Mikhail Morfikov <mmorfikov@xxxxxxxxx> wrote:
> Since my nftables ruleset grows bigger and bigger, I wanted to move
> some of the rules to other files and include them in the main file.
>
> Everything was fine before cutting the main file into several
> pieces, but after moving the rules, I started to experience kernel
> BUGs when the whole ruleset is being applied (see the BUG at the
> end of the email).
[..]
> ------------------------------------
> #!/usr/sbin/nft -f
>
> flush ruleset
>
> create table ip nat
> create table inet filter
>
> create chain ip nat testchain
>
> delete table ip testtable
> ------------------------------------
>
> When you apply the ruleset, you get the following:
>
> # nft -f main.nft
>
> # nft list ruleset
> table inet filter {
> }
>
> So where's the "nat" table? I created it, I didn't delete it, but
> it doesn't exist? Maybe this why the kernel BUG happens when the
> ruleset is a little bit more complicated.
Don't think so, this bug appears unrelated.
For some reason, nft asks kernel to delete all tables in ip family here:
delete table ip testtable
.. so this removes the 'ip nat' too. Thats a bug of course, I will look
at it later today.
> kernel: list_add double add: new=ffff8cb90dc98c30, prev=ffff8cb90dc98c30, next=ffff8cb802f628e8.
Ouch.
> kernel: Hardware name: Hewlett-Packard HP G62 Notebook PC /1439, BIOS F.48 11/09/2011
> kernel: RIP: 0010:__list_add_valid+0x4f/0x60
> kernel: Code: 00 48 39 c5 74 0f 48 39 d5 74 0a 5b b8 01 00 00 00 5d 41 5c c3 48 89 d9 4c 89 e2 48 89 ee 48 c7 c7 60 a3 a4 92 e8 84 2d ba ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 53 48 89 fb 48
> kernel: RSP: 0018:ffff9f2e021bb938 EFLAGS: 00010282
> kernel: RAX: 0000000000000058 RBX: ffff8cb802f628e8 RCX: 0000000000000000
> kernel: RDX: 0000000000000000 RSI: ffffffff92a365ba RDI: 0000000000000001
> kernel: RBP: ffff8cb90dc98c30 R08: ffffffff91c64390 R09: 00000000000068bb
> kernel: R10: 0000000000000000 R11: 0000000000000030 R12: ffff8cb90dc98c30
> kernel: R13: ffff8cb802f62840 R14: ffff8cb90dc98c30 R15: ffff8cb802f628e8
> kernel: FS: 00007e6160b2b200(0000) GS:ffff8cb90f900000(0000) knlGS:0000000000000000
> kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> kernel: CR2: 00007e6160aff000 CR3: 000000000b186002 CR4: 00000000000206e0
> kernel: Call Trace:
> kernel: nf_tables_rebind_set+0x9c/0xc0
> kernel: __nf_tables_abort+0x382/0x6b0
> kernel: nf_tables_abort+0x12/0x30
> kernel: nfnetlink_rcv_batch+0x1ef/0x680
There is some other problem and nf_tables needs to abort the transaction;
while doing this, it causes a double list-add (readding element e to
a list its already on), hence the BUG().
I don't know what would cause this, I will try to find out/reproduce.
I don't think its releated to the first bug though.
