Package: conntrackd Version: 1:1.4.5-2 Severity: grave Justification: renders package unusable
Dear Maintainer, I’m experiencing a problem with conntrackd. * What led up to the situation? I installed and configured conntrackd and simply started it. * What exactly did you do (or not do) that was effective (or ineffective)? I investigated the problem using gdb and valgrind. As the segfault happens in cache_ct_cmp(), by being passed a NULL pointer that it tries to dereference, I tried to disable the caches. Setting `DisableExternalCache on` led to the same behaviour. Setting `DisableInternalCache on` apparently fixed it, however this option is only available in NOTRACK mode (and I want to use FTFW mode). Since some hash related functions appear in the backtrace, I tried to change the value of HashSize and HashLimit. Based on more or less similar reports I found online, I tried disabling TCPWindowTracking and ExpectationSync. Neither one fixed the problem. * What was the outcome of this action? It segfaulted right after starting. Only with `DisableExternalCache on`, it produced any output (see below), without that, no output was produced. * What outcome did you expect instead? I expected it to work, or at least provide a sensible error message. *** /tmp/gdb.log # gdb -q --args conntrackd Reading symbols from conntrackd...Reading symbols from /usr/lib/debug/.build-id/ce/01eee7370eaa2a78b30857a5478c1b7f600bfe.debug...done. done. (gdb) r Starting program: /usr/sbin/conntrackd [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Tue Jul 14 16:48:55 2020] (pid=13845) [notice] disabling external cache Program received signal SIGSEGV, Segmentation fault. 0x0000555555564ba1 in cache_ct_cmp (data1=0x0, data2=0x5555555afd60) at cache-ct.c:104 104 cache-ct.c: No such file or directory. (gdb) bt #0 0x0000555555564ba1 in cache_ct_cmp (data1=0x0, data2=0x5555555afd60) at cache-ct.c:104 #1 0x000055555555f633 in hashtable_find (table=0x5555555a9810, data=data@entry=0x5555555afd60, id=<optimized out>) at hash.c:74 #2 0x000055555556434c in cache_find (c=c@entry=0x5555555a9710, ptr=ptr@entry=0x5555555afd60, id=id@entry=0x7fffffff9ec4) at cache.c:304 #3 0x0000555555564378 in cache_update_force (c=0x5555555a9710, ptr=0x5555555afd60) at cache.c:279 #4 0x00005555555663b8 in dump_handler (type=NFCT_T_UPDATE, data=<optimized out>, ct=0x5555555afd60) at ctnl.c:266 #5 dump_handler (type=NFCT_T_UPDATE, ct=0x5555555afd60, data=<optimized out>) at ctnl.c:257 #6 0x00007ffff7ba47db in __callback (nlh=0x7fffffffa090, nfa=0x7fffffff9f50, data=0x5555555afd40) at callback.c:58 #7 0x00007ffff778805c in nfnl_step (h=h@entry=0x5555555afa20, nlh=nlh@entry=0x7fffffffa090) at libnfnetlink.c:1340 #8 0x00007ffff7788823 in nfnl_process (h=h@entry=0x5555555afa20, buf=buf@entry=0x7fffffffa090 <incomplete sequence \324>, len=len@entry=3604) at libnfnetlink.c:1385 #9 0x00007ffff7788b8e in nfnl_catch (h=0x5555555afa20) at libnfnetlink.c:1539 #10 0x00007ffff7ba562f in nfct_query (h=0x5555555afc00, qt=qt@entry=NFCT_Q_DUMP, data=data@entry=0x5555555772e4 <family>) at api.c:970 #11 0x0000555555561f71 in nl_dump_conntrack_table (h=<optimized out>) at netlink.c:153 #12 0x000055555556661f in ctnl_init () at ctnl.c:456 #13 0x000055555555f505 in init () at run.c:301 #14 0x000055555555df72 in main (argc=1, argv=0x7fffffffe428) at main.c:367 *** /tmp/valgrind.log # valgrind conntrackd ==13777== Memcheck, a memory error detector ==13777== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==13777== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==13777== Command: conntrackd ==13777== [Tue Jul 14 16:44:45 2020] (pid=13777) [notice] disabling external cache ==13777== Invalid read of size 8 ==13777== at 0x113608: hashtable_find (hash.c:72) ==13777== by 0x118377: cache_update_force (cache.c:279) ==13777== by 0x11A3B7: dump_handler (ctnl.c:266) ==13777== by 0x11A3B7: dump_handler (ctnl.c:257) ==13777== by 0x4A5A7DA: __callback (callback.c:58) ==13777== by 0x4E8A05B: nfnl_step (libnfnetlink.c:1340) ==13777== by 0x4E8A822: nfnl_process (libnfnetlink.c:1385) ==13777== by 0x4E8AB8D: nfnl_catch (libnfnetlink.c:1539) ==13777== by 0x4A5B62E: nfct_query (api.c:970) ==13777== by 0x11A61E: ctnl_init (ctnl.c:456) ==13777== by 0x113504: init (run.c:301) ==13777== by 0x111F71: main (main.c:367) ==13777== Address 0x54af660 is 0 bytes after a block of size 32 alloc'd ==13777== at 0x4837B65: calloc (vg_replace_malloc.c:752) ==13777== by 0x113577: hashtable_create (hash.c:39) ==13777== by 0x117E8D: cache_create (cache.c:102) ==13777== by 0x121796: internal_cache_init (internal_cache.c:26) ==13777== by 0x11ADAC: init_sync (sync-mode.c:396) ==13777== by 0x11A52A: ctnl_init (ctnl.c:414) ==13777== by 0x113504: init (run.c:301) ==13777== by 0x111F71: main (main.c:367) ==13777== ==13777== Invalid read of size 8 ==13777== at 0x118BA1: cache_ct_cmp (cache-ct.c:104) ==13777== by 0x113632: hashtable_find (hash.c:74) ==13777== by 0x118377: cache_update_force (cache.c:279) ==13777== by 0x11A3B7: dump_handler (ctnl.c:266) ==13777== by 0x11A3B7: dump_handler (ctnl.c:257) ==13777== by 0x4A5A7DA: __callback (callback.c:58) ==13777== by 0x4E8A05B: nfnl_step (libnfnetlink.c:1340) ==13777== by 0x4E8A822: nfnl_process (libnfnetlink.c:1385) ==13777== by 0x4E8AB8D: nfnl_catch (libnfnetlink.c:1539) ==13777== by 0x4A5B62E: nfct_query (api.c:970) ==13777== by 0x11A61E: ctnl_init (ctnl.c:456) ==13777== by 0x113504: init (run.c:301) ==13777== by 0x111F71: main (main.c:367) ==13777== Address 0x10 is not stack'd, malloc'd or (recently) free'd ==13777== ==13777== ==13777== Process terminating with default action of signal 11 (SIGSEGV) ==13777== Access not within mapped region at address 0x10 ==13777== at 0x118BA1: cache_ct_cmp (cache-ct.c:104) ==13777== by 0x113632: hashtable_find (hash.c:74) ==13777== by 0x118377: cache_update_force (cache.c:279) ==13777== by 0x11A3B7: dump_handler (ctnl.c:266) ==13777== by 0x11A3B7: dump_handler (ctnl.c:257) ==13777== by 0x4A5A7DA: __callback (callback.c:58) ==13777== by 0x4E8A05B: nfnl_step (libnfnetlink.c:1340) ==13777== by 0x4E8A822: nfnl_process (libnfnetlink.c:1385) ==13777== by 0x4E8AB8D: nfnl_catch (libnfnetlink.c:1539) ==13777== by 0x4A5B62E: nfct_query (api.c:970) ==13777== by 0x11A61E: ctnl_init (ctnl.c:456) ==13777== by 0x113504: init (run.c:301) ==13777== by 0x111F71: main (main.c:367) ==13777== If you believe this happened as a result of a stack ==13777== overflow in your program's main thread (unlikely but ==13777== possible), you can try to increase the size of the ==13777== main thread stack using the --main-stacksize= flag. ==13777== The main thread stack size used in this run was 8388608. ==13777== ==13777== HEAP SUMMARY: ==13777== in use at exit: 35,130 bytes in 71 blocks ==13777== total heap usage: 88 allocs, 17 frees, 60,055 bytes allocated ==13777== ==13777== LEAK SUMMARY: ==13777== definitely lost: 0 bytes in 0 blocks ==13777== indirectly lost: 0 bytes in 0 blocks ==13777== possibly lost: 0 bytes in 0 blocks ==13777== still reachable: 35,130 bytes in 71 blocks ==13777== suppressed: 0 bytes in 0 blocks ==13777== Rerun with --leak-check=full to see details of leaked memory ==13777== ==13777== For counts of detected and suppressed errors, rerun with: -v ==13777== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0) -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.6.0-0.bpo.2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages conntrackd depends on: ii libc6 2.28-10 ii libmnl0 1.0.4-2 ii libnetfilter-conntrack3 1.0.7-1 ii libnetfilter-cthelper0 1.0.0-1+b1 ii libnetfilter-queue1 1.0.3-1 ii libnfnetlink0 1.0.1-3+b1 ii libsystemd0 241-7~deb10u4 conntrackd recommends no packages. Versions of packages conntrackd suggests: ii nftables 0.9.0-2 -- Configuration Files: /etc/conntrackd/conntrackd.conf changed: Sync { Mode NOTRACK { # DisableInternalCache on DisableExternalCache on } Multicast { IPv4_address 225.0.0.50 Group 3780 IPv4_interface 10.10.73.3 Interface vl-asta SndSocketBuffer 1249280 RcvSocketBuffer 1249280 Checksum on } Options { # TCPWindowTracking On # ExpectationSync On } } General { Systemd on # HashLimit 524288 LogFile on Syslog on LockFile /var/lock/conntrackd.lock UNIX { Path /var/run/conntrackd.sock } NetlinkBufferSize 2097152 NetlinkBufferSizeMaxGrowth 8388608 Filter From Userspace { Address Ignore { IPv4_address 127.0.0.0/8 } } } -- no debconf information