netfilter buglog - Apr 2020 - [Bug 1424] New: v0.9.0: segfault when using nft -f <file> and issuing "ruleset flush" twice

https://bugzilla.netfilter.org/show_bug.cgi?id=1424

            Bug ID: 1424
           Summary: v0.9.0: segfault when using nft -f <file> and issuing
                    "ruleset flush" twice
           Product: nftables
           Version: unspecified
          Hardware: All
                OS: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: eexexiexit at riseup.net

Created attachment 591
  --> https://bugzilla.netfilter.org/attachment.cgi?id=591&action=edit
strace output of the script that segfaults

Disclaimer: I am totally new to nftable, so forbid my stupidity.

Running this file segfaults on two of my machines (both debian stable
"buster"):

/tmp/test:

#!/usr/sbin/nft -f
flush ruleset
create table inet fw
list table inet fw
flush ruleset

the same command sequence runs smoothly when issued interactively.

kernel message:

[ 8841.187933] show_signal_msg: 12 callbacks suppressed
[ 8841.187936] test[17806]: segfault at 10 ip 00007f175a76929b sp
00007ffc67e5c940 error 4 in libnftables.so.0.0.0[7f175a763000+47000]
[ 8841.190580] Code: ff 48 8b 44 24 28 64 48 33 04 25 28 00 00 00 75 06 48 83
c4 30 5b c3 e8 53 a9 ff ff 0f 1f 00 41 56 41 55 41 54 49 89 fc 55 53 <8b>
7f 10
48 89 f3 e8 2a be ff ff 49 8b 4c 24 40 48 8d 35 e9 0f 04
Segmentation fault

uname -a:

Linux something 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5+deb10u2 (2019-08-08)
x86_64 GNU/Linux

Linux otherthing 4.19.0-8-686-pae #1 SMP Debian 4.19.98-1 (2020-01-26) i686
GNU/Linux

/usr/sbin/nft --version:
nftables v0.9.0 (Fearless Fosdick)

strace is attached.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200427/cea2aed3/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1424

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to exit from comment #0)
> Created attachment 591 [details]
> strace output of the script that segfaults
> 
> Disclaimer: I am totally new to nftable, so forbid my stupidity.
> 
> Running this file segfaults on two of my machines (both debian stable
> "buster"):
[...]
> uname -a:
> 
> Linux something 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5+deb10u2 (2019-08-08)
> x86_64 GNU/Linux
> 
> Linux otherthing 4.19.0-8-686-pae #1 SMP Debian 4.19.98-1 (2020-01-26) i686
> GNU/Linux
> 
> /usr/sbin/nft --version:
> nftables v0.9.0 (Fearless Fosdick)
This version is almost two years old.

I think there is a more modern version in debian backports, please have a look.

This is working fine here:

# nft -v
nftables v0.9.4 (Jive at Five)

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200427/d0739c99/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1424

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |WORKSFORME

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/582ed6c3/attachment-0001.html>