[Bug 1754] New: __list_add SIGSEGV fault
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Jun 11 07:00:26 CEST 2024
https://bugzilla.netfilter.org/show_bug.cgi?id=1754
Bug ID: 1754
Summary: __list_add SIGSEGV fault
Product: nftables
Version: 1.0.x
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: s.egbert at sbcglobal.net
Created attachment 744
--> https://bugzilla.netfilter.org/attachment.cgi?id=744&action=edit
Customed user-supplied NFT file to exercise NFT syntaxes to its near fullest
Really running an exerciser of nearly fully permutated but valid NFT
configuration file (see enclosed passing-syntaxes.nft file). (Disclaimer: I am
a budding but old author of github.com/egberts/vim-nftables VIM syntax file for
NFT).
Perform `nft -c` against my file.
Now blows up with:
Program received signal SIGSEGV, Segmentation fault.
== How I did It ==
Prepare Coredump on Debian 12:
# apt install debuginfod
# export DEBUGINFOD_URLS="https://debuginfod.debian.net"
# gdb /usr/sbin/nft
(gdb) set args -c -f ./passing-syntaxes.nft
(gdb) debuginfod enable on
(gdb) r
output of SIGENV is:
(gdb) run
Starting program: /usr/sbin/nft -c -f
/home/wolfe/work/github/vim-nftables/test/passing-syntaxes.nft
Downloading separate debug info for system-supplied DSO at 0x7ffff7fc9000...
Downloading separate debug info for /lib/x86_64-linux-gnu/libnftables.so.1...
Downloading separate debug info for /lib/x86_64-linux-gnu/libedit.so.2...
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Downloading separate debug info for /lib/x86_64-linux-gnu/libmnl.so.0...
Downloading separate debug info for /lib/x86_64-linux-gnu/libnftnl.so.11...
Downloading separate debug info for /lib/x86_64-linux-gnu/libxtables.so.12...
Downloading separate debug info for /lib/x86_64-linux-gnu/libjansson.so.4...
Downloading separate debug info for /lib/x86_64-linux-gnu/libgmp.so.10...
Downloading separate debug info for /lib/x86_64-linux-gnu/libtinfo.so.6...
Downloading separate debug info for
/home/wolfe/.cache/debuginfod_client/1d6c928a5e4f222cf4479cbb1fd4f63965b10a03/debuginfo...
Downloading separate debug info for /lib/x86_64-linux-gnu/libbsd.so.0...
Downloading separate debug info for /lib/x86_64-linux-gnu/libmd.so.0...
Program received signal SIGSEGV, Segmentation fault.
-----------------------------------------------------------------------------------------------------------------------------
0x00007ffff7ede2dd in __list_add (next=0x55555557e488, prev=0x0,
new=0x55555557ea00) at ../include/list.h:60
Download failed: Invalid argument. Continuing without source file
./src/../include/list.h.
60 ../include/list.h: No such file or directory.
(gdb) bt
0x00007ffff7ede2dd in __list_add (next=0x55555557e488, prev=0x0,
new=0x55555557ea00) at ../include/list.h:60
Download failed: Invalid argument. Continuing without source file
./src/../include/list.h.
60 ../include/list.h: No such file or directory.
(gdb) bt
#0 0x00007ffff7ede2dd in __list_add (next=0x55555557e488, prev=0x0,
new=0x55555557ea00) at ../include/list.h:60
#1 list_add_tail (head=0x55555557e488, new=0x55555557ea00) at
../include/list.h:87
#2 list_move_tail (head=0x55555557e488, list=0x55555557ea00) at
../include/list.h:169
#3 nft_cmd_collapse (cmds=cmds at entry=0x7fffffffc950) at ./src/rule.c:1469
#4 0x00007ffff7f1885d in nft_evaluate (nft=nft at entry=0x55555555c2a0,
msgs=msgs at entry=0x7fffffffc940, cmds=cmds at entry=0x7fffffffc950) at
./src/libnftables.c:520
#5 0x00007ffff7f18d4e in __nft_run_cmd_from_filename
(nft=nft at entry=0x55555555c2a0, filename=filename at entry=0x7fffffffd02c
"/home/wolfe/work/github/vim-nftables/test/passing-syntaxes.nft") at
./src/libnftables.c:680
#6 0x00007ffff7f19a99 in nft_run_cmd_from_filename (nft=0x55555555c2a0,
filename=0x7fffffffd02c "github/vim-nftables/test/passing-syntaxes.nft") at
./src/libnftables.c:766
#7 0x0000555555556ac9 in ?? ()
#8 0x00007ffff7cca24a in __libc_start_call_main
(main=main at entry=0x5555555562d0, argc=argc at entry=0x4,
argv=argv at entry=0x7fffffffcb78) at ../sysdeps/nptl/libc_start_call_main.h:58
#9 0x00007ffff7cca305 in __libc_start_main_impl (main=0x5555555562d0,
argc=0x4, argv=0x7fffffffcb78, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffcb68) at ../csu/libc-start.c:360
#10 0x0000555555556b91 in ?? ()
(gdb)
So I managed to reinstall NFT package but with source code listings,
backtrace+list for each stack call is given below:
(gdb) down
#6 0x00007ffff7f19a99 in nft_run_cmd_from_filename (nft=0x55555555c2a0,
filename=0x7fffffffd02c
"/home/wolfe/work/github/vim-nftables/test/passing-syntaxes.nft") at
./src/libnftables.c:766
766 ret = __nft_run_cmd_from_filename(nft, filename);
(gdb) l
761 ret = nft_run_optimized_file(nft, filename);
762 xfree(nft->stdin_buf);
763 return ret;
764 }
765
766 ret = __nft_run_cmd_from_filename(nft, filename);
767 xfree(nft->stdin_buf);
768
769 return ret;
770 }
(gdb) down
#5 0x00007ffff7f18d4e in __nft_run_cmd_from_filename
(nft=nft at entry=0x55555555c2a0, filename=filename at entry=0x7fffffffd02c
"/home/wolfe/work/github/vim-nftables/test/passing-syntaxes.nft") at
./src/libnftables.c:680
680 rc = nft_evaluate(nft, &msgs, &cmds);
(gdb) l
675 parser_rc = rc;
676
677 if (nft->optimize_flags)
678 nft_optimize(nft, &cmds);
679
680 rc = nft_evaluate(nft, &msgs, &cmds);
681 if (rc < 0)
682 goto err;
683
684 if (parser_rc) {
(gdb) down
#4 0x00007ffff7f1885d in nft_evaluate (nft=nft at entry=0x55555555c2a0,
msgs=msgs at entry=0x7fffffffc940, cmds=cmds at entry=0x7fffffffc950) at
./src/libnftables.c:520
520 if (nft_cmd_collapse(cmds))
(gdb) l
515 return -1;
516 }
517
518 nft_cache_filter_fini(filter);
519
520 if (nft_cmd_collapse(cmds))
521 collapsed = true;
522
523 list_for_each_entry(cmd, cmds, list) {
524 if (cmd->op != CMD_ADD)
(gdb) down
#3 nft_cmd_collapse (cmds=cmds at entry=0x7fffffffc950) at ./src/rule.c:1469
1469 list_move_tail(&expr->list,
&elems->expr->expressions);
(gdb) l
1464 }
1465
1466 collapse = true;
1467 list_for_each_entry_safe(expr, enext,
&cmd->expr->expressions, list) {
1468 expr->cmd = cmd;
1469 list_move_tail(&expr->list,
&elems->expr->expressions);
1470 }
1471 elems->expr->size += cmd->expr->size;
1472 list_move_tail(&cmd->list, &elems->collapse_list);
1473 }
(gdb) down
#2 list_move_tail (head=0x55555557e488, list=0x55555557ea00) at
../include/list.h:169
169 list_add_tail(list, head);
(gdb) l
164 */
165 static inline void list_move_tail(struct list_head *list,
166 struct list_head *head)
167 {
168 __list_del(list->prev, list->next);
169 list_add_tail(list, head);
170 }
171
172 /**
173 * list_is_last - tests whether @list is the last entry in list @head
(gdb) down
#1 list_add_tail (head=0x55555557e488, new=0x55555557ea00) at
../include/list.h:87
87 __list_add(new, head->prev, head);
(gdb) l
82 * Insert a new entry before the specified head.
83 * This is useful for implementing queues.
84 */
85 static inline void list_add_tail(struct list_head *new, struct
list_head *head)
86 {
87 __list_add(new, head->prev, head);
88 }
89
90 /*
91 * Delete a list entry by making the prev/next entries
(gdb) down
#0 0x00007ffff7ede2dd in __list_add (next=0x55555557e488, prev=0x0,
new=0x55555557ea00) at ../include/list.h:60
60 prev->next = new;
(gdb) l
55 struct list_head *next)
56 {
57 next->prev = new;
58 new->next = next;
59 new->prev = prev;
60 prev->next = new;
61 }
62
63 /**
64 * list_add - add a new entry
(gdb) down
Bottom (innermost) frame selected; you cannot go down.
Debian 12.1
Linux 6.1.0-21-amd
nftables v1.0.6 (Lester Gooch #5)
cli: editline
json: yes
minigmp: no
libxtables: yes
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240611/6837f3c4/attachment.html>
More information about the netfilter-buglog
mailing list