Skip to content

sockets: fix nil pointer dereference in filterAndDestroySockets#44843

Merged
joamaki merged 1 commit intocilium:mainfrom
umut-polat:fix/socket-nil-dereference
Mar 20, 2026
Merged

sockets: fix nil pointer dereference in filterAndDestroySockets#44843
joamaki merged 1 commit intocilium:mainfrom
umut-polat:fix/socket-nil-dereference

Conversation

@umut-polat
Copy link
Copy Markdown
Contributor

@umut-polat umut-polat commented Mar 17, 2026

Summary

filterAndDestroySockets dereferences sockInfo.ID without checking whether sockInfo is nil. iterateNetlinkSockets calls the callback with (nil, err) on several error paths (receive error, wrong sender, NLMSG_ERROR), causing a SIGSEGV in the agent during socket cleanup.

This was observed in production when a node deletion event triggered terminateUDPConnectionsToBackend and iterateNetlinkSockets hit a netlink error — all cilium-agent pods on the affected node pool crashed simultaneously.

Fix

Check for err != nil before dereferencing sockInfo, and forward a zero-value SocketID to the caller on error. The caller in Destroy() already handles the error by incrementing a failure counter and continuing.

Fixes: #44768

@umut-polat
sockets: fix nil pointer dereference in filterAndDestroySockets
e5725f6 
filterAndDestroySockets passes the callback result of
iterateNetlinkSockets directly as sockInfo.ID without checking
whether sockInfo is nil. iterateNetlinkSockets calls the callback
with a nil *Socket on several error paths (receive error, wrong
sender, NLMSG_ERROR), causing a SIGSEGV in the agent when netlink
returns an error during socket cleanup.

Guard the dereference by checking for err first and forwarding a
zero-value SocketID to the caller, which already handles the error
case by incrementing a failure counter and continuing.

Fixes: cilium#44768

Signed-off-by: umut-polat <52835619+umut-polat@users.noreply.github.com>
@umut-polat umut-polat requested a review from a team as a code owner March 17, 2026 14:10
@umut-polat umut-polat requested a review from joamaki March 17, 2026 14:10
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 17, 2026
@github-actions github-actions bot added the kind/community-contribution This was a contribution made by a community member. label Mar 17, 2026
@joamaki joamaki added the release-note/bug This PR fixes an issue in a previous release of Cilium. label Mar 19, 2026
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 19, 2026
@joamaki
Copy link
Copy Markdown
Contributor

joamaki commented Mar 19, 2026

/test

joamaki
joamaki approved these changes Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@joamaki joamaki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing. This looks good to me considering how Destroy handles it.

@joamaki joamaki enabled auto-merge March 20, 2026 10:51
@joamaki joamaki added this pull request to the merge queue Mar 20, 2026
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Mar 20, 2026
Merged via the queue into cilium:main with commit 5acdf38 Mar 20, 2026
83 of 85 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joamaki joamaki joamaki approved these changes

Assignees

No one assigned

Labels

kind/community-contribution This was a contribution made by a community member. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

cilium-agent SIGSEGV in filterAndDestroyUDPSockets due to missing nil check on sockInfo

2 participants

@umut-polat @joamaki