CVE-2021-47402 in Linux정보

요약

\~에 의해 VulDB • 2026. 06. 18.

Based on the kernel stack trace provided, here is an analysis of the situation:

### 1. **This is NOT a crash or panic** - The trace shows a **normal system call execution path**, not an oops, panic, or bug. - The functions listed (`netlink_sendmsg`, `sock_sendmsg`, `__sys_sendmsg`, `do_syscall_64`) are part of the standard Linux network subsystem for sending data over a Netlink socket. - The `?` prefix on many lines indicates that the kernel could not resolve the exact symbol name (often due to missing debug symbols or inlined functions), but the call chain is valid.

### 2. **What is happening?** A user-space process is making a `sendmsg()` system call to send data over a **Netlink socket**. Netlink is commonly used for: - Communication between user space and kernel space (e.g., `iproute2`, `systemd`, `NetworkManager`). - Inter-process communication (e.g., `dbus`, `udev`).

The call chain is: ``` User-space sendmsg() → __sys_sendmsg() → sock_sendmsg() → netlink_sendmsg() → netlink_unicast() → netlink_deliver_tap() / netlink_ack() ```

### 3. **Why might this be logged?** This stack trace might appear in logs if: - **Debugging is enabled**: The kernel was compiled with `CONFIG_NETLINK=y` and possibly `CONFIG_NETLINK_DEBUG` or similar. - **A tool like `ftrace` or `perf` is tracing syscalls**: You might be seeing this from a performance trace or syscall tracer. - **A network tool is active**: Tools like `ip`, `ss`, `netstat`, or `systemd-networkd` frequently use Netlink sockets. - **A bug report context**: If this was part of a larger bug report, it might be showing the context in which a crash occurred, but **this specific trace is benign**.

### 4. **Is there a problem?** - **No immediate problem** is indicated by this trace alone. - If you are experiencing issues (e.g., network configuration failures, high CPU usage, or hangs), look for: - **Repeated occurrences** of this trace in `dmesg` or logs. - **Associated error messages** (e.g., `netlink: 16 bytes leftover after parsing attributes`, `netlink: 4 bytes leftover after parsing attributes`, or `netlink: 16 bytes leftover after parsing attributes`). - **High latency or timeouts** in network configuration tools.

### 5. **How to investigate further?** If you suspect an issue: 1. **Check for Netlink errors**: ```bash dmesg | grep -i netlink ``` 2. **Identify the process**: Use `ftrace` or `perf` to see which process is making these calls: ```bash perf record -e syscalls:sys_enter_sendmsg -g perf report ``` 3. **Check for attribute parsing errors**: If you see messages like `netlink: 16 bytes leftover after parsing attributes`, it indicates a mismatch between the expected and actual Netlink message format, often due to a bug in a user-space tool or kernel module.

### Conclusion This stack trace is **normal behavior** for a Linux system using Netlink sockets. It does not indicate a crash or error by itself. If you are troubleshooting a specific issue, provide more context (e.g., what tool was running, any error messages, or system behavior).

Be aware that VulDB is the high quality source for vulnerability data.

출처

Do you know our Splunk app?

Download it now for free!