ubuntu 2204/20250406 uses a kernel version that has an ip6tables bug

[akhilerm]

Description

ubuntu 2204/20250406 uses kernel version 6.8.0-1025-azure which is a newer build than the kernel version used in ubuntu 2404/20250406. This kernel has got an issue which was fixed with https://lore.kernel.org/all/20241019-xtables-typos-v2-1-6b8b1735dc8e@0upti.me/.

Because of this, github actions running on ubuntu 2204/20250406 is failing with exit status 2: ip6tables v1.8.7 (nf_tables): unknown option "--set-xmark"

More references:
k3s-io/k3s#11175
rancher/rke2#7438
Reason why its happening : kubernetes/kubernetes#129280 (comment)

Platforms affected

• Azure DevOps
• GitHub Actions - Standard Runners
• GitHub Actions - Larger Runners

Runner images affected

• Ubuntu 20.04
• Ubuntu 22.04
• Ubuntu 24.04
• macOS 13
• macOS 13 Arm64
• macOS 14
• macOS 14 Arm64
• macOS 15
• macOS 15 Arm64
• Windows Server 2019
• Windows Server 2022
• Windows Server 2025

Image version and build link

Failing actions: https://github.com/containerd/containerd/actions/runs/14358669198/job/40254411820#step:19:423

Is it regression?

Yes, ubuntu2204/20250323.1.0 works as expected

Expected behavior

ip6tables command should not fail

Actual behavior

ip6tables are failing with error unknown option "--set-xmark"

Repro steps

Running any ip6tables with set-mark

[vidyasagarnimmagaddi]

Hi @akhilerm ,Thank you for bringing this issue to our attention. We will look into this issue and will update you after investigating.


[aojea]

This has a lot of impact on all kubernetes CIs , kubernetes-sigs/kind#3911

[slonka]

Other projects using k8s are affected as well - https://github.com/kumahq/kuma/actions/runs/14441201587/job/40492368868#step:12:1637