cryptd ipmi_si iTCO_wdt rapl intel_pmc_bxt ipmi_devintf joydev intel_cstate iTCO_vendor_support ipmi_msghandler sg acpi_power_meter watchdog intel_uncore mei_me mei pcspkr evdev parport_pc ppdev lp parport efi_pstore dm_mod fuse loop configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic hid_generic usbhid hid sr_mod cdrom sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif [ 3566.747268] crct10dif_generic mgag200 i2c_algo_bit drm_shmem_helper ahci drm_kms_helper libahci ehci_pci ehci_hcd libata crct10dif_pclmul megaraid_sas drm crct10dif_common crc32_pclmul crc32c_intel usbcore tg3 scsi_mod lpc_ich libphy usb_common scsi_common wmi button [ 3566.870202] ---[ end trace ]--- [ 3566.878075] RIP: 0010:__slab_free+0x118/0x2d0 [ 3566.882954] Code: 74 35 49 8b 06 48 89 4c 24 20 48 c1 e8 36 4c 8b a4 c3 d8 00 00 00 4c 89 e7 e8 74 6a 71 00 48 8b 4c 24 20 48 89 44 24 18 eb 8f <0f> 0b f7 43 08 00 0d 21 00 75 cd eb c6 80 4c 24 53 80 e9 75 ff ff [ 3566.903925] RSP: 0018:a76066effdb0 EFLAGS: 00010246 [ 3566.909772] RAX: 95430ba21930 RBX: 952b80043300 RCX: 802a001a [ 3566.917752] RDX: a76066effdd8 RSI: eed9a22e8840 RDI: a76066effe18 [ 3566.925747] RBP: 95430ba21900 R08: 0001 R09: c0d89ecc [ 3566.933714] R10: 0013 R11: 0001 R12: a76066effe50 [ 3566.941694] R13: 95430ba21900 R14: eed9a22e8840 R15: 95430ba21900 [ 3566.949670] FS: () GS:955a9fa4() knlGS: [ 3566.958717] CS: 0010 DS: ES: CR0: 80050033 [ 3566.965144] CR2: 7f255e9eb3d8 CR3: 002a6d410006 CR4: 001706e0 After this status, the host is still running, but without nft and if I call or edit nft, then it hungs, so I have to reboot the
Bug#1059851: isc-dhcp-client: dhclient -4o6 unknown command
Package: isc-dhcp-client
Version: 4.4.3-P1-2
Severity: normal
Dear Maintainer,
I'm trying to get lease for dhcp4 over dhcp6. For dhclient there is an option
on manpage called '-4o6 port'. Unfortunately shows dhclient this option as
"unknown command", and so I can't check if the 4o6 configuration at server side
works or not.
# dhclient -4o6 6767
Internet Systems Consortium DHCP Client 4.4.3-P1
Copyright 2004-2022 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Unknown command: -4o6
Usage: dhclient [-4|-6] [-SNTPRI1dvrxi] [-nw] [-p ] [-D LL|LLT]
[--dad-wait-time ] [--prefix-len-hint ]
[--decline-wait-time ]
[--address-prefix-len ]
[-s server-addr] [-cf config-file]
[-df duid-file] [-lf lease-file]
[-pf pid-file] [--no-pid] [-e VAR=val]
[-sf script-file] [interface]*
dhclient {--version|--help|-h}
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging.
exiting.
Would you please to check or fix this option, to get it works?
Thank you and best regards,
Daniel Sugondo.
-- System Information:
Debian Release: 12.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-16-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages isc-dhcp-client depends on:
ii debianutils 5.7-0.5~deb12u1
ii iproute2 6.1.0-3
ii libc62.36-9+deb12u3
Versions of packages isc-dhcp-client recommends:
ii isc-dhcp-common 4.4.3-P1-2
Versions of packages isc-dhcp-client suggests:
pn avahi-autoipd
pn isc-dhcp-client-ddns
ii systemd-resolved [resolvconf] 252.19-1~deb12u1
-- no debconf information
Bug#1053564: Acknowledgement (nftables: nft freeze after some times, probably as a result of excessive use of named set)
Hi Arturo, does your update in order to fix the CVE-2023-6817 impact this problem too? https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a regards. On 10/24/23 10:36, Arturo Borrero Gonzalez wrote: On 10/24/23 10:20, Daniel Haryo Sugondo wrote: Dear maintainer the problem with named set makes the system unusable. I would be so thankful, if you can give me some hints, what's wrong with the behavior since Debian12. Hi Daniel, this sounds to me like a bug in the nf_tables linux kernel subsystem. I don't have the info at hand at the moment whether if this has been fixed already. I would try using a newer kernel, either stable or backports. regards. -- Mit freundlichen Grüßen! Daniel Haryo Sugondo High Performance Computing Center Stuttgart (HLRS) Department HPCN Production Networks and Firewall University Stuttgart Tel.: +49 (0)711 / 685-87250 Fax: +49 (0)711 / 685-77250 Nobelstraße 19 Room 0.051 70569 Stuttgart Germany Mail: daniel.sugo...@hlrs.de PGP Key Fingerprint: 1F82 CE27 30C1 8E0E 11DF B636 2EA5 BDE1 97A2 1C82 If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. < Theory is where you know everything, but nothing works; practice is where everything works, but nobody knows why. Here we combine theory with practice; nothing works and nobody knows why! -- A. Einstein --> OpenPGP_0x2EA5BDE197A21C82.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1053564: Acknowledgement (nftables: nft freeze after some times, probably as a result of excessive use of named set)
on video wmi
[327659.296519] ---[ end trace ]---
[327659.602320] pstore: backend (erst) writing error (-28)
[327659.602323] RIP: 0010:___slab_alloc+0x5f0/0xaf0
[327659.602368] Code: 48 48 8b 74 24 38 48 89 46 10 e8 0b 04 81 00 41 8b 54 24
28 48 8b 74 24 38 4c 01 f2 48 89 d0 48 0f c8 49 33 84 24 b8 00 00 00 <48> 33 02
48 81 46 08 00 20 00 00 48 89 06 49 8b 1c 24 48 83 c3 20
[327659.602369] RSP: 0018:c3be41d57af0 EFLAGS: 00010286
[327659.602371] RAX: c8fdfcb812544c17 RBX: 00039b60 RCX:
b12093a9
[327659.602372] RDX: def367ea15824066 RSI: a0f28fcb9b40 RDI:
b203a026
[327659.602373] RBP: c3be41d57bc8 R08: a0f28fcb9b40 R09:
0048
[327659.602374] R10: a0ebc025f800 R11: R12:
a0eb40044d00
[327659.602375] R13: a0eb40044d00 R14: def367ea15824036 R15:
f58dc4046500
[327659.602393] FS: 7f13340d3740() GS:a0f28fc8()
knlGS:
[327659.602395] CS: 0010 DS: ES: CR0: 80050033
[327659.602396] CR2: 5616386d6f78 CR3: 000152b6a004 CR4:
003706e0
[327659.602397] DR0: DR1: DR2:
[327659.602397] DR3: DR6: fffe0ff0 DR7:
0400
Regards,
Daniel.
- Original Message -----
From: "Daniel Haryo Sugondo"
To: "1053564" <1053...@bugs.debian.org>
Sent: Tuesday, October 24, 2023 5:03:58 PM
Subject: Re: Bug#1053564: Acknowledgement (nftables: nft freeze after some
times, probably as a result of excessive use of named set)
Hi,
just want to update the status, the backports kernel 6.5.0-0.deb12.1-amd64
still has bug
Should I contact the kernel maintainer, to report this?
# uptime
17:00:46 up 5:48, 1 user, load average: 1.00, 1.00, 0.80
# ps aux | grep nft
root 118228 0.0 0.0 0 0 ?D16:38 0:00 [nft]
Oct 24 16:37:31 nftfqdn.sh[117820]: /dev/shm/fqdn.nft:6:39-63: Error: Could
not process rule: File exists
Oct 24 16:37:31 nftfqdn.sh[117820]: add element inet firewall fq4-acc-o {
143.204.98.10 . tcp . 443 }
Oct 24 16:37:31 nftfqdn.sh[117820]:
^
Oct 24 16:37:31 nftfqdn.sh[117820]: /dev/shm/fqdn.nft:10:39-63: Error: Could
not process rule: File exists
Oct 24 16:37:31 nftfqdn.sh[117820]: add element inet firewall fq4-acc-o {
143.204.98.14 . tcp . 443 }
Oct 24 16:37:31 nftfqdn.sh[117820]:
^
Oct 24 16:37:31 nftfqdn.sh[117820]: /dev/shm/fqdn.nft:14:39-63: Error: Could
not process rule: File exists
Oct 24 16:37:31 nftfqdn.sh[117820]: add element inet firewall fq4-acc-o {
143.204.98.24 . tcp . 443 }
Oct 24 16:37:31 nftfqdn.sh[117820]:
^
Oct 24 16:37:49 nftfqdn.sh[117922]: /dev/shm/fqdn.nft:2:39-62: Error: Could
not process rule: File exists
Oct 24 16:37:49 nftfqdn.sh[117922]: add element inet firewall fq4-acc-o {
143.204.98.3 . tcp . 443 }
Oct 24 16:37:49 nftfqdn.sh[117922]:
Oct 24 16:38:06 nftfqdn.sh[118024]: /dev/shm/fqdn.nft:2:39-62: Error: Could
not process rule: File exists
Oct 24 16:38:06 nftfqdn.sh[118024]: add element inet firewall fq4-acc-o {
143.204.98.3 . tcp . 443 }
Oct 24 16:38:06 nftfqdn.sh[118024]:
Oct 24 16:38:23 nftfqdn.sh[118126]: /dev/shm/fqdn.nft:2:39-62: Error: Could
not process rule: File exists
Oct 24 16:38:23 nftfqdn.sh[118126]: add element inet firewall fq4-acc-o {
143.204.98.3 . tcp . 443 }
Oct 24 16:38:23 nftfqdn.sh[118126]:
Oct 24 16:38:41 kernel: general protection fault, probably for non-canonical
address 0x2bdf9ea774ac39fc: [#1] PREEMPT SMP PTI
Oct 24 16:38:41 kernel: CPU: 3 PID: 118228 Comm: nft Tainted: GE
6.5.0-0.deb12.1-amd64 #1 Debian 6.5.3-1~bpo12+1
Oct 24 16:38:41 kernel: Hardware name: FUJITSU PRIMERGY RX1330 M2/D3375-A1,
BIOS V5.0.0.11 R1.31.0 for D3375-A1x02/22/2023
Oct 24 16:38:41 kernel: RIP: 0010:__kmem_cache_alloc_node+0x1cd/0x310
Oct 24 16:38:41 kernel: Code: f7 44 24 08 00 08 08 00 74 91 44 89 ea c1 ea 08
21 d0 eb 87 41 8b 44 24 28 4d 8b 0c 24 49 8d 88 00 20 00 00 48 01 f8 48 89 c2
<48> 8b 00 49 33 84 24 b8 00 00 00 48 0f ca 48 31 d0 4c 89 c2 48 89
Oct 24 16:38:41 kernel: RSP: 0018:a49642a57530 EFLAGS: 00010206
Oct 24 16:38:41 kernel: RAX: 2bdf9ea774ac39fc RBX: 00400dc0 RCX:
0634e003
Oct 24 16:38:41 kernel: RDX: 2bdf9ea774ac39fc RSI: acc50147 RDI:
2bdf9ea774ac39dc
Oct 24 16:38:41 kernel: RBP: a49642a57580 R08: 0634c003 R09:
00038580
Oct 24 16:38:41 kernel: R10: R11: R12:
919d80044c00
Oct 24 16:38:41 kernel: R13: 004
Bug#1053564: Acknowledgement (nftables: nft freeze after some times, probably as a result of excessive use of named set)
Oct 24 16:38:41 kernel: ___sys_sendmsg+0x9a/0xe0 Oct 24 16:38:41 kernel: ? sk_getsockopt+0x72b/0x1230 Oct 24 16:38:41 kernel: __sys_sendmsg+0x7a/0xd0 Oct 24 16:38:41 kernel: do_syscall_64+0x5c/0xc0 Oct 24 16:38:41 kernel: ? fpregs_assert_state_consistent+0x26/0x50 Oct 24 16:38:41 kernel: ? exit_to_user_mode_prepare+0x40/0x1d0 Oct 24 16:38:41 kernel: ? syscall_exit_to_user_mode+0x2b/0x40 Oct 24 16:38:41 kernel: ? do_syscall_64+0x6b/0xc0 Oct 24 16:38:41 kernel: ? syscall_exit_to_user_mode+0x2b/0x40 Oct 24 16:38:41 kernel: ? do_syscall_64+0x6b/0xc0 Oct 24 16:38:41 kernel: ? exit_to_user_mode_prepare+0x40/0x1d0 Oct 24 16:38:41 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Oct 24 16:38:41 kernel: RIP: 0033:0x7fcca6cb7930 Oct 24 16:38:41 kernel: Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 80 3d b1 fc 0c 00 00 74 17 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 89 54 Oct 24 16:38:41 kernel: RSP: 002b:7ffdc47ab0b8 EFLAGS: 0202 ORIG_RAX: 002e Oct 24 16:38:41 kernel: RAX: ffda RBX: 7ffdc47bc2b0 RCX: 7fcca6cb7930 Oct 24 16:38:41 kernel: RDX: RSI: 7ffdc47bc160 RDI: 0003 Oct 24 16:38:41 kernel: RBP: 7ffdc47bc260 R08: 7ffdc47ab094 R09: 55b302903520 Oct 24 16:38:41 kernel: R10: 7fcca6e9ff00 R11: 0202 R12: 55b3028d9b50 Oct 24 16:38:41 kernel: R13: 0001 R14: 7ffdc47ab0d0 R15: 0001 Oct 24 16:38:41 kernel: Oct 24 16:38:41 kernel: Modules linked in: bridge(E) 8021q(E) garp(E) stp(E) mrp(E) llc(E) nfnetlink_log(E) nft_log(E) nft_limit(E) nft_ct(E) nf_tables(E) nf_conntrack_netlink(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) nfnetlink(E) binfmt_misc(E) inte> Oct 24 16:38:41 kernel: async_raid6_recov(E) async_memcpy(E) async_pq(E) async_xor(E) async_tx(E) xor(E) raid6_pq(E) libcrc32c(E) crc32c_generic(E) raid0(E) multipath(E) linear(E) csiostor(E) raid1(E) md_mod(E) sd_mod(E) t10_pi(E) hid_generic(E) crc64_rocksoft(E> Oct 24 16:38:41 kernel: ---[ end trace ]--- Oct 24 16:38:41 kernel: RIP: 0010:__kmem_cache_alloc_node+0x1cd/0x310 Oct 24 16:38:41 kernel: Code: f7 44 24 08 00 08 08 00 74 91 44 89 ea c1 ea 08 21 d0 eb 87 41 8b 44 24 28 4d 8b 0c 24 49 8d 88 00 20 00 00 48 01 f8 48 89 c2 <48> 8b 00 49 33 84 24 b8 00 00 00 48 0f ca 48 31 d0 4c 89 c2 48 89 Oct 24 16:38:41 kernel: RSP: 0018:a49642a57530 EFLAGS: 00010206 Oct 24 16:38:41 kernel: RAX: 2bdf9ea774ac39fc RBX: 00400dc0 RCX: 0634e003 Oct 24 16:38:41 kernel: RDX: 2bdf9ea774ac39fc RSI: acc50147 RDI: 2bdf9ea774ac39dc Oct 24 16:38:41 kernel: RBP: a49642a57580 R08: 0634c003 R09: 00038580 Oct 24 16:38:42 kernel: R10: R11: R12: 919d80044c00 Oct 24 16:38:42 kernel: R13: 00400dc0 R14: 919d83542140 R15: Oct 24 16:38:42 kernel: FS: 7fcca6a70740() GS:91a4cfcc() knlGS: Oct 24 16:38:42 kernel: CS: 0010 DS: ES: CR0: 80050033 Oct 24 16:38:42 kernel: CR2: 7ffdc47ab0b8 CR3: 00010650c006 CR4: 003706e0 Oct 24 16:38:42 kernel: DR0: DR1: DR2: Oct 24 16:38:42 kernel: DR3: DR6: fffe0ff0 DR7: 0400 regards, - Original Message ----- From: "Daniel Haryo Sugondo" To: "Arturo Borrero Gonzalez" Cc: "1053564" <1053...@bugs.debian.org> Sent: Tuesday, October 24, 2023 11:22:50 AM Subject: Re: Bug#1053564: Acknowledgement (nftables: nft freeze after some times, probably as a result of excessive use of named set) Hi Arturo, thank you for your answer, I'll give now a shot with 6.5.0-0.deb12.1-amd64. On 1st of October, I tested it with linux-image-6.4.0-0.deb12.2-amd64 but the problem still exist and revert it back on 2nd of October to the default Debian 12 Kernel. regards. - Original Message - From: "Arturo Borrero Gonzalez" To: "Daniel Haryo Sugondo" Cc: "1053564" <1053...@bugs.debian.org> Sent: Tuesday, October 24, 2023 10:36:42 AM Subject: Re: Bug#1053564: Acknowledgement (nftables: nft freeze after some times, probably as a result of excessive use of named set) On 10/24/23 10:20, Daniel Haryo Sugondo wrote: > Dear maintainer > > the problem with named set makes the system unusable. > > I would be so thankful, if you can give me some hints, what's > wrong with the behavior since Debian12. > Hi Daniel, this sounds to me like a bug in the nf_tables linux kernel subsystem. I don't have the info at hand at the moment whether if this has been fixed already. I would try using a newer kernel, either stable or backports. regards.
Bug#1053564: Acknowledgement (nftables: nft freeze after some times, probably as a result of excessive use of named set)
Hi Arturo, thank you for your answer, I'll give now a shot with 6.5.0-0.deb12.1-amd64. On 1st of October, I tested it with linux-image-6.4.0-0.deb12.2-amd64 but the problem still exist and revert it back on 2nd of October to the default Debian 12 Kernel. regards. - Original Message - From: "Arturo Borrero Gonzalez" To: "Daniel Haryo Sugondo" Cc: "1053564" <1053...@bugs.debian.org> Sent: Tuesday, October 24, 2023 10:36:42 AM Subject: Re: Bug#1053564: Acknowledgement (nftables: nft freeze after some times, probably as a result of excessive use of named set) On 10/24/23 10:20, Daniel Haryo Sugondo wrote: > Dear maintainer > > the problem with named set makes the system unusable. > > I would be so thankful, if you can give me some hints, what's > wrong with the behavior since Debian12. > Hi Daniel, this sounds to me like a bug in the nf_tables linux kernel subsystem. I don't have the info at hand at the moment whether if this has been fixed already. I would try using a newer kernel, either stable or backports. regards.
Bug#1053564: Acknowledgement (nftables: nft freeze after some times, probably as a result of excessive use of named set)
Dear maintainer the problem with named set makes the system unusable. I would be so thankful, if you can give me some hints, what's wrong with the behavior since Debian12. Best regards, Daniel Sugondo. - Original Message - From: "Daniel Haryo Sugondo" To: 1053...@bugs.debian.org Sent: Wednesday, October 11, 2023 7:54:04 AM Subject: Re: Bug#1053564: Acknowledgement (nftables: nft freeze after some times, probably as a result of excessive use of named set) Additional Information after upgrade to 12.2 dpkg -l | grep nft ii libnftables1:amd64 1.0.6-2+deb12u2amd64 Netfilter nftables high level userspace API library ii libnftnl11:amd64 1.2.4-2amd64 Netfilter nftables userspace API library ii nftables 1.0.6-2+deb12u2amd64 Program to control packet filtering rules by Netfilter project Oct 11 02:12:17 kernel: general protection fault, probably for non-canonical address 0xf54db85b35fdfe19: [#34] PREEMPT SMP PTI Oct 11 02:12:17 kernel: CPU: 5 PID: 1692386 Comm: nft Tainted: G D W 6.1.0-13-amd64 #1 Debian 6.1.55-1 Oct 11 02:12:17 kernel: Hardware name: FUJITSU PRIMERGY RX1330 M2/D3375-A1, BIOS V5.0.0.11 R1.31.0 for D3375-A1x 02/22/2023 Oct 11 02:12:17 kernel: RIP: 0010:nft_setelem_data_deactivate+0x44/0x80 [nf_tables] Oct 11 02:12:17 kernel: Code: 36 0f b6 50 03 84 d2 74 15 8b 4e 4c 81 f9 ff fe ff ff 76 0a 81 f9 00 ff ff ff 74 20 0f 0b 0f b6 50 09 84 d2 74 11 48 8b 14 10 <8b> 42 34 8d 48 ff 89 4a 34 85 c0 74 27 c3 cc cc cc cc 48 01 c2 8b Oct 11 02:12:17 kernel: RSP: 0018:aec90bebb728 EFLAGS: 00010206 Oct 11 02:12:17 kernel: RAX: 9c2a8ad217c0 RBX: aec90bebb908 RCX: 3660e005 Oct 11 02:12:17 kernel: RDX: f54db85b35fdfde5 RSI: 9c2aa1165e00 RDI: 9208ca40 Oct 11 02:12:17 kernel: RBP: aec90bebb7c0 R08: 9c2a8a4c6840 R09: 0001 Oct 11 02:12:17 kernel: R10: 0020 R11: 0004 R12: 9c2aa1165e00 Oct 11 02:12:17 kernel: R13: 9c2a8ad217c0 R14: 9c2a8144e400 R15: 9208ca40 Oct 11 02:12:17 kernel: FS: 7f0a1ac54740() GS:9c31cfd4() knlGS: Oct 11 02:12:17 kernel: CS: 0010 DS: ES: CR0: 80050033 Oct 11 02:12:17 kernel: CR2: 7f0a1a97e000 CR3: 000151a1c005 CR4: 003706e0 Oct 11 02:12:17 kernel: DR0: DR1: DR2: Oct 11 02:12:17 kernel: DR3: DR6: fffe0ff0 DR7: 0400 Oct 11 02:12:17 kernel: Call Trace: Oct 11 02:12:17 kernel: Oct 11 02:12:17 kernel: ? __die_body.cold+0x1a/0x1f Oct 11 02:12:17 kernel: ? die_addr+0x38/0x60 Oct 11 02:12:17 kernel: ? exc_general_protection+0x234/0x4a0 Oct 11 02:12:17 kernel: ? asm_exc_general_protection+0x22/0x30 Oct 11 02:12:17 kernel: ? nft_setelem_data_deactivate+0x44/0x80 [nf_tables] Oct 11 02:12:17 kernel: nft_del_setelem+0x47e/0x4f0 [nf_tables] Oct 11 02:12:17 kernel: nf_tables_delsetelem+0x1fc/0x300 [nf_tables] Oct 11 02:12:17 kernel: ? __kmem_cache_alloc_node+0x139/0x2a0 Oct 11 02:12:17 kernel: ? nfnetlink_rcv_batch+0x20a/0x9a0 [nfnetlink] Oct 11 02:12:17 kernel: nfnetlink_rcv_batch+0x5df/0x9a0 [nfnetlink] Oct 11 02:12:17 kernel: nfnetlink_rcv+0x175/0x193 [nfnetlink] Oct 11 02:12:17 kernel: netlink_unicast+0x247/0x390 Oct 11 02:12:17 kernel: netlink_sendmsg+0x250/0x4c0 Oct 11 02:12:17 kernel: sock_sendmsg+0x5c/0x70 Oct 11 02:12:17 kernel: sys_sendmsg+0x277/0x2f0 Oct 11 02:12:17 kernel: ? copy_msghdr_from_user+0x7d/0xc0 Oct 11 02:12:17 kernel: ___sys_sendmsg+0x9a/0xe0 Oct 11 02:12:17 kernel: __sys_sendmsg+0x76/0xc0 Oct 11 02:12:17 kernel: do_syscall_64+0x58/0xc0 Oct 11 02:12:17 kernel: ? fpregs_assert_state_consistent+0x22/0x50 Oct 11 02:12:17 kernel: ? exit_to_user_mode_prepare+0x40/0x1d0 Oct 11 02:12:17 kernel: entry_SYSCALL_64_after_hwframe+0x64/0xce Oct 11 02:12:17 kernel: RIP: 0033:0x7f0a1ae9b930 Oct 11 02:12:17 kernel: Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 80 3d b1 fc 0c 00 00 74 17 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 89 54 Oct 11 02:12:17 kernel: RSP: 002b:7fff7ffdb938 EFLAGS: 0202 ORIG_RAX: 002e Oct 11 02:12:17 kernel: RAX: ffda RBX: 7fff7ffecb30 RCX: 7f0a1ae9b930 Oct 11 02:12:17 kernel: RDX: RSI: 7fff7ffec9e0 RDI: 0003 Oct 11 02:12:17 kernel: RBP: 7fff7ffecae0 R08: 7fff7ffdb914 R09: 55b934860170 Oct 11 02:12:17 kernel: R10: 7f0a1b083f00 R11: 0202 R12: 55b93483ab50 Oct 11 02:12:17 kernel: R13: 00010c00 R14: 7fff7ffdb950 R15: 0001 Oct 11 02:12:17 kernel: Oct 11 02:12:17 kernel: Modules linked in: bridge 8021q garp stp mrp llc nfnetlink_log nft_log nft_limit nft_ct nf_tables nf_conntrack
Bug#1053564: Acknowledgement (nftables: nft freeze after some times, probably as a result of excessive use of named set)
Additional Information after upgrade to 12.2 dpkg -l | grep nft ii libnftables1:amd64 1.0.6-2+deb12u2amd64 Netfilter nftables high level userspace API library ii libnftnl11:amd64 1.2.4-2amd64 Netfilter nftables userspace API library ii nftables 1.0.6-2+deb12u2amd64 Program to control packet filtering rules by Netfilter project Oct 11 02:12:17 kernel: general protection fault, probably for non-canonical address 0xf54db85b35fdfe19: [#34] PREEMPT SMP PTI Oct 11 02:12:17 kernel: CPU: 5 PID: 1692386 Comm: nft Tainted: G D W 6.1.0-13-amd64 #1 Debian 6.1.55-1 Oct 11 02:12:17 kernel: Hardware name: FUJITSU PRIMERGY RX1330 M2/D3375-A1, BIOS V5.0.0.11 R1.31.0 for D3375-A1x 02/22/2023 Oct 11 02:12:17 kernel: RIP: 0010:nft_setelem_data_deactivate+0x44/0x80 [nf_tables] Oct 11 02:12:17 kernel: Code: 36 0f b6 50 03 84 d2 74 15 8b 4e 4c 81 f9 ff fe ff ff 76 0a 81 f9 00 ff ff ff 74 20 0f 0b 0f b6 50 09 84 d2 74 11 48 8b 14 10 <8b> 42 34 8d 48 ff 89 4a 34 85 c0 74 27 c3 cc cc cc cc 48 01 c2 8b Oct 11 02:12:17 kernel: RSP: 0018:aec90bebb728 EFLAGS: 00010206 Oct 11 02:12:17 kernel: RAX: 9c2a8ad217c0 RBX: aec90bebb908 RCX: 3660e005 Oct 11 02:12:17 kernel: RDX: f54db85b35fdfde5 RSI: 9c2aa1165e00 RDI: 9208ca40 Oct 11 02:12:17 kernel: RBP: aec90bebb7c0 R08: 9c2a8a4c6840 R09: 0001 Oct 11 02:12:17 kernel: R10: 0020 R11: 0004 R12: 9c2aa1165e00 Oct 11 02:12:17 kernel: R13: 9c2a8ad217c0 R14: 9c2a8144e400 R15: 9208ca40 Oct 11 02:12:17 kernel: FS: 7f0a1ac54740() GS:9c31cfd4() knlGS: Oct 11 02:12:17 kernel: CS: 0010 DS: ES: CR0: 80050033 Oct 11 02:12:17 kernel: CR2: 7f0a1a97e000 CR3: 000151a1c005 CR4: 003706e0 Oct 11 02:12:17 kernel: DR0: DR1: DR2: Oct 11 02:12:17 kernel: DR3: DR6: fffe0ff0 DR7: 0400 Oct 11 02:12:17 kernel: Call Trace: Oct 11 02:12:17 kernel: Oct 11 02:12:17 kernel: ? __die_body.cold+0x1a/0x1f Oct 11 02:12:17 kernel: ? die_addr+0x38/0x60 Oct 11 02:12:17 kernel: ? exc_general_protection+0x234/0x4a0 Oct 11 02:12:17 kernel: ? asm_exc_general_protection+0x22/0x30 Oct 11 02:12:17 kernel: ? nft_setelem_data_deactivate+0x44/0x80 [nf_tables] Oct 11 02:12:17 kernel: nft_del_setelem+0x47e/0x4f0 [nf_tables] Oct 11 02:12:17 kernel: nf_tables_delsetelem+0x1fc/0x300 [nf_tables] Oct 11 02:12:17 kernel: ? __kmem_cache_alloc_node+0x139/0x2a0 Oct 11 02:12:17 kernel: ? nfnetlink_rcv_batch+0x20a/0x9a0 [nfnetlink] Oct 11 02:12:17 kernel: nfnetlink_rcv_batch+0x5df/0x9a0 [nfnetlink] Oct 11 02:12:17 kernel: nfnetlink_rcv+0x175/0x193 [nfnetlink] Oct 11 02:12:17 kernel: netlink_unicast+0x247/0x390 Oct 11 02:12:17 kernel: netlink_sendmsg+0x250/0x4c0 Oct 11 02:12:17 kernel: sock_sendmsg+0x5c/0x70 Oct 11 02:12:17 kernel: sys_sendmsg+0x277/0x2f0 Oct 11 02:12:17 kernel: ? copy_msghdr_from_user+0x7d/0xc0 Oct 11 02:12:17 kernel: ___sys_sendmsg+0x9a/0xe0 Oct 11 02:12:17 kernel: __sys_sendmsg+0x76/0xc0 Oct 11 02:12:17 kernel: do_syscall_64+0x58/0xc0 Oct 11 02:12:17 kernel: ? fpregs_assert_state_consistent+0x22/0x50 Oct 11 02:12:17 kernel: ? exit_to_user_mode_prepare+0x40/0x1d0 Oct 11 02:12:17 kernel: entry_SYSCALL_64_after_hwframe+0x64/0xce Oct 11 02:12:17 kernel: RIP: 0033:0x7f0a1ae9b930 Oct 11 02:12:17 kernel: Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 80 3d b1 fc 0c 00 00 74 17 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 89 54 Oct 11 02:12:17 kernel: RSP: 002b:7fff7ffdb938 EFLAGS: 0202 ORIG_RAX: 002e Oct 11 02:12:17 kernel: RAX: ffda RBX: 7fff7ffecb30 RCX: 7f0a1ae9b930 Oct 11 02:12:17 kernel: RDX: RSI: 7fff7ffec9e0 RDI: 0003 Oct 11 02:12:17 kernel: RBP: 7fff7ffecae0 R08: 7fff7ffdb914 R09: 55b934860170 Oct 11 02:12:17 kernel: R10: 7f0a1b083f00 R11: 0202 R12: 55b93483ab50 Oct 11 02:12:17 kernel: R13: 00010c00 R14: 7fff7ffdb950 R15: 0001 Oct 11 02:12:17 kernel: Oct 11 02:12:17 kernel: Modules linked in: bridge 8021q garp stp mrp llc nfnetlink_log nft_log nft_limit nft_ct nf_tables nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nfnetlink binfmt_misc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal i> Oct 11 02:12:17 kernel: crct10dif_generic crct10dif_pclmul crct10dif_common ahci crc32_pclmul i2c_i801 xhci_pci libahci crc32c_intel i2c_smbus xhci_hcd cxgb4 libata scsi_transport_fc usbcore igb scsi_mod tls i2c_algo_bit dca scsi_common usb_common video wmi Oct 11 02:12:17 kernel: ---[ end trace ]--- Oct 11 02:12:17 kernel: RIP:
Bug#1053564: nftables: nft freeze after some times, probably as a result of excessive use of named set
Package: nftables
Version: 1.0.6-2+deb12u1
Severity: normal
Dear Maintainer,
I'm trying to support our nftables to use FQDN (CDN). I wrote a shell script
to translate FQDN into ip(v4/v6) address and feed the results in nftables
"named set". The elements have a max. timeout from about 5 Min. I don't want
outdated entries on my sets. The script inserts and deletes the elements
periodically.
My script works flawlessly on Debian 11 and for the first hours on Debian 12
too, but ends on Debian 12 with [D]-state on "ps" output, after some hours,
and on dmesg you can see Call Traces from netlink modul.
I don't have any idea, why the behaviour on Debian 12 is different to the
previous version. Maybe you can take a look for this.
Further informations:
My named set on nftables for this purpose looks like:
table inet firewall {
set fq4-acc-o {
type ipv4_addr . inet_proto . inet_service
flags interval,timeout
timeout 5m15s
}
set fq6-acc-o {
type ipv6_addr . inet_proto . inet_service
flags interval,timeout
timeout 5m15s
}
...
Some examples, if nft crashs:
Oct 02 00:38:51 nftfqdn.sh[224817]: /dev/shm/fqdn.nft:42:39-86: Error: Could
not process rule: File exists
Oct 02 00:38:51 nftfqdn.sh[224817]: add element inet firewall fq6-acc-o {
2600:9000:2490:e000:3:db06:4200:93a1 . tcp . 443 }
Oct 02 00:38:51 nftfqdn.sh[224817]:
Oct 03 04:13:04 nftfqdn.sh[203649]: /dev/shm/fqdn.nft:12:39-63: Error: Could
not process rule: File exists
Oct 03 04:13:04 nftfqdn.sh[203649]: add element inet firewall fq4-acc-o {
143.204.98.14 . tcp . 443 timeout 27s }
Oct 03 04:13:04 nftfqdn.sh[203649]:
^
dmesg output
Oct 03 04:13:22 kernel: BUG: kernel NULL pointer dereference, address:
0034
Oct 03 04:13:22 kernel: #PF: supervisor read access in kernel mode
Oct 03 04:13:22 kernel: #PF: error_code(0x) - not-present page
Oct 03 04:13:22 kernel: PGD 0 P4D 0
Oct 03 04:13:22 kernel: Oops: [#1] PREEMPT SMP PTI
Oct 03 04:13:22 kernel: CPU: 2 PID: 203751 Comm: nft Not tainted 6.1.0-12-amd64
#1 Debian 6.1.52-1
Oct 03 04:13:22 kernel: Hardware name: FUJITSU PRIMERGY RX1330 M2/D3375-A1,
BIOS V5.0.0.11 R1.31.0 for D3375-A1x02/22/2023
Oct 03 04:13:22 kernel: RIP:
0010:nft_setelem_data_deactivate.constprop.0.isra.0+0x40/0x80 [nf_tables]
Oct 03 04:13:22 kernel: Code: 36 0f b6 46 03 84 c0 74 15 8b 57 44 81 fa ff fe
ff ff 76 0a 81 fa 00 ff ff ff 74 20 0f 0b 0f b6 46 09 84 c0 74 11 48 8b 14 06
<8b> 42 34 8d 48 ff 89 4a 34 85 c0 74 27 c3 cc cc cc cc 48 01 f0 8b
Oct 03 04:13:22 kernel: RSP: 0018:c07fc315f6b8 EFLAGS: 00010202
Oct 03 04:13:22 kernel: RAX: 0038 RBX: c07fc315f898 RCX:
0854c002
Oct 03 04:13:22 kernel: RDX: RSI: 9c63c3bf9340 RDI:
9c63c198f000
Oct 03 04:13:22 kernel: RBP: c07fc315f750 R08: 9c63d36c0e00 R09:
0001
Oct 03 04:13:22 kernel: R10: 0020 R11: 0004 R12:
9c63c198f000
Oct 03 04:13:22 kernel: R13: 9c63c3bf9340 R14: 9c63d36c0200 R15:
9c63c198f000
Oct 03 04:13:22 kernel: FS: 7f0fe7262740() GS:9c6b0fc8()
knlGS:
Oct 03 04:13:22 kernel: CS: 0010 DS: ES: CR0: 80050033
Oct 03 04:13:22 kernel: CR2: 0034 CR3: 000151c3e003 CR4:
003706e0
Oct 03 04:13:22 kernel: DR0: DR1: DR2:
Oct 03 04:13:22 kernel: DR3: DR6: fffe0ff0 DR7:
0400
Oct 03 04:13:22 kernel: Call Trace:
Oct 03 04:13:22 kernel:
Oct 03 04:13:22 kernel: ? __die_body.cold+0x1a/0x1f
Oct 03 04:13:22 kernel: ? page_fault_oops+0xd2/0x2b0
Oct 03 04:13:22 kernel: ? exc_page_fault+0x70/0x170
Oct 03 04:13:22 kernel: ? asm_exc_page_fault+0x22/0x30
Oct 03 04:13:22 kernel: ?
nft_setelem_data_deactivate.constprop.0.isra.0+0x40/0x80 [nf_tables]
Oct 03 04:13:22 kernel: nft_del_setelem+0x49b/0x510 [nf_tables]
Oct 03 04:13:22 kernel: nf_tables_delsetelem+0x1f0/0x2e0 [nf_tables]
Oct 03 04:13:22 kernel: ? __kmem_cache_alloc_node+0x139/0x2a0
Oct 03 04:13:22 kernel: ? nfnetlink_rcv_batch+0x20a/0x9a0 [nfnetlink]
Oct 03 04:13:22 kernel: nfnetlink_rcv_batch+0x5df/0x9a0 [nfnetlink]
Oct 03 04:13:22 kernel: nfnetlink_rcv+0x175/0x193 [nfnetlink]
Oct 03 04:13:22 kernel: netlink_unicast+0x23f/0x390
Oct 03 04:13:22 kernel: netlink_sendmsg+0x250/0x4c0
Oct 03 04:13:22 kernel: sock_sendmsg+0x5c/0x70
Oct 03 04:13:22 kernel: sys_sendmsg+0x277/0x2f0
Oct 03 04:13:22 kernel: ? copy_msghdr_from_user+0x7d/0xc0
Oct 03 04:13:22 kernel: ___sys_sendmsg+0x9a/0xe0
Oct 03 04:13:22 kernel: __sys_sendmsg+0x76/0xc0
Oct 03 04:13:22 kernel: do_syscall_64+0x58/0xc0
Oct 03 04:13:22 kernel: ?
Bug#641811: openvpn-auth-ldap: segmentation fault
Sorry there was typo on my report, I mean libobjc4 instead of libobj4 . Quite recently, I've tried to recompile against libobjc3 and it works. Maybe there is a problem with libobjc4? - Original Message - From: hpcdsugo hpcds...@hlrs.de To: Debian Bug Tracking System 641...@bugs.debian.org Sent: Thursday, June 21, 2012 11:39:47 AM Subject: Re: openvpn-auth-ldap: segmentation fault Package: openvpn-auth-ldap Version: 2.0.3-3 Followup-For: Bug #641811 Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? After upgrading the package openvpn-auth-ldap and libobj4, openvpn can't start. * What exactly did you do (or not do) that was effective (or ineffective)? ineffective - downgrade to openvpn-auth-ldap_2.0.3-2_amd64.deb and libobjc3_4.6.3-1_amd64.deb * What was the outcome of this action? OpenVPN can run again -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openvpn-auth-ldap depends on: ii libc6 2.13-33 ii libldap-2.4-2 2.4.28-1.1 ii libobjc4 4.7.0-8 ii openvpn 2.2.1-8 openvpn-auth-ldap recommends no packages. openvpn-auth-ldap suggests no packages. -- no debconf information
Bug#513113: sdb LDAP
Hi,I think Stefan problem isn't DLZ, but bind with LDAP sdb backend from http://bind9-ldap.bayour.com/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513113: sdb LDAP
Is it possible to compile with sdb ldap too? So the user can decide it, if he want to use sdb or dlz. I've tried it and got an segfault error. Do you have a idea how to compile it with sdb? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510678: libnss-ldap: ldap entry on nsswitch.conf causes gdm hang
Here is the config from /usr/share/base-files/nsswitch.conf. On my Machine run at this moment no ldap authentication. # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis And configured /etc/libnss-ldap.conf for LDAP authentication. My problem is an LDAP authentication, therefore I must change the file /etc/nsswitch.conf as usual for LDAP authentication. On my 1.st post, I just copied the changed section. Here is libnss-ldap.conf without commented stuffs base dc=skpcc,dc=org uri ldaps://hera.skpcc.org:636/ ldap_version 3 rootbinddn cn=admin,dc=skpcc,dc=org timelimit 5 bind_timelimit 5 bind_policy soft pam_filter objectclass=posixAccount pam_login_attribute uid pam_min_uid 1 pam_password exop nss_base_passwd ou=Users,dc=skpcc,dc=org?one nss_base_passwd ou=Computers,dc=skpcc,dc=org?one nss_base_shadow ou=Users,dc=skpcc,dc=org?one nss_base_group ou=Groups,dc=skpcc,dc=org?one ssl on tls_checkpeer yes tls_cacertfile /etc/ldap/cacerts/ca.cert tls_cert /etc/ldap/cacerts/client.cert tls_key /etc/ldap/cacerts/client.key And yes NetworkManager is installed on Clients. On Debian Etch, my Debian can booting til ends and the client can log in to the system with LDAP account. The whole configuration is the same between etch and lenny. I've found the same bug on ubuntu but I couldn't find the link now. The bug exists on 2006 or 2007. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510678: libnss-ldap: ldap entry on nsswitch.conf causes gdm hang
You very likely are simply misconfigured, but I'll not yet drop the severity to a more apropriate value. The ldap entry on nsswitch.conf for ldap authentication like: passwd: compat ldap Why compat ... if you aren't using NIS/NIS+, that should be 'files ldap' group: compat ldap shadow: compat ldap cause the whole system hang. The system loaded til gdm, but I just got an X mouse pointer. The system doesn't response any keyboard command, so that I can't kill the Xserver through ctrl+alt+backspace. I can't go to the terminal with ctrl+alt+f1-f6 too. Over SSH there is no connection to the system, because the system is hanging. OK thank you for the Info! There should be informatitve messages in /var/log/auth.log, and possibly /var/log/syslog... I can't be of much use without seeing some of them. syslog Jan 4 20:37:59 ares NetworkManager: info wlan0: Device is fully-supported using driver 'iwl3945'. Jan 4 20:37:59 ares NetworkManager: info wlan0: driver supports SSID scans (scan_capa 0x01). Jan 4 20:37:59 ares NetworkManager: info nm_device_init(): waiting for device's worker thread to start Jan 4 20:37:59 ares NetworkManager: info nm_device_init(): device's worker thread started, continuing. Jan 4 20:37:59 ares NetworkManager: info Now managing wireless (802.11) device 'wlan0'. Jan 4 20:37:59 ares NetworkManager: info Deactivating device wlan0. Jan 4 20:37:59 ares NetworkManager: info eth0: Device is fully-supported using driver 'tg3'. Jan 4 20:37:59 ares NetworkManager: info nm_device_init(): waiting for device's worker thread to start Jan 4 20:37:59 ares NetworkManager: info nm_device_init(): device's worker thread started, continuing. Jan 4 20:37:59 ares NetworkManager: info Now managing wired Ethernet (802.3) device 'eth0'. Jan 4 20:37:59 ares NetworkManager: info Deactivating device eth0. Jan 4 20:37:59 ares avahi-daemon[3299]: Withdrawing address record for 10.19.8.182 on eth0. Jan 4 20:37:59 ares avahi-daemon[3299]: Leaving mDNS multicast group on interface eth0.IPv4 with address 10.19.8.182. Jan 4 20:37:59 ares avahi-daemon[3299]: Interface eth0.IPv4 no longer relevant for mDNS. Jan 4 20:37:59 ares NetworkManager: info Will activate wired connection 'eth0' because it now has a link. Jan 4 20:37:59 ares NetworkManager: info SWITCH: no current connection, found better connection 'eth0'. Jan 4 20:37:59 ares dhcdbd: message_handler: message handler not found under /com/redhat/dhcp/eth0 for sub-path eth0.dbus.get.reason Jan 4 20:37:59 ares NetworkManager: info Will activate connection 'eth0'. Jan 4 20:37:59 ares NetworkManager: info Device eth0 activation scheduled... Jan 4 20:37:59 ares NetworkManager: info Activation (eth0) started... Jan 4 20:37:59 ares NetworkManager: info Activation (eth0) Stage 1 of 5 (Device Prepare) scheduled... Jan 4 20:37:59 ares NetworkManager: info Activation (eth0) Stage 1 of 5 (Device Prepare) started... Jan 4 20:37:59 ares NetworkManager: info Activation (eth0) Stage 2 of 5 (Device Configure) scheduled... Jan 4 20:37:59 ares NetworkManager: info Activation (eth0) Stage 1 of 5 (Device Prepare) complete. Jan 4 20:37:59 ares NetworkManager: info Activation (eth0) Stage 2 of 5 (Device Configure) starting... Jan 4 20:37:59 ares NetworkManager: info Activation (eth0) Stage 2 of 5 (Device Configure) successful. Jan 4 20:37:59 ares NetworkManager: info Activation (eth0) Stage 3 of 5 (IP Configure Start) scheduled. Jan 4 20:37:59 ares NetworkManager: info Activation (eth0) Stage 2 of 5 (Device Configure) complete. Jan 4 20:37:59 ares NetworkManager: info Activation (eth0) Stage 3 of 5 (IP Configure Start) started... Jan 4 20:38:00 ares NetworkManager: info Activation (eth0) Beginning DHCP transaction. Jan 4 20:38:00 ares anacron[3466]: Anacron 2.3 started on 2009-01-04 Jan 4 20:38:01 ares anacron[3466]: Normal exit (0 jobs run) Jan 4 20:38:01 ares acpid: client connected from 3450[0:0] Jan 4 20:38:01 ares /usr/sbin/cron[3496]: (CRON) INFO (pidfile fd = 3) Jan 4 20:38:01 ares /usr/sbin/cron[3497]: (CRON) STARTUP (fork ok) Jan 4 20:38:01 ares /usr/sbin/cron[3497]: (CRON) INFO (Running @reboot jobs) Jan 4 20:38:04 ares kernel: [ 34.572265] [drm] Initialized drm 1.1.0 20060810 Jan 4 20:38:04 ares kernel: [ 34.586845] pci :00:02.0: PCI INT A - GSI 16 (level, low) - IRQ 16 Jan 4 20:38:04 ares kernel: [ 34.586854] pci :00:02.0: setting latency timer to 64 Jan 4 20:38:04 ares kernel: [ 34.587121] [drm] Initialized i915 1.6.0 20080730 on minor 0 Jan 4 20:38:04 ares NetworkManager: info Error getting killswitch power: org.freedesktop.DBus.Error.NoReply - Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. Jan 4 20:38:04 ares NetworkManager: info Wireless now enabled by radio
Bug#510678: libnss-ldap: ldap entry on nsswitch.conf causes gdm hang
There should be informatitve messages in /var/log/auth.log, and possibly /var/log/syslog... I can't be of much use without seeing some of them. syslog [snip] auth.log [snip] uhm, neither of the log snips appear to be related to your hangs :( On my last messages I've remove the network manager and see, the system run without any hang. I think, the problem exist on network manager, not libnss-ldap. As I written on my 1st post. I can log on with my LDAP Account if I change the nsswitch.conf after booting. So this all works. not necessarily (is pam-ldap also installed and in use ?) does `getent passwd` show all system and ldap users ? I've already insert it, but my system still hang after reboot. ??? -- Confused. # Just assume that there are no supplemental groups for these named users nss_initgroups_ignoreusers root,avahi,haldaemon,gdm Looks like a good start, but since your auth.log/syslog fragments weren't from a hang - there's no way to see what is going on If the system hang, then there is no log. :( Why isn't the line already there and correct ? It would require going through the entire archive and scanning init.d files for anything that might possibly start before nscd (if installed), or the local slapd daemon (if installed) and adding those daemon users to the line... That is necessary, but not sufficient in that the sysadmin may change start order :( You may need to do part of this, or simply add all system users to the line I'll try to add all system users to the line, thank's for your advise. I'd actually recommend you do what I have done - install libnss-ldapd instead. already installed, you can see it on auth.log. So you're up and running now ? Yes the system is up and running now, without network manager. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
