Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Daemon SIGSEGV panic if systemctl stop when UI paused v1.5.2 #919

Closed
nettyso opened this issue Apr 24, 2023 · 0 comments
Closed

Daemon SIGSEGV panic if systemctl stop when UI paused v1.5.2 #919

nettyso opened this issue Apr 24, 2023 · 0 comments

Comments

@nettyso
Copy link

nettyso commented Apr 24, 2023

Please, check the FAQ and Known Problems pages before creating the bug report:
https://github.com/evilsocket/opensnitch/wiki/FAQs
https://github.com/evilsocket/opensnitch/wiki/Known-problems

Describe the bug
A clear and concise description of what the bug is.

Include the following information:

  • OpenSnitch version. v1.5.2 installed via GitHub release opensnitch_1.5.2-1_amd64.deb
  • OS: Ubuntu
  • Version 22.04.1 LTS
  • Window Manager: N/A
  • Kernel version: 5.19.0-32-generic
    crash.log
    22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Jan 30 17:03:34 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

To Reproduce
Describe in detail as much as you can what happened.

Steps to reproduce the behavior:

  1. Install deb
  2. systemctl enable --now opensnitch
  3. Pause opensnitch in the UI (i.e State: Disabled)
  4. systemctl stop opensnitch
  5. See error

Post error logs:
Very long see file:

$ systemctl status opensnitch
Apr 21 17:25:49 twothirty systemd[1]: Starting OpenSnitch is a GNU/Linux application firewall....
Apr 21 17:25:49 twothirty systemd[1]: Started OpenSnitch is a GNU/Linux application firewall..
Apr 21 17:25:49 twothirty opensnitchd[186836]: [2023-04-22 00:25:49]  IMP  Starting opensnitch-daemon v1.5.2
Apr 21 17:25:49 twothirty opensnitchd[186836]: [2023-04-22 00:25:49]  INF  Loading rules from /etc/opensnitchd/rules ...
Apr 23 17:05:15 twothirty systemd[1]: Stopping OpenSnitch is a GNU/Linux application firewall....
Apr 23 17:05:20 twothirty opensnitchd[186836]: fatal error: unexpected signal during runtime execution
Apr 23 17:05:20 twothirty opensnitchd[186836]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x7fc4ac379370 pc=0x7fc3aa3a679a]
Apr 23 17:05:20 twothirty opensnitchd[186836]: runtime stack:
Apr 23 17:05:20 twothirty opensnitchd[186836]: runtime.throw(0xad5571, 0x2a)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         runtime/panic.go:1116 +0x72
Apr 23 17:05:20 twothirty opensnitchd[186836]: runtime.sigpanic()
Apr 23 17:05:20 twothirty opensnitchd[186836]:         runtime/signal_unix.go:726 +0x4ac
Apr 23 17:05:20 twothirty opensnitchd[186836]: goroutine 6505 [syscall]:
Apr 23 17:05:20 twothirty opensnitchd[186836]: runtime.cgocall(0x956930, 0xc001bb2f10, 0xc001bb2f00)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         runtime/cgocall.go:133 +0x5b fp=0xc001bb2ee0 sp=0xc001bb2ea8 pc=0x4080bb
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/netfilter._Cfunc_nfq_close(0x7fc378000fd0, 0xc000000000)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         _cgo_gotypes.go:262 +0x49 fp=0xc001bb2f10 sp=0xc001bb2ee0 pc=0x5ff2a9
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/netfilter.(*Queue).closeNfq.func1(0xc000e44210, 0xc001a58000)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/netfilter/queue.go:175 +0x59 fp=0xc001bb2f48 sp=0xc001bb2f10 pc=0x601579
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/netfilter.(*Queue).closeNfq(0xc000e44210)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/netfilter/queue.go:175 +0x3f fp=0xc001bb2f98 sp=0xc001bb2f48 pc=0x60053f
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/netfilter.(*Queue).destroy.func1()
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/netfilter/queue.go:158 +0x98 fp=0xc001bb2fe0 sp=0xc001bb2f98 pc=0x601378
Apr 23 17:05:20 twothirty opensnitchd[186836]: runtime.goexit()
Apr 23 17:05:20 twothirty opensnitchd[186836]:         runtime/asm_amd64.s:1374 +0x1 fp=0xc001bb2fe8 sp=0xc001bb2fe0 pc=0x4719c1
Apr 23 17:05:20 twothirty opensnitchd[186836]: created by time.goFunc
Apr 23 17:05:20 twothirty opensnitchd[186836]:         time/sleep.go:167 +0x45
Apr 23 17:05:20 twothirty opensnitchd[186836]: goroutine 1 [syscall]:
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/netfilter._Cfunc_nfq_unbind_pf(0x7fc378002c30, 0xc0026b000a, 0x0)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         _cgo_gotypes.go:355 +0x4d
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/netfilter.(*Queue).destroy.func3(0xc000e44240, 0xc000000000)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/netfilter/queue.go:163 +0x65
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/netfilter.(*Queue).destroy(0xc000e44240)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/netfilter/queue.go:163 +0x8a
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/netfilter.(*Queue).Close(0xc000e44240)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/netfilter/queue.go:146 +0x46
Apr 23 17:05:20 twothirty opensnitchd[186836]: main.doCleanup(0xc000e44210, 0xc000e44240)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/main.go:163 +0xc5
Apr 23 17:05:20 twothirty opensnitchd[186836]: main.main()
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/main.go:413 +0x745
Apr 23 17:05:20 twothirty opensnitchd[186836]: goroutine 6 [syscall]:
Apr 23 17:05:20 twothirty opensnitchd[186836]: os/signal.signal_recv(0xb6a140)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         runtime/sigqueue.go:147 +0x9d
Apr 23 17:05:20 twothirty opensnitchd[186836]: os/signal.loop()
Apr 23 17:05:20 twothirty opensnitchd[186836]:         os/signal/signal_unix.go:23 +0x25
Apr 23 17:05:20 twothirty opensnitchd[186836]: created by os/signal.Notify.func1.1
Apr 23 17:05:20 twothirty opensnitchd[186836]:         os/signal/signal.go:150 +0x45
Apr 23 17:05:20 twothirty opensnitchd[186836]: goroutine 23 [syscall, 13 minutes]:
Apr 23 17:05:20 twothirty opensnitchd[186836]: syscall.Syscall6(0xe8, 0x7, 0xc001297b6c, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         syscall/asm_linux_amd64.s:41 +0x5
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/vendor/golang.org/x/sys/unix.EpollWait(0x7, 0xc001297b6c, 0x7, 0x7, 0xfffffffffff>
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go:76 +0x72
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/vendor/github.com/fsnotify/fsnotify.(*fdPoller).wait(0xc000e3a040, 0xc001297c00, >
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/vendor/github.com/fsnotify/fsnotify/inotify_poller.go:86 +0x91
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/vendor/github.com/fsnotify/fsnotify.(*Watcher).readEvents(0xc00007a050)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/vendor/github.com/fsnotify/fsnotify/inotify.go:192 +0x206
Apr 23 17:05:20 twothirty opensnitchd[186836]: created by github.com/evilsocket/opensnitch/daemon/vendor/github.com/fsnotify/fsnotify.NewWatcher
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/vendor/github.com/fsnotify/fsnotify/inotify.go:59 +0x1a8
Apr 23 17:05:20 twothirty opensnitchd[186836]: goroutine 24 [select, 125 minutes]:
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/rule.(*Loader).liveReloadWorker(0xc0004d2060)
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/rule/loader.go:201 +0x1c5
Apr 23 17:05:20 twothirty opensnitchd[186836]: created by github.com/evilsocket/opensnitch/daemon/rule.(*Loader).Load
Apr 23 17:05:20 twothirty opensnitchd[186836]:         github.com/evilsocket/opensnitch/daemon/rule/loader.go:91 +0x2a7
Apr 23 17:05:20 twothirty opensnitchd[186836]: goroutine 25 [chan receive, 1 minutes]:
Apr 23 17:05:20 twothirty opensnitchd[186836]: github.com/evilsocket/opensnitch/daemon/statistics.(*Statistics).eventWorker(0xc000e3c270, 0x0)
...
... Very long see attached file.
...
Apr 23 17:05:20 twothirty systemd[1]: opensnitch.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Apr 23 17:05:20 twothirty systemd[1]: opensnitch.service: Failed with result 'exit-code'.

Expected behavior (optional)
No stacktrace

I know this isn't a huge deal since the program is shutting down anyway but it's still bad to spam the journal this loudly with a stacktrace - I'm assuming there's just a try/catch needed somewhere but I'm not a Go dev.

Screenshots
If applicable, add screenshots to help explain your problem. It may help to understand the issue much better.

Additional context
Add any other context about the problem here.
gustavo-iniguez-goya added a commit that referenced this issue Jan 8, 2024
@gustavo-iniguez-goya
netfilter: do not unbind the queues on exit
24fd94c 
On exit we were calling nfq_unbind_pf for AF_INET and AF_INET6, which
usually stcuked the daemon for a very long time, and other times
caused a segfault.

According to the docs (..), calling nfq_destroy_queue() is enough to
exit cleanly:
"This call also unbind from the nfqueue handler, so you don't have to
call nfq_unbind_pf."
https://netfilter.org/projects/libnetfilter_queue/doxygen/html/group__Queue.html#ga32a1461e9a36c95a03cb4476109f33bb

Closes #919

(cherry picked from commit 430c280)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nettyso