Re: [Dnsmasq-discuss] Blockdata SIGSEGV on master

Sun, 03 Sep 2023 13:22:13 -0700 

Dear list,
Offline, we've found this one. The patch is in git now. It needs arbitrary RR caching to be enabled, and some fairly bad luck in what actually gets cached, but Facebook obliges every once in a while. 


Cheers,

Simon.


On 01/09/2023 20:28, Dominik Derigs wrote:

Dear Simon, CC mailing list,

today I've received a report of latest dnsmasq embedded into Pi-hole
crashing when www.facebook.com is visited (but only when logged in). I
was able to reproduce this myself after creating a (fake) account.

The hit/miss ratio is not 100% but it should be possible to trigger the
crash within a couple of tries. I tried Google Chrome on Linux for
reproducing the crash (the report was Chrome on Windows). For this test,
I used only one upstream server: 8.8.8.8

A PCAP I recorded using dumpmask=0xFFFF is attached.

When the SIGSEGV happens, it can happen in a few different but related
code places, let me summarize the two location I found most often below:

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/blockdata.c;h=444a03a6798fce5da839f199df4a9326ab17188a;hb=HEAD#l217

Thread 1 "pihole-FTL" received signal SIGSEGV, Segmentation fault.
blockdata_retrieve (block=<optimized out>, len=13, data=0x556b98069ac0,
data@entry=0x0) at /app/FTL/src/dnsmasq/blockdata.c:217
217           memcpy(d, b->key, blen);
(gdb) where
#0  blockdata_retrieve (block=<optimized out>, len=13,
data=0x556b98069ac0, data@entry=0x0) at
/app/FTL/src/dnsmasq/blockdata.c:217
#1  0x0000556b95cd2092 in answer_request
(header=header@entry=0x556b9800e290, limit=limit@entry=0x556b9800e490
"", qlen=qlen@entry=31, local_addr=..., local_addr@entry=...,
local_netmask=...,
     local_netmask@entry=..., now=now@entry=1693587354,
ad_reqd=<optimized out>, do_bit=<optimized out>,
have_pseudoheader=<optimized out>, stale=<optimized out>,
filtered=<optimized out>)
     at /app/FTL/src/dnsmasq/rfc1035.c:2175
#2  0x0000556b95cac02d in receive_query
(listen=listen@entry=0x556b98002d60, now=now@entry=1693587354) at
/app/FTL/src/dnsmasq/forward.c:1921
#3  0x0000556b95c99b61 in check_dns_listeners (now=now@entry=1693587354)
at /app/FTL/src/dnsmasq/dnsmasq.c:1864
#4  0x0000556b95c9bd2d in main_dnsmasq (argc=<optimized out>,
argv=<optimized out>) at /app/FTL/src/dnsmasq/dnsmasq.c:1271
#5  0x0000556b95bfaf76 in main (argc=<optimized out>,
argv=0x7ffff6ee9598) at /app/FTL/src/main.c:152

sometimes the crash happens in

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/blockdata.c;h=444a03a6798fce5da839f199df4a9326ab17188a;hb=HEAD#l177

Thread 1 "pihole-FTL" received signal SIGSEGV, Segmentation fault.
blockdata_free (blocks=0x3368023268020600) at
/app/FTL/src/dnsmasq/blockdata.c:177
177     void blockdata_free(struct blockdata *blocks)
(gdb) where
#0  blockdata_free (blocks=0x3368023268020600) at
/app/FTL/src/dnsmasq/blockdata.c:177
#1  0x0000560c710c9715 in cache_scan_free
(name=name@entry=0x560c7272f6d0 "star.c10r.facebook.com",
addr=addr@entry=0x7ffe4bdaa9a0, class=class@entry=1,
now=now@entry=1693587879, flags=flags@entry=1082130440,
     target_crec=target_crec@entry=0x7ffe4bdaa870,
target_uid=0x7ffe4bdaa86c) at /app/FTL/src/dnsmasq/cache.c:541
#2  0x0000560c710cd43e in really_insert (name=0x560c7272f6d0
"star.c10r.facebook.com", addr=0x7ffe4bdaa9a0, class=1, now=1693587879,
ttl=60, flags=1082130440) at /app/FTL/src/dnsmasq/cache.c:657
#3  0x0000560c7110aa6e in extract_addresses
(header=header@entry=0x560c7273f290, qlen=<optimized out>,
name=0x560c7272f6d0 "star.c10r.facebook.com", now=now@entry=1693587879,
ipsets=ipsets@entry=0x0,
     nftsets=nftsets@entry=0x0, is_sign=0, check_rebind=0,
no_cache_dnssec=0, secure=0, doctored=0x7ffe4bdaaa9c) at
/app/FTL/src/dnsmasq/rfc1035.c:921
#4  0x0000560c710e39b6 in process_reply
(header=header@entry=0x560c7273f290, now=now@entry=1693587879,
server=0x560c7273d6d0, n=<optimized out>, n@entry=157, check_rebind=0,
no_cache=no_cache@entry=0,
     cache_secure=0, bogusanswer=0, ad_reqd=0, do_bit=0,
added_pheader=128, query_source=0x560c7278e150, limit=0x560c7273f760 "",
ede=<optimized out>) at /app/FTL/src/dnsmasq/forward.c:833
#5  0x0000560c710e86c0 in return_reply (now=now@entry=1693587879,
forward=forward@entry=0x560c7278e150,
header=header@entry=0x560c7273f290, n=157, n@entry=140730171042832,
status=<optimized out>)
     at /app/FTL/src/dnsmasq/forward.c:1397
#6  0x0000560c710e8c70 in dnssec_validate
(forward=forward@entry=0x560c7278e150,
header=header@entry=0x560c7273f290, plen=140730171042832,
status=<optimized out>, status@entry=524288, now=now@entry=1693587879)
     at /app/FTL/src/dnsmasq/forward.c:1109
#7  0x0000560c710e8c1a in dnssec_validate
(forward=forward@entry=0x560c72731a70,
header=header@entry=0x560c7273f290, plen=plen@entry=855,
status=status@entry=524288, now=now@entry=1693587879)
     at /app/FTL/src/dnsmasq/forward.c:1124
#8  0x0000560c710e9674 in reply_query (fd=<optimized out>,
now=now@entry=1693587879) at /app/FTL/src/dnsmasq/forward.c:1319
#9  0x0000560c710d5dff in check_dns_listeners (now=now@entry=1693587879)
at /app/FTL/src/dnsmasq/dnsmasq.c:1836
#10 0x0000560c710d7d2d in main_dnsmasq (argc=<optimized out>,
argv=<optimized out>) at /app/FTL/src/dnsmasq/dnsmasq.c:1271
#11 0x0000560c71036f76 in main (argc=<optimized out>,
argv=0x7ffe4bdab088) at /app/FTL/src/main.c:152


Best,
Dominik


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss






















					Reply via email to