From: Matthias Maier <tamiko@43-1.org>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Kernel oops with netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
Date: Sun, 25 Jun 2023 12:38:08 -0500 [thread overview]
Message-ID: <87cz1j5tof.fsf@43-1.org> (raw)
Dear all,
commit 1240eb93f0616b21c675416516ff3d74798fdc97
aka bdace3b1a51887211d3e49417a18fdbd315a313b (linux-6.3.y)
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
causes a kernel oops on my side when booting my machine; see attached.
Reverting this commit fixes the kernel oops.
Tested on 6.3.9 and 6.4.0-rc7
Best,
Matthias
<3>[ 61.206481] list_del corruption. next->prev should be ffff8ceb11b24f60, but was 0000000000000000. (next=ffff8ceb11b27ac8)
<4>[ 61.206494] ------------[ cut here ]------------
<2>[ 61.206495] kernel BUG at lib/list_debug.c:62!
<4>[ 61.207649] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
<4>[ 61.208812] CPU: 10 PID: 2226 Comm: nft Tainted: P O T 6.4.0-rc7-x86_64 #1
<4>[ 61.210059] Hardware name: LENOVO 20SUS2QV00/20SUS2QV00, BIOS N30ET49W (1.32 ) 12/14/2022
<4>[ 61.211327] RIP: 0010:__list_del_entry_valid+0xc6/0xd0
<4>[ 61.212563] Code: 0b 48 89 fe 48 89 c2 48 c7 c7 a0 ed 85 88 e8 57 4e 9c ff 0f 0b 48 89 d1 48 c7 c7 f0 ed 85 88 48 89 f2 48 89 c6 e8 40 4e 9c ff <0f> 0b 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 65 48 c1 3c 25 10
<4>[ 61.214030] RSP: 0018:ffffa4be03647778 EFLAGS: 00010287
<4>[ 61.215488] RAX: 000000000000006d RBX: ffff8ceb11b26800 RCX: 0000000000000000
<4>[ 61.216932] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
<4>[ 61.218382] RBP: ffff8ceb11b24f60 R08: 0000000000000000 R09: 0000000000000000
<4>[ 61.219831] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
<4>[ 61.221286] R13: ffff8ceb2984d4f8 R14: ffff8ceb2984d4e0 R15: ffff8ceb11b24e00
<4>[ 61.222761] FS: 00007fd654220740(0000) GS:ffff8d09bc480000(0000) knlGS:0000000000000000
<4>[ 61.224298] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 61.225854] CR2: 00007f27e3a370d8 CR3: 0000000115af0002 CR4: 00000000007706e0
<4>[ 61.227411] PKRU: 55555554
<4>[ 61.227412] Call Trace:
<4>[ 61.227414] <TASK>
<4>[ 61.227416] ? die+0x36/0x90
<4>[ 61.232948] ? do_trap+0xea/0x110
<4>[ 61.234503] ? __list_del_entry_valid+0xc6/0xd0
<4>[ 61.234506] ? do_error_trap+0x6a/0xa0
<4>[ 61.236987] ? __list_del_entry_valid+0xc6/0xd0
<4>[ 61.236990] ? exc_invalid_op+0x50/0x80
<4>[ 61.239396] ? __list_del_entry_valid+0xc6/0xd0
<4>[ 61.240955] ? asm_exc_invalid_op+0x1a/0x20
<4>[ 61.242526] ? __list_del_entry_valid+0xc6/0xd0
<4>[ 61.242528] ? __list_del_entry_valid+0xc6/0xd0
<4>[ 61.244998] nf_tables_deactivate_set+0x39/0x120 [nf_tables]
<4>[ 61.246613] __nf_tables_abort+0x81b/0xce0 [nf_tables]
<4>[ 61.248251] nf_tables_abort+0x39/0x60 [nf_tables]
<4>[ 61.249838] nfnetlink_rcv_batch+0x4f1/0x990 [nfnetlink]
<4>[ 61.251517] nfnetlink_rcv+0x18f/0x1b0 [nfnetlink]
<4>[ 61.253170] netlink_unicast+0x1a9/0x290
<4>[ 61.254816] netlink_sendmsg+0x259/0x4e0
<4>[ 61.256433] sock_sendmsg+0xa8/0xb0
<4>[ 61.258024] ____sys_sendmsg+0x28d/0x320
<4>[ 61.259665] ? copy_msghdr_from_user+0x7d/0xc0
<4>[ 61.261320] ___sys_sendmsg+0x9f/0xf0
<4>[ 61.262974] __sys_sendmsg+0x7f/0xe0
<4>[ 61.264565] do_syscall_64+0x5f/0x90
<4>[ 61.266210] entry_SYSCALL_64_after_hwframe+0x72/0xdc
<4>[ 61.267906] RIP: 0033:0x7fd65445e174
<4>[ 61.269545] Code: 15 a9 3c 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 80 3d 8d c2 0c 00 00 74 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89
<4>[ 61.271387] RSP: 002b:00007ffe8b535ed8 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
<4>[ 61.273275] RAX: ffffffffffffffda RBX: 00007ffe8b5470e0 RCX: 00007fd65445e174
<4>[ 61.275117] RDX: 0000000000000000 RSI: 00007ffe8b546f90 RDI: 0000000000000003
<4>[ 61.276968] RBP: 00007ffe8b547090 R08: 00007ffe8b535eb4 R09: 00007ffe8b535ee0
<4>[ 61.278897] R10: 00007fd654662ec0 R11: 0000000000000202 R12: 0000000000000001
<4>[ 61.280774] R13: 0000000000011c00 R14: 0000000000000003 R15: 00007ffe8b535ef0
<4>[ 61.282653] </TASK>
<4>[ 61.284505] Modules linked in: nft_log nft_masq nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 cmac bnep nf_tables nfnetlink vfat fat binfmt_misc snd_sof_pci_intel_cnl snd_sof_intel_hda_common snd_soc_hdac_hda soundwire_intel soundwire_generic_allocation soundwire_cadence snd_sof_intel_hda_mlink snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils snd_soc_skl snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_acpi_intel_match snd_soc_acpi snd_hda_ext_core snd_soc_core snd_ctl_led iwlmvm snd_compress snd_hda_codec_realtek snd_pcm_dmaengine x86_pkg_temp_thermal ac97_bus snd_hda_codec_generic snd_hda_codec_hdmi uvcvideo intel_powerclamp snd_hda_intel iTCO_wdt snd_intel_dspcfg uvc rapl mac80211 intel_pmc_bxt videobuf2_vmalloc mei_pxp mei_wdt mei_hdcp intel_rapl_msr intel_cstate ee1004 iTCO_vendor_support libarc4 btusb videobuf2_memops snd_intel_sdw_acpi videobuf2_v4l2 processor_thermal_device_pci_legacy btrtl snd_hda_codec
<4>[ 61.284566] videobuf2_common processor_thermal_device btbcm thinkpad_acpi intel_uncore btintel processor_thermal_rfim videodev iwlwifi snd_hda_core thunderbolt processor_thermal_mbox ledtrig_audio efi_pstore mc intel_wmi_thunderbolt wmi_bmof snd_hwdep processor_thermal_rapl mei_me bluetooth platform_profile i2c_i801 intel_rapl_common e1000e ecdh_generic i2c_smbus cfg80211 snd_pcm mei idma64 intel_soc_dts_iosf intel_pch_thermal int3403_thermal rfkill int340x_thermal_zone int3400_thermal acpi_thermal_rel joydev acpi_pad fuse dm_crypt trusted asn1_encoder nvidia_drm(PO) nvidia_modeset(PO) mmc_block nvidia(PO) i915 i2c_algo_bit drm_buddy drm_display_helper drm_kms_helper syscopyarea rtsx_pci_sdmmc cec sysfillrect mmc_core sysimgblt ttm ucsi_acpi crct10dif_pclmul crc32c_intel polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 typec_ucsi nvme roles rtsx_pci drm nvme_core typec video wmi pinctrl_cannonlake serio_raw coretemp vhost_net tun tap vhost vhost_iotlb uinput snd_seq snd_timer snd_seq_device snd
<4>[ 61.296399] soundcore kvm_intel kvm irqbypass f2fs crc32_generic crc32_pclmul lz4hc_compress lz4_compress
<4>[ 61.314164] ---[ end trace 0000000000000000 ]---
next reply other threads:[~2023-06-25 17:46 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-25 17:38 Matthias Maier [this message]
2023-06-25 23:05 ` Kernel oops with netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE Pablo Neira Ayuso
2023-06-26 5:22 ` Matthias Maier
2023-06-26 8:12 ` Linux regression tracking #adding (Thorsten Leemhuis)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87cz1j5tof.fsf@43-1.org \
--to=tamiko@43-1.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.