bugzilla-daemon at netfilter.org
2016-Oct-20 21:54 UTC
[Bug 1092] New: nft v0.6 segfault in must_print_eq_op at expression.c:520 during 'nft monitor trace' in netdev filter
https://bugzilla.netfilter.org/show_bug.cgi?id=1092
Bug ID: 1092
Summary: nft v0.6 segfault in must_print_eq_op at
expression.c:520 during 'nft monitor trace' in
netdev
filter
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: sverd.johnsen+nf at gmail.com
table netdev filter {
chain foobar {
type filter hook ingress device eth0 priority 0;
udp sport 53 meta nftrace set 1
}
}
Reading symbols from /usr/bin/nft...done.
[New LWP 11571]
Core was generated by `nft monitor trace'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00000047a69fce5a in must_print_eq_op (expr=0x47a8a13610,
expr=0x47a8a13610) at expression.c:520
520 expression.c: No such file or directory.
(gdb) bt full
#0 0x00000047a69fce5a in must_print_eq_op (expr=0x47a8a13610,
expr=0x47a8a13610) at expression.c:520
No locals.
#1 binop_expr_print (expr=0x47a8a13610) at expression.c:532
No locals.
#2 0x00000047a6a05888 in trace_print_packet (nlt=nlt at entry=0x47a8a22050) at
netlink.c:2380
stmts = {next = 0x47a8a0cc90, prev = 0x47a8a12a90}
pctx = {pbase = PROTO_BASE_INVALID, pdep = 0x0, prev = 0x0}
ctx = {family = 5, protocol = {{location = {indesc = 0x0,
{{token_offset = 0, line_offset = 0, first_line = 0, last_line = 0,
first_column = 0, last_column = 0}, {nle = 0x0}}}, desc = 0x0, offset = 0},
{location = {indesc = 0x0, {{token_offset = 0, line_offset = 0, first_line = 0,
last_line = 0, first_column = 0, last_column = 0}, {nle = 0x0}}}, desc
0x47a6c3eda0 <proto_netdev>, offset = 0}, {location = {
indesc = 0x0, {{token_offset = 0, line_offset = 0, first_line 0,
last_line = 0, first_column = 0, last_column = 0}, {nle = 0x0}}}, desc 0x0,
offset = 0}, {location = {indesc = 0x0, {{token_offset = 0, line_offset 0,
first_line = 0, last_line = 0, first_column = 0, last_column = 0}, {nle 0x0}}},
desc = 0x0, offset = 0}}}
dev_type = <optimized out>
nfproto = <optimized out>
stmt = 0x47a8a0cc90
next = 0x47a8a13c40
#3 0x00000047a6a07b66 in netlink_events_trace_cb (monh=0x3cc19177bd0, type=17,
nlh=0x3cc19166b30) at netlink.c:2405
nlt = 0x47a8a22050
#4 netlink_events_cb (nlh=nlh at entry=0x3cc19166b30,
data=data at entry=0x3cc19177bd0) at netlink.c:2464
ret = 1
type = 17
monh = 0x3cc19177bd0
#5 0x000003c19109b490 in __mnl_cb_run (cb_ctl_array_len=0, cb_ctl_array=0x0,
data=0x3cc19177bd0, cb_data=0x47a6a07530 <netlink_events_cb>, portid=0,
seq=0,
numbytes=420899556, buf=0x3cc19166ad0) at callback.c:78
ret = 1
len = 176
nlh = 0x3cc19166b30
#6 mnl_cb_run (buf=buf at entry=0x3cc19166b30, numbytes=numbytes at entry=176,
seq=seq at entry=0, portid=portid at entry=0, cb_data=cb_data at
entry=0x47a6a07530
<netlink_events_cb>, data=data at entry=0x3cc19177bd0) at callback.c:162
No locals.
#7 0x00000047a6a1483b in mnl_nft_event_listener (nf_sock=0x47a8a0f6f0,
cb=cb at entry=0x47a6a07530 <netlink_events_cb>,
cb_data=cb_data at entry=0x3cc19177bd0) at mnl.c:1021
bufsiz = 16777216
buf = <error reading variable buf (value requires 69631 bytes, which
is
more than max-value-size)>
ret = 176
#8 0x00000047a6a09989 in netlink_monitor
(monhandler=monhandler at entry=0x3cc19177bd0) at netlink.c:2483
No locals.
#9 0x00000047a69f913a in do_command_monitor (cmd=<optimized out>,
ctx=0x3cc19177c70) at rule.c:1327
t = <optimized out>
s = <optimized out>
monhandler = {monitor_flags = 131437, format = 0, ctx = 0x3cc19177c70,
loc = 0x47a8a0c4e0, cache_needed = true}
#10 do_command (ctx=0x3cc19177c70, cmd=<optimized out>) at rule.c:1358
__PRETTY_FUNCTION__ = "do_command"
#11 0x00000047a69f657a in nft_netlink (msgs=0x3cc19177d10, state=0x3cc19177d20)
at main.c:194
ctx = {msgs = 0x3cc19177d10, list = {next = 0x3cc19177c78, prev
0x3cc19177c78}, set = 0x0, data = 0x47a8a0c910, seqnum = 4, batch_supported
true}
err = <optimized out>
tmp = <optimized out>
err_list = {next = 0x3cc19177c60, prev = 0x3cc19177c60}
batch_seqnum = 3
batch_supported = true
ret = 0
cmd = 0x47a8a0c4d0
#12 nft_run (scanner=<optimized out>, state=0x3cc19177d20,
msgs=0x3cc19177d10)
at main.c:236
---Type <return> to continue, or q <return> to quit---
cmd = <optimized out>
next = <optimized out>
ret = <optimized out>
#13 0x00000047a69f5fa6 in main (argc=3, argv=0x3cc19178558) at main.c:361
state = {indesc = 0x42419177cd0, indescs = {{location = {indesc = 0x0,
{{token_offset = 0, line_offset = 0, first_line = 0, last_line = 0,
first_column = 0, last_column = 0}, {nle = 0x0}}}, type = INDESC_BUFFER, name
0x47a6a2381c "<cmdline>", {data = 0x47a8a0c320 "monitor
trace", fd -1465859296}, lineno = 1, column = 15, token_offset = 13,
line_offset = 0},
{location = {indesc = 0x0, {{token_offset = 0,
line_offset = 0, first_line = 0, last_line = 0,
first_column = 0, last_column = 0}, {nle = 0x0}}}, type = INDESC_INVALID, name
= 0x0, {data = 0x0, fd = 0}, lineno = 0, column = 0, token_offset = 0,
line_offset = 0} <repeats 15 times>}, indesc_idx = 0, msgs =
0x3cc19177d10,
nerrs = 0, top_scope = {parent = 0x0, symbols = {next = 0x3cc191782c8, prev
0x3cc191782c8}}, scopes = {0x3cc191782c0, 0x0,
0x0}, scope = 0, cmds = {next = 0x47a8a0c4d0, prev = 0x47a8a0c4d0},
ectx = {msgs = 0x3cc19177d10, cmd = 0x47a8a0c4d0, table = 0x0, rule = 0x0, set
= 0x0, stmt = 0x0, ectx = {dtype = 0x0, byteorder = BYTEORDER_INVALID, len 0},
pctx = {family = 0, protocol = {{location = {indesc = 0x0, {{token_offset 0,
line_offset = 0, first_line = 0, last_line = 0, first_column = 0,
last_column = 0}, {nle = 0x0}}},
desc = 0x0, offset = 0}, {location = {indesc = 0x0,
{{token_offset = 0, line_offset = 0, first_line = 0, last_line = 0,
first_column = 0, last_column = 0}, {nle = 0x0}}}, desc = 0x0, offset = 0},
{location = {indesc = 0x0, {{token_offset = 0, line_offset = 0, first_line = 0,
last_line = 0, first_column = 0, last_column = 0}, {nle = 0x0}}}, desc = 0x0,
offset = 0}, {location = {indesc = 0x0, {{
token_offset = 0, line_offset = 0, first_line = 0,
last_line = 0, first_column = 0, last_column = 0}, {nle = 0x0}}}, desc = 0x0,
offset = 0}}}}}
scanner = 0x47a8a0c340
msgs = {next = 0x3cc19177d10, prev = 0x3cc19177d10}
buf = 0x47a8a0c320 "monitor trace"
filename = 0x0
len = <optimized out>
interactive = false
i = <optimized out>
val = <optimized out>
rc = 0
dig any crash.me.if.you.can
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20161020/ff5723de/attachment.html>
bugzilla-daemon at netfilter.org
2016-Oct-20 23:04 UTC
[Bug 1092] nft v0.6 segfault in must_print_eq_op at expression.c:520 during 'nft monitor trace' in netdev filter
https://bugzilla.netfilter.org/show_bug.cgi?id=1092
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fw at strlen.de
Status|NEW |ASSIGNED
Assignee|pablo at netfilter.org |fw at strlen.de
--- Comment #1 from Florian Westphal <fw at strlen.de> ---
Thanks, its caused by lack of proto_netdev handling in trace_print_packet().
I'll fix this tomorrow.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20161020/885182d0/attachment.html>
bugzilla-daemon at netfilter.org
2016-Oct-21 09:47 UTC
[Bug 1092] nft v0.6 segfault in must_print_eq_op at expression.c:520 during 'nft monitor trace' in netdev filter
https://bugzilla.netfilter.org/show_bug.cgi?id=1092
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #2 from Florian Westphal <fw at strlen.de> ---
Fixed via
http://git.netfilter.org/nftables/commit/?id=9604b087a97d58822b4e72676dea429304561c44
, thanks for reporting this bug.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20161021/945a7a7f/attachment.html>
Possibly Parallel Threads
- [Bug 915] New: segfault in error case : expr_evaluate_payload not checking payload->payload.desc being null
- Roo gem performance problems
- Unexpected parameter problem using rsaga.geoprocessor() {RSAGA}
- [ANNOUNCE]: Release of nftables 0.2
- [threadsafe] Arel ToSql visitor is not threadsafe