[Bug 1351] New: Segfault in v0.9.1

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Jul 10 17:20:33 CEST 2019


            Bug ID: 1351
           Summary: Segfault in v0.9.1
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: other
            Status: NEW
          Severity: major
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: 4bzilla at mailbox.org

OS: Arch Linux

After updating to v0.9.1 I am getting a segfault when loading my rules using
nft -f $rule_file.
This also happens when I build from the current master branch.
Cant post my rules because they are made of multiple include files and I
currently dont have the time to strip them down to a minimum.
But I think the following trace might help:

(gdb) bt
#0  0x00007ffff7d78162 in __strcmp_avx2 () from /usr/lib/libc.so.6
#1  0x00007ffff7ef95df in chain_lookup_fuzzy (h=0x555555593090,
cache=0x55555555baa0, t=0x7fffffffe718) at rule.c:858
#2  0x00007ffff7f06cc5 in chain_not_found (ctx=0x7fffffffe970) at
#3  0x00007ffff7f0f4c9 in rule_cache_update (ctx=0x7fffffffe970,
op=CMD_INVALID) at evaluate.c:3238
#4  0x00007ffff7f0f8d3 in rule_evaluate (ctx=0x7fffffffe970,
rule=0x555555568f60, op=CMD_INVALID) at evaluate.c:3324
#5  0x00007ffff7f0fc73 in chain_evaluate (ctx=0x7fffffffe970,
chain=0x555555568c80) at evaluate.c:3405
#6  0x00007ffff7f0fff0 in table_evaluate (ctx=0x7fffffffe970,
table=0x555555568a70) at evaluate.c:3464
#7  0x00007ffff7f10255 in cmd_evaluate_add (ctx=0x7fffffffe970,
cmd=0x555555593050) at evaluate.c:3496
#8  0x00007ffff7f1140d in cmd_evaluate (ctx=0x7fffffffe970, cmd=0x555555593050)
at evaluate.c:3957
#9  0x00007ffff7f335a2 in nft_evaluate (nft=0x55555555ba20,
msgs=0x7fffffffeb00, cmds=0x7fffffffeb10) at libnftables.c:396
#10 0x00007ffff7f339d8 in nft_run_cmd_from_filename (nft=0x55555555ba20,
filename=0x7fffffffeea2 "/etc/nftables/nftables.conf") at libnftables.c:479
#11 0x00005555555567a2 in main (argc=3, argv=0x7fffffffec78) at main.c:310

(gdb) info r rdi
rdi            0x555555562f40      93824992292672
(gdb) info r rsi
rsi            0x0                 0

Please note that rsi (the second argument to strcmp) is NULL.

Build with the default configuration Arch Linux is using + C/CPP-FLAGS:
CFLAGS="-g -O0" CPPFLAGS="-g -O0" ./configure \
    --prefix=/usr \
    --sbindir=/usr/bin \
    --sysconfdir=/usr/share \
    --with-json \


You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190710/d7255166/attachment.html>

More information about the netfilter-buglog mailing list