From mboxrd@z Thu Jan 1 00:00:00 1970 From: "R. W. Rodolico" To: development@lists.ipfire.org Subject: Re: Possible Issue Date: Fri, 04 Dec 2015 22:19:48 -0600 Message-ID: <566265E4.6020003@dailydata.net> In-Reply-To: <565E7643.8030808@dailydata.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4578910219984274668==" List-Id: --===============4578910219984274668== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just a follow up on the dnsmasq issue. It happened again tonight, with logs similar to what I had before. See at the bottom. Here is the sequence of events: I was opening http://news.bbc.co.uk (which redirects to http://www.bbc.com/news). It made it halfway through the page when dnsmasq apparently died (some of the images did not come up). I then tried to open a few additional pages, all at www.bbc.com, and when they all failed, I checked the server. Note that at 21:53:13 it was running fine, and at 21:54.25 it died, during a page load. Just prior to all this, I had loaded several pages, each requiring a DNS operation. It appeared dnsmasq died during the loading of the last of them (news.bbc.co.uk) as that one had images only partially complete. The sites were. http://antwrp.gsfc.nasa.gov/apod/ http://news.bbc.co.uk/ http://www.publicbroadcasting.net/kera/news.newsmain http://planet.ipfire.org/ http://www.kyivpost.com/ I tend to open these all at the same time in Firefox and they generally work just fine. At the time I opened these, I also had 12 other tabs open in three additional instances of Firefox, one tab open in Chromium, my mail client open with 4 accounts. No other machines were on in the location. I see no patterns at all. The last time it happened, I do not believe I had nearly as many sessions open (there are always around 12 web pages open in two Firefox windows). It is weird in that it happened about a week ago also. The IPFire machine is as follows: AMD Geode, single core, 500Mhz 512M RAM, no swap 4 VIA VT6105M NIC's, Red, Green and two bridged Green 1 TP-Link TL-WN75IND wireless PCI card (Qualcomm Atheros AR9227 Wireless NIC) With the exception of bridging two NIC's into the Green, and the wireless NIC, this is a standard configuration I have used in dozens of firewalls. Michael, does any of this match your machine that has had the issue? Do you think I should look for anything else, or do you want to just wait for Core 96 and see if the new dnsmasq fixes it. Rod ======================================================================== Dec 4 21:53:13 dd-router dnsmasq[2801]: reading /var/state/dhcp/dhcpd.leases Dec 4 21:54:25 dd-router kernel: dnsmasq[2801]: segfault at 0 ip 0805daaf sp 5ec22580 error 4 in dnsmasq[8048000+32000] Dec 4 21:54:25 dd-router kernel: grsec: Segmentation fault occurred at (nil) in /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 Dec 4 21:54:25 dd-router kernel: grsec: bruteforce prevention initiated due to crash of /usr/sbin/dnsmasq against uid 99, banning suid/sgid execs for 15 minutes. Please investigate the crash report for /usr/sbin/dnsmasq[dnsmasq:2801] uid/euid:99/99 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 ======================================================================== On 12/01/2015 10:40 PM, R. W. Rodolico wrote: > I tried to reproduce it, but was not successful. I saw no > correlation between the two times it happened. If it breaks again, > I'll see if I can create a conditions list, however. > > My office firewall is set to always run the testing tree, so as > soon as 96 goes into beta, it will automatically upgrade (I keep a > very, very old router around in case I completely mess it up with > the upgrade! ). > > I really hate giving a report that says "this broke." I know you > need more information than that. > > Rod > > On 12/01/2015 04:39 PM, Michael Tremer wrote: >> Hi, > >> yes, dnsmasq has some stability issues. This has become way >> better since a few releases, but it is still not at the level >> where it should be. > >> Have you any information about how to reproduce the crash? I >> experienced them for a time, but they were all random and I >> could not debug this a lot. > >> I just merged a patch with some fixes. Maybe it has been fixed in >> there. Please test Core Update 96 as soon as it becomes >> available for testing. > >> Best, -Michael > >> On Fri, 2015-11-27 at 16:32 -0600, R. W. Rodolico wrote: >>> I am running 95 and have had two times in the past couple of >>> weeks where dnsmasq has died on me. I have been able to fix >>> the problem by starting it up again and it works just fine. >>> >>> The error appears to be associated with these log entries: >>> >>> Nov 24 13:38:26 dd-router kernel: dnsmasq[2789]: segfault at 0 >>> ip 0805daaf sp 5af771e0 error 4 in dnsmasq[8048000+32000] Nov >>> 24 13:38:26 dd-router kernel: grsec: Segmentation fault >>> occurred at (nil) in /usr/sbin/dnsmasq[dnsmasq:2789] >>> uid/euid:99/99 gid/egid:40/40, parent /sbin/init[init:1] >>> uid/euid:0/0 gid/egid:0/0 Nov 24 13:38:26 dd-router kernel: >>> grsec: bruteforce prevention initiated due to crash of >>> /usr/sbin/dnsmasq against uid 99, banning suid/sgid execs for >>> 15 minutes. Please investigate the crash report for >>> /usr/sbin/dnsmasq[dnsmasq:2789] uid/euid:99/99 gid/egid:40/40, >>> parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 >>> >>> this is a fresh install of IPFire 94, then upgrade to 95. >>> Please let me know what I can do to further troubleshoot this. >>> >>> Rod > > - -- Rod Rodolico Daily Data, Inc. POB 140465 Dallas TX 75214-0465 214.827.2170 http://www.dailydata.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlZiZeQACgkQuVY3UpYMlTTr3wCfdDrr4+xDjM+rjopuFsUDkIPm Je4An1fE+C4Jk3MKbTS1JpBxCev0HDR5 =ODLv -----END PGP SIGNATURE----- --===============4578910219984274668==--