[Bug 1418] New: segfaults when running nft --file foo.nft --echo

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Thu Apr 9 02:05:52 CEST 2020


https://bugzilla.netfilter.org/show_bug.cgi?id=1418

            Bug ID: 1418
           Summary: segfaults when running nft --file foo.nft --echo
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: chutzpah at gentoo.org

Here is the backtrace:

mpz_cmp (a=a at entry=0x555555654ce0, b=<optimized out>) at mini-gmp.c:1819
1819        return mpn_cmp (a->_mp_d, b->_mp_d, asize);
(gdb) bt
#0  mpz_cmp (a=a at entry=0x555555654ce0, b=<optimized out>) at mini-gmp.c:1819
#1  0x00005555555ad790 in expr_value_cmp (p1=p1 at entry=0x5555556ac820,
p2=p2 at entry=0x5555556ac828) at segtree.c:832
#2  0x00007ffff7d86f3d in msort_with_tmp (p=p at entry=0x7fffffffc9a0,
b=b at entry=0x5555556ac820, n=n at entry=2) at msort.c:83
#3  0x00007ffff7d86ea4 in msort_with_tmp (n=2, b=0x5555556ac820,
p=0x7fffffffc9a0) at msort.c:53
#4  msort_with_tmp (p=p at entry=0x7fffffffc9a0, b=b at entry=0x5555556ac820,
n=n at entry=5) at msort.c:53
#5  0x00007ffff7d86ea4 in msort_with_tmp (n=5, b=0x5555556ac820,
p=0x7fffffffc9a0) at msort.c:53
#6  msort_with_tmp (p=p at entry=0x7fffffffc9a0, b=b at entry=0x5555556ac820,
n=n at entry=10) at msort.c:53
#7  0x00007ffff7d872c2 in msort_with_tmp (n=10, b=0x5555556ac820,
p=0x7fffffffc9a0) at msort.c:297
#8  __GI___qsort_r (b=b at entry=0x5555556ac820, n=n at entry=10, s=s at entry=8,
cmp=cmp at entry=0x5555555ad760 <expr_value_cmp>, arg=arg at entry=0x0) at
msort.c:297
#9  0x00007ffff7d8756f in __GI_qsort (b=b at entry=0x5555556ac820, n=n at entry=10,
s=s at entry=8, cmp=cmp at entry=0x5555555ad760 <expr_value_cmp>) at msort.c:308
#10 0x00005555555aed85 in interval_map_decompose (set=0x5555556115a0) at
segtree.c:978
#11 0x00005555555abaff in nlr_for_each_set (nlr=nlr at entry=0x5555556ac190,
cb=cb at entry=0x5555555ab9c0 <rule_map_decompose_cb>, cache=0x55555560c340,
data=0x0) at monitor.c:193
#12 0x00005555555ac326 in netlink_events_rule_cb (monh=0x7fffffffcce0, type=6,
nlh=0x7fffffffcda0) at monitor.c:517
#13 netlink_events_cb (nlh=nlh at entry=0x7fffffffcda0,
data=data at entry=0x7fffffffcce0) at monitor.c:890
#14 0x00005555555ad062 in netlink_echo_callback (nlh=nlh at entry=0x7fffffffcda0,
data=data at entry=0x7fffffffde10) at monitor.c:924
#15 0x00007ffff7fb6748 in __mnl_cb_run (cb_ctl_array_len=16,
cb_ctl_array=0x55555560a5a0 <cb_ctl_array>, data=<optimized out>,
cb_data=0x5555555ad000 <netlink_echo_callback>, portid=0, seq=0,
    numbytes=<optimized out>, buf=0x7fffffffcda0) at callback.c:78
#16 mnl_cb_run2 (buf=buf at entry=0x7fffffffcda0, numbytes=<optimized out>,
seq=seq at entry=0, portid=portid at entry=0, cb_data=0x5555555ad000
<netlink_echo_callback>, data=data at entry=0x7fffffffde10,
    cb_ctl_array=0x55555560a5a0 <cb_ctl_array>, cb_ctl_array_len=16) at
callback.c:135
#17 0x00005555555b1aac in mnl_batch_talk (ctx=ctx at entry=0x7fffffffdf70,
err_list=err_list at entry=0x7fffffffdf60, num_cmds=num_cmds at entry=161) at
mnl.c:433
#18 0x000055555556b6c5 in nft_netlink (nft=nft at entry=0x55555560c2a0,
cmds=cmds at entry=0x7fffffffe010, msgs=msgs at entry=0x7fffffffe000,
nf_sock=<optimized out>) at libnftables.c:57
#19 0x000055555556bfa8 in nft_run_cmd_from_filename (nft=0x55555560c2a0,
filename=0x7fffffffe4ad "/etc/nftables/init.nft") at libnftables.c:508
#20 0x000055555556acb9 in main (argc=<optimized out>, argv=0x7fffffffe1c8) at
main.c:455

When it is adding the rules and echoing, the output is kind of mangled. A rule
that looks like
table inet filter {
    chain input_XXXXXXX {
        iifname { "bond0" } ip saddr { 10.0.0.0/8 } ip daddr { 192.168.1.1 }
tcp dport { ssh } counter accept
    }
}

Gets echoed as
add rule inet filter input_XXXXXXX iifname { "bond0", "bond0" } ip saddr {
10.0.0.0/8, 10.0.0.0/8-0xffffffff [invalid type] } ip daddr { 192.168.1.1,
192.168.1.1 } tcp dport { 22, 22 } counter packets 0 bytes 0 accept

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200409/e0483846/attachment.html>


More information about the netfilter-buglog mailing list