bugzilla-daemon at netfilter.org
2023-Jul-06 20:21 UTC
[Bug 1692] New: CentOS 7 kernel up to 3.10.0-1160.92.1.el7.x86_64 - nftables hangs the system on set flush
https://bugzilla.netfilter.org/show_bug.cgi?id=1692 Bug ID: 1692 Summary: CentOS 7 kernel up to 3.10.0-1160.92.1.el7.x86_64 - nftables hangs the system on set flush Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: blocker Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter: ivan.agarkov at gmail.com Created attachment 719 --> https://bugzilla.netfilter.org/attachment.cgi?id=719&action=edit nftables config Environment - CentOS 7 kernel 3.10.0-1160.92.1.el7.x86_64 ( also tested 2 kernels back ) - Both HW & VM Steps to reproduce: 1. Apply attached nftables config 2. Run ( as root ) while true; do sudo nft add element ip test allow { 127.0.0.2 }; sudo nft flush set ip test allow; echo -n .; done 3. Wait Expected behavior: - It works Experienced behavior: - After a few cycles the system hangs and I need to press reboot make it work -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230706/1fc9a15d/attachment.html>
bugzilla-daemon at netfilter.org
2023-Jul-07 09:28 UTC
[Bug 1692] CentOS 7 kernel up to 3.10.0-1160.92.1.el7.x86_64 - nftables hangs the system on set flush
https://bugzilla.netfilter.org/show_bug.cgi?id=1692 Phil Sutter <phil at nwl.cc> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |phil at nwl.cc --- Comment #1 from Phil Sutter <phil at nwl.cc> --- Ivan, A few remarks from my side: 1. Unless you can reproduce this with a vanilla kernel (from Linus or stable), this is a downstream issue and should be reported to whoever maintains the CentOS7 kernel (I guess nobody?). 2. You're running sudo as root? 3. If 127.0.0.2 is actively used, you may block yourself by accident. Did you try the same with an IP address from a certainly unused network? Cheers, Phil -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230707/01ea0351/attachment.html>
bugzilla-daemon at netfilter.org
2023-Jul-14 11:58 UTC
[Bug 1692] CentOS 7 kernel up to 3.10.0-1160.92.1.el7.x86_64 - nftables hangs the system on set flush
https://bugzilla.netfilter.org/show_bug.cgi?id=1692 --- Comment #2 from Ivan Agarkov <ivan.agarkov at gmail.com> --- 1. Yep, I'll double this bug to CentOS as well. 2. This doesn't matter, I just copied it from another console to not show production server addresses 3. Same for 127.0.0.2, no, I won't block myself. The idea behind this bug is quite simple: flushing nftables set makes kernel hang out. If there're no set in the rules - the bug is not triggered. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230714/64216179/attachment.html>
bugzilla-daemon at netfilter.org
2023-Sep-13 12:10 UTC
[Bug 1692] CentOS 7 kernel up to 3.10.0-1160.92.1.el7.x86_64 - nftables hangs the system on set flush
https://bugzilla.netfilter.org/show_bug.cgi?id=1692 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |fw at strlen.de -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230913/bdac5b69/attachment.html>
bugzilla-daemon at netfilter.org
2024-Sep-10 22:08 UTC
[Bug 1692] CentOS 7 kernel up to 3.10.0-1160.92.1.el7.x86_64 - nftables hangs the system on set flush
https://bugzilla.netfilter.org/show_bug.cgi?id=1692 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |INVALID -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240910/1c1dae08/attachment.html>
Reasonably Related Threads
- [Bug 1294] New: Strange --probability behavior
- [Bug 1152] New: iptables-xml crashed on -D rules
- [Bug 1099] New: Minor typo in wiki.nftables.org
- [Bug 1210] New: nftables gets confused by user namespaces when meta skuid is used
- [Bug 1735] New: Adding nftables interval sets progressively gets slower and makes the nft CLI less responsive with each added set