Suricata with nfqueue: Facing kernel panic in __pv_queued_spin_lock_slowpath

Please include the following information with your help request:

  • Suricata version
  • Operating system and/or Linux distribution
  • How you installed Suricata (from source, packages, something else)

Hi,
I am running suricata 7.0.7 version with ubuntu 22.04 and i installed suricata from source code with nfqueue enabled.
I created a hook chain for ids/ips chain and i am queuing every incoming packet to suricata and somewhere nfqueue is getting locked and facing soflockup kernel panic.
I am using default configuration for suricata, i didn’t changed much and only thing i changed is exception-policy: ignore

Will suricata hold the nfqueue lock in kernel?
Or do i need to configure anything on the suricata.yaml ?
Am i missing something in netfilter queue configuration?
Please can someone out there help with the solution.
Thanks.

Suricata should not be able to crash the kernel by using nfqueue, so I suspect you’ve hit a kernel bug. If you have more info to share I’d suggest reaching out to the netfilter project with that info.

Hi,

Thanks for the reply @vjulien .
Actually here if the https traffic coming from external net to the local interface this issue happening.
When the traffic is not destined for local device we are not facing this issue.
So I’m curious to know if i am missing anything in the suricata configuration.

Thanks

This should be irrelevant. If the kernel crashes due to how you use Suricata, it’s a kernel bug. It would suggest reporting it to the kernel/netfilter community.