[FS#766] Intermittent SIGSEGV crash of dnsmasq-full
LEDE Bugs
lede-bugs at lists.infradead.org
Tue May 9 00:47:58 PDT 2017
The following task has a new comment added:
FS#766 - Intermittent SIGSEGV crash of dnsmasq-full
User who did this - guidosarducci (guidosarducci)
----------
Hehe, very optimistic of you to close this...
I saw the update from Simon Kelley (thank you!) on the Dnsmasq-discuss mailing list and built an updated LEDE dnsmasq-2.77rc1 package to test. (see required patch attached)
The prior minimal test-case passed, but the original production config file now creates a horrible SIGSEGV crash-loop (log attached):
Mon May 8 22:59:46 2017 kern.info kernel: [1738736.539480] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 00000000
Mon May 8 22:59:46 2017 kern.info kernel: [1738736.548375] epc = 0040e79b in dnsmasq[400000+2d000]
Mon May 8 22:59:46 2017 kern.info kernel: [1738736.553564] ra = 0040e773 in dnsmasq[400000+2d000]
Stack trace indicates something to do with logging:
(gdb) core-file dnsmasq.18906.11.1494309586.core
[New LWP 18906]
...
Core was generated by `dnsmasq -C /var/etc/dnsmasq.conf.cfg02411c --no-daemon'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0040e79b in search_servers (now=now at entry=1494309586,
addrpp=addrpp at entry=0x0, qtype=qtype at entry=32768, qdomain=,
type=type at entry=0x7fd02c74, domain=domain at entry=0x7fd02c78,
norebind=norebind at entry=0x0) at forward.c:222
222 log_query(logflags | flags | F_CONFIG | F_FORWARD, qdomain, *addrpp, NULL);
(gdb) bt
#0 0x0040e79b in search_servers (now=now at entry=1494309586,
addrpp=addrpp at entry=0x0, qtype=qtype at entry=32768, qdomain=,
type=type at entry=0x7fd02c74, domain=domain at entry=0x7fd02c78,
norebind=norebind at entry=0x0) at forward.c:222
#1 0x00410759 in reply_query (fd=, family=,
now=now at entry=1494309586) at forward.c:938
#2 0x004127dd in check_dns_listeners (now=now at entry=1494309586)
at dnsmasq.c:1560
#3 0x004047db in main (argc=, argv=)
at dnsmasq.c:1044
(gdb) print logflags
$1 = 32800
(gdb) print flags
$2 =
(gdb) print *qdomain
value has been optimized out
(gdb) print addrpp
$3 = (struct all_addr **) 0x0
(gdb)
This turns out to be easy to reproduce. Simply add domain-needed to the prior standalone config file.
Then trigger the crash from a client with:
$ nslookup -port=55553 google.com 192.168.1.1
;; connection timed out; no servers could be reached
I attached all the relevant logs, configs and patches.
----------
One or more files have been attached.
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=766#comment2589
More information about the lede-bugs
mailing list