Re: Possible Issue

["R. W. Rodolico" <rodo@dailydata.net>]

[-- Attachment #1: Type: text/plain, Size: 5526 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just a follow up on the dnsmasq issue. It happened again tonight, with
logs similar to what I had before. See at the bottom. Here is the
sequence of events:

I was opening http://news.bbc.co.uk (which redirects to
http://www.bbc.com/news). It made it halfway through the page when
dnsmasq apparently died (some of the images did not come up). I then
tried to open a few additional pages, all at www.bbc.com, and when
they all failed, I checked the server. Note that at 21:53:13 it was
running fine, and at 21:54.25 it died, during a page load.

Just prior to all this, I had loaded several pages, each requiring a
DNS operation. It appeared dnsmasq died during the loading of the last
of them (news.bbc.co.uk) as that one had images only partially
complete. The sites were.

http://antwrp.gsfc.nasa.gov/apod/
http://news.bbc.co.uk/
http://www.publicbroadcasting.net/kera/news.newsmain
http://planet.ipfire.org/
http://www.kyivpost.com/

I tend to open these all at the same time in Firefox and they
generally work just fine. At the time I opened these, I also had 12
other tabs open in three additional instances of Firefox, one tab open
in Chromium, my mail client open with 4 accounts. No other machines
were on in the location.

I see no patterns at all. The last time it happened, I do not believe
I had nearly as many sessions open (there are always around 12 web
pages open in two Firefox windows). It is weird in that it happened
about a week ago also.

The IPFire machine is as follows:
AMD Geode, single core, 500Mhz
512M RAM, no swap
4 VIA VT6105M NIC's, Red, Green and two bridged Green
1 TP-Link TL-WN75IND wireless PCI card (Qualcomm Atheros AR9227
Wireless NIC)

With the exception of bridging two NIC's into the Green, and the
wireless NIC, this is a standard configuration I have used in dozens
of firewalls.

Michael, does any of this match your machine that has had the issue?
Do you think I should look for anything else, or do you want to just
wait for Core 96 and see if the new dnsmasq fixes it.

Rod

========================================================================
Dec  4 21:53:13 dd-router dnsmasq[2801]: reading
/var/state/dhcp/dhcpd.leases
Dec  4 21:54:25 dd-router kernel: dnsmasq[2801]: segfault at 0 ip
0805daaf sp 5ec22580 error 4 in dnsmasq[8048000+32000]
Dec  4 21:54:25 dd-router kernel: grsec: Segmentation fault occurred
at    (nil) in /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99
gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Dec  4 21:54:25 dd-router kernel: grsec: bruteforce prevention
initiated due to crash of /usr/sbin/dnsmasq against uid 99, banning
suid/sgid execs for 15 minutes.  Please investigate the crash report
for /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99 gid/egid:40/40,
parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
========================================================================


On 12/01/2015 10:40 PM, R. W. Rodolico wrote:
> I tried to reproduce it, but was not successful. I saw no
> correlation between the two times it happened. If it breaks again,
> I'll see if I can create a conditions list, however.
> 
> My office firewall is set to always run the testing tree, so as
> soon as 96 goes into beta, it will automatically upgrade (I keep a
> very, very old router around in case I completely mess it up with
> the upgrade! ).
> 
> I really hate giving a report that says "this broke." I know you
> need more information than that.
> 
> Rod
> 
> On 12/01/2015 04:39 PM, Michael Tremer wrote:
>> Hi,
> 
>> yes, dnsmasq has some stability issues. This has become way
>> better since a few releases, but it is still not at the level
>> where it should be.
> 
>> Have you any information about how to reproduce the crash? I 
>> experienced them for a time, but they were all random and I
>> could not debug this a lot.
> 
>> I just merged a patch with some fixes. Maybe it has been fixed in
>>  there. Please test Core Update 96 as soon as it becomes
>> available for testing.
> 
>> Best, -Michael
> 
>> On Fri, 2015-11-27 at 16:32 -0600, R. W. Rodolico wrote:
>>> I am running 95 and have had two times in the past couple of 
>>> weeks where dnsmasq has died on me. I have been able to fix
>>> the problem by starting it up again and it works just fine.
>>> 
>>> The error appears to be associated with these log entries:
>>> 
>>> Nov 24 13:38:26 dd-router kernel: dnsmasq[2789]: segfault at 0 
>>> ip 0805daaf sp 5af771e0 error 4 in dnsmasq[8048000+32000] Nov
>>> 24 13:38:26 dd-router kernel: grsec: Segmentation fault
>>> occurred at (nil) in /usr/sbin/dnsmasq[dnsmasq:2789]
>>> uid/euid:99/99 gid/egid:40/40, parent /sbin/init[init:1]
>>> uid/euid:0/0 gid/egid:0/0 Nov 24 13:38:26 dd-router kernel:
>>> grsec: bruteforce prevention initiated due to crash of
>>> /usr/sbin/dnsmasq against uid 99, banning suid/sgid execs for
>>> 15 minutes.  Please investigate the crash report for
>>> /usr/sbin/dnsmasq[dnsmasq:2789] uid/euid:99/99 gid/egid:40/40,
>>> parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
>>> 
>>> this is a fresh install of IPFire 94, then upgrade to 95.
>>> Please let me know what I can do to further troubleshoot this.
>>> 
>>> Rod
> 
> 

- -- 
Rod Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
214.827.2170
http://www.dailydata.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlZiZeQACgkQuVY3UpYMlTTr3wCfdDrr4+xDjM+rjopuFsUDkIPm
Je4An1fE+C4Jk3MKbTS1JpBxCev0HDR5
=ODLv
-----END PGP SIGNATURE-----