Bug#1059891: marked as done (linux-image-6.1.0-17-amd64: netfilter (nftables) breaks since bookworm)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 10 Aug 2024 14:29:09 +0200 (CEST)
with message-id <20240810122909.0808FBE2DE0@eldamar.lan>
and subject line Closing this bug (BTS maintenance for src:linux bugs)
has caused the Debian Bug report #1059891,
regarding linux-image-6.1.0-17-amd64: netfilter (nftables) breaks since bookworm
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1059891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059891
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: linux-image-6.1.0-17-amd64: netfilter (nftables) breaks since bookworm
• From: Daniel Haryo Sugondo <sugondo@hlrs.de>
• Date: Wed, 03 Jan 2024 07:35:23 +0100
• Message-id: <170426372386.1798793.13467216131617457638.reportbug@izanagi.hlrs.de>

Package: src:linux
Version: 6.1.69-1
Severity: normal

Dear Maintainer,

since Debian 12 (Bookworm) the nft with named set ends with kernel trace and the
nft stalled (D)
# ps aux
root       82373  0.0  0.0      0     0 ?        D    Jan02   0:00 [nft]

The message looks like:
[ 3566.525419] ------------[ cut here ]------------
[ 3566.525424] kernel BUG at mm/slub.c:419!
[ 3566.529834] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[ 3566.535474] CPU: 19 PID: 8146 Comm: kworker/19:0 Not tainted 6.1.0-17-amd64 #1  Debian 6.1.69-1
[ 3566.545182] Hardware name:  /0X3D66, BIOS 2.2.2 01/16/2014
[ 3566.551304] Workqueue: events nf_tables_trans_destroy_work [nf_tables]
[ 3566.558609] RIP: 0010:__slab_free+0x118/0x2d0
[ 3566.563474] Code: 74 35 49 8b 06 48 89 4c 24 20 48 c1 e8 36 4c 8b a4 c3 d8 00 00 00 4c 89 e7 e8 74 6a 71 00 48 8b 4c 24 20 48 89 44 24 18 eb 8f <0f> 0b f7 43 08 00 0d 21 00 75 cd eb c6 80 4c 24 53 80 e9 75 ff ff
[ 3566.584431] RSP: 0018:ffffa76066effdb0 EFLAGS: 00010246
[ 3566.590262] RAX: ffff95430ba21930 RBX: ffff952b80043300 RCX: 00000000802a001a
[ 3566.598223] RDX: ffffa76066effdd8 RSI: ffffeed9a22e8840 RDI: ffffa76066effe18
[ 3566.606189] RBP: ffff95430ba21900 R08: 0000000000000001 R09: ffffffffc0d89ecc
[ 3566.614152] R10: 0000000000000013 R11: 0000000000000001 R12: ffffa76066effe50
[ 3566.622114] R13: ffff95430ba21900 R14: ffffeed9a22e8840 R15: ffff95430ba21900
[ 3566.630079] FS:  0000000000000000(0000) GS:ffff955a9fa40000(0000) knlGS:0000000000000000
[ 3566.639107] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3566.645518] CR2: 00007f255e9eb3d8 CR3: 0000002a6d410006 CR4: 00000000001706e0
[ 3566.653479] Call Trace:
[ 3566.656210]  <TASK>
[ 3566.658552]  ? __die_body.cold+0x1a/0x1f
[ 3566.662928]  ? die+0x2a/0x50
[ 3566.666144]  ? do_trap+0xc5/0x110
[ 3566.669848]  ? __slab_free+0x118/0x2d0
[ 3566.674029]  ? do_error_trap+0x6a/0x90
[ 3566.678211]  ? __slab_free+0x118/0x2d0
[ 3566.682393]  ? exc_invalid_op+0x4c/0x60
[ 3566.686676]  ? __slab_free+0x118/0x2d0
[ 3566.690857]  ? asm_exc_invalid_op+0x16/0x20
[ 3566.695529]  ? nf_tables_trans_destroy_work+0x1cc/0x250 [nf_tables]
[ 3566.702532]  ? __slab_free+0x118/0x2d0
[ 3566.706714]  ? obj_cgroup_uncharge_pages+0xd0/0xd0
[ 3566.712066]  nf_tables_trans_destroy_work+0x1cc/0x250 [nf_tables]
[ 3566.718874]  process_one_work+0x1c7/0x380
[ 3566.723351]  worker_thread+0x4d/0x380
[ 3566.727436]  ? rescuer_thread+0x3a0/0x3a0
[ 3566.731908]  kthread+0xda/0x100
[ 3566.735417]  ? kthread_complete_and_exit+0x20/0x20
[ 3566.740763]  ret_from_fork+0x22/0x30
[ 3566.744759]  </TASK>
[ 3566.747195] Modules linked in: xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter bridge 8021q garp stp mrp llc overlay bonding tls nft_nat nft_chain_nat nf_nat nft_log qrtr nft_limit nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables libcrc32c nfnetlink_log nfnetlink binfmt_misc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp nls_ascii nls_cp437 coretemp kvm_intel vfat fat kvm ipmi_ssif irqbypass ghash_clmulni_intel sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel crypto_simd cryptd ipmi_si iTCO_wdt rapl intel_pmc_bxt ipmi_devintf joydev intel_cstate iTCO_vendor_support ipmi_msghandler sg acpi_power_meter watchdog intel_uncore mei_me mei pcspkr evdev parport_pc ppdev lp parport efi_pstore dm_mod fuse loop configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic hid_generic usbhid hid sr_mod cdrom sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif
[ 3566.747268]  crct10dif_generic mgag200 i2c_algo_bit drm_shmem_helper ahci drm_kms_helper libahci ehci_pci ehci_hcd libata crct10dif_pclmul megaraid_sas drm crct10dif_common crc32_pclmul crc32c_intel usbcore tg3 scsi_mod lpc_ich libphy usb_common scsi_common wmi button
[ 3566.870202] ---[ end trace 0000000000000000 ]---
[ 3566.878075] RIP: 0010:__slab_free+0x118/0x2d0
[ 3566.882954] Code: 74 35 49 8b 06 48 89 4c 24 20 48 c1 e8 36 4c 8b a4 c3 d8 00 00 00 4c 89 e7 e8 74 6a 71 00 48 8b 4c 24 20 48 89 44 24 18 eb 8f <0f> 0b f7 43 08 00 0d 21 00 75 cd eb c6 80 4c 24 53 80 e9 75 ff ff
[ 3566.903925] RSP: 0018:ffffa76066effdb0 EFLAGS: 00010246
[ 3566.909772] RAX: ffff95430ba21930 RBX: ffff952b80043300 RCX: 00000000802a001a
[ 3566.917752] RDX: ffffa76066effdd8 RSI: ffffeed9a22e8840 RDI: ffffa76066effe18
[ 3566.925747] RBP: ffff95430ba21900 R08: 0000000000000001 R09: ffffffffc0d89ecc
[ 3566.933714] R10: 0000000000000013 R11: 0000000000000001 R12: ffffa76066effe50
[ 3566.941694] R13: ffff95430ba21900 R14: ffffeed9a22e8840 R15: ffff95430ba21900
[ 3566.949670] FS:  0000000000000000(0000) GS:ffff955a9fa40000(0000) knlGS:0000000000000000
[ 3566.958717] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3566.965144] CR2: 00007f255e9eb3d8 CR3: 0000002a6d410006 CR4: 00000000001706e0

After this status, the host is still running, but without nft and if I call or
edit nft, then it hungs, so I have to reboot the host.

Please refer to Bug#1053564 too.

-- Package-specific info:
** Kernel log: boot messages should be attached

------------ Wed Jan 03 06:04:15 CET 2024 ------------
/dev/sda2: clean, 144565/5472256 files, 2022274/21874944 blocks
         Mounting proc-sys-fs-binfm…utable File Formats File System...
[  OK  ] Finished console-setup.ser…[0m - Set console font and keymap.
[  OK  ] Finished plymouth-read-wri…lymouth To Write Out Runtime Data.
[  OK  ] Mounted proc-sys-fs-binfmt…ecutable File Formats File System.
[  OK  ] Finished systemd-binfmt.se… Set Up Additional Binary Formats.
[  OK  ] Finished systemd-journal-f…ush Journal to Persistent Storage.
         Starting systemd-tmpfiles-… Volatile Files and Directories...
[  OK  ] Finished apparmor.service - Load AppArmor profiles.
[  OK  ] Finished systemd-tmpfiles-…te Volatile Files and Directories.
         Starting systemd-timesyncd… - Network Time Synchronization...
         Starting systemd-update-ut…rd System Boot/Shutdown in UTMP...
[  OK  ] Finished systemd-update-ut…cord System Boot/Shutdown in UTMP.
[  OK  ] Started systemd-timesyncd.…0m - Network Time Synchronization.
[  OK  ] Reached target sysinit.target - System Initialization.
[  OK  ] Started nftmod.path - Watchdog Trigger for new nftables.
[  OK  ] Started nftsecurity@ingres…nment change ingress for nftables.
[  OK  ] Started systemd-tmpfiles-c… Cleanup of Temporary Directories.
[  OK  ] Reached target time-set.target - System Time Set.
[  OK  ] Started anacron.timer - Trigger anacron every hour.
[  OK  ] Started apt-daily.timer - Daily apt download activities.
[  OK  ] Started apt-daily-upgrade.… apt upgrade and clean activities.
[  OK  ] Started dpkg-db-backup.tim… Daily dpkg database backup timer.
[  OK  ] Started e2scrub_all.timeretadata Check for All Filesystems.
[  OK  ] Started exim4-base.timer - Daily exim4-base housekeeping.
[  OK  ] Started fstrim.timer - Discard unused blocks once a week.
[  OK  ] Started logrotate.timer - Daily rotation of log files.
[  OK  ] Started man-db.timer - Daily man-db regeneration.
[  OK  ] Started plocate-updatedb.t…Update the plocate database daily.
[  OK  ] Reached target timers.target - Timer Units.
[  OK  ] Listening on avahi-daemon.…NS/DNS-SD Stack Activation Socket.
[  OK  ] Listening on dbus.socket-Bus System Message Bus Socket.
         Starting docker.socket - Docker Socket for the API...
[  OK  ] Listening on libvirtd.socket - Libvirt local socket.
[  OK  ] Listening on libvirtd-admi…socket - Libvirt admin socket.
[  OK  ] Listening on libvirtd-ro.s… - Libvirt local read-only socket.
[  OK  ] Listening on lldpad.socket… Discovery Protocol Agent Socket..
[  OK  ] Listening on virtlockd.soc…rtual machine lock manager socket.
[  OK  ] Listening on virtlockd-adm…machine lock manager admin socket.
[  OK  ] Listening on virtlogd.sock…irtual machine log manager socket.
[  OK  ] Listening on virtlogd-admi…irtual machine log manager socket.
[  OK  ] Listening on docker.socket - Docker Socket for the API.
[  OK  ] Reached target sockets.target - Socket Units.
[  OK  ] Reached target basic.target - Basic System.
[  OK  ] Started anacron.service - Run anacron jobs.
         Starting avahi-daemon.serv…e - Avahi mDNS/DNS-SD Stack...
[  OK  ] Started cron.service -…kground program processing daemon.
         Starting dbus.service - D-Bus System Message Bus...
         Starting e2scrub_reap.serv…e ext4 Metadata Check Snapshots...
         Starting lm-sensors.servic…ize hardware monitoring sensors...
[  OK  ] Started nfthelper@antispoo…serving antispoof with ip monitor.
[  OK  ] Started nftsecurity@antisp…ent change antispoof for nftables.
[  OK  ] Started nfthelper@ingress.…observing ingress with ip monitor.
         Starting nftables.service - nftables...
         Starting openipmi.serviceSB: OpenIPMI Driver init script...
         Starting polkit.service - Authorization Manager...
         Starting rsyslog.service - System Logging Service...
         Starting systemd-logind.se…ice - User Login Management...
         Starting systemd-machined.… Container Registration Service...
         Starting udisks2.service - Disk Manager...
         Starting ulogd2.serviceilter Userspace Logging Daemon...
[  OK  ] Started ulogd2.service…etfilter Userspace Logging Daemon.
[  OK  ] Finished lm-sensors.servic…alize hardware monitoring sensors.
[  OK  ] Started openipmi.serviceSB: OpenIPMI Driver init script.
[  OK  ] Started rsyslog.service - System Logging Service.
[  OK  ] Started dbus.service - D-Bus System Message Bus.
         Starting wpa_supplicant.service - WPA supplicant...
[  OK  ] Started systemd-machined.s…nd Container Registration Service.
[  OK  ] Started systemd-logind.service - User Login Management.
[  OK  ] Started avahi-daemon.service - Avahi mDNS/DNS-SD Stack.
[  OK  ] Started polkit.service - Authorization Manager.
         Starting ModemManager.service - Modem Manager...
[  OK  ] Started wpa_supplicant.service - WPA supplicant.
[  OK  ] Started udisks2.service - Disk Manager.
[  OK  ] Finished e2scrub_reap.serv…ine ext4 Metadata Check Snapshots.
[  OK  ] Started ModemManager.service - Modem Manager.
[  OK  ] Finished nftables.service - nftables.
[  OK  ] Reached target network-pre…get - Preparation for Network.
[  OK  ] Started ifup@eno1.service - ifup for eno1.
[  OK  ] Started ifup@eno2.service - ifup for eno2.
[  OK  ] Started ifup@eno4.service - ifup for eno4.
         Starting networking.service - Raise network interfaces...
         Starting nftextras.service…te Automagic Rules for nftables...
         Starting nftsecurity@ingre…eate ingress rules for nftables...
[  OK  ] Finished nftextras.service…eate Automagic Rules for nftables.
[  OK  ] Finished nftsecurity@ingre…Create ingress rules for nftables.
[FAILED] Failed to start networking…ce - Raise network interfaces.
See 'systemctl status networking.service' for details.
[  OK  ] Reached target network.target - Network.
[  OK  ] Reached target network-online.target - Network is Online.
         Starting containerd.servic… - containerd container runtime...
         Starting exim4.service… LSB: exim Mail Transport Agent...
         Starting hddtemp.service temperature monitoring daemon...
         Starting libvirt-guests.se…d/Resume Running libvirt Guests...
         Starting libvirtd.service - Virtualization daemon...
[  OK  ] Started lldpad.service… Discovery Protocol Agent Daemon..
[  OK  ] Started nftfqdn.service - nftables with FQDN.
         Starting nftsecurity@antis…te antispoof rules for nftables...
         Starting ssh.service - OpenBSD Secure Shell server...
         Starting systemd-user-sess…vice - Permit User Sessions...
[  OK  ] Started unattended-upgrade…0m - Unattended Upgrades Shutdown.
         Starting xrdp-sesman.service - xrdp session manager...
[  OK  ] Started hddtemp.servicesk temperature monitoring daemon.
[  OK  ] Finished systemd-user-sess…ervice - Permit User Sessions.
         Starting lightdm.service - Light Display Manager...
         Starting plymouth-quit-wai… until boot process finishes up...
[  OK  ] Finished libvirt-guests.se…end/Resume Running libvirt Guests.
[  OK  ] Started xrdp-sesman.service - xrdp session manager.
         Starting xrdp.service - xrdp daemon...


-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-16-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-image-6.1.0-17-amd64 depends on:
ii  initramfs-tools [linux-initramfs-tool]  0.142
ii  kmod                                    30+20221128-1
ii  linux-base                              4.9

Versions of packages linux-image-6.1.0-17-amd64 recommends:
ii  apparmor             3.0.8-3
ii  firmware-linux-free  20200122-1

Versions of packages linux-image-6.1.0-17-amd64 suggests:
pn  debian-kernel-handbook  <none>
ii  extlinux                3:6.04~git20190206.bf6db5b4+dfsg1-3+b1
ii  grub-efi-amd64          2.06-13+deb12u1
pn  linux-doc-6.1           <none>

Versions of packages linux-image-6.1.0-17-amd64 is related to:
ii  firmware-amd-graphics     20230210-5
pn  firmware-atheros          <none>
pn  firmware-bnx2             <none>
pn  firmware-bnx2x            <none>
pn  firmware-brcm80211        <none>
pn  firmware-cavium           <none>
pn  firmware-intel-sound      <none>
pn  firmware-intelwimax       <none>
pn  firmware-ipw2x00          <none>
pn  firmware-ivtv             <none>
pn  firmware-iwlwifi          <none>
pn  firmware-libertas         <none>
ii  firmware-linux-nonfree    20230210-5
ii  firmware-misc-nonfree     20230210-5
pn  firmware-myricom          <none>
pn  firmware-netxen           <none>
pn  firmware-qlogic           <none>
pn  firmware-realtek          <none>
pn  firmware-samsung          <none>
pn  firmware-siano            <none>
pn  firmware-ti-connectivity  <none>
pn  xen-hypervisor            <none>

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: 1059891-done@bugs.debian.org
• Cc: 1059891-submitter@bugs.debian.org
• Subject: Closing this bug (BTS maintenance for src:linux bugs)
• From: carnil@debian.org
• Date: Sat, 10 Aug 2024 14:29:09 +0200 (CEST)
• Message-id: <20240810122909.0808FBE2DE0@eldamar.lan>

Hi

This bug was filed for a very old kernel or the bug is old itself
without resolution.

If you can reproduce it with

- the current version in unstable/testing
- the latest kernel from backports

please reopen the bug, see https://www.debian.org/Bugs/server-control
for details.

Regards,
Salvatore

--- End Message ---