Package: nftables
Version: 0.9.0-2
Severity: important
Dear Maintainer
I performed a test upgrade of a cloud VM running Debian Stretch
to buster. After the upgrade the VM does not boot any longer if
the `nftables.service` is enabled and the 4.19 kernel is used,
because a kernel assertion is violated.
The old 4.9 kernel from stretch works fine. I was able to disable the
`nftables.service` there. Afterwards the 4.19 kernel boots fine.
If I manually start the `nftables.service` the process will
segfault and the same kernel assertion will be logged. I was able
to reduce my nftables.conf to the attached one, it still triggers
the assertion.
It looks like (one of) the two `flow table` lines are at fault,
but I am not able to confirm this for sure, because the assertion
is not 100% reliably triggered.
If I try to load the ruleset after the assertion is triggered once
the `nft` process will hang in uninterruptable sleep (state `D`), I
assume, because the reponsible kernel thread died.
Note that the kernel stack has an `apparmor` frame, but the only
apparmor package installed is `libapparmor1`.
Because it might possibly be relevant (out of tree kernel module):
The cloud VM is running with root on ZFS with the buster DKMS
packages.
I am attaching:
lsmod : The output of lsmod.
journalctl_-b_-t_kernel: The log of the assertion.
strace : The end of the output of `strace`, right
before the segfault.
dpkg -l |egrep 'nftables|zfs-|linux-image|apparmor':
ii libapparmor1:amd64 2.13.2-10 amd64
changehat AppArmor library
ii libnftables0:amd64 0.9.0-2 amd64
Netfilter nftables high level userspace API library
ii libnftnl11:amd64 1.1.2-2 amd64
Netfilter nftables userspace API library
ii libnftnl4:amd64 1.0.7-1 amd64
Netfilter nftables userspace API library
ii linux-image-4.19.0-5-amd64 4.19.37-5 amd64
Linux 4.19 for 64-bit PCs (signed)
ii linux-image-4.9.0-8-amd64 4.9.144-3.1 amd64
Linux 4.9 for 64-bit PCs
ii linux-image-4.9.0-9-amd64 4.9.168-1+deb9u3 amd64
Linux 4.9 for 64-bit PCs
ii linux-image-amd64 4.19+105 amd64
Linux for 64-bit PCs (meta-package)
ii nftables 0.9.0-2 amd64
Program to control packet filtering rules by Netfilter project
ii zfs-dkms 0.7.12-2+deb10u1 all
OpenZFS filesystem kernel modules for Linux
ii zfs-initramfs 0.7.12-2+deb10u1 all
OpenZFS root filesystem capabilities for Linux - initramfs
ii zfs-zed 0.7.12-2+deb10u1 amd64
OpenZFS Event Daemon
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_DIE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nftables depends on:
ii dpkg 1.19.7
ii libc6 2.28-10
ii libgmp10 2:6.1.2+dfsg-4
ii libjansson4 2.12-1
ii libnftables0 0.9.0-2
ii libreadline7 7.0-5
nftables recommends no packages.
nftables suggests no packages.
-- Configuration Files:
/etc/nftables.conf changed:
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
# accept any localhost traffic
iif lo accept
# accept traffic originated from us
ct state established,related accept
# Drop invalid
ct state invalid drop
tcp dport { 22 } ct state new flow table ssh-limit4 { ip saddr
limit rate 10/minute } accept
tcp dport { 22 } ct state new flow table ssh-limit6 { ip6 saddr
limit rate 10/minute } accept
}
}
-- no debconf information
Module Size Used by
nft_limit 16384 0
nft_ct 20480 1
nf_conntrack 163840 1 nft_ct
nf_defrag_ipv6 20480 1 nf_conntrack
nf_defrag_ipv4 16384 1 nf_conntrack
libcrc32c 16384 1 nf_conntrack
crc32c_generic 16384 0
nf_tables_set 32768 0
nf_tables 143360 12 nft_ct,nft_limit,nf_tables_set
netlink_diag 16384 0
nfnetlink 16384 1 nf_tables
xfrm_user 40960 2
xfrm4_tunnel 16384 0
tunnel4 16384 1 xfrm4_tunnel
ipcomp 16384 0
xfrm_ipcomp 16384 1 ipcomp
esp4 20480 0
ah4 20480 0
af_key 45056 0
xfrm_algo 16384 5 af_key,esp4,xfrm_ipcomp,ah4,xfrm_user
nfit 61440 0
libnvdimm 172032 1 nfit
crct10dif_pclmul 16384 0
crc32_pclmul 16384 0
bochs_drm 24576 1
ttm 126976 1 bochs_drm
ghash_clmulni_intel 16384 0
drm_kms_helper 200704 1 bochs_drm
joydev 24576 0
pcspkr 16384 0
evdev 28672 2
drm 483328 4 drm_kms_helper,bochs_drm,ttm
virtio_console 32768 1
virtio_balloon 20480 0
sg 36864 0
serio_raw 16384 0
button 16384 0
qemu_fw_cfg 16384 0
ip_tables 28672 0
x_tables 45056 1 ip_tables
autofs4 49152 2
zfs 3727360 12
zunicode 335872 1 zfs
zavl 16384 1 zfs
icp 290816 1 zfs
hid_generic 16384 0
usbhid 57344 0
hid 135168 2 usbhid,hid_generic
zcommon 73728 1 zfs
znvpair 86016 2 zfs,zcommon
spl 114688 4 zfs,icp,znvpair,zcommon
sd_mod 61440 2
crc32c_intel 24576 1
virtio_net 53248 0
net_failover 20480 1 virtio_net
virtio_scsi 20480 1
failover 16384 1 net_failover
sr_mod 28672 0
cdrom 65536 1 sr_mod
ata_generic 16384 0
uhci_hcd 49152 0
ehci_hcd 94208 0
aesni_intel 200704 0
aes_x86_64 20480 1 aesni_intel
crypto_simd 16384 1 aesni_intel
usbcore 290816 3 usbhid,ehci_hcd,uhci_hcd
cryptd 28672 3 crypto_simd,ghash_clmulni_intel,aesni_intel
psmouse 172032 0
glue_helper 16384 1 aesni_intel
ata_piix 36864 0
virtio_pci 28672 0
libata 270336 2 ata_piix,ata_generic
virtio_ring 28672 5
virtio_console,virtio_balloon,virtio_scsi,virtio_pci,virtio_net
scsi_mod 245760 5 virtio_scsi,sd_mod,libata,sg,sr_mod
virtio 16384 5
virtio_console,virtio_balloon,virtio_scsi,virtio_pci,virtio_net
i2c_piix4 24576 0
usb_common 16384 1 usbcore
floppy 86016 0
Jul 07 18:53:21 buster-upgrade-test2 kernel: Initializing XFRM netlink socket
Jul 07 18:53:33 buster-upgrade-test2 kernel: list_del corruption. prev->next
should be ffff91f9a3ea6e60, but was 0206000e003e0001
Jul 07 18:53:33 buster-upgrade-test2 kernel: ------------[ cut here
]------------
Jul 07 18:53:33 buster-upgrade-test2 kernel: kernel BUG at lib/list_debug.c:53!
Jul 07 18:53:33 buster-upgrade-test2 kernel: invalid opcode: 0000 [#1] SMP PTI
Jul 07 18:53:33 buster-upgrade-test2 kernel: CPU: 1 PID: 1628 Comm: nft
Tainted: P OE 4.19.0-5-amd64 #1 Debian 4.19.37-5
Jul 07 18:53:33 buster-upgrade-test2 kernel: Hardware name: Hetzner vServer,
BIOS 20171111 11/11/2017
Jul 07 18:53:33 buster-upgrade-test2 kernel: RIP:
0010:__list_del_entry_valid.cold.1+0x34/0x4c
Jul 07 18:53:33 buster-upgrade-test2 kernel: Code: 7d 67 b8 e8 58 d2 d0 ff 0f
0b 48 c7 c7 98 7e 67 b8 e8 4a d2 d0 ff 0f 0b 48 89 f2 48 89 fe 48 c7 c7 58 7e
67 b8 e8 36 d2 d0 ff <0f> 0b 48 89 fe 48 c7 c7 20 7e 67 b8 e8 25 d2 d0 ff 0f 0b
90 90 90
Jul 07 18:53:33 buster-upgrade-test2 kernel: RSP: 0018:ffffb6144a50f958 EFLAGS:
00010246
Jul 07 18:53:33 buster-upgrade-test2 kernel: RAX: 0000000000000054 RBX:
ffff91f9a3ea6e60 RCX: 0000000000000000
Jul 07 18:53:33 buster-upgrade-test2 kernel: RDX: 0000000000000000 RSI:
ffff91f9b5b166b8 RDI: ffff91f9b5b166b8
Jul 07 18:53:33 buster-upgrade-test2 kernel: RBP: ffff91f99b168000 R08:
00000000000001e7 R09: 0000000000aaaaaa
Jul 07 18:53:33 buster-upgrade-test2 kernel: R10: 0000000000000000 R11:
ffffb6144984f020 R12: ffffb6144a50f9f0
Jul 07 18:53:33 buster-upgrade-test2 kernel: R13: 00000000fffffff5 R14:
000000000000000c R15: ffff91f99b2506c8
Jul 07 18:53:33 buster-upgrade-test2 kernel: FS: 00007f1233290200(0000)
GS:ffff91f9b5b00000(0000) knlGS:0000000000000000
Jul 07 18:53:33 buster-upgrade-test2 kernel: CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Jul 07 18:53:33 buster-upgrade-test2 kernel: CR2: 00007f10d8f69114 CR3:
000000011cc98005 CR4: 00000000003606e0
Jul 07 18:53:33 buster-upgrade-test2 kernel: DR0: 0000000000000000 DR1:
0000000000000000 DR2: 0000000000000000
Jul 07 18:53:33 buster-upgrade-test2 kernel: DR3: 0000000000000000 DR6:
00000000fffe0ff0 DR7: 0000000000000400
Jul 07 18:53:33 buster-upgrade-test2 kernel: Call Trace:
Jul 07 18:53:33 buster-upgrade-test2 kernel: nf_tables_unbind_set+0x1a/0xc0
[nf_tables]
Jul 07 18:53:33 buster-upgrade-test2 kernel: nf_tables_expr_destroy+0x1a/0x40
[nf_tables]
Jul 07 18:53:33 buster-upgrade-test2 kernel: nf_tables_rule_destroy+0x4f/0x80
[nf_tables]
Jul 07 18:53:33 buster-upgrade-test2 kernel: nf_tables_newrule+0x5c1/0x950
[nf_tables]
Jul 07 18:53:33 buster-upgrade-test2 kernel: nfnetlink_rcv_batch+0x4aa/0x660
[nfnetlink]
Jul 07 18:53:33 buster-upgrade-test2 kernel: ? check_preempt_wakeup+0x113/0x230
Jul 07 18:53:33 buster-upgrade-test2 kernel: ? refcount_inc_checked+0x5/0x30
Jul 07 18:53:33 buster-upgrade-test2 kernel: ? apparmor_capable+0x72/0xa0
Jul 07 18:53:33 buster-upgrade-test2 kernel: ? nla_parse+0x31/0xe0
Jul 07 18:53:33 buster-upgrade-test2 kernel: nfnetlink_rcv+0x10c/0x141
[nfnetlink]
Jul 07 18:53:33 buster-upgrade-test2 kernel: netlink_unicast+0x1bd/0x260
Jul 07 18:53:33 buster-upgrade-test2 kernel: netlink_sendmsg+0x204/0x3d0
Jul 07 18:53:33 buster-upgrade-test2 kernel: sock_sendmsg+0x36/0x40
Jul 07 18:53:33 buster-upgrade-test2 kernel: ___sys_sendmsg+0x295/0x2f0
Jul 07 18:53:33 buster-upgrade-test2 kernel: ? _cond_resched+0x15/0x30
Jul 07 18:53:33 buster-upgrade-test2 kernel: ? ptrace_stop+0x1db/0x260
Jul 07 18:53:33 buster-upgrade-test2 kernel: ? ptrace_do_notify+0x97/0xc0
Jul 07 18:53:33 buster-upgrade-test2 kernel: __sys_sendmsg+0x57/0xa0
Jul 07 18:53:33 buster-upgrade-test2 kernel: do_syscall_64+0x53/0x110
Jul 07 18:53:33 buster-upgrade-test2 kernel:
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Jul 07 18:53:33 buster-upgrade-test2 kernel: RIP: 0033:0x7f1233608914
Jul 07 18:53:33 buster-upgrade-test2 kernel: Code: 00 f7 d8 64 89 02 48 c7 c0
ff ff ff ff eb b5 0f 1f 80 00 00 00 00 48 8d 05 e9 5d 0c 00 8b 00 85 c0 75 13
b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 41 89 d4 55 48
89 f5 53
Jul 07 18:53:33 buster-upgrade-test2 kernel: RSP: 002b:00007ffd12b63248 EFLAGS:
00000246 ORIG_RAX: 000000000000002e
Jul 07 18:53:33 buster-upgrade-test2 kernel: RAX: ffffffffffffffda RBX:
00007ffd12b63260 RCX: 00007f1233608914
Jul 07 18:53:33 buster-upgrade-test2 kernel: RDX: 0000000000000000 RSI:
00007ffd12b642c0 RDI: 0000000000000003
Jul 07 18:53:33 buster-upgrade-test2 kernel: RBP: 00007ffd12b643c0 R08:
0000000000000004 R09: 00005588f47f3110
Jul 07 18:53:33 buster-upgrade-test2 kernel: R10: 00007ffd12b642ac R11:
0000000000000246 R12: 00007ffd12b64430
Jul 07 18:53:33 buster-upgrade-test2 kernel: R13: 00007ffd12b63260 R14:
00007ffd12b63260 R15: 00005588f47f1b70
Jul 07 18:53:33 buster-upgrade-test2 kernel: Modules linked in: nft_limit
nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c crc32c_generic
nf_tables_set nf_tables netlink_diag nfnetlink xfrm_user xfrm4_tunnel tunnel4
ipcomp xfrm_ipcomp esp4 ah4 af_key xfrm_algo nfit libnvdimm crct10dif_pclmul
crc32_pclmul bochs_drm ttm ghash_clmulni_intel drm_kms_helper joydev pcspkr
evdev drm virtio_console virtio_balloon sg serio_raw button qemu_fw_cfg
ip_tables x_tables autofs4 zfs(POE) zunicode(POE) zavl(POE) icp(POE)
hid_generic usbhid hid zcommon(POE) znvpair(POE) spl(OE) sd_mod crc32c_intel
virtio_net net_failover virtio_scsi failover sr_mod cdrom ata_generic uhci_hcd
ehci_hcd aesni_intel aes_x86_64 crypto_simd usbcore cryptd psmouse glue_helper
ata_piix virtio_pci libata virtio_ring scsi_mod virtio i2c_piix4 usb_common
floppy
Jul 07 18:53:33 buster-upgrade-test2 kernel: ---[ end trace 16d21ffd060b2ee0
]---
Jul 07 18:53:33 buster-upgrade-test2 kernel: RIP:
0010:__list_del_entry_valid.cold.1+0x34/0x4c
Jul 07 18:53:33 buster-upgrade-test2 kernel: Code: 7d 67 b8 e8 58 d2 d0 ff 0f
0b 48 c7 c7 98 7e 67 b8 e8 4a d2 d0 ff 0f 0b 48 89 f2 48 89 fe 48 c7 c7 58 7e
67 b8 e8 36 d2 d0 ff <0f> 0b 48 89 fe 48 c7 c7 20 7e 67 b8 e8 25 d2 d0 ff 0f 0b
90 90 90
Jul 07 18:53:33 buster-upgrade-test2 kernel: RSP: 0018:ffffb6144a50f958 EFLAGS:
00010246
Jul 07 18:53:33 buster-upgrade-test2 kernel: RAX: 0000000000000054 RBX:
ffff91f9a3ea6e60 RCX: 0000000000000000
Jul 07 18:53:33 buster-upgrade-test2 kernel: RDX: 0000000000000000 RSI:
ffff91f9b5b166b8 RDI: ffff91f9b5b166b8
Jul 07 18:53:33 buster-upgrade-test2 kernel: RBP: ffff91f99b168000 R08:
00000000000001e7 R09: 0000000000aaaaaa
Jul 07 18:53:33 buster-upgrade-test2 kernel: R10: 0000000000000000 R11:
ffffb6144984f020 R12: ffffb6144a50f9f0
Jul 07 18:53:33 buster-upgrade-test2 kernel: R13: 00000000fffffff5 R14:
000000000000000c R15: ffff91f99b2506c8
Jul 07 18:53:33 buster-upgrade-test2 kernel: FS: 00007f1233290200(0000)
GS:ffff91f9b5b00000(0000) knlGS:0000000000000000
Jul 07 18:53:33 buster-upgrade-test2 kernel: CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Jul 07 18:53:34 buster-upgrade-test2 kernel: CR2: 00007f10d8f69114 CR3:
000000011cc98005 CR4: 00000000003606e0
Jul 07 18:53:34 buster-upgrade-test2 kernel: DR0: 0000000000000000 DR1:
0000000000000000 DR2: 0000000000000000
Jul 07 18:53:34 buster-upgrade-test2 kernel: DR3: 0000000000000000 DR6:
00000000fffe0ff0 DR7: 0000000000000400
read(4, "", 6144) = 0
ioctl(4, TCGETS, 0x7ffd12b501d0) = -1 ENOTTY (Inappropriate ioctl for
device)
mmap(NULL, 204800, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f123325d000
setsockopt(3, SOL_SOCKET, SO_SNDBUFFORCE, [131072], 4) = 0
sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000},
msg_namelen=12, msg_iov=[{iov_base=[{{len=20, type=NFNL_MSG_BATCH_BEGIN,
flags=NLM_F_REQUEST, seq=0, pid=0}, {nfgen_family=AF_UNSPEC,
version=NFNETLINK_V0, res_id=htons(2560)}, {{len=20,
type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_DELTABLE, flags=NLM_F_REQUEST|NLM_F_ACK,
seq=1, pid=0}, {nfgen_family=AF_UNSPEC, version=NFNETLINK_V0, res_id=htons(0)},
{{len=40, type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWTABLE, flags=NLM_F_REQUEST,
seq=2, pid=0}, {nfgen_family=AF_UNIX, version=NFNETLINK_V0, res_id=htons(0),
[{{nla_len=11, nla_type=NFNETLINK_V1}, "\x66\x69\x6c\x74\x65\x72\x00"},
{{nla_len=8, nla_type=0x2}, "\x00\x00\x00\x00"}]}, {{len=76,
type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWCHAIN,
flags=NLM_F_REQUEST|NLM_F_CREATE, seq=3, pid=0}, {nfgen_family=AF_UNIX,
version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=11, nla_type=NFNETLINK_V1},
"\x66\x69\x6c\x74\x65\x72\x00"}, {{nla_len=10, nla_type=0x3},
"\x69\x6e\x70\x75\x74\x00"}, {{nla_len=20, nla_type=NLA_F_NESTED|0x4},
"\x08\x00\x01\x00\x00\x00\x00\x01\x08\x00\x02\x00\x00\x00\x00\x00"},
{{nla_len=11, nla_type=0x7}, "\x66\x69\x6c\x74\x65\x72\x00"}]}, {{len=100,
type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSET, flags=NLM_F_REQUEST|NLM_F_CREATE,
seq=4, pid=0}, {nfgen_family=AF_UNIX, version=NFNETLINK_V0, res_id=htons(0),
[{{nla_len=11, nla_type=NFNETLINK_V1}, "\x66\x69\x6c\x74\x65\x72\x00"},
{{nla_len=12, nla_type=0x2}, "\x5f\x5f\x73\x65\x74\x25\x64\x00"}, {{nla_len=8,
nla_type=0x3}, "\x00\x00\x00\x03"}, {{nla_len=8, nla_type=0x4},
"\x00\x00\x00\x0d"}, {{nla_len=8, nla_type=0x5}, "\x00\x00\x00\x02"},
{{nla_len=8, nla_type=0xa}, "\x00\x00\x00\x01"}, {{nla_len=12,
nla_type=NLA_F_NESTED|0x9}, "\x08\x00\x01\x00\x00\x00\x00\x01"}, {{nla_len=10,
nla_type=0xd}, "\x00\x04\x02\x00\x00\x00"}]}, {{len=72,
type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM,
flags=NLM_F_REQUEST|NLM_F_CREATE, seq=4, pid=0}, {nfgen_family=AF_UNIX,
version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=12, nla_type=0x2},
"\x5f\x5f\x73\x65\x74\x25\x64\x00"}, {{nla_len=8, nla_type=0x4},
"\x00\x00\x00\x01"}, {{nla_len=11, nla_type=NFNETLINK_V1},
"\x66\x69\x6c\x74\x65\x72\x00"}, {{nla_len=20, nla_type=NLA_F_NESTED|0x3},
"\x10\x00\x01\x80\x0c\x00\x01\x80\x06\x00\x01\x00\x00\x16\x00\x00"}]},
{{len=92, type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSET,
flags=NLM_F_REQUEST|NLM_F_CREATE, seq=5, pid=0}, {nfgen_family=AF_UNIX,
version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=11, nla_type=NFNETLINK_V1},
"\x66\x69\x6c\x74\x65\x72\x00"}, {{nla_len=15, nla_type=0x2},
"\x73\x73\x68\x2d\x6c\x69\x6d\x69\x74\x34\x00"}, {{nla_len=8, nla_type=0x3},
"\x00\x00\x00\x21"}, {{nla_len=8, nla_type=0x4}, "\x00\x00\x00\x07"},
{{nla_len=8, nla_type=0x5}, "\x00\x00\x00\x04"}, {{nla_len=8, nla_type=0xa},
"\x00\x00\x00\x02"}, {{nla_len=10, nla_type=0xd},
"\x00\x04\x02\x00\x00\x00"}]}, {{len=100,
type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSET, flags=NLM_F_REQUEST|NLM_F_CREATE,
seq=6, pid=0}, {nfgen_family=AF_UNIX, version=NFNETLINK_V0, res_id=htons(0),
[{{nla_len=11, nla_type=NFNETLINK_V1}, "\x66\x69\x6c\x74\x65\x72\x00"},
{{nla_len=12, nla_type=0x2}, "\x5f\x5f\x73\x65\x74\x25\x64\x00"}, {{nla_len=8,
nla_type=0x3}, "\x00\x00\x00\x03"}, {{nla_len=8, nla_type=0x4},
"\x00\x00\x00\x0d"}, {{nla_len=8, nla_type=0x5}, "\x00\x00\x00\x02"},
{{nla_len=8, nla_type=0xa}, "\x00\x00\x00\x03"}, {{nla_len=12,
nla_type=NLA_F_NESTED|0x9}, "\x08\x00\x01\x00\x00\x00\x00\x01"}, {{nla_len=10,
nla_type=0xd}, "\x00\x04\x02\x00\x00\x00"}]}, {{len=72,
type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM,
flags=NLM_F_REQUEST|NLM_F_CREATE, seq=6, pid=0}, {nfgen_family=AF_UNIX,
version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=12, nla_type=0x2},
"\x5f\x5f\x73\x65\x74\x25\x64\x00"}, {{nla_len=8, nla_type=0x4},
"\x00\x00\x00\x03"}, {{nla_len=11, nla_type=NFNETLINK_V1},
"\x66\x69\x6c\x74\x65\x72\x00"}, {{nla_len=20, nla_type=NLA_F_NESTED|0x3},
"\x10\x00\x01\x80\x0c\x00\x01\x80\x06\x00\x01\x00\x00\x16\x00\x00"}]},
{{len=92, type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSET,
flags=NLM_F_REQUEST|NLM_F_CREATE, seq=7, pid=0}, {nfgen_family=AF_UNIX,
version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=11, nla_type=NFNETLINK_V1},
"\x66\x69\x6c\x74\x65\x72\x00"}, {{nla_len=15, nla_type=0x2},
"\x73\x73\x68\x2d\x6c\x69\x6d\x69\x74\x36\x00"}, {{nla_len=8, nla_type=0x3},
"\x00\x00\x00\x21"}, {{nla_len=8, nla_type=0x4}, "\x00\x00\x00\x08"},
{{nla_len=8, nla_type=0x5}, "\x00\x00\x00\x10"}, {{nla_len=8, nla_type=0xa},
"\x00\x00\x00\x04"}, {{nla_len=10, nla_type=0xd},
"\x00\x04\x02\x00\x00\x00"}]}, {{len=176,
type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWRULE,
flags=NLM_F_REQUEST|NLM_F_EXCL|NLM_F_CREATE|NLM_F_APPEND, seq=8, pid=0},
{nfgen_family=AF_UNIX, version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=11,
nla_type=NFNETLINK_V1}, "\x66\x69\x6c\x74\x65\x72\x00"}, {{nla_len=10,
nla_type=0x2}, "\x69\x6e\x70\x75\x74\x00"}, {{nla_len=132,
nla_type=NLA_F_NESTED|0x4},
"\x24\x00\x01\x80\x09\x00\x01\x00\x6d\x65\x74\x61\x00\x00\x00\x00\x14\x00\x02\x80\x08\x00\x02\x00\x00\x00\x00\x04\x08\x00\x01\x00"...}]},
{{len=240, type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWRULE,
flags=NLM_F_REQUEST|NLM_F_EXCL|NLM_F_CREATE|NLM_F_APPEND, seq=9, pid=0},
{nfgen_family=AF_UNIX, version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=11,
nla_type=NFNETLINK_V1}, "\x66\x69\x6c\x74\x65\x72\x00"}, {{nla_len=10,
nla_type=0x2}, "\x69\x6e\x70\x75\x74\x00"}, {{nla_len=196,
nla_type=NLA_F_NESTED|0x4},
"\x20\x00\x01\x80\x07\x00\x01\x00\x63\x74\x00\x00\x14\x00\x02\x80\x08\x00\x02\x00\x00\x00\x00\x00\x08\x00\x01\x00\x00\x00\x00\x01"...}]},
{{len=240, type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWRULE,
flags=NLM_F_REQUEST|NLM_F_EXCL|NLM_F_CREATE|NLM_F_APPEND, seq=10, pid=0},
{nfgen_family=AF_UNIX, version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=11,
nla_type=NFNETLINK_V1}, "\x66\x69\x6c\x74\x65\x72\x00"}, {{nla_len=10,
nla_type=0x2}, "\x69\x6e\x70\x75\x74\x00"}, {{nla_len=196,
nla_type=NLA_F_NESTED|0x4},
"\x20\x00\x01\x80\x07\x00\x01\x00\x63\x74\x00\x00\x14\x00\x02\x80\x08\x00\x02\x00\x00\x00\x00\x00\x08\x00\x01\x00\x00\x00\x00\x01"...}]},
{{len=672, type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWRULE,
flags=NLM_F_REQUEST|NLM_F_EXCL|NLM_F_CREATE|NLM_F_APPEND, seq=11, pid=0},
{nfgen_family=AF_UNIX, version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=11,
nla_type=NFNETLINK_V1}, "\x66\x69\x6c\x74\x65\x72\x00"}, {{nla_len=10,
nla_type=0x2}, "\x69\x6e\x70\x75\x74\x00"}, {{nla_len=628,
nla_type=NLA_F_NESTED|0x4},
"\x24\x00\x01\x80\x09\x00\x01\x00\x6d\x65\x74\x61\x00\x00\x00\x00\x14\x00\x02\x80\x08\x00\x02\x00\x00\x00\x00\x10\x08\x00\x01\x00"...}]},
{{len=672, type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWRULE,
flags=NLM_F_REQUEST|NLM_F_EXCL|NLM_F_CREATE|NLM_F_APPEND, seq=12, pid=0},
{nfgen_family=AF_UNIX, version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=11,
nla_type=NFNETLINK_V1}, "\x66\x69\x6c\x74\x65\x72\x00"}, {{nla_len=10,
nla_type=0x2}, "\x69\x6e\x70\x75\x74\x00"}, {{nla_len=628,
nla_type=NLA_F_NESTED|0x4},
"\x24\x00\x01\x80\x09\x00\x01\x00\x6d\x65\x74\x61\x00\x00\x00\x00\x14\x00\x02\x80\x08\x00\x02\x00\x00\x00\x00\x10\x08\x00\x01\x00"...}]},
{{len=20, type=NFNL_MSG_BATCH_END, flags=NLM_F_REQUEST, seq=13, pid=0},
{nfgen_family=AF_UNSPEC, version=NFNETLINK_V0, res_id=htons(2560)}],
iov_len=2704}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = ?
+++ killed by SIGSEGV +++
