netfilter buglog - Dec 2023 - [Bug 1727] New: RIP: 0010:nft_set_elem_expr_destroy+0x30/0xb0 [nf_tables]

https://bugzilla.netfilter.org/show_bug.cgi?id=1727

            Bug ID: 1727
           Summary: RIP: 0010:nft_set_elem_expr_destroy+0x30/0xb0
                    [nf_tables]
           Product: nftables
           Version: 1.0.x
          Hardware: x86_64
                OS: Ubuntu
            Status: NEW
          Severity: normal
          Priority: P5
         Component: kernel
          Assignee: pablo at netfilter.org
          Reporter: xerro at zaindari.com

Created attachment 733
  --> https://bugzilla.netfilter.org/attachment.cgi?id=733&action=edit
dmesg stacktrace

Hello,
This is my first bug report, I hope I am posting this issue in the correct
place.

I have a userland application which updates dynamically the nft set elements. I
noticed that the filtering (nft) configuration was not changing.

I tried to check the applied rules and set elements using the 'nft list
ruleset' command, but the command hung up and never end.

I noticed through the dmesg command that some kind of kernel error did happend.
I copied the log locally (check attached logfile) and tried to reboot the VM.
The VM never finished rebooting and I had to do a hard reset on the VM.

Some info if it helps troubleshooting the issue:

# uname -a
Linux HOU4716977 6.2.0-37-generic #38-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 30
21:04:52 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

# nft -v
nftables v1.0.6 (Lester Gooch #5)


Best regards,
Xabier

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20231205/ce950458/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1727

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to xerro from comment #0)
> Created attachment 733 [details]
> dmesg stacktrace
> 
> Hello,
> This is my first bug report, I hope I am posting this issue in the correct
> place.
> 
> I have a userland application which updates dynamically the nft set
> elements. I noticed that the filtering (nft) configuration was not
changing.
> 
> I tried to check the applied rules and set elements using the 'nft list
> ruleset' command, but the command hung up and never end.
> 
> I noticed through the dmesg command that some kind of kernel error did
> happend. I copied the log locally (check attached logfile) and tried to
> reboot the VM. The VM never finished rebooting and I had to do a hard reset
> on the VM.
Yes, this is a crash.
> Some info if it helps troubleshooting the issue:
> 
> # uname -a
> Linux HOU4716977 6.2.0-37-generic #38-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 30
> 21:04:52 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
There is a good number of fixes that have been backported up to -stable kernels
since summer 2023, but there is no -stable 6.2 kernel, you might have to
contact Ubuntu.

Unless you have a reproducer, this might be an old bug.

I believe Ubuntu 22.04 (which I think it is was you are using) that offers 5.15
which might provide -stable kernels.

Another possibility is to compile your own kernel based on -stable 6.1 to
confirm this problem is not there.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20231206/05eb62d4/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1727

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240910/c4465188/attachment.html>