ipt-netflow icon indicating copy to clipboard operation
ipt-netflow copied to clipboard
verified publisher icon aabc

slab error in kmem_cache_destroy(): cache `ipt_netflow': Can't free all objects

Open AlphaLiu opened this issue 9 years ago • 5 comments

Hi, I got some errors when I try to unload ipt_NETFLOW.ko. I delete the rules in iptables and rmmod ipt_NETFLOW.ko, then some error logs printed.

iptables -D FORWARD -j NETFLOW
iptables -D INPUT -j NETFLOW
iptables -D OUTPUT -j NETFLOW
rmmod ipt_NETFLOW.ko

LOGS:

slab error in kmem_cache_destroy(): cache `ipt_netflow': Can't free all objects
[<c000f4b4>] (unwind_backtrace+0x0/0xf8) from [<c0086078>] (kmem_cache_destroy+0xb8/0xf8)
[<c0086078>] (kmem_cache_destroy+0xb8/0xf8) from [<bf9e56d8>] (ipt_netflow_fini+0x7c/0xb8 [ipt_NETFLOW])
[<bf9e56d8>] (ipt_netflow_fini+0x7c/0xb8 [ipt_NETFLOW]) from [<c004ff08>] (sys_delete_module+0x13c/0x234)
[<c004ff08>] (sys_delete_module+0x13c/0x234) from [<c0009080>] (ret_fast_syscall+0x0/0x30)
ipt_NETFLOW unloaded.
ipt_NETFLOW version 2.1, srcversion 9E18A415C3F7FE47B455DFB

COULD SOMEONE Kindly help me? Thank you very much

AlphaLiu avatar May 09 '16 04:05 AlphaLiu

Installed from package or from source, from git head or from 2.1 tgz, what distro, what kernel version? Don't you want answer these questions?

aabc avatar May 09 '16 04:05 aabc

@aabc Thanks for replying. My kernel version is Linux version 3.4.11, iptables version is 1.4.16.3. and yes I installed the ipt_NETFLOW from source (get it from this github repos). I am using it for a Embedded Linux system.

AlphaLiu avatar May 09 '16 04:05 AlphaLiu

I found that if if didn't add the iptable rules

iptables -I OUTPUT -j NETFLOW
iptables -I INPUT -j NETFLOW
iptables -I FORWARD -j NETFLOW

after ipt_NETFLOW loaded, then when I try to unload it , everything is OK.

BTW, when load the ipt_NETFLOW.ko, there are some strange logs:

ipt_NETFLOW: hashsize 53504 (209K)
SLAB: cache with size 120 has lost its name
SLAB: cache with size 120 has lost its name
SLAB: cache with size 120 has lost its name

AlphaLiu avatar May 09 '16 04:05 AlphaLiu

Thanks. I will try to test it on some 3.x kernels later. Don't have 3.4 exactly. I fear, also, that embedded kernel functionality could be cut too much or very peculiarly configured, that I will not be able to reproduce (if default centos7/debian kernels will not be enough to reproduce bug).

aabc avatar May 09 '16 05:05 aabc

Do you have any ./configure options? Test on centos 7, kernel 3.10 didn't produce any errors:

root@el7:~/ipt-netflow# uname -a
Linux el7 3.10.0-327.4.4.el7.x86_64 #1 SMP Tue Jan 5 16:07:00 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
root@el7:~/ipt-netflow# git remote -v
origin  https://github.com/aabc/ipt-netflow.git (fetch)
origin  [email protected]:aabc/ipt-netflow.git (push)
root@el7:~/ipt-netflow# git pull --rebase
Current branch master is up to date.
root@el7:~/ipt-netflow# make clean
make -C /lib/modules/3.10.0-327.4.4.el7.x86_64/build M=/root/ipt-netflow clean
./configuremake[1]: Entering directory `/usr/src/kernels/3.10.0-327.4.4.el7.x86_64'
  CLEAN   /root/ipt-netflow/.tmp_versions
  CLEAN   /root/ipt-netflow/Module.symvers
make[1]: Leaving directory `/usr/src/kernels/3.10.0-327.4.4.el7.x86_64'
rm -f *.so *_sh.o
rm -f *.so *.o modules.order version.h
root@el7:~/ipt-netflow# ./configure
Kernel version: 3.10.0-327.4.4.el7.x86_64 (uname)
Kernel sources: /lib/modules/3.10.0-327.4.4.el7.x86_64/build (found)
Checking for presence of include/linux/llist.h... Yes
Checking for presence of include/linux/grsecurity.h... No
Iptables binary version: 1.4.21 (detected from /usr/sbin/iptables)
pkg-config for version 1.4.21 exists: Yes
Checking for presence of xtables.h... Yes (using pkg-config)
Iptables include flags:   (pkg-config)
Iptables module path: /usr/lib64/xtables (pkg-config)
Searching for net-snmp-config... Yes /usr/bin/net-snmp-config
Searching for net-snmp agent... Yes.
Checking for DKMS... Yes.
Creating Makefile.. done.

  If you need some options enabled run ./configure --help
  Now run: make all install

root@el7:~/ipt-netflow# make
Compiling for kernel 3.10.0-327.4.4.el7.x86_64
make -C /lib/modules/3.10.0-327.4.4.el7.x86_64/build M=/root/ipt-netflow modules CONFIG_DEBUG_INFO=y
make[1]: Entering directory `/usr/src/kernels/3.10.0-327.4.4.el7.x86_64'
  CC [M]  /root/ipt-netflow/ipt_NETFLOW.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /root/ipt-netflow/ipt_NETFLOW.mod.o
  LD [M]  /root/ipt-netflow/ipt_NETFLOW.ko
make[1]: Leaving directory `/usr/src/kernels/3.10.0-327.4.4.el7.x86_64'
gcc -O2 -Wall -Wunused -DXTABLES    -fPIC -o libipt_NETFLOW_sh.o -c libipt_NETFLOW.c
gcc -shared -o libipt_NETFLOW.so libipt_NETFLOW_sh.o
gcc -O2 -Wall -Wunused -DXTABLES    -fPIC -o libip6t_NETFLOW_sh.o -c libipt_NETFLOW.c
gcc -shared -o libip6t_NETFLOW.so libip6t_NETFLOW_sh.o
gcc -fPIC -shared -o snmp_NETFLOW.so snmp_NETFLOW.c -lnetsnmp
rm libipt_NETFLOW_sh.o libip6t_NETFLOW_sh.o
root@el7:~/ipt-netflow# make load
insmod ipt_NETFLOW.ko active_timeout=5 protocol=9
iptables -I OUTPUT -j NETFLOW
iptables -I INPUT -j NETFLOW
ip6tables -I OUTPUT -j NETFLOW
ip6tables -I INPUT -j NETFLOW
root@el7:~/ipt-netflow# make unload
iptables -D OUTPUT -j NETFLOW
iptables -D INPUT -j NETFLOW
ip6tables -D OUTPUT -j NETFLOW
ip6tables -D INPUT -j NETFLOW
rmmod ipt_NETFLOW.ko
root@el7:~/ipt-netflow# dmesg -T|tail -22
[Mon Jan 18 19:55:12 2016] ip6_tables: (C) 2000-2006 Netfilter Core Team
[Mon Jan 18 19:55:12 2016] Ebtables v2.0 registered
[Mon Jan 18 19:55:13 2016] Bridge firewalling registered
[Mon Jan 18 19:55:14 2016] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[Mon Jan 18 19:55:24 2016] Adjusting kvm-clock more than 11% (9437079 vs 9311354)
[Sun Mar 20 03:49:10 2016] [sched_delayed] sched: RT throttling activated
[Sun May 22 19:37:22 2016] ipt_NETFLOW: module verification failed: signature and/or required key missing - tainting kernel
[Sun May 22 19:37:22 2016] ipt_NETFLOW version 2.2, srcversion 8E9AB7109749C6AB2BD4456
[Sun May 22 19:37:22 2016] ipt_NETFLOW: hashsize 127999 (999K)
[Sun May 22 19:37:22 2016] netflow: registering: /proc/net/stat/ipt_netflow
[Sun May 22 19:37:22 2016] netflow: registered: /proc/net/stat/ipt_netflow
[Sun May 22 19:37:22 2016] netflow: registering: /proc/net/stat/ipt_netflow_snmp
[Sun May 22 19:37:22 2016] netflow: registered: /proc/net/stat/ipt_netflow_snmp
[Sun May 22 19:37:22 2016] netflow: registering: /proc/net/stat/ipt_netflow_flows
[Sun May 22 19:37:22 2016] netflow: registered: /proc/net/stat/ipt_netflow_flows
[Sun May 22 19:37:22 2016] netflow: registered: sysctl net.netflow
[Sun May 22 19:37:22 2016] ipt_NETFLOW: added destination 127.0.0.1:2055
[Sun May 22 19:37:22 2016] ipt_NETFLOW protocol version 9 (NetFlow) enabled.
[Sun May 22 19:37:22 2016] ipt_NETFLOW is loaded.
[Sun May 22 19:37:29 2016] ipt_NETFLOW unloading..
[Sun May 22 19:37:29 2016] ipt_NETFLOW: removed destination 127.0.0.1:2055
[Sun May 22 19:37:29 2016] ipt_NETFLOW unloaded.

Make sure you do make clean, ./configure, make on the same kernel you going to run module.

aabc avatar May 22 '16 16:05 aabc