kernel crash in netlink_sock_destruct()

kernel crash in netlink_sock_destruct()

[Arturo Borrero Gonzalez]

Hi,

I've found this in a machine I'm using to play with nftables.

The kernel is 4.2, so not sure if already fixed.

[mar nov 17 13:39:07 2015] ------------[ cut here ]------------
[mar nov 17 13:39:07 2015] WARNING: CPU: 0 PID: 0 at
/home/zumbi/linux-4.2.5/net/netlink/af_netlink.c:946
netlink_sock_destruct+0x103/0x140()
[mar nov 17 13:39:07 2015] Modules linked in: nf_conntrack_netlink
hid_generic usbhid hid binfmt_misc nft_counter nft_meta
nf_conntrack_ipv6 nf_defrag_ipv6 nft_ct nft_hash nft_rbtree nft_nat
nft_chain_nat_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat
nf_conntrack nf_tables_inet nf_tables_ipv6 nf_tables_ipv4 nf_tables
nfnetlink bonding coretemp kvm_intel amdkfd evdev kvm radeon iTCO_wdt
iTCO_vendor_support ppdev ttm drm_kms_helper psmouse serio_raw pcspkr
drm i2c_i801 i2c_algo_bit ipmi_si lpc_ich i3000_edac mfd_core
ipmi_msghandler parport_pc edac_core 8250_fintek parport rng_core
shpchp button acpi_cpufreq processor thermal_sys autofs4 ext4 crc16
mbcache jbd2 dm_mirror dm_region_hash dm_log dm_mod sg sd_mod
ata_generic ata_piix ahci libahci libata scsi_mod ehci_pci floppy
e1000e ptp pps_core uhci_hcd
[mar nov 17 13:39:07 2015]  ehci_hcd usbcore usb_common
[mar nov 17 13:39:07 2015] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G
    W       4.2.0-0.bpo.1-amd64 #1 Debian 4.2.5-1~bpo8+1
[mar nov 17 13:39:07 2015] Hardware name: MAXDATA PLATINUM 300 IR M7
/S3000AHV, BIOS S3000.86B.02.00.0044.071120071047 07/11/2007
[mar nov 17 13:39:07 2015]  0000000000000000 ffffffff81853cc8
ffffffff81552eb1 0000000000000000
[mar nov 17 13:39:07 2015]  ffffffff8106fa01 ffff8800d916e800
ffff88011fc165b0 000000000000000a
[mar nov 17 13:39:07 2015]  0000000000000001 ffff8800da8bfaa0
ffffffff8148f023 0000000000000000
[mar nov 17 13:39:07 2015] Call Trace:
[mar nov 17 13:39:07 2015]  <IRQ>  [<ffffffff81552eb1>] ? dump_stack+0x40/0x50
[mar nov 17 13:39:07 2015]  [<ffffffff8106fa01>] ?
warn_slowpath_common+0x81/0xb0
[mar nov 17 13:39:07 2015]  [<ffffffff8148f023>] ?
netlink_sock_destruct+0x103/0x140
[mar nov 17 13:39:07 2015]  [<ffffffff8144dc0a>] ? sk_destruct+0x1a/0x120
[mar nov 17 13:39:07 2015]  [<ffffffff810ca05a>] ?
rcu_process_callbacks+0x20a/0x5a0
[mar nov 17 13:39:07 2015]  [<ffffffff8101c645>] ? read_tsc+0x5/0x10
[mar nov 17 13:39:07 2015]  [<ffffffff81073aa7>] ? __do_softirq+0x107/0x270
[mar nov 17 13:39:07 2015]  [<ffffffff81073d82>] ? irq_exit+0x92/0xa0
[mar nov 17 13:39:07 2015]  [<ffffffff8155b37e>] ?
smp_apic_timer_interrupt+0x3e/0x50
[mar nov 17 13:39:07 2015]  [<ffffffff8155955b>] ?
apic_timer_interrupt+0x6b/0x70
[mar nov 17 13:39:07 2015]  <EOI>  [<ffffffff8101dc86>] ? mwait_idle+0xb6/0x150
[mar nov 17 13:39:07 2015]  [<ffffffff810abf5b>] ? cpu_startup_entry+0x2eb/0x350
[mar nov 17 13:39:07 2015]  [<ffffffff81b2af5e>] ? start_kernel+0x480/0x48b
[mar nov 17 13:39:07 2015]  [<ffffffff81b2a120>] ?
early_idt_handler_array+0x120/0x120
[mar nov 17 13:39:07 2015]  [<ffffffff81b2a120>] ?
early_idt_handler_array+0x120/0x120
[mar nov 17 13:39:07 2015]  [<ffffffff81b2a605>] ?
x86_64_start_kernel+0x148/0x157
[mar nov 17 13:39:07 2015] ---[ end trace 9424a28950df2909 ]---


-- 
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: kernel crash in netlink_sock_destruct()

[Arturo Borrero Gonzalez]

[-- Attachment #1: Type: text/plain, Size: 438 bytes --]

On 17 November 2015 at 13:49, Arturo Borrero Gonzalez
<arturo.borrero.glez@gmail.com> wrote:
> Hi,
>
> I've found this in a machine I'm using to play with nftables.
>
> The kernel is 4.2, so not sure if already fixed.
>

More info. I can reproduce the issue:

 % sudo ip netns add test
 % sudo ip netns exec test nft -f test.nft
 % sudo ip netns del test

Find attached the test.nft file.

-- 
Arturo Borrero González

[-- Attachment #2: test.nft --]
[-- Type: application/octet-stream, Size: 5674 bytes --]

flush ruleset
table ip nat {
	chain prerouting {
		type nat hook prerouting priority 0; policy accept;
	}

	chain postrouting {
		type nat hook postrouting priority 0; policy accept;
		ip saddr 192.168.5.0/24 snat 1.1.1.1
	}
}
table inet inet-filter {
	chain input {
		type filter hook input priority 0; policy drop;
		ct state new accept
	}

	chain forward {
		type filter hook forward priority 0; policy drop;
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {2.3.4.5, 2.3.4.6} tcp dport 22 counter accept
		counter accept
	}

	chain output {
		type filter hook output priority 0; policy accept;
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		iifname eth0 oifname eth0 counter drop
		counter accept
	}
}

Re: kernel crash in netlink_sock_destruct()

[Patrick McHardy]

On 24.11, Arturo Borrero Gonzalez wrote:
> On 17 November 2015 at 13:49, Arturo Borrero Gonzalez
> <arturo.borrero.glez@gmail.com> wrote:
> > Hi,
> >
> > I've found this in a machine I'm using to play with nftables.
> >
> > The kernel is 4.2, so not sure if already fixed.
> >
> 
> More info. I can reproduce the issue:
> 
>  % sudo ip netns add test
>  % sudo ip netns exec test nft -f test.nft
>  % sudo ip netns del test
> 
> Find attached the test.nft file.

@Arturo: was there any delay between those commands or did you execute all
of them directly after each other?

Somewhat related question: i'm wondering, what, if anything, is removing all
the nftables objects if a namespace exits? It seems we're leaking them all.

Re: kernel crash in netlink_sock_destruct()

[Arturo Borrero Gonzalez]

On 27 November 2015 at 18:06, Patrick McHardy <kaber@trash.net> wrote:
>
> @Arturo: was there any delay between those commands or did you execute all
> of them directly after each other?

No delay, the time of typing.

-- 
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html