[Bug 1096] New: Kernel oops when inserting an element into a map

Fri Oct 28 14:30:37 CEST 2016

https://bugzilla.netfilter.org/show_bug.cgi?id=1096

            Bug ID: 1096
           Summary: Kernel oops when inserting an element into a map
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: other
            Status: NEW
          Severity: critical
          Priority: P5
         Component: kernel
          Assignee: pablo at netfilter.org
          Reporter: dalegaard at gmail.com

Created attachment 485
  --> https://bugzilla.netfilter.org/attachment.cgi?id=485&action=edit
dmesg log from kernel oops

The following ruleset, when loaded with 'nft -f bad.txt', results in a kernel
oops:

----snip----
flush ruleset
table ip inlinenat {
  map sourcemap {
    type ipv4_addr : verdict;
  }

  chain postrouting {
    ip saddr vmap @sourcemap accept
  }
}
add chain inlinenat test
add element inlinenat sourcemap { 100.123.10.2 : jump test }
----snip----

If the element and chain are inserted as part of the table statement everything
works:

----snip----
flush ruleset
table ip inlinenat {
  map sourcemap {
    type ipv4_addr : verdict;
    elements = {
      0.0.0.0 : jump test
    }
  }
  chain test {
  }
  chain postrouting {
    ip saddr vmap @sourcemap accept
  }
}
----snip----

However, adding another element afterwards will then fail just as in the first
case.

A dmesg log from the oops is attached. I can reproduce this 100% of the time on
Arch Linux running kernel:
Linux dalegaard-t460s 4.8.4-1-ARCH #1 SMP PREEMPT x86_64 GNU/Linux

nft version is 0.6.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20161028/da8179bd/attachment.html>