<html>

    <head>

      <base href="https://bugzilla.netfilter.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Kernel oops when inserting an element into a map"

   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1096">1096</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Kernel oops when inserting an element into a map

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>nftables

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>unspecified

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>x86_64

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>other

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>critical

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P5

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>kernel

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>pablo@netfilter.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>dalegaard@gmail.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=485" name="attach_485" title="dmesg log from kernel oops">attachment 485</a> <a href="attachment.cgi?id=485&action=edit" title="dmesg log from kernel oops">[details]</a></span>

dmesg log from kernel oops

The following ruleset, when loaded with 'nft -f bad.txt', results in a kernel

oops:

----snip----

flush ruleset

table ip inlinenat {

  map sourcemap {

    type ipv4_addr : verdict;

  }

  chain postrouting {

    ip saddr vmap @sourcemap accept

  }

}

add chain inlinenat test

add element inlinenat sourcemap { 100.123.10.2 : jump test }

----snip----

If the element and chain are inserted as part of the table statement everything

works:

----snip----

flush ruleset

table ip inlinenat {

  map sourcemap {

    type ipv4_addr : verdict;

    elements = {

      0.0.0.0 : jump test

    }

  }

  chain test {

  }

  chain postrouting {

    ip saddr vmap @sourcemap accept

  }

}

----snip----

However, adding another element afterwards will then fail just as in the first

case.

A dmesg log from the oops is attached. I can reproduce this 100% of the time on

Arch Linux running kernel:

Linux dalegaard-t460s 4.8.4-1-ARCH #1 SMP PREEMPT x86_64 GNU/Linux

nft version is 0.6.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are watching all bug changes.</li>

      </ul>

    </body>

</html>