diff options
author | Florian Westphal <fw@strlen.de> | 2024-03-08 20:57:26 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2024-04-02 15:46:14 +0200 |
commit | b237aeff41840f0c7968d02ed3d461fa9fa8fb70 (patch) | |
tree | 6c0a507fb425e3e0dc0b9d3ca1074c78ebf0b3b7 /tests/shell/testcases/transactions/dumps | |
parent | a2a7fbdfdd7f8dc5baa4cc8a23753b96bbc8a433 (diff) |
tests: shell: add regression test for double-free crash bug
BUG: KASAN: slab-use-after-free in nf_tables_set_elem_destroy+0x55/0x160
Call Trace:
nf_tables_set_elem_destroy+0x55/0x160
nf_tables_set_elem_destroy+0x55/0x160
nft_pipapo_destroy+0x3b4/0x5a0
nft_set_destroy+0x118/0x3a0
nf_tables_trans_destroy_work+0x4f2/0xa80
This is a test case for the bug fiex with kernel commit
b0e256f3dd2b ("netfilter: nft_set_pipapo: release elements in clone only from destroy path").
Reported-by: lonial con <kongln9170@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/transactions/dumps')
-rw-r--r-- | tests/shell/testcases/transactions/dumps/concat_range_abort.json-nft | 47 | ||||
-rw-r--r-- | tests/shell/testcases/transactions/dumps/concat_range_abort.nft | 8 |
2 files changed, 55 insertions, 0 deletions
diff --git a/tests/shell/testcases/transactions/dumps/concat_range_abort.json-nft b/tests/shell/testcases/transactions/dumps/concat_range_abort.json-nft new file mode 100644 index 00000000..8db71894 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/concat_range_abort.json-nft @@ -0,0 +1,47 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "foo", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "bar", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "foo", + "handle": 0, + "expr": [ + { + "accept": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/transactions/dumps/concat_range_abort.nft b/tests/shell/testcases/transactions/dumps/concat_range_abort.nft new file mode 100644 index 00000000..06adca7a --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/concat_range_abort.nft @@ -0,0 +1,8 @@ +table ip x { + chain foo { + accept + } + + chain bar { + } +} |