[Dnsmasq-discuss] reproducible segmentation fault
Christian Kujau
lists at nerdbynature.de
Mon Aug 21 10:46:25 BST 2017
Hi,
while playing around with the "dnseval" tool from the dnsdiag package[0],
I accidently crashed my dnsmasq instance that was running on my router.
This router is running Dnsmasq version 2.77 on a current LEDE operating
system, where similar have been reported in the past:
> sending SIGSEGV to dnsmasq for invalid read access from 00000000
> https://bugs.lede-project.org/index.php?do=details&task_id=251
> Intermittent SIGSEGV crash of dnsmasq-full
> https://bugs.lede-project.org/index.php?do=details&task_id=766
However, both bugs were closed because they either were related to some
busybox machinery errors or were pointing to the upstream project to look
at this.
In the dnsmasq-discuss archives I found a thread from last year[1] with
a crash message that looked very much like the message I receive when
dnsmasq crashes on the LEDE router:
===================
kernel: [ 2860.890789] do_page_fault(): sending SIGSEGV to dnsmasq for invalid write access to 00552000
kernel: [ 2860.899402] epc = 77cd488c in libc.so[77c62000+92000]
kernel: [ 2860.904552] ra = 00406c41 in dnsmasq[400000+21000]
===================
So, I tried to reproduce this scenario on a Debian/amd64 VM and
compiled today's git checkout with -Og -g and used a fairly simple
configuration file to start dnsmasq:
===================
$ cat ~/test/dnsmasq.conf.bug
listen-address=192.168.56.130
bind-interfaces
no-daemon
no-hosts
no-resolv
log-queries=extra
server=8.8.8.8
$ sudo -H src/dnsmasq -C ~/test/dnsmasq.conf.bug
dnsmasq: started, version 2.78test2-6-g69a815a cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq: using nameserver 8.8.8.8#53
dnsmasq: cleared cache
dnsmasq: 1 192.168.56.1/59405 query[A] www.aol.com from 192.168.56.1
Segmentation fault
===================
The segfault happened after I started "dnseval" against this newly spawned
dnsmasq instance. This "dnseval" thingy is described as:
> dnseval: - bulk ping utility that sends an arbitrary DNS query to
> a list of DNS servers
Per default, "bulk" means it sends 10 requests to the DNS server, but
dnsmasq segfaults pretty quickly:
GDB output (still carries optimized out values, hm...)
https://paste.fedoraproject.org/paste/awbvnGEvj57ru1TtAuA3ag
tcpdump for this run:
https://paste.fedoraproject.org/paste/X-9Qa67oKT-jlmpKb4IU7A
Ideas welcome :-)
Thanks,
Christian.
[0] https://github.com/farrokhi/dnsdiag
[1] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q3/010830.html
--
BOFH excuse #37:
heavy gravity fluctuation, move computer to floor rapidly
More information about the Dnsmasq-discuss
mailing list