Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 947613

Summary: net-firewall/iptables >=1.8.11 segfault when adding a rule
Product: Gentoo Linux Reporter: MickKi <confabulate>
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: UNCONFIRMED ---    
Severity: normal CC: confabulate
Priority: Normal    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: emerge.info
CPU FLAGS
Backtrace
valgrind capture

Description MickKi 2025-01-06 16:01:04 UTC 
net-firewall/iptables 1.8.11 and 1.8.11-r1 segfault when invoked as:

/usr/bin/iptables -A HOST_BLOCK_SRC_DROP -m limit --limit 1/m --limit-burst 1 -j LOG --log-level info --log-prefix FW:Blocked inbound host:

Reproducible: Always

Steps to Reproduce:
1.Run "/usr/bin/iptables -A HOST_BLOCK_SRC_DROP -m limit --limit 1/m --limit-burst 1 -j LOG --log-level info --log-prefix FW:Blocked inbound host:"
2.
3.
Actual Results:  
~ # /sbin/iptables -A HOST_BLOCK_SRC_DROP -m limit --limit 1/m --limit-burst 1 -j LOG --log-level info --log-prefix FW:Blocked inbound host:
iptables v1.8.11 (legacy): Segmentation fault
~ # /sbin/ip6tables -A HOST_BLOCK_SRC_DROP -m limit --limit 1/m --limit-burst 1 -j LOG --log-level info --log-prefix FW:Blocked inbound host: 
ip6tables v1.8.11 (legacy): Segmentation fault


The syslog shows:

kernel: iptables[2914]: segfault at 10000000a ip 00007f5f13bbd6da sp 00007ffe57577908 error 4 in libc.so.6[7f5f13b36000+158000] likely on CPU 0 (core 0, socket 0)
kernel: ip6tables[2919]: segfault at 10000000a ip 00007fbdf773e6da sp 00007ffc64202408 error 4 in libc.so.6[7fbdf76b7000+158000] likely on CPU 7 (core 3, socket 0)

net-firewall/iptables =<1.8.10-r1 run with no such problems.
Comment 1 MickKi 2025-01-06 16:02:03 UTC 
Created attachment 915994 [details]
emerge.info

emerge --info - attachment.
Comment 2 MickKi 2025-01-06 16:02:55 UTC 
Created attachment 915995 [details]
CPU FLAGS

CPU FLAGS - attachment.
Comment 3 MickKi 2025-01-06 16:04:07 UTC 
Created attachment 915996 [details]
Backtrace

Backtrace - attachment.
Comment 4 MickKi 2025-01-06 16:06:40 UTC 
Created attachment 915997 [details]
valgrind capture

valgrind capture - attachment.