-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nft delete results in segfault #2789
Comments
cmdline:
|
This comment was marked as outdated.
This comment was marked as outdated.
hmm, seems to work today
|
seems to be happening again |
|
|
any chance you can just do this from inside GDB and then type "bt" ?
(suggestion: first run gdb on the binary to get the debug symbols loaded..
exit gdb and then do the full run)
…On Mon, Dec 26, 2022 at 6:24 AM Omkhar Arasaratnam ***@***.***> wrote:
[Mon Dec 26 09:05:17 2022] Code: 89 f4 55 89 d5 ba f0 03 00 00 53 48 89 fb
48 81 ec 18 04 00 00 4c 8b 7e 18 48 8d 7c 24 20 31 f6 0f 29 44 24 10 e8 b5
3f fb ff <41> 8b 4f 48 83 f9 06 0f 87 2d 03 00 00 48 8d 15 ad b4 04 00 89
c8 [Mon Dec 26 09:05:17 2022] nft[19714]: segfault at 55750000004a ip
0000557543e4c95b sp 00007ffea406d740 error 4 cpu 1 in
libnftables.so.1.1.0[557543e00000+90000] likely on CPU 1 (core 1, socket 0)
from dmesg
—
Reply to this email directly, view it on GitHub
<#2789 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJ54FPLNVBQZVN3YE6K3ALWPGTBDANCNFSM6AAAAAATDSSN6U>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
here you are
|
fwiw it appears that nftables was bumped to 1.0.6 on 12/22, although I'm not sure whether this might be embedded in one of the cited fixes https://www.netfilter.org/projects/nftables/files/changes-nftables-1.0.6.txt |
I'll update ours as well; on our holiday schedule it may be a day or two
before it gets out as a release
…On Mon, Dec 26, 2022 at 7:21 AM Omkhar Arasaratnam ***@***.***> wrote:
fwiw it appears that nftables was bumped to 1.0.6 on 12/22, although I'm
not sure whether this might be embedded in one of the cited fixes
https://www.netfilter.org/projects/nftables/files/changes-nftables-1.0.6.txt
—
Reply to this email directly, view it on GitHub
<#2789 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJ54FKA2MURQT6JVHB2WD3WPGZW3ANCNFSM6AAAAAATDSSN6U>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Between gdb and poking around the nftable repo it definitely looks like it segfaults while trying to process the deletion, let’s see what 1.0.6 brings |
I got nft-1.0.6, I'm afraid it does not help:
|
it seems to be getting worse?
|
this is actually great; a much more detailed error message
(hopefully the nftables folks can also use this since it's very detailed
now)
…On Sun, Jan 1, 2023 at 5:48 PM Omkhar Arasaratnam ***@***.***> wrote:
it seems to be getting worse?
=================================================================
==11946==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d00000021c at pc 0x559ae160d5b3 bp 0x7ffc37bcb800 sp 0x7ffc37bcb7f8
READ of size 4 at 0x60d00000021c thread T0
#0 0x559ae160d5b2 in 0? /builddir/build/BUILD/nftables-1.0.6/src/intervals.c:424
#1 0x559ae15cb05a in interval_set_eval.lto_priv.0 (/usr/lib64/libnftables.so.1+0xaf05a)
#2 0x559ae15e1c0d in setelem_evaluate.lto_priv.0 (/usr/lib64/libnftables.so.1+0xc5c0d)
#3 0x559ae166b715 in nft_evaluate (/usr/lib64/libnftables.so.1+0x14f715)
#4 0x559ae16749b4 in nft_run_cmd_from_buffer (/usr/lib64/libnftables.so.1+0x1589b4)
#5 0x559ae20c0e7e in main (/usr/bin/nft+0x8e7e)
#6 0x559ae1341146 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#7 0x559ae1341204 in __libc_start_main_impl ../csu/libc-start.c:381
#8 0x559ae20c1420 in _start ../sysdeps/x86_64/start.S:115
0x60d00000021c is located 60 bytes inside of 144-byte region [0x60d0000001e0,0x60d000000270)
freed by thread T0 here:
#0 0x559ae18ea618 in __interceptor_free ../../../../gcc-12.2.0/libsanitizer/asan/asan_malloc_linux.cpp:52
#1 0x559ae160c315 in 4 /builddir/build/BUILD/nftables-1.0.6/src/intervals.c:349
#2 0x559ae160c315 in 0? /builddir/build/BUILD/nftables-1.0.6/src/intervals.c:420
previously allocated by thread T0 here:
#0 0x559ae18eb927 in __interceptor_calloc ../../../../gcc-12.2.0/libsanitizer/asan/asan_malloc_linux.cpp:77
#1 0x559ae15c5076 in set_elem_expr_alloc (/usr/lib64/libnftables.so.1+0xa9076)
SUMMARY: AddressSanitizer: heap-use-after-free /builddir/build/BUILD/nftables-1.0.6/src/intervals.c:424 in 0?
Shadow bytes around the buggy address:
0x0c1a7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c1a7fff8000: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c1a7fff8010: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c1a7fff8020: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1a7fff8030: fd fd fd fd fa fa fa fa fa fa fa fa fd fd fd fd
=>0x0c1a7fff8040: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fa fa
0x0c1a7fff8050: fa fa fa fa fa fa 00 00 00 00 00 00 00 00 00 00
0x0c1a7fff8060: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
0x0c1a7fff8070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c1a7fff8080: 00 00 fa fa fa fa fa fa fa fa 00 00 00 00 00 00
0x0c1a7fff8090: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11946==ABORTING
=================================================================
==11997==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d00000021c at pc 0x558767e0d5b3 bp 0x7fff27933640 sp 0x7fff27933638
READ of size 4 at 0x60d00000021c thread T0
#0 0x558767e0d5b2 in 0? /builddir/build/BUILD/nftables-1.0.6/src/intervals.c:424
#1 0x558767dcb05a in interval_set_eval.lto_priv.0 (/usr/lib64/libnftables.so.1+0xaf05a)
#2 0x558767de1c0d in setelem_evaluate.lto_priv.0 (/usr/lib64/libnftables.so.1+0xc5c0d)
#3 0x558767e6b715 in nft_evaluate (/usr/lib64/libnftables.so.1+0x14f715)
#4 0x558767e749b4 in nft_run_cmd_from_buffer (/usr/lib64/libnftables.so.1+0x1589b4)
#5 0x558768710e7e in main (/usr/bin/nft+0x8e7e)
#6 0x558767af7146 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#7 0x558767af7204 in __libc_start_main_impl ../csu/libc-start.c:381
#8 0x558768711420 in _start ../sysdeps/x86_64/start.S:115
0x60d00000021c is located 60 bytes inside of 144-byte region [0x60d0000001e0,0x60d000000270)
freed by thread T0 here:
AddressSanitizer:DEADLYSIGNAL
AddressSanitizer: nested bug in the same thread, aborting.
—
Reply to this email directly, view it on GitHub
<#2789 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJ54FKQUSTVUGKXRSYH3ILWQIXWZANCNFSM6AAAAAATDSSN6U>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
thanks!
adding to our package
…On Mon, Jan 16, 2023 at 4:01 AM Omkhar Arasaratnam ***@***.***> wrote:
Fixed in
https://git.netfilter.org/nftables/commit/?id=ce04d25b4a116ef04f27d0b71994f61a24114d6d
—
Reply to this email directly, view it on GitHub
<#2789 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJ54FKBIHXBCJABIHY3XDTWSU2ABANCNFSM6AAAAAATDSSN6U>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
running nft delete set element results in a segfault. trace attached
nft.strace.zip
The text was updated successfully, but these errors were encountered: