bugzilla-daemon at netfilter.org
2014-Jan-23 00:13 UTC
[Bug 885] New: Kernel BUG (possibly panic) deleting chain used in map
https://bugzilla.netfilter.org/show_bug.cgi?id=885
Summary: Kernel BUG (possibly panic) deleting chain used in map
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: Fedora
Status: NEW
Severity: major
Priority: P5
Component: kernel
AssignedTo: pablo at netfilter.org
ReportedBy: deleriux1 at gmail.com
Estimated Hours: 0.0
This was done in the VM.
Creating a verdict map that jumps to a chain which you subsequently delete will
result in the kernel throwing a BUG message with the following:
kernel BUG at net/netfilter/nf_tables_api.c:1014!
invalid opcode: 0000 [#1] SMP
Modules linked in: nft_meta nft_reject_ipv4 nft_hash nft_rbtree nf_tables_ipv4_
The VM displays no more console output but I believe the kernel panics.
Here is the interactive session I used.
# nft -i
nft> add table filter
nft> add chain filter input { type filter hook input priority 0; }
nft> add map filter mymap { type ifindex : verdict; }
nft> add chain filter test
nft> add element filter mymap { eth0 : jump test }
nft> delete chain filter test
This is using rawhide fedora kernel 3.13.0-1.fc21.x86_64 on a base Fedora 20
release, using the libnftnl from netfilter git and nft from netfilter git.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2014-Jan-23 00:21 UTC
[Bug 885] Kernel BUG (possibly panic) deleting chain used in map
https://bugzilla.netfilter.org/show_bug.cgi?id=885
--- Comment #1 from Matthew Ife <deleriux1 at gmail.com> 2014-01-23
01:21:30 CET ---
The same problem also occurs merely creating a jump target rule and deleting
the dependant chain.
# nft -i
nft> add table fitler
nft> delete table fitler
nft> add table filter
nft> add chain filter input { type filter hook input priority 0; }
nft> add chain filter test
nft> add rule filter input meta iif eth0 jump test
nft> delete chain filter test
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2014-Jan-25 00:43 UTC
[Bug 885] Kernel BUG (possibly panic) deleting chain used in map
https://bugzilla.netfilter.org/show_bug.cgi?id=885
Matthew Ife <deleriux1 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #2 from Matthew Ife <deleriux1 at gmail.com> 2014-01-25
01:43:52 CET ---
Fixed in kernel bugzilla.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.