Possible Issue

Possible Issue

[R. W. Rodolico]

[-- Attachment #1: Type: text/plain, Size: 1113 bytes --]

I am running 95 and have had two times in the past couple of weeks where
dnsmasq has died on me. I have been able to fix the problem by starting
it up again and it works just fine.

The error appears to be associated with these log entries:

Nov 24 13:38:26 dd-router kernel: dnsmasq[2789]: segfault at 0 ip
0805daaf sp 5af771e0 error 4 in dnsmasq[8048000+32000]
Nov 24 13:38:26 dd-router kernel: grsec: Segmentation fault occurred at
   (nil) in /usr/sbin/dnsmasq[dnsmasq:2789] uid/euid:99/99
gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Nov 24 13:38:26 dd-router kernel: grsec: bruteforce prevention initiated
due to crash of /usr/sbin/dnsmasq against uid 99, banning suid/sgid
execs for 15 minutes.  Please investigate the crash report for
/usr/sbin/dnsmasq[dnsmasq:2789] uid/euid:99/99 gid/egid:40/40, parent
/sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

this is a fresh install of IPFire 94, then upgrade to 95. Please let me
know what I can do to further troubleshoot this.

Rod

-- 
Rod Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
214.827.2170
http://www.dailydata.net

Re: Possible Issue

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1580 bytes --]

Hi,

yes, dnsmasq has some stability issues. This has become way better
since a few releases, but it is still not at the level where it should
be.

Have you any information about how to reproduce the crash? I
experienced them for a time, but they were all random and I could not
debug this a lot.

I just merged a patch with some fixes. Maybe it has been fixed in
there. Please test Core Update 96 as soon as it becomes available for
testing.

Best,
-Michael

On Fri, 2015-11-27 at 16:32 -0600, R. W. Rodolico wrote:
> I am running 95 and have had two times in the past couple of weeks
> where
> dnsmasq has died on me. I have been able to fix the problem by
> starting
> it up again and it works just fine.
> 
> The error appears to be associated with these log entries:
> 
> Nov 24 13:38:26 dd-router kernel: dnsmasq[2789]: segfault at 0 ip
> 0805daaf sp 5af771e0 error 4 in dnsmasq[8048000+32000]
> Nov 24 13:38:26 dd-router kernel: grsec: Segmentation fault occurred
> at
>    (nil) in /usr/sbin/dnsmasq[dnsmasq:2789] uid/euid:99/99
> gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> Nov 24 13:38:26 dd-router kernel: grsec: bruteforce prevention
> initiated
> due to crash of /usr/sbin/dnsmasq against uid 99, banning suid/sgid
> execs for 15 minutes.  Please investigate the crash report for
> /usr/sbin/dnsmasq[dnsmasq:2789] uid/euid:99/99 gid/egid:40/40, parent
> /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> 
> this is a fresh install of IPFire 94, then upgrade to 95. Please let
> me
> know what I can do to further troubleshoot this.
> 
> Rod
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: Possible Issue

[R. W. Rodolico]

[-- Attachment #1: Type: text/plain, Size: 2522 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I tried to reproduce it, but was not successful. I saw no correlation
between the two times it happened. If it breaks again, I'll see if I
can create a conditions list, however.

My office firewall is set to always run the testing tree, so as soon
as 96 goes into beta, it will automatically upgrade (I keep a very,
very old router around in case I completely mess it up with the upgrade!
).

I really hate giving a report that says "this broke." I know you need
more information than that.

Rod

On 12/01/2015 04:39 PM, Michael Tremer wrote:
> Hi,
> 
> yes, dnsmasq has some stability issues. This has become way better 
> since a few releases, but it is still not at the level where it
> should be.
> 
> Have you any information about how to reproduce the crash? I 
> experienced them for a time, but they were all random and I could
> not debug this a lot.
> 
> I just merged a patch with some fixes. Maybe it has been fixed in 
> there. Please test Core Update 96 as soon as it becomes available
> for testing.
> 
> Best, -Michael
> 
> On Fri, 2015-11-27 at 16:32 -0600, R. W. Rodolico wrote:
>> I am running 95 and have had two times in the past couple of
>> weeks where dnsmasq has died on me. I have been able to fix the
>> problem by starting it up again and it works just fine.
>> 
>> The error appears to be associated with these log entries:
>> 
>> Nov 24 13:38:26 dd-router kernel: dnsmasq[2789]: segfault at 0
>> ip 0805daaf sp 5af771e0 error 4 in dnsmasq[8048000+32000] Nov 24
>> 13:38:26 dd-router kernel: grsec: Segmentation fault occurred at 
>> (nil) in /usr/sbin/dnsmasq[dnsmasq:2789] uid/euid:99/99 
>> gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0
>> gid/egid:0/0 Nov 24 13:38:26 dd-router kernel: grsec: bruteforce
>> prevention initiated due to crash of /usr/sbin/dnsmasq against
>> uid 99, banning suid/sgid execs for 15 minutes.  Please
>> investigate the crash report for /usr/sbin/dnsmasq[dnsmasq:2789]
>> uid/euid:99/99 gid/egid:40/40, parent /sbin/init[init:1]
>> uid/euid:0/0 gid/egid:0/0
>> 
>> this is a fresh install of IPFire 94, then upgrade to 95. Please
>> let me know what I can do to further troubleshoot this.
>> 
>> Rod

- -- 
Rod Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
214.827.2170
http://www.dailydata.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlZedkMACgkQuVY3UpYMlTQx5ACfXg3jKXY5uFssp5ehner2pyh6
SdYAn31mLQVfCjPNiUib9f4f74hcN3fs
=D74o
-----END PGP SIGNATURE-----

Re: Possible Issue

[R. W. Rodolico]

[-- Attachment #1: Type: text/plain, Size: 5526 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just a follow up on the dnsmasq issue. It happened again tonight, with
logs similar to what I had before. See at the bottom. Here is the
sequence of events:

I was opening http://news.bbc.co.uk (which redirects to
http://www.bbc.com/news). It made it halfway through the page when
dnsmasq apparently died (some of the images did not come up). I then
tried to open a few additional pages, all at www.bbc.com, and when
they all failed, I checked the server. Note that at 21:53:13 it was
running fine, and at 21:54.25 it died, during a page load.

Just prior to all this, I had loaded several pages, each requiring a
DNS operation. It appeared dnsmasq died during the loading of the last
of them (news.bbc.co.uk) as that one had images only partially
complete. The sites were.

http://antwrp.gsfc.nasa.gov/apod/
http://news.bbc.co.uk/
http://www.publicbroadcasting.net/kera/news.newsmain
http://planet.ipfire.org/
http://www.kyivpost.com/

I tend to open these all at the same time in Firefox and they
generally work just fine. At the time I opened these, I also had 12
other tabs open in three additional instances of Firefox, one tab open
in Chromium, my mail client open with 4 accounts. No other machines
were on in the location.

I see no patterns at all. The last time it happened, I do not believe
I had nearly as many sessions open (there are always around 12 web
pages open in two Firefox windows). It is weird in that it happened
about a week ago also.

The IPFire machine is as follows:
AMD Geode, single core, 500Mhz
512M RAM, no swap
4 VIA VT6105M NIC's, Red, Green and two bridged Green
1 TP-Link TL-WN75IND wireless PCI card (Qualcomm Atheros AR9227
Wireless NIC)

With the exception of bridging two NIC's into the Green, and the
wireless NIC, this is a standard configuration I have used in dozens
of firewalls.

Michael, does any of this match your machine that has had the issue?
Do you think I should look for anything else, or do you want to just
wait for Core 96 and see if the new dnsmasq fixes it.

Rod

========================================================================
Dec  4 21:53:13 dd-router dnsmasq[2801]: reading
/var/state/dhcp/dhcpd.leases
Dec  4 21:54:25 dd-router kernel: dnsmasq[2801]: segfault at 0 ip
0805daaf sp 5ec22580 error 4 in dnsmasq[8048000+32000]
Dec  4 21:54:25 dd-router kernel: grsec: Segmentation fault occurred
at    (nil) in /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99
gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Dec  4 21:54:25 dd-router kernel: grsec: bruteforce prevention
initiated due to crash of /usr/sbin/dnsmasq against uid 99, banning
suid/sgid execs for 15 minutes.  Please investigate the crash report
for /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99 gid/egid:40/40,
parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
========================================================================


On 12/01/2015 10:40 PM, R. W. Rodolico wrote:
> I tried to reproduce it, but was not successful. I saw no
> correlation between the two times it happened. If it breaks again,
> I'll see if I can create a conditions list, however.
> 
> My office firewall is set to always run the testing tree, so as
> soon as 96 goes into beta, it will automatically upgrade (I keep a
> very, very old router around in case I completely mess it up with
> the upgrade! ).
> 
> I really hate giving a report that says "this broke." I know you
> need more information than that.
> 
> Rod
> 
> On 12/01/2015 04:39 PM, Michael Tremer wrote:
>> Hi,
> 
>> yes, dnsmasq has some stability issues. This has become way
>> better since a few releases, but it is still not at the level
>> where it should be.
> 
>> Have you any information about how to reproduce the crash? I 
>> experienced them for a time, but they were all random and I
>> could not debug this a lot.
> 
>> I just merged a patch with some fixes. Maybe it has been fixed in
>>  there. Please test Core Update 96 as soon as it becomes
>> available for testing.
> 
>> Best, -Michael
> 
>> On Fri, 2015-11-27 at 16:32 -0600, R. W. Rodolico wrote:
>>> I am running 95 and have had two times in the past couple of 
>>> weeks where dnsmasq has died on me. I have been able to fix
>>> the problem by starting it up again and it works just fine.
>>> 
>>> The error appears to be associated with these log entries:
>>> 
>>> Nov 24 13:38:26 dd-router kernel: dnsmasq[2789]: segfault at 0 
>>> ip 0805daaf sp 5af771e0 error 4 in dnsmasq[8048000+32000] Nov
>>> 24 13:38:26 dd-router kernel: grsec: Segmentation fault
>>> occurred at (nil) in /usr/sbin/dnsmasq[dnsmasq:2789]
>>> uid/euid:99/99 gid/egid:40/40, parent /sbin/init[init:1]
>>> uid/euid:0/0 gid/egid:0/0 Nov 24 13:38:26 dd-router kernel:
>>> grsec: bruteforce prevention initiated due to crash of
>>> /usr/sbin/dnsmasq against uid 99, banning suid/sgid execs for
>>> 15 minutes.  Please investigate the crash report for
>>> /usr/sbin/dnsmasq[dnsmasq:2789] uid/euid:99/99 gid/egid:40/40,
>>> parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
>>> 
>>> this is a fresh install of IPFire 94, then upgrade to 95.
>>> Please let me know what I can do to further troubleshoot this.
>>> 
>>> Rod
> 
> 

- -- 
Rod Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
214.827.2170
http://www.dailydata.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlZiZeQACgkQuVY3UpYMlTTr3wCfdDrr4+xDjM+rjopuFsUDkIPm
Je4An1fE+C4Jk3MKbTS1JpBxCev0HDR5
=ODLv
-----END PGP SIGNATURE-----

Re: Possible Issue

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 6246 bytes --]

HI,

if you'd like to test the latest 'dnsmasq 2.75', containing the "latest 
upstream patches" I could send you the download link of the version 
which is now running for about two weeks here without any crashes. 
Besides, using DNS.WATCH-servers, I never had any crashes, but it could 
be worth a try.

I'm just not really sure - this version was compiled an an "Intel Core 2 
Duo" - is this ready for "AMD Geode" or do you need a somewhat ~special 
version!?

Regards,
Matthias

On 05.12.2015 05:19, R. W. Rodolico wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Just a follow up on the dnsmasq issue. It happened again tonight, with
> logs similar to what I had before. See at the bottom. Here is the
> sequence of events:
>
> I was opening http://news.bbc.co.uk (which redirects to
> http://www.bbc.com/news). It made it halfway through the page when
> dnsmasq apparently died (some of the images did not come up). I then
> tried to open a few additional pages, all at www.bbc.com, and when
> they all failed, I checked the server. Note that at 21:53:13 it was
> running fine, and at 21:54.25 it died, during a page load.
>
> Just prior to all this, I had loaded several pages, each requiring a
> DNS operation. It appeared dnsmasq died during the loading of the last
> of them (news.bbc.co.uk) as that one had images only partially
> complete. The sites were.
>
> http://antwrp.gsfc.nasa.gov/apod/
> http://news.bbc.co.uk/
> http://www.publicbroadcasting.net/kera/news.newsmain
> http://planet.ipfire.org/
> http://www.kyivpost.com/
>
> I tend to open these all at the same time in Firefox and they
> generally work just fine. At the time I opened these, I also had 12
> other tabs open in three additional instances of Firefox, one tab open
> in Chromium, my mail client open with 4 accounts. No other machines
> were on in the location.
>
> I see no patterns at all. The last time it happened, I do not believe
> I had nearly as many sessions open (there are always around 12 web
> pages open in two Firefox windows). It is weird in that it happened
> about a week ago also.
>
> The IPFire machine is as follows:
> AMD Geode, single core, 500Mhz
> 512M RAM, no swap
> 4 VIA VT6105M NIC's, Red, Green and two bridged Green
> 1 TP-Link TL-WN75IND wireless PCI card (Qualcomm Atheros AR9227
> Wireless NIC)
>
> With the exception of bridging two NIC's into the Green, and the
> wireless NIC, this is a standard configuration I have used in dozens
> of firewalls.
>
> Michael, does any of this match your machine that has had the issue?
> Do you think I should look for anything else, or do you want to just
> wait for Core 96 and see if the new dnsmasq fixes it.
>
> Rod
>
> ========================================================================
> Dec  4 21:53:13 dd-router dnsmasq[2801]: reading
> /var/state/dhcp/dhcpd.leases
> Dec  4 21:54:25 dd-router kernel: dnsmasq[2801]: segfault at 0 ip
> 0805daaf sp 5ec22580 error 4 in dnsmasq[8048000+32000]
> Dec  4 21:54:25 dd-router kernel: grsec: Segmentation fault occurred
> at    (nil) in /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99
> gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> Dec  4 21:54:25 dd-router kernel: grsec: bruteforce prevention
> initiated due to crash of /usr/sbin/dnsmasq against uid 99, banning
> suid/sgid execs for 15 minutes.  Please investigate the crash report
> for /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99 gid/egid:40/40,
> parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> ========================================================================
>
>
> On 12/01/2015 10:40 PM, R. W. Rodolico wrote:
>> I tried to reproduce it, but was not successful. I saw no
>> correlation between the two times it happened. If it breaks again,
>> I'll see if I can create a conditions list, however.
>>
>> My office firewall is set to always run the testing tree, so as
>> soon as 96 goes into beta, it will automatically upgrade (I keep a
>> very, very old router around in case I completely mess it up with
>> the upgrade! ).
>>
>> I really hate giving a report that says "this broke." I know you
>> need more information than that.
>>
>> Rod
>>
>> On 12/01/2015 04:39 PM, Michael Tremer wrote:
>>> Hi,
>>
>>> yes, dnsmasq has some stability issues. This has become way
>>> better since a few releases, but it is still not at the level
>>> where it should be.
>>
>>> Have you any information about how to reproduce the crash? I
>>> experienced them for a time, but they were all random and I
>>> could not debug this a lot.
>>
>>> I just merged a patch with some fixes. Maybe it has been fixed in
>>>  there. Please test Core Update 96 as soon as it becomes
>>> available for testing.
>>
>>> Best, -Michael
>>
>>> On Fri, 2015-11-27 at 16:32 -0600, R. W. Rodolico wrote:
>>>> I am running 95 and have had two times in the past couple of
>>>> weeks where dnsmasq has died on me. I have been able to fix
>>>> the problem by starting it up again and it works just fine.
>>>>
>>>> The error appears to be associated with these log entries:
>>>>
>>>> Nov 24 13:38:26 dd-router kernel: dnsmasq[2789]: segfault at 0
>>>> ip 0805daaf sp 5af771e0 error 4 in dnsmasq[8048000+32000] Nov
>>>> 24 13:38:26 dd-router kernel: grsec: Segmentation fault
>>>> occurred at (nil) in /usr/sbin/dnsmasq[dnsmasq:2789]
>>>> uid/euid:99/99 gid/egid:40/40, parent /sbin/init[init:1]
>>>> uid/euid:0/0 gid/egid:0/0 Nov 24 13:38:26 dd-router kernel:
>>>> grsec: bruteforce prevention initiated due to crash of
>>>> /usr/sbin/dnsmasq against uid 99, banning suid/sgid execs for
>>>> 15 minutes.  Please investigate the crash report for
>>>> /usr/sbin/dnsmasq[dnsmasq:2789] uid/euid:99/99 gid/egid:40/40,
>>>> parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
>>>>
>>>> this is a fresh install of IPFire 94, then upgrade to 95.
>>>> Please let me know what I can do to further troubleshoot this.
>>>>
>>>> Rod
>>
>>
>
> - --
> Rod Rodolico
> Daily Data, Inc.
> POB 140465
> Dallas TX 75214-0465
> 214.827.2170
> http://www.dailydata.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iEYEARECAAYFAlZiZeQACgkQuVY3UpYMlTTr3wCfdDrr4+xDjM+rjopuFsUDkIPm
> Je4An1fE+C4Jk3MKbTS1JpBxCev0HDR5
> =ODLv
> -----END PGP SIGNATURE-----
>

Re: Possible Issue

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 6153 bytes --]

Hi,

just for information:

I just tried to reproduce your crash.
I disabled 'noscript' (Firefox addon) - plus your list from below - and 
allowed all redirections. No crash - as far as I can see, all pages and 
images loaded without problems (sorry... ;-).

Regards,
Matthias

P.S.: Using DNS-WATCH-servers => 
https://wiki.ipfire.org/en/dns/public-servers (84.200.69.80 / 84.200.70.40)

On 05.12.2015 05:19, R. W. Rodolico wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Just a follow up on the dnsmasq issue. It happened again tonight, with
> logs similar to what I had before. See at the bottom. Here is the
> sequence of events:
>
> I was opening http://news.bbc.co.uk (which redirects to
> http://www.bbc.com/news). It made it halfway through the page when
> dnsmasq apparently died (some of the images did not come up). I then
> tried to open a few additional pages, all at www.bbc.com, and when
> they all failed, I checked the server. Note that at 21:53:13 it was
> running fine, and at 21:54.25 it died, during a page load.
>
> Just prior to all this, I had loaded several pages, each requiring a
> DNS operation. It appeared dnsmasq died during the loading of the last
> of them (news.bbc.co.uk) as that one had images only partially
> complete. The sites were.
>
> http://antwrp.gsfc.nasa.gov/apod/
> http://news.bbc.co.uk/
> http://www.publicbroadcasting.net/kera/news.newsmain
> http://planet.ipfire.org/
> http://www.kyivpost.com/
>
> I tend to open these all at the same time in Firefox and they
> generally work just fine. At the time I opened these, I also had 12
> other tabs open in three additional instances of Firefox, one tab open
> in Chromium, my mail client open with 4 accounts. No other machines
> were on in the location.
>
> I see no patterns at all. The last time it happened, I do not believe
> I had nearly as many sessions open (there are always around 12 web
> pages open in two Firefox windows). It is weird in that it happened
> about a week ago also.
>
> The IPFire machine is as follows:
> AMD Geode, single core, 500Mhz
> 512M RAM, no swap
> 4 VIA VT6105M NIC's, Red, Green and two bridged Green
> 1 TP-Link TL-WN75IND wireless PCI card (Qualcomm Atheros AR9227
> Wireless NIC)
>
> With the exception of bridging two NIC's into the Green, and the
> wireless NIC, this is a standard configuration I have used in dozens
> of firewalls.
>
> Michael, does any of this match your machine that has had the issue?
> Do you think I should look for anything else, or do you want to just
> wait for Core 96 and see if the new dnsmasq fixes it.
>
> Rod
>
> ========================================================================
> Dec  4 21:53:13 dd-router dnsmasq[2801]: reading
> /var/state/dhcp/dhcpd.leases
> Dec  4 21:54:25 dd-router kernel: dnsmasq[2801]: segfault at 0 ip
> 0805daaf sp 5ec22580 error 4 in dnsmasq[8048000+32000]
> Dec  4 21:54:25 dd-router kernel: grsec: Segmentation fault occurred
> at    (nil) in /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99
> gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> Dec  4 21:54:25 dd-router kernel: grsec: bruteforce prevention
> initiated due to crash of /usr/sbin/dnsmasq against uid 99, banning
> suid/sgid execs for 15 minutes.  Please investigate the crash report
> for /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99 gid/egid:40/40,
> parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> ========================================================================
>
>
> On 12/01/2015 10:40 PM, R. W. Rodolico wrote:
>> I tried to reproduce it, but was not successful. I saw no
>> correlation between the two times it happened. If it breaks again,
>> I'll see if I can create a conditions list, however.
>>
>> My office firewall is set to always run the testing tree, so as
>> soon as 96 goes into beta, it will automatically upgrade (I keep a
>> very, very old router around in case I completely mess it up with
>> the upgrade! ).
>>
>> I really hate giving a report that says "this broke." I know you
>> need more information than that.
>>
>> Rod
>>
>> On 12/01/2015 04:39 PM, Michael Tremer wrote:
>>> Hi,
>>
>>> yes, dnsmasq has some stability issues. This has become way
>>> better since a few releases, but it is still not at the level
>>> where it should be.
>>
>>> Have you any information about how to reproduce the crash? I
>>> experienced them for a time, but they were all random and I
>>> could not debug this a lot.
>>
>>> I just merged a patch with some fixes. Maybe it has been fixed in
>>>  there. Please test Core Update 96 as soon as it becomes
>>> available for testing.
>>
>>> Best, -Michael
>>
>>> On Fri, 2015-11-27 at 16:32 -0600, R. W. Rodolico wrote:
>>>> I am running 95 and have had two times in the past couple of
>>>> weeks where dnsmasq has died on me. I have been able to fix
>>>> the problem by starting it up again and it works just fine.
>>>>
>>>> The error appears to be associated with these log entries:
>>>>
>>>> Nov 24 13:38:26 dd-router kernel: dnsmasq[2789]: segfault at 0
>>>> ip 0805daaf sp 5af771e0 error 4 in dnsmasq[8048000+32000] Nov
>>>> 24 13:38:26 dd-router kernel: grsec: Segmentation fault
>>>> occurred at (nil) in /usr/sbin/dnsmasq[dnsmasq:2789]
>>>> uid/euid:99/99 gid/egid:40/40, parent /sbin/init[init:1]
>>>> uid/euid:0/0 gid/egid:0/0 Nov 24 13:38:26 dd-router kernel:
>>>> grsec: bruteforce prevention initiated due to crash of
>>>> /usr/sbin/dnsmasq against uid 99, banning suid/sgid execs for
>>>> 15 minutes.  Please investigate the crash report for
>>>> /usr/sbin/dnsmasq[dnsmasq:2789] uid/euid:99/99 gid/egid:40/40,
>>>> parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
>>>>
>>>> this is a fresh install of IPFire 94, then upgrade to 95.
>>>> Please let me know what I can do to further troubleshoot this.
>>>>
>>>> Rod
>>
>>
>
> - --
> Rod Rodolico
> Daily Data, Inc.
> POB 140465
> Dallas TX 75214-0465
> 214.827.2170
> http://www.dailydata.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iEYEARECAAYFAlZiZeQACgkQuVY3UpYMlTTr3wCfdDrr4+xDjM+rjopuFsUDkIPm
> Je4An1fE+C4Jk3MKbTS1JpBxCev0HDR5
> =ODLv
> -----END PGP SIGNATURE-----
>

Re: Possible Issue

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 7270 bytes --]

I have pretty much the same situation here, but on various machines and
even on virtual machines.

However I was not able to reproduce it with a single DNS record. It
rather seems to be that if there are a few DNS queries coming in at the
same time, dnsmasq tends to crash under certain circumstances. The only
thing that I can do is contacting upstream again and raise attention,
but I am not sure if they can do anything if we cannot show when the
crash is happening.

Best,
-Michael

On Sat, 2015-12-05 at 12:15 +0100, Matthias Fischer wrote:
> Hi,
> 
> just for information:
> 
> I just tried to reproduce your crash.
> I disabled 'noscript' (Firefox addon) - plus your list from below -
> and 
> allowed all redirections. No crash - as far as I can see, all pages
> and 
> images loaded without problems (sorry... ;-).
> 
> Regards,
> Matthias
> 
> P.S.: Using DNS-WATCH-servers => 
> https://wiki.ipfire.org/en/dns/public-servers (84.200.69.80 /
> 84.200.70.40)
> 
> On 05.12.2015 05:19, R. W. Rodolico wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Just a follow up on the dnsmasq issue. It happened again tonight,
> > with
> > logs similar to what I had before. See at the bottom. Here is the
> > sequence of events:
> > 
> > I was opening http://news.bbc.co.uk (which redirects to
> > http://www.bbc.com/news). It made it halfway through the page when
> > dnsmasq apparently died (some of the images did not come up). I
> > then
> > tried to open a few additional pages, all at www.bbc.com, and when
> > they all failed, I checked the server. Note that at 21:53:13 it was
> > running fine, and at 21:54.25 it died, during a page load.
> > 
> > Just prior to all this, I had loaded several pages, each requiring
> > a
> > DNS operation. It appeared dnsmasq died during the loading of the
> > last
> > of them (news.bbc.co.uk) as that one had images only partially
> > complete. The sites were.
> > 
> > http://antwrp.gsfc.nasa.gov/apod/
> > http://news.bbc.co.uk/
> > http://www.publicbroadcasting.net/kera/news.newsmain
> > http://planet.ipfire.org/
> > http://www.kyivpost.com/
> > 
> > I tend to open these all at the same time in Firefox and they
> > generally work just fine. At the time I opened these, I also had 12
> > other tabs open in three additional instances of Firefox, one tab
> > open
> > in Chromium, my mail client open with 4 accounts. No other machines
> > were on in the location.
> > 
> > I see no patterns at all. The last time it happened, I do not
> > believe
> > I had nearly as many sessions open (there are always around 12 web
> > pages open in two Firefox windows). It is weird in that it happened
> > about a week ago also.
> > 
> > The IPFire machine is as follows:
> > AMD Geode, single core, 500Mhz
> > 512M RAM, no swap
> > 4 VIA VT6105M NIC's, Red, Green and two bridged Green
> > 1 TP-Link TL-WN75IND wireless PCI card (Qualcomm Atheros AR9227
> > Wireless NIC)
> > 
> > With the exception of bridging two NIC's into the Green, and the
> > wireless NIC, this is a standard configuration I have used in
> > dozens
> > of firewalls.
> > 
> > Michael, does any of this match your machine that has had the
> > issue?
> > Do you think I should look for anything else, or do you want to
> > just
> > wait for Core 96 and see if the new dnsmasq fixes it.
> > 
> > Rod
> > 
> > ===================================================================
> > =====
> > Dec  4 21:53:13 dd-router dnsmasq[2801]: reading
> > /var/state/dhcp/dhcpd.leases
> > Dec  4 21:54:25 dd-router kernel: dnsmasq[2801]: segfault at 0 ip
> > 0805daaf sp 5ec22580 error 4 in dnsmasq[8048000+32000]
> > Dec  4 21:54:25 dd-router kernel: grsec: Segmentation fault
> > occurred
> > at    (nil) in /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99
> > gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> > Dec  4 21:54:25 dd-router kernel: grsec: bruteforce prevention
> > initiated due to crash of /usr/sbin/dnsmasq against uid 99, banning
> > suid/sgid execs for 15 minutes.  Please investigate the crash
> > report
> > for /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99 gid/egid:40/40,
> > parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> > ===================================================================
> > =====
> > 
> > 
> > On 12/01/2015 10:40 PM, R. W. Rodolico wrote:
> > > I tried to reproduce it, but was not successful. I saw no
> > > correlation between the two times it happened. If it breaks
> > > again,
> > > I'll see if I can create a conditions list, however.
> > > 
> > > My office firewall is set to always run the testing tree, so as
> > > soon as 96 goes into beta, it will automatically upgrade (I keep
> > > a
> > > very, very old router around in case I completely mess it up with
> > > the upgrade! ).
> > > 
> > > I really hate giving a report that says "this broke." I know you
> > > need more information than that.
> > > 
> > > Rod
> > > 
> > > On 12/01/2015 04:39 PM, Michael Tremer wrote:
> > > > Hi,
> > > 
> > > > yes, dnsmasq has some stability issues. This has become way
> > > > better since a few releases, but it is still not at the level
> > > > where it should be.
> > > 
> > > > Have you any information about how to reproduce the crash? I
> > > > experienced them for a time, but they were all random and I
> > > > could not debug this a lot.
> > > 
> > > > I just merged a patch with some fixes. Maybe it has been fixed
> > > > in
> > > >  there. Please test Core Update 96 as soon as it becomes
> > > > available for testing.
> > > 
> > > > Best, -Michael
> > > 
> > > > On Fri, 2015-11-27 at 16:32 -0600, R. W. Rodolico wrote:
> > > > > I am running 95 and have had two times in the past couple of
> > > > > weeks where dnsmasq has died on me. I have been able to fix
> > > > > the problem by starting it up again and it works just fine.
> > > > > 
> > > > > The error appears to be associated with these log entries:
> > > > > 
> > > > > Nov 24 13:38:26 dd-router kernel: dnsmasq[2789]: segfault at
> > > > > 0
> > > > > ip 0805daaf sp 5af771e0 error 4 in dnsmasq[8048000+32000] Nov
> > > > > 24 13:38:26 dd-router kernel: grsec: Segmentation fault
> > > > > occurred at (nil) in /usr/sbin/dnsmasq[dnsmasq:2789]
> > > > > uid/euid:99/99 gid/egid:40/40, parent /sbin/init[init:1]
> > > > > uid/euid:0/0 gid/egid:0/0 Nov 24 13:38:26 dd-router kernel:
> > > > > grsec: bruteforce prevention initiated due to crash of
> > > > > /usr/sbin/dnsmasq against uid 99, banning suid/sgid execs for
> > > > > 15 minutes.  Please investigate the crash report for
> > > > > /usr/sbin/dnsmasq[dnsmasq:2789] uid/euid:99/99
> > > > > gid/egid:40/40,
> > > > > parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> > > > > 
> > > > > this is a fresh install of IPFire 94, then upgrade to 95.
> > > > > Please let me know what I can do to further troubleshoot
> > > > > this.
> > > > > 
> > > > > Rod
> > > 
> > > 
> > 
> > - --
> > Rod Rodolico
> > Daily Data, Inc.
> > POB 140465
> > Dallas TX 75214-0465
> > 214.827.2170
> > http://www.dailydata.net
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.12 (GNU/Linux)
> > 
> > iEYEARECAAYFAlZiZeQACgkQuVY3UpYMlTTr3wCfdDrr4+xDjM+rjopuFsUDkIPm
> > Je4An1fE+C4Jk3MKbTS1JpBxCev0HDR5
> > =ODLv
> > -----END PGP SIGNATURE-----
> > 
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]