[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
This bug was fixed in the package dnsmasq - 2.86-1.1ubuntu0.5 --- dnsmasq (2.86-1.1ubuntu0.5) jammy; urgency=medium * src/dnsmasq.c: Fix a crash that can happen when an empty resolv.conf is reloaded (LP: #2045570) * src/helper.c: Fix wrong client address for dhcp-script when DHCPv4 relay in use (LP: #2042587) -- Andreas Hasenack Thu, 11 Jan 2024 09:21:27 -0300 ** Changed in: dnsmasq (Ubuntu Jammy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Fix Released Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Fix Committed Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change - perform a query for another random domain The fixed version from proposed will not crash. That last query with no "nameserver" lines in resolv.conf won't work, but it won't crash the server. [ Where problems could occur ] This is doing some pointer/memory manipulation that could introduce memory leaks or other crashes. In fact,
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
confirm the proposed package does fix the problem. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Fix Committed Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change - perform a query for another random domain The fixed version from proposed will not crash. That last query with no "nameserver" lines in resolv.conf won't work, but it won't crash the server. [ Where problems could occur ] This is doing some pointer/memory manipulation that could introduce memory leaks or other crashes. In fact, this is exactly
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
Reproducing the bug root@j-dnsmasq-2045570:~# apt-cache policy dnsmasq dnsmasq: Installed: 2.86-1.1ubuntu0.4 Candidate: 2.86-1.1ubuntu0.4 Version table: *** 2.86-1.1ubuntu0.4 500 500 http://br.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages 100 /var/lib/dpkg/status 2.86-1.1ubuntu0.3 500 500 http://br.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages 2.86-1.1 500 500 http://br.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages # dig @127.0.0.1 +short linux.com 23.185.0.3 # echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Log: Jan 23 16:57:40 j-dnsmasq-2045570 dnsmasq[]: no servers found in /etc/resolv.conf, will retry root@j-dnsmasq-2045570:~# dig @127.0.0.1 +short ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached And the log show a crash: Jan 23 17:03:12 j-dnsmasq-2045570 dnsmasq[253]: no servers found in /etc/resolv.conf, will retry Jan 23 17:03:16 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 23 17:03:16 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. (it took about 3 attempts, but it crashed) With the new package from jammy-proposed: root@j-dnsmasq-2045570:~# apt-cache policy dnsmasq dnsmasq: Installed: 2.86-1.1ubuntu0.5 Candidate: 2.86-1.1ubuntu0.5 Version table: *** 2.86-1.1ubuntu0.5 500 500 http://br.archive.ubuntu.com/ubuntu jammy-proposed/universe amd64 Packages 100 /var/lib/dpkg/status 2.86-1.1ubuntu0.4 500 500 http://br.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages 2.86-1.1ubuntu0.3 500 500 http://br.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages 2.86-1.1 500 500 http://br.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages When I perform the same test as before, I get an immediate empty result, and no crash, when resolv.conf contains no server: root@j-dnsmasq-2045570:~# dig @127.0.0.1 +short ubuntu.com root@j-dnsmasq-2045570:~# And the previous result, which was cached, is still there: root@j-dnsmasq-2045570:~# dig @127.0.0.1 +short linux.com 23.185.0.3 Logs remain silent: Jan 23 17:08:14 j-dnsmasq-2045570 dnsmasq[1350]: no servers found in /etc/resolv.conf, will retry If I revert resolv.conf to a working content: root@j-dnsmasq-2045570:~# echo "nameserver 1.1.1.1" > /etc/resolv.conf The log notices that: Jan 23 17:57:47 j-dnsmasq-2045570 dnsmasq[7370]: reading /etc/resolv.conf Jan 23 17:57:47 j-dnsmasq-2045570 dnsmasq[7370]: using nameserver 1.1.1.1#53 And the server resumes working: root@j-dnsmasq-2045570:~# dig @127.0.0.1 +short ubuntu.com 185.125.190.21 185.125.190.29 185.125.190.20 root@j-dnsmasq-2045570:~# dig @127.0.0.1 +short linux.com 23.185.0.3 root@j-dnsmasq-2045570:~# Jammy verification succeeded. ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Fix Committed Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]:
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
Ah, I now understand what happened in the comment above. I only upgraded the bin:dnsmasq package, and not bin:dnsmasq-base. Both need to be upgraded, i.e., like a normal "apt ugprade" or "apt dist-upgrade" would do. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Fix Committed Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change - perform a query for another random domain The fixed version from proposed will not crash. That last query with no "nameserver" lines in resolv.conf won't work, but it won't crash the server.
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
While performing the jammy verification, it happened once again what I first saw in https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2045570/comments/4: dnsmasq doesn't crash, but starts spinning 100% CPU and becomes unresponsive. I double checked that the source package contains the patch applied correctly. I'm repeating the test multiple times now, and not observing the 100% cpu usage anymore... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Fix Committed Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change -
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
Hello Alfred, or anyone else affected, Accepted dnsmasq into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dnsmasq/2.86-1.1ubuntu0.5 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: dnsmasq (Ubuntu Jammy) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Fix Committed Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
Uploaded to jammy unapproved, waiting on SRU team now. ** Merge proposal linked: https://code.launchpad.net/~ahasenack/ubuntu/+source/dnsmasq/+git/dnsmasq/+merge/457905 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: In Progress Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change - perform a query for another random domain The fixed version from proposed will not crash. That last query with no "nameserver" lines in resolv.conf won't work, but it won't crash the server. [ Where problems could occur ] This is
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
Yep, false alarm, the patch works. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: In Progress Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change - perform a query for another random domain The fixed version from proposed will not crash. That last query with no "nameserver" lines in resolv.conf won't work, but it won't crash the server. [ Where problems could occur ] This is doing some pointer/memory manipulation that could introduce memory leaks or other crashes. In fact, this is exactly what happened in
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
Ah, never mind, I built the package incorrectly. It's not a quilt package... :/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: In Progress Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change - perform a query for another random domain The fixed version from proposed will not crash. That last query with no "nameserver" lines in resolv.conf won't work, but it won't crash the server. [ Where problems could occur ] This is doing some pointer/memory manipulation that could introduce memory leaks or other crashes.
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
So with the upstream patch, I see no crash, but dnsmasq starts spinning CPU at 100%. This is not a good enough fix. ** Description changed: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change - perform a query for another random domain - The fixed version from proposed will not crash. + The fixed version from proposed will not crash. That last query with no + "nameserver" lines in resolv.conf won't work, but it won't crash the + server. [ Where problems could occur ] This is doing some pointer/memory manipulation that could introduce memory leaks or other crashes. In fact, this is exactly what happened in the 2.86 release, which, and I quote, "Major rewrite of the DNS server and domain handling code. This should be largely transparent, but it
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
** Description changed: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. - [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change - perform a query for another random domain The fixed version from proposed will not crash. [ Where problems could occur ] - * Think about what the upload changes in the software. Imagine the change is - wrong or breaks something else: how would this show up? + This is doing some pointer/memory manipulation that could introduce + memory leaks or other crashes. In fact, this is exactly what happened in + the 2.86 release, which, and I quote, "Major rewrite of the DNS server + and domain handling code. This should be largely transparent, but it + drastically improves performance and reduces memory foot-print"[2]. 2.88 + was then released with the fix used in this SRU (the
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
** Description changed: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. + + The problem was introduced[1] in version 2.86, and fixed in 2.87, so + only jammy is affected. + + 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 + The commit message says: + """ + This problem was introduced in 2.86. + """ + + And indeed, I wasn't able to crash 2.80 shipped in focal. + [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change - perform a query for another random domain The fixed version from proposed will not crash. [ Where problems could occur ] * Think about what the upload changes in the software. Imagine the change is wrong or breaks something else: how would this show up? * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This must '''never''' be "None" or "Low", or entirely an argument as to why your upload is low risk. * This both shows the SRU team that the risks have been
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
** Description changed: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. + [ Test Plan ] + It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. - [ Test Plan ] + # Create a jammy lxd container - * detailed instructions how to reproduce the bug + lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 - * these should allow someone who is not familiar with the affected - package to reproduce the bug and verify that the updated package fixes - the problem. + # Enter the container - * if other testing is appropriate to perform before landing this update, - this should also be described here. + lxc shell j-dnsmasq-2045570 + + # From now on, all commands should be executed in the container. + # Install dnsmasq, and disable systemd-resolved + + apt update && apt install -y dnsmasq + + # Disable systemd-resolved, and start dnsmasq + + systemctl disable --now systemd-resolved + systemctl enable --now dnsmasq + + # In one terminal inside the container, watch the dnsmasq logs: + + journalctl -u dnsmasq.service -f + + # In another terminal, remove /etc/resolv.conf and create a new one, empty + rm /etc/resolv.conf + touch /etc/resolv.conf + + # Note in the dnsmasq logs that it should notice the resolv.conf changes, with something like: + Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry + + # Perform a dns query + + dig @127.0.0.1 +short ubuntu.com + + # Observe in the dnsmasq logs that it crashes. + Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV + Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. + + If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: + - add "nameserver 127.0.0.1" to /etc/resolv.conf + - observe that dnsmasq notices the change to the file + - perform a query for some random domain using "dig @127.0.0.1 +short " + - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change + - perform a query for another random domain + + The fixed version from proposed will not crash. + [ Where problems could occur ] * Think about what the upload changes in the software. Imagine the change is wrong or breaks something else: how would this show up? * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This must '''never''' be "None" or "Low", or entirely an argument as to why your upload is low risk. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [ Other Info ] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
** Description changed: + [ Impact ] + + * An explanation of the effects of the bug on users and + + * justification for backporting the fix to the stable release. + + * In addition, it is helpful, but not required, to include an +explanation of how the upload fixes this bug. + + [ Test Plan ] + + * detailed instructions how to reproduce the bug + + * these should allow someone who is not familiar with the affected +package to reproduce the bug and verify that the updated package fixes +the problem. + + * if other testing is appropriate to perform before landing this update, +this should also be described here. + + [ Where problems could occur ] + + * Think about what the upload changes in the software. Imagine the change is +wrong or breaks something else: how would this show up? + + * It is assumed that any SRU candidate patch is well-tested before +upload and has a low overall risk of regression, but it's important +to make the effort to think about what ''could'' happen in the +event of a regression. + + * This must '''never''' be "None" or "Low", or entirely an argument as to why +your upload is low risk. + + * This both shows the SRU team that the risks have been considered, +and provides guidance to testers in regression-testing the SRU. + + [ Other Info ] + + * Anything else you think is useful to include + * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board + * and address these questions in advance + + [ Original description ] + upstream discussion: https://lists.thekelleys.org.uk/pipermail/dnsmasq- discuss/2022q3/016563.html in my journal, my dns service crash and restart just after: Dec 04 17:18:38 dnsmasq[199333]: no servers found in /run/NetworkManager/no-stub-resolv.conf, will retry oops report: https://errors.ubuntu.com/oops/29cf5e2e-92b1-11ee-9bdf- fa163ec44ecd ubuntu jammy, dnsmasq-base 2.86-1.1ubuntu0.3 ** Changed in: dnsmasq (Ubuntu Jammy) Status: Triaged => In Progress ** Description changed: [ Impact ] - * An explanation of the effects of the bug on users and + dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the + file is updated. When that happens and for some reason there were no + "nameserver" declarations in the updated file, dnsmasq can crash. - * justification for backporting the fix to the stable release. + Here is a log of a reproducer: + $ dig +short @127.0.0.1 ubuntu.com + ;; communications error to 127.0.0.1#53: timed out + ;; communications error to 127.0.0.1#53: connection refused + ;; communications error to 127.0.0.1#53: connection refused + ;; no servers could be reached - * In addition, it is helpful, but not required, to include an -explanation of how the upload fixes this bug. + We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: + Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 + Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets + Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile + Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf + Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 + Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses + Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. + Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry + Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV + Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. + + dnsmasq has provisions for this situation, we can see that in the + 13:58:01 message where it says it will retry, but due to this bug, it + crashes instead. + [ Test Plan ] - * detailed instructions how to reproduce the bug + * detailed instructions how to reproduce the bug - * these should allow someone who is not familiar with the affected -package to reproduce the bug and verify that the updated package fixes -the problem. + * these should allow someone who is not familiar with the affected + package to reproduce the bug and verify that the updated package fixes + the problem. - * if other testing is appropriate to perform before landing this update, -this should also be described here. + * if other testing is appropriate to perform before landing this update, + this should also be described here. [ Where problems could occur ] - * Think about what the upload changes in the software. Imagine the change is -wrong
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
ps. Since it is a UAF, the result is uncertain. I see twice, it does not crash, but just dead loop, use 100% cpu. Dec 05 06:11:38 dnsmasq[359491]: read /etc/hosts - 7 addresses Dec 06 07:58:41 dnsmasq[359491]: no servers found in /run/NetworkManager/no-stub-resolv.conf, will retry Dec 06 21:23:52 systemd[1]: Stopping My DNS caching server for lxd and vms... Dec 06 21:24:09 systemd[1]: my-dns.service: Main process exited, code=killed, status=9/KILL Dec 06 21:24:09 systemd[1]: my-dns.service: Failed with result 'signal'. Dec 06 21:24:09 systemd[1]: Stopped My DNS caching server for lxd and vms. Dec 06 21:24:09 systemd[1]: my-dns.service: Consumed 13h 25min 27.822s CPU time. Dec 06 21:24:09 systemd[1]: Started My DNS caching server for lxd and vms. Dec 09 13:07:28 dnsmasq[464230]: read /etc/hosts - 7 addresses Dec 11 03:44:37 dnsmasq[464230]: no servers found in /run/NetworkManager/no-stub-resolv.conf, will retry Dec 11 06:28:39 systemd[1]: Stopping My DNS caching server for lxd and vms... Dec 11 06:28:48 systemd[1]: my-dns.service: Main process exited, code=killed, status=9/KILL Dec 11 06:28:48 systemd[1]: my-dns.service: Failed with result 'signal'. Dec 11 06:28:48 systemd[1]: Stopped My DNS caching server for lxd and vms. Dec 11 06:28:48 systemd[1]: my-dns.service: Consumed 2h 44min 11.010s CPU time. Dec 11 06:28:48 systemd[1]: Started My DNS caching server for lxd and vms. In the end, I manually restart it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Triaged Bug description: upstream discussion: https://lists.thekelleys.org.uk/pipermail/dnsmasq- discuss/2022q3/016563.html in my journal, my dns service crash and restart just after: Dec 04 17:18:38 dnsmasq[199333]: no servers found in /run/NetworkManager/no-stub-resolv.conf, will retry oops report: https://errors.ubuntu.com/oops/29cf5e2e-92b1-11ee-9bdf- fa163ec44ecd ubuntu jammy, dnsmasq-base 2.86-1.1ubuntu0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2045570/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
I was able to reproduce this after a few attempts. Good enough for a test plan/case. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Triaged Bug description: upstream discussion: https://lists.thekelleys.org.uk/pipermail/dnsmasq- discuss/2022q3/016563.html in my journal, my dns service crash and restart just after: Dec 04 17:18:38 dnsmasq[199333]: no servers found in /run/NetworkManager/no-stub-resolv.conf, will retry oops report: https://errors.ubuntu.com/oops/29cf5e2e-92b1-11ee-9bdf- fa163ec44ecd ubuntu jammy, dnsmasq-base 2.86-1.1ubuntu0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2045570/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
** Changed in: dnsmasq (Ubuntu Jammy) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Triaged Bug description: upstream discussion: https://lists.thekelleys.org.uk/pipermail/dnsmasq- discuss/2022q3/016563.html in my journal, my dns service crash and restart just after: Dec 04 17:18:38 dnsmasq[199333]: no servers found in /run/NetworkManager/no-stub-resolv.conf, will retry oops report: https://errors.ubuntu.com/oops/29cf5e2e-92b1-11ee-9bdf- fa163ec44ecd ubuntu jammy, dnsmasq-base 2.86-1.1ubuntu0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2045570/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
Thanks for taking the time to report this bug and trying to make Ubuntu better. Also thanks for the pointers. According to the upstream discussion this is the needed fix: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=d290630d31f4517ab26392d00753d1397f9a4114 It is included in version 2.87 onward, so it affects only Jammy. ** Changed in: dnsmasq (Ubuntu) Status: New => Triaged ** Tags added: server-todo ** Also affects: dnsmasq (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: dnsmasq (Ubuntu Jammy) Status: New => Triaged ** Changed in: dnsmasq (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Triaged Bug description: upstream discussion: https://lists.thekelleys.org.uk/pipermail/dnsmasq- discuss/2022q3/016563.html in my journal, my dns service crash and restart just after: Dec 04 17:18:38 dnsmasq[199333]: no servers found in /run/NetworkManager/no-stub-resolv.conf, will retry oops report: https://errors.ubuntu.com/oops/29cf5e2e-92b1-11ee-9bdf- fa163ec44ecd ubuntu jammy, dnsmasq-base 2.86-1.1ubuntu0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2045570/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
** Description changed: upstream discussion: https://lists.thekelleys.org.uk/pipermail/dnsmasq- discuss/2022q3/016563.html in my journal, my dns service crash and restart just after: Dec 04 17:18:38 dnsmasq[199333]: no servers found in /run/NetworkManager/no-stub-resolv.conf, will retry oops report: https://errors.ubuntu.com/oops/29cf5e2e-92b1-11ee-9bdf- fa163ec44ecd + + ubuntu jammy, dnsmasq-base 2.86-1.1ubuntu0.3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: New Bug description: upstream discussion: https://lists.thekelleys.org.uk/pipermail/dnsmasq- discuss/2022q3/016563.html in my journal, my dns service crash and restart just after: Dec 04 17:18:38 dnsmasq[199333]: no servers found in /run/NetworkManager/no-stub-resolv.conf, will retry oops report: https://errors.ubuntu.com/oops/29cf5e2e-92b1-11ee-9bdf- fa163ec44ecd ubuntu jammy, dnsmasq-base 2.86-1.1ubuntu0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2045570/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
