CPU load on queued_spin_lock_slowpath

CPU load on queued_spin_lock_slowpath

[Tugrul Erdogan]

Hi All,

My server had a locking problem with the logs located below. I can not
reproduce this erroneous situation again but I think that there is an
active vulnerability at my server because of this error.

My server's kernel version is v4.6.4.

What can be the cause of this error or do you have any opinion about
how can I reproduce this logs again? Thanks for your helps.

Best regards,
Tugrul

Feb  5 13:20:42 serv kernel: [<ffffffff81182ad7>]
queued_spin_lock_slowpath+0xb/0xf
Feb  5 13:20:42 serv kernel: [<ffffffff816ab7bb>] _raw_spin_lock_bh+0x2b/0x30
Feb  5 13:20:42 serv kernel: [<ffffffffa0312864>]
connlimit_mt+0x114/0x30 [xt_connlimit]
Feb  5 13:20:42 serv kernel: [<ffffffffa0284fe7>] ?
hashlimit_mt+0x2b7/0x71 [xt_hashlimit]
Feb  5 13:20:42 serv kernel: [<ffffffff816ab59e>] ?
_raw_spin_unlock_bh+0x1e/0x20
Feb  5 13:20:42 serv kernel: [<ffffffffa0097c3f>]
ipt_do_table+0x25f/0x710 [ipt_tables]
Feb  5 13:20:42 serv kernel: [<ffffffffa0097d12>] ?
ipt_do_table+0x332/0x710 [ipt_tables]
Feb  5 13:20:42 serv kernel: [<ffffffff815d092d>] ? tcp_packet+0x39d/0x9a0
Feb  5 13:20:42 serv kernel: [<ffffffffa0097d12>] ?
dev_hard_start_xmit+0x22f/0x3e0
Feb  5 13:20:42 serv kernel: [<ffffffff81590dbf>]
iptable_mangle_hook+0x37/0x110 [iptable_mangle]
Feb  5 13:20:42 serv kernel: [<ffffffffa030d077>] nf_iterate+0x5d/0x70
Feb  5 13:20:42 serv kernel: [<ffffffff815c678d>] nf_hook_slow+0x5d/0x70
Feb  5 13:20:42 serv kernel: [<ffffffff815c6816>] ip_output+0xdb/0xf0
Feb  5 13:20:42 serv kernel: [<ffffffff815e09cb>] ? __ip_local_out+0xa2/0x110
Feb  5 13:20:42 serv kernel: [<ffffffff815e0002>] ?
ip_fragment.constprop.51+0x80/0x80
Feb  5 13:20:42 serv kernel: [<ffffffff815df330>] ip_local_out+0x35/0x40
Feb  5 13:20:42 serv kernel: [<ffffffffa036318a>]
synproxy_send_tcp.isra.8+0xca/0xf0 [ipt_SYNPROXY]
Feb  5 13:20:42 serv kernel: [<ffffffffa03633b0>]
synproxy_recv_client_ack+0x200/0x340 [ipt_SYNPROXY]
Feb  5 13:20:42 serv kernel: [<ffffffffa0363b1c>]
synproxy_tg4+0x11c/0x308 [ipt_SYNPROXY]

Re: CPU load on queued_spin_lock_slowpath

[Pablo Neira Ayuso]

On Tue, Feb 06, 2018 at 10:56:20AM +0300, Tugrul Erdogan wrote:
> Hi All,
> 
> My server had a locking problem with the logs located below. I can not
> reproduce this erroneous situation again but I think that there is an
> active vulnerability at my server because of this error.
> 
> My server's kernel version is v4.6.4.

Probably this helps you?

commit 49f817d793d1bcc11d721881aac037b996feef5c
Author: Lin Zhang <xiaolou4617@gmail.com>
Date:   Fri Oct 6 00:44:03 2017 +0800

    netfilter: SYNPROXY: skip non-tcp packet in {ipv4, ipv6}_synproxy_hook

4.6.4 is rather old, BTW.

Re: CPU load on queued_spin_lock_slowpath

[Tugrul Erdogan]

Thanks for your advices. I will try to create the erroneous situation
by triggering icmp error for existing connection and try non-tcp patch
and kernel upgrade respectively. I will report the results at mail
list.

> On Tue, Feb 6, 2018, 7:10 AM Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>>
>> On Tue, Feb 06, 2018 at 10:56:20AM +0300, Tugrul Erdogan wrote:
>> > Hi All,
>> >
>> > My server had a locking problem with the logs located below. I can not
>> > reproduce this erroneous situation again but I think that there is an
>> > active vulnerability at my server because of this error.
>> >
>> > My server's kernel version is v4.6.4.
>>
>> Probably this helps you?
>>
>> commit 49f817d793d1bcc11d721881aac037b996feef5c
>> Author: Lin Zhang <xiaolou4617@gmail.com>
>> Date:   Fri Oct 6 00:44:03 2017 +0800
>>
>>     netfilter: SYNPROXY: skip non-tcp packet in {ipv4, ipv6}_synproxy_hook
>>
>> 4.6.4 is rather old, BTW.
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html