Interface conversion failure in go-nfnetlink under high load condition in fw-daemon

[dma]

Was able to crash fw-daemon via panic/exception in go-nfnetlink by initiating thousands of concurrent connections from within sandbox through sgfw SOCKS5 proxy port. go-nfnetlink thinks it isn't getting a null sockaddr (n > 0 on read from kernel?), but does, then blows up.

https://github.com/subgraph/go-nfnetlink/blob/master/nfnl_sock.go#L331

Sep 17 22:39:44 subgraph fw-daemon[2253]: panic: interface conversion: syscall.Sockaddr is nil, not *syscall.SockaddrNetlink Sep 17 22:39:44 subgraph fw-daemon[2253]: goroutine 224 [running]: Sep 17 22:39:44 subgraph fw-daemon[2253]: panic(0x74c000, 0xc421458480) Sep 17 22:39:44 subgraph fw-daemon[2253]: #011/usr/lib/go-1.7/src/runtime/panic.go:500 +0x1a1 Sep 17 22:39:44 subgraph fw-daemon[2253]: github.com/subgraph/fw-daemon/vendor/github.com/subgraph/go-nfnetlink.(*NetlinkSocket).fillRecvBuffer(0xc4214b0460, 0x30000000068, 0x0, 0xc4216e2010) Sep 17 22:39:44 subgraph fw-daemon[2253]: #011/home/user/go/src/github.com/subgraph/fw-daemon/vendor/github.com/subgraph/go-nfnetlink/nfnl_sock.go:350 +0x1d1