[Dnsmasq-discuss] Blockdata SIGSEGV on master

Simon Kelley simon at thekelleys.org.uk
Sun Sep 3 19:38:00 UTC 2023 

Dear list,

Offline, we've found this one. The patch is in git now. It needs 
arbitrary RR caching to be enabled, and some fairly bad luck in what 
actually gets cached, but Facebook obliges every once in a while.


Cheers,

Simon.


On 01/09/2023 20:28, Dominik Derigs wrote:
> Dear Simon, CC mailing list,
> 
> today I've received a report of latest dnsmasq embedded into Pi-hole
> crashing when www.facebook.com is visited (but only when logged in). I
> was able to reproduce this myself after creating a (fake) account.
> 
> The hit/miss ratio is not 100% but it should be possible to trigger the
> crash within a couple of tries. I tried Google Chrome on Linux for
> reproducing the crash (the report was Chrome on Windows). For this test,
> I used only one upstream server: 8.8.8.8
> 
> A PCAP I recorded using dumpmask=0xFFFF is attached.
> 
> When the SIGSEGV happens, it can happen in a few different but related
> code places, let me summarize the two location I found most often below:
> 
> https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/blockdata.c;h=444a03a6798fce5da839f199df4a9326ab17188a;hb=HEAD#l217
> 
> Thread 1 "pihole-FTL" received signal SIGSEGV, Segmentation fault.
> blockdata_retrieve (block=<optimized out>, len=13, data=0x556b98069ac0,
> data at entry=0x0) at /app/FTL/src/dnsmasq/blockdata.c:217
> 217           memcpy(d, b->key, blen);
> (gdb) where
> #0  blockdata_retrieve (block=<optimized out>, len=13,
> data=0x556b98069ac0, data at entry=0x0) at
> /app/FTL/src/dnsmasq/blockdata.c:217
> #1  0x0000556b95cd2092 in answer_request
> (header=header at entry=0x556b9800e290, limit=limit at entry=0x556b9800e490
> "", qlen=qlen at entry=31, local_addr=..., local_addr at entry=...,
> local_netmask=...,
>      local_netmask at entry=..., now=now at entry=1693587354,
> ad_reqd=<optimized out>, do_bit=<optimized out>,
> have_pseudoheader=<optimized out>, stale=<optimized out>,
> filtered=<optimized out>)
>      at /app/FTL/src/dnsmasq/rfc1035.c:2175
> #2  0x0000556b95cac02d in receive_query
> (listen=listen at entry=0x556b98002d60, now=now at entry=1693587354) at
> /app/FTL/src/dnsmasq/forward.c:1921
> #3  0x0000556b95c99b61 in check_dns_listeners (now=now at entry=1693587354)
> at /app/FTL/src/dnsmasq/dnsmasq.c:1864
> #4  0x0000556b95c9bd2d in main_dnsmasq (argc=<optimized out>,
> argv=<optimized out>) at /app/FTL/src/dnsmasq/dnsmasq.c:1271
> #5  0x0000556b95bfaf76 in main (argc=<optimized out>,
> argv=0x7ffff6ee9598) at /app/FTL/src/main.c:152
> 
> sometimes the crash happens in
> 
> https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/blockdata.c;h=444a03a6798fce5da839f199df4a9326ab17188a;hb=HEAD#l177
> 
> Thread 1 "pihole-FTL" received signal SIGSEGV, Segmentation fault.
> blockdata_free (blocks=0x3368023268020600) at
> /app/FTL/src/dnsmasq/blockdata.c:177
> 177     void blockdata_free(struct blockdata *blocks)
> (gdb) where
> #0  blockdata_free (blocks=0x3368023268020600) at
> /app/FTL/src/dnsmasq/blockdata.c:177
> #1  0x0000560c710c9715 in cache_scan_free
> (name=name at entry=0x560c7272f6d0 "star.c10r.facebook.com",
> addr=addr at entry=0x7ffe4bdaa9a0, class=class at entry=1,
> now=now at entry=1693587879, flags=flags at entry=1082130440,
>      target_crec=target_crec at entry=0x7ffe4bdaa870,
> target_uid=0x7ffe4bdaa86c) at /app/FTL/src/dnsmasq/cache.c:541
> #2  0x0000560c710cd43e in really_insert (name=0x560c7272f6d0
> "star.c10r.facebook.com", addr=0x7ffe4bdaa9a0, class=1, now=1693587879,
> ttl=60, flags=1082130440) at /app/FTL/src/dnsmasq/cache.c:657
> #3  0x0000560c7110aa6e in extract_addresses
> (header=header at entry=0x560c7273f290, qlen=<optimized out>,
> name=0x560c7272f6d0 "star.c10r.facebook.com", now=now at entry=1693587879,
> ipsets=ipsets at entry=0x0,
>      nftsets=nftsets at entry=0x0, is_sign=0, check_rebind=0,
> no_cache_dnssec=0, secure=0, doctored=0x7ffe4bdaaa9c) at
> /app/FTL/src/dnsmasq/rfc1035.c:921
> #4  0x0000560c710e39b6 in process_reply
> (header=header at entry=0x560c7273f290, now=now at entry=1693587879,
> server=0x560c7273d6d0, n=<optimized out>, n at entry=157, check_rebind=0,
> no_cache=no_cache at entry=0,
>      cache_secure=0, bogusanswer=0, ad_reqd=0, do_bit=0,
> added_pheader=128, query_source=0x560c7278e150, limit=0x560c7273f760 "",
> ede=<optimized out>) at /app/FTL/src/dnsmasq/forward.c:833
> #5  0x0000560c710e86c0 in return_reply (now=now at entry=1693587879,
> forward=forward at entry=0x560c7278e150,
> header=header at entry=0x560c7273f290, n=157, n at entry=140730171042832,
> status=<optimized out>)
>      at /app/FTL/src/dnsmasq/forward.c:1397
> #6  0x0000560c710e8c70 in dnssec_validate
> (forward=forward at entry=0x560c7278e150,
> header=header at entry=0x560c7273f290, plen=140730171042832,
> status=<optimized out>, status at entry=524288, now=now at entry=1693587879)
>      at /app/FTL/src/dnsmasq/forward.c:1109
> #7  0x0000560c710e8c1a in dnssec_validate
> (forward=forward at entry=0x560c72731a70,
> header=header at entry=0x560c7273f290, plen=plen at entry=855,
> status=status at entry=524288, now=now at entry=1693587879)
>      at /app/FTL/src/dnsmasq/forward.c:1124
> #8  0x0000560c710e9674 in reply_query (fd=<optimized out>,
> now=now at entry=1693587879) at /app/FTL/src/dnsmasq/forward.c:1319
> #9  0x0000560c710d5dff in check_dns_listeners (now=now at entry=1693587879)
> at /app/FTL/src/dnsmasq/dnsmasq.c:1836
> #10 0x0000560c710d7d2d in main_dnsmasq (argc=<optimized out>,
> argv=<optimized out>) at /app/FTL/src/dnsmasq/dnsmasq.c:1271
> #11 0x0000560c71036f76 in main (argc=<optimized out>,
> argv=0x7ffe4bdab088) at /app/FTL/src/main.c:152
> 
> 
> Best,
> Dominik

More information about the Dnsmasq-discuss mailing list