Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 947613 - net-firewall/iptables >=1.8.11 segfault when adding a rule
Summary: net-firewall/iptables >=1.8.11 segfault when adding a rule
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal normal
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-01-06 16:01 UTC by MickKi
Modified: 2025-01-07 18:06 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
emerge.info (emerge.info,6.77 KB, text/plain)
2025-01-06 16:02 UTC, MickKi 		Details
CPU FLAGS (cpuflags.txt,67 bytes, text/plain)
2025-01-06 16:02 UTC, MickKi 		Details
Backtrace (gdb.txt,2.32 KB, text/plain)
2025-01-06 16:04 UTC, MickKi 		Details
valgrind capture (valgrind.log,11.65 KB, text/x-log)
2025-01-06 16:06 UTC, MickKi 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description MickKi 2025-01-06 16:01:04 UTC 
net-firewall/iptables 1.8.11 and 1.8.11-r1 segfault when invoked as:

/usr/bin/iptables -A HOST_BLOCK_SRC_DROP -m limit --limit 1/m --limit-burst 1 -j LOG --log-level info --log-prefix FW:Blocked inbound host:

Reproducible: Always

Steps to Reproduce:
1.Run "/usr/bin/iptables -A HOST_BLOCK_SRC_DROP -m limit --limit 1/m --limit-burst 1 -j LOG --log-level info --log-prefix FW:Blocked inbound host:"
2.
3.
Actual Results:  
~ # /sbin/iptables -A HOST_BLOCK_SRC_DROP -m limit --limit 1/m --limit-burst 1 -j LOG --log-level info --log-prefix FW:Blocked inbound host:
iptables v1.8.11 (legacy): Segmentation fault
~ # /sbin/ip6tables -A HOST_BLOCK_SRC_DROP -m limit --limit 1/m --limit-burst 1 -j LOG --log-level info --log-prefix FW:Blocked inbound host: 
ip6tables v1.8.11 (legacy): Segmentation fault


The syslog shows:

kernel: iptables[2914]: segfault at 10000000a ip 00007f5f13bbd6da sp 00007ffe57577908 error 4 in libc.so.6[7f5f13b36000+158000] likely on CPU 0 (core 0, socket 0)
kernel: ip6tables[2919]: segfault at 10000000a ip 00007fbdf773e6da sp 00007ffc64202408 error 4 in libc.so.6[7fbdf76b7000+158000] likely on CPU 7 (core 3, socket 0)

net-firewall/iptables =<1.8.10-r1 run with no such problems.
Comment 1 MickKi 2025-01-06 16:02:03 UTC 
Created attachment 915994 [details]
emerge.info

emerge --info - attachment.
Comment 2 MickKi 2025-01-06 16:02:55 UTC 
Created attachment 915995 [details]
CPU FLAGS

CPU FLAGS - attachment.
Comment 3 MickKi 2025-01-06 16:04:07 UTC 
Created attachment 915996 [details]
Backtrace

Backtrace - attachment.
Comment 4 MickKi 2025-01-06 16:06:40 UTC 
Created attachment 915997 [details]
valgrind capture

valgrind capture - attachment.