| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220510092803.GA3969@xsang-OptiPlex-9020>
Date: Tue, 10 May 2022 17:28:03 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Sven Auhagen <Sven.Auhagen@...eatech.de>
Cc: 0day robot <lkp@...el.com>,
Sven Auhagen <sven.auhagen@...eatech.de>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
netfilter-devel@...r.kernel.org, pablo@...filter.org
Subject: [nf_flowtable] 2cd764935d:
kernel-selftests.netfilter.nft_flowtable.sh.ipsec_tunnel_mode_for_ns1/ns2.fail
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 2cd764935de4447e8e3f1ec534b4700206857683 ("[PATCH] nf_flowtable: nft_flow_route use more data for reverse route")
url: https://github.com/intel-lab-lkp/linux/commits/Sven-Auhagen/nf_flowtable-nft_flow_route-use-more-data-for-reverse-route/20220427-151900
base: https://git.kernel.org/cgit/linux/kernel/git/pablo/nf.git master
patch link: https://lore.kernel.org/netfilter-devel/20220427071515.qfgqbs6uzoowwnkg@SvensMacbookPro.hq.voleatech.com
in testcase: kernel-selftests
version: kernel-selftests-x86_64-a6eb654d-1_20220501
with following parameters:
group: netfilter
ucode: 0xec
test-description: The kernel contains a set of "self tests" under the tools/testing/selftests/ directory. These are intended to be small unit tests to exercise individual code paths in the kernel.
test-url: https://www.kernel.org/doc/Documentation/kselftest.txt
on test machine: 8 threads Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz with 28G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
# selftests: netfilter: nft_flowtable.sh
# PASS: netns routing/connectivity: ns1 can reach ns2
# FAIL: file mismatch for ns1 -> ns2
# -rw------- 1 root root 227328 May 8 22:05 /tmp/tmp.fnnwOCWcA4
# -rw------- 1 root root 99388 May 8 22:05 /tmp/tmp.LL8ohakyGQ
# FAIL: file mismatch for ns1 <- ns2
# -rw------- 1 root root 296960 May 8 22:05 /tmp/tmp.1DlwdJLSUX
# -rw------- 1 root root 15584 May 8 22:05 /tmp/tmp.HnObAriWng
# FAIL: flow offload for ns1/ns2:
# table inet filter {
# flowtable f1 {
# hook ingress priority 0
# devices = { veth0, veth1 }
# }
#
# chain forward {
# type filter hook forward priority 0; policy drop;
# oif "veth1" tcp dport 12345 flow offload @f1 counter packets 0 bytes 0
# tcp dport 12345 meta length > 200 ct mark set 0x00000001 counter packets 14 bytes 103660
# tcp flags fin,rst ct mark set 0x00000000 accept
# meta length > 1500 accept comment "something-to-grep-for"
# tcp sport 12345 ct mark 0x00000001 counter packets 57 bytes 8220 log prefix "mark failure " drop
# ct state established,related accept
# meta length < 200 oif "veth1" tcp dport 12345 counter packets 1 bytes 60 accept
# meta l4proto icmp accept
# meta l4proto ipv6-icmp accept
# }
# }
# /dev/stdin:4:73-74: Error: syntax error, unexpected to, expecting newline or semicolon
# meta iif "veth0" ip daddr 10.6.6.6 tcp dport 1666 counter dnat ip to 10.0.2.99:12345
# ^^
# FAIL: file mismatch for ns1 -> ns2
# -rw------- 1 root root 227328 May 8 22:05 /tmp/tmp.fnnwOCWcA4
# -rw------- 1 root root 0 May 8 22:05 /tmp/tmp.LL8ohakyGQ
# FAIL: file mismatch for ns1 <- ns2
# -rw------- 1 root root 296960 May 8 22:05 /tmp/tmp.1DlwdJLSUX
# -rw------- 1 root root 0 May 8 22:05 /tmp/tmp.HnObAriWng
# FAIL: flow offload for ns1/ns2 with NAT
# table inet filter {
# flowtable f1 {
# hook ingress priority 0
# devices = { veth0, veth1 }
# }
#
# chain forward {
# type filter hook forward priority 0; policy drop;
# oif "veth1" tcp dport 12345 flow offload @f1 counter packets 0 bytes 0
# tcp dport 12345 meta length > 200 ct mark set 0x00000001 counter packets 15 bytes 103980
# tcp flags fin,rst ct mark set 0x00000000 accept
# meta length > 1500 accept comment "something-to-grep-for"
# tcp sport 12345 ct mark 0x00000001 counter packets 57 bytes 8220 log prefix "mark failure " drop
# ct state established,related accept
# meta length < 200 oif "veth1" tcp dport 12345 counter packets 4 bytes 240 accept
# meta l4proto icmp accept
# meta l4proto ipv6-icmp accept
# }
# }
# FAIL: file mismatch for ns1 -> ns2
# -rw------- 1 root root 227328 May 8 22:05 /tmp/tmp.fnnwOCWcA4
# -rw------- 1 root root 0 May 8 22:05 /tmp/tmp.LL8ohakyGQ
# FAIL: file mismatch for ns1 <- ns2
# -rw------- 1 root root 296960 May 8 22:05 /tmp/tmp.1DlwdJLSUX
# -rw------- 1 root root 0 May 8 22:05 /tmp/tmp.HnObAriWng
# FAIL: flow offload for ns1/ns2 with NAT and pmtu discovery
# table inet filter {
# flowtable f1 {
# hook ingress priority 0
# devices = { veth0, veth1 }
# }
#
# chain forward {
# type filter hook forward priority 0; policy drop;
# oif "veth1" tcp dport 12345 flow offload @f1 counter packets 0 bytes 0
# tcp dport 12345 meta length > 200 ct mark set 0x00000001 counter packets 16 bytes 104300
# tcp flags fin,rst ct mark set 0x00000000 accept
# tcp sport 12345 ct mark 0x00000001 counter packets 57 bytes 8220 log prefix "mark failure " drop
# ct state established,related accept
# meta length < 200 oif "veth1" tcp dport 12345 counter packets 7 bytes 420 accept
# meta l4proto icmp accept
# meta l4proto ipv6-icmp accept
# }
# }
# /dev/stdin:5:71-72: Error: syntax error, unexpected to, expecting newline or semicolon
# meta iif "br0" ip daddr 10.6.6.6 tcp dport 1666 counter dnat ip to 10.0.2.99:12345
# ^^
# FAIL: file mismatch for ns1 -> ns2
# -rw------- 1 root root 227328 May 8 22:05 /tmp/tmp.fnnwOCWcA4
# -rw------- 1 root root 0 May 8 22:06 /tmp/tmp.LL8ohakyGQ
# FAIL: file mismatch for ns1 <- ns2
# -rw------- 1 root root 296960 May 8 22:05 /tmp/tmp.1DlwdJLSUX
# -rw------- 1 root root 0 May 8 22:06 /tmp/tmp.HnObAriWng
# FAIL: flow offload for ns1/ns2 with bridge NAT
# table inet filter {
# flowtable f1 {
# hook ingress priority 0
# devices = { veth0, veth1 }
# }
#
# chain forward {
# type filter hook forward priority 0; policy drop;
# oif "veth1" tcp dport 12345 flow offload @f1 counter packets 0 bytes 0
# tcp dport 12345 meta length > 200 ct mark set 0x00000001 counter packets 17 bytes 104620
# tcp flags fin,rst ct mark set 0x00000000 accept
# tcp sport 12345 ct mark 0x00000001 counter packets 57 bytes 8220 log prefix "mark failure " drop
# ct state established,related accept
# meta length < 200 oif "veth1" tcp dport 12345 counter packets 10 bytes 600 accept
# meta l4proto icmp accept
# meta l4proto ipv6-icmp accept
# }
# }
# FAIL: file mismatch for ns1 -> ns2
# -rw------- 1 root root 227328 May 8 22:05 /tmp/tmp.fnnwOCWcA4
# -rw------- 1 root root 0 May 8 22:06 /tmp/tmp.LL8ohakyGQ
# FAIL: file mismatch for ns1 <- ns2
# -rw------- 1 root root 296960 May 8 22:05 /tmp/tmp.1DlwdJLSUX
# -rw------- 1 root root 0 May 8 22:06 /tmp/tmp.HnObAriWng
# FAIL: flow offload for ns1/ns2 with bridge NAT and VLAN
# table inet filter {
# flowtable f1 {
# hook ingress priority 0
# devices = { veth0, veth1 }
# }
#
# chain forward {
# type filter hook forward priority 0; policy drop;
# oif "veth1" tcp dport 12345 flow offload @f1 counter packets 0 bytes 0
# tcp dport 12345 meta length > 200 ct mark set 0x00000001 counter packets 17 bytes 104620
# tcp flags fin,rst ct mark set 0x00000000 accept
# tcp sport 12345 ct mark 0x00000001 counter packets 57 bytes 8220 log prefix "mark failure " drop
# ct state established,related accept
# meta length < 200 oif "veth1" tcp dport 12345 counter packets 13 bytes 780 accept
# meta l4proto icmp accept
# meta l4proto ipv6-icmp accept
# }
# }
# Error: Could not process rule: No such file or directory
# delete table ip nat
# ^^^^^^^^^^^^^^^^^^^^
# FAIL: file mismatch for ns1 -> ns2
# -rw------- 1 root root 227328 May 8 22:05 /tmp/tmp.fnnwOCWcA4
# -rw------- 1 root root 12512 May 8 22:06 /tmp/tmp.LL8ohakyGQ
# FAIL: file mismatch for ns1 <- ns2
# -rw------- 1 root root 296960 May 8 22:05 /tmp/tmp.1DlwdJLSUX
# -rw------- 1 root root 0 May 8 22:06 /tmp/tmp.HnObAriWng
# FAIL: ipsec tunnel mode for ns1/ns2
# table inet filter {
# flowtable f1 {
# hook ingress priority 0
# devices = { veth0, veth1 }
# }
#
# chain forward {
# type filter hook forward priority 0; policy drop;
# oif "veth1" tcp dport 12345 flow offload @f1 counter packets 0 bytes 0
# tcp dport 12345 meta length > 200 ct mark set 0x00000001 counter packets 22 bytes 121550
# tcp flags fin,rst ct mark set 0x00000000 accept
# tcp sport 12345 ct mark 0x00000001 counter packets 83 bytes 26278 log prefix "mark failure " drop
# ct state established,related accept
# meta length < 200 oif "veth1" tcp dport 12345 counter packets 14 bytes 840 accept
# meta l4proto icmp accept
# meta l4proto ipv6-icmp accept
# }
# }
# XfrmInError 0
# XfrmInBufferError 0
# XfrmInHdrError 0
# XfrmInNoStates 0
# XfrmInStateProtoError 0
# XfrmInStateModeError 0
# XfrmInStateSeqError 0
# XfrmInStateExpired 0
# XfrmInStateMismatch 0
# XfrmInStateInvalid 0
# XfrmInTmplMismatch 0
# XfrmInNoPols 0
# XfrmInPolBlock 0
# XfrmInPolError 0
# XfrmOutError 0
# XfrmOutBundleGenError 0
# XfrmOutBundleCheckError 0
# XfrmOutNoStates 0
# XfrmOutStateProtoError 0
# XfrmOutStateModeError 0
# XfrmOutStateSeqError 0
# XfrmOutStateExpired 0
# XfrmOutPolBlock 0
# XfrmOutPolDead 0
# XfrmOutPolError 0
# XfrmFwdHdrError 0
# XfrmOutStateInvalid 0
# XfrmAcquireError 0
not ok 6 selftests: netfilter: nft_flowtable.sh # exit=1
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.18.0-rc1-00127-g2cd764935de4" of type "text/plain" (167173 bytes)
View attachment "job-script" of type "text/plain" (6341 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (34656 bytes)
View attachment "kernel-selftests" of type "text/plain" (25589 bytes)
View attachment "job.yaml" of type "text/plain" (5121 bytes)
View attachment "reproduce" of type "text/plain" (158 bytes)
Powered by blists - more mailing lists