[FS#251] sending SIGSEGV to dnsmasq for invalid read access from 00000000

Tue Nov 22 06:15:53 PST 2016

The following task has a new comment added:

FS#251 - sending SIGSEGV to dnsmasq for invalid read access from 00000000
User who did this - Kevin Darbyshire-Bryant (kdarbyshirebryant)

----------
Don't know if this is of any help, but I got a 'strace':

epoll_pwait(3, [], 10, 2000, NULL, 16)  = 0
clock_gettime(CLOCK_MONOTONIC, {118, 496503244}) = 0
clock_gettime(CLOCK_MONOTONIC, {118, 496956153}) = 0
clock_gettime(CLOCK_MONOTONIC, {118, 497110062}) = 0
clock_gettime(CLOCK_MONOTONIC, {118, 497561396}) = 0
epoll_pwait(3, [{EPOLLIN, {u32=2002960268, u64=8602648846247395328}}], 10, 2000, NULL, 16) = 1
recvmsg(18, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0\5\0\23\0\0\0\0\0\0\0P", iov_len=12}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 12
poll([{fd=18, events=POLLIN}], 1, -1)   = 1 ([{fd=18, revents=POLLIN}])
recvmsg(18, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\3\0\0\10B\353\226\255\4\0\0\24ubus.object.add\0\7\0\0000"..., iov_len=76}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 76
sendmsg(18, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0\1\0\23\0\0\0\0", iov_len=8}, {iov_base="\0\0\0\24\1\0\0\10\0\0\0\0\3\0\0\10B\353\226\255", iov_len=20}], msg_iovlen=2, msg_controllen=0, msg_flags=0}, 0) = 28
recvmsg(18, {msg_namelen=0}, 0)         = -1 EAGAIN (Resource temporarily unavailable)
clock_gettime(CLOCK_MONOTONIC, {118, 667711369}) = 0
clock_gettime(CLOCK_MONOTONIC, {118, 667914580}) = 0
epoll_pwait(3, [{EPOLLIN, {u32=4313216, u64=18525121660583936}}], 10, 1830, NULL, 16) = 1
recvmsg(13, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000400}, msg_namelen=28->12, msg_iov=[{iov_base=[{{len=116, type=0x18 /* NLMSG_??? */, flags=0, seq=0, pid=0}, "\n\10\0\0\377\3\0\1\0\0\0\0\0\10\0\17\0\0\0\377\0\24\0\1\377\0\0\0\0\0\0\0"...}, {{len=0, type=0x62e3 /* NLMSG_??? */, flags=NLM_F_REQUEST|NLM_F_MULTI|NLM_F_ACK|NLM_F_ECHO|NLM_F_DUMP_INTR|NLM_F_DUMP_FILTERED|0x27c0, seq=4272922192, pid=0}}], iov_len=8192}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT) = 116
recvmsg(13, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000400}, msg_namelen=28->12, msg_iov=[{iov_base=[{{len=116, type=0x18 /* NLMSG_??? */, flags=0, seq=0, pid=0}, "\n@\0\0\376\2\0\1\0\0\0\0\0\10\0\17\0\0\0\376\0\24\0\1\376\200\0\0\0\0\0\0"...}, {{len=0, type=0x62e3 /* NLMSG_??? */, flags=NLM_F_REQUEST|NLM_F_MULTI|NLM_F_ACK|NLM_F_ECHO|NLM_F_DUMP_INTR|NLM_F_DUMP_FILTERED|0x27c0, seq=4272922192, pid=0}}], iov_len=8192}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT) = 116
recvmsg(13, {msg_namelen=28}, MSG_DONTWAIT) = -1 EAGAIN (Resource temporarily unavailable)
clock_gettime(CLOCK_MONOTONIC, {118, 707666461}) = 0
clock_gettime(CLOCK_MONOTONIC, {118, 707849995}) = 0
epoll_pwait(3, [{EPOLLIN, {u32=4313216, u64=18525121660583936}}], 10, 1790, NULL, 16) = 1
recvmsg(13, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000100}, msg_namelen=28->12, msg_iov=[{iov_base=[{{len=72, type=0x14 /* NLMSG_??? */, flags=0, seq=0, pid=0}, "\n\200\0\0\0\0\0\n\0\24\0\1*\2\f\177\22 \277+\0\0\0\0\0\0\0\376\0\24\0\6"...}, {{len=2359308, type=0 /* NLMSG_??? */, flags=0, seq=0, pid=0}, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\24\0\0\0\0\0\0\0\0"...}], iov_len=8192}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT) = 72
clock_gettime(CLOCK_MONOTONIC, {119, 188109722}) = 0
sendto(7, {{len=24, type=0x16 /* NLMSG_??? */, flags=NLM_F_REQUEST|0x300, seq=1, pid=0}, "\n\0\0\0\0\0\0\n"}, 24, 0, NULL, 0) = 24
recvfrom(7, [{{len=72, type=0x14 /* NLMSG_??? */, flags=NLM_F_MULTI, seq=1, pid=2601}, "\n\200\200\376\0\0\0\1\0\24\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\24\0\6"...}, {{len=72, type=0x14 /* NLMSG_??? */, flags=NLM_F_MULTI, seq=1, pid=2601}, "\n\200\0\0\0\0\0\n\0\24\0\1*\2\f\177\22 \277+\0\0\0\0\0\0\0\376\0\24\0\6"...}, {{len=72, type=0x14 /* NLMSG_??? */, flags=NLM_F_MULTI, seq=1, pid=2601}, "\n@\200\375\0\0\0\n\0\24\0\1\376\200\0\0\0\0\0\0\26\314 \377\376\276\2112\0\24\0\6"...}, {{len=72, type=0x14 /* NLMSG_??? */, flags=NLM_F_MULTI, seq=1, pid=2601}, "\n@\200\375\0\0\0\22\0\24\0\1\376\200\0\0\0\0\0\0\26\314 \377\376\276\2111\0\24\0\6"...}, {{len=72, type=0x14 /* NLMSG_??? */, flags=NLM_F_MULTI, seq=1, pid=2601}, "\n@\300\375\0\0\0\23\0\24\0\1\376\200\0\0\0\0\0\0\26\314 \377\376\276\2110\0\24\0\6"...}], 8192, 0, NULL, NULL) = 360
recvfrom(7, {{len=20, type=NLMSG_DONE, flags=NLM_F_MULTI, seq=1, pid=2601}, "\0\0\0\0"}, 8192, 0, NULL, NULL) = 20
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
+++ killed by SIGSEGV +++
----------

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=251#comment915