[Bug 1754] __list_add SIGSEGV fault

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Jun 11 07:37:15 CEST 2024


https://bugzilla.netfilter.org/show_bug.cgi?id=1754

--- Comment #2 from Egbert S <s.egbert at sbcglobal.net> ---
53      static inline void __list_add(struct list_head *new,
54                                    struct list_head *prev,
55                                    struct list_head *next)
56      {
57              next->prev = new;
58              new->next = next;
59              new->prev = prev;
60              prev->next = new;
61      }
62

Signal SIGSEGV at line 59:

   'prev' variable is 0 (zero, NULL pointer, owwie)

Did a dump on '*expr' and 'blackhole' was the identifier.  I have 12
'blackhole' in the test file.  I renumbered all blackhole into suffix numerical
sequences (i.e., 'blackhole1', 'blackhole2', ...), and got a different
ASSERT!!!

nft: payload.c:117: payload_expr_pctx_update: Assertion `base->length > 0'
failed.


# gdb -q /usr/sbin/nft
GNU gdb (Debian 13.1-3) 13.1
Reading symbols from /usr/sbin/nft...
(No debugging symbols found in /usr/sbin/nft)
(gdb) set args -c -f ../../github/vim-nftables/test/passing-syntaxes.nft 
(gdb) set debuginfod enabled on
(gdb) run
Starting program: /usr/sbin/nft -c -f
../../github/vim-nftables/test/passing-syntaxes.nft 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
nft: payload.c:117: payload_expr_pctx_update: Assertion `base->length > 0'
failed.

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, 
    no_tid=no_tid at entry=0) at ./nptl/pthread_kill.c:44
44      ./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>,
signo=signo at entry=6, 
    no_tid=no_tid at entry=0) at ./nptl/pthread_kill.c:44
#1  0x00007ffff7d2de8f in __pthread_kill_internal (signo=6, threadid=<optimized
out>)
    at ./nptl/pthread_kill.c:78
#2  0x00007ffff7cdefb2 in __GI_raise (sig=sig at entry=6) at
../sysdeps/posix/raise.c:26
#3  0x00007ffff7cc9472 in __GI_abort () at ./stdlib/abort.c:79
#4  0x00007ffff7cc9395 in __assert_fail_base (
    fmt=0x7ffff7e3da90 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion at entry=0x7ffff7f4ad8d "base->length > 0", 
    file=file at entry=0x7ffff7f4ad53 "payload.c", line=line at entry=117, 
    function=function at entry=0x7ffff7f4b0e0 "payload_expr_pctx_update") at
./assert/assert.c:92
#5  0x00007ffff7cd7eb2 in __GI___assert_fail (assertion=0x7ffff7f4ad8d
"base->length > 0", 
    file=0x7ffff7f4ad53 "payload.c", line=117, 
    function=0x7ffff7f4b0e0 "payload_expr_pctx_update") at
./assert/assert.c:101
#6  0x00007ffff7ef5147 in ?? () from /lib/x86_64-linux-gnu/libnftables.so.1
#7  0x00007ffff7ee910d in ?? () from /lib/x86_64-linux-gnu/libnftables.so.1
#8  0x00007ffff7eef49a in ?? () from /lib/x86_64-linux-gnu/libnftables.so.1
#9  0x00007ffff7eed4ef in ?? () from /lib/x86_64-linux-gnu/libnftables.so.1
#10 0x00007ffff7f188d3 in ?? () from /lib/x86_64-linux-gnu/libnftables.so.1
#11 0x00007ffff7f18d4e in ?? () from /lib/x86_64-linux-gnu/libnftables.so.1
#12 0x00007ffff7f19a99 in nft_run_cmd_from_filename ()
   from /lib/x86_64-linux-gnu/libnftables.so.1
--Type <RET> for more, q to quit, c to continue without paging--
#13 0x0000555555556ac9 in ?? ()
#14 0x00007ffff7cca24a in __libc_start_call_main
(main=main at entry=0x5555555562d0, 
    argc=argc at entry=4, argv=argv at entry=0x7fffffffd2e8)
    at ../sysdeps/nptl/libc_start_call_main.h:58
#15 0x00007ffff7cca305 in __libc_start_main_impl (main=0x5555555562d0, argc=4, 
    argv=0x7fffffffd2e8, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffd2d8) at
../csu/libc-start.c:360
#16 0x0000555555556b91 in ?? ()


Make a new new bug report for this kernel ASSERT?

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240611/8b7c471a/attachment-0001.html>


More information about the netfilter-buglog mailing list