search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.3k stars 13.54k forks source link

dnsmasq stuck after port scan #104181

Open davidak opened 3 years ago

davidak commented 3 years ago

Describe the bug When i have dnsmasq installed on a Raspberry Pi 4 (AARCH64) and do a port scan, it get stuck and consumes 100% CPU forever.

I noticed that when scanning with openvas, but it is also reproducible with nmap.

To Reproduce Steps to reproduce the behavior:

  1. Have a Raspberry Pi 4 with NixOS (maybe any other aarch64 will do)
  2. Setup dnsmasq
  services.resolved.enable = false; # use dnsmasq instead
  services.dnsmasq = {
    enable = true;
    resolveLocalQueries = true;
    servers = [ "9.9.9.9" "149.112.112.112" ]; # use https://quad9.net/
  };
  1. Do a "Intense Scan" with nmap

nix run nixpkgs.nmap-graphical -c zenmap

It don't happen with a "Regular Scan" or "Quick Scan".

But even there, you see process activity with strace for 2 minutes after the scan has finished. With the "Intense Scan" it never stops. That activity produces 100% CPU load.

I can't remember having the same behavior with x86-64, but i haven't tried with NixOS 20.09 there.

So maybe it's a NixOS 20.09 problem, or aarch64.

Here is the strace log: https://gist.github.com/davidak/2b41a2301ad1b0e9e4556ef96c28e44c

The process is marked as defunct:

dnsmasq  12800 35.6  0.3  17020 12752 ?        Rs   00:01 316:29 /nix/store/k5hx65wkvq7qgbjfdclx9l0cp1wmgzps-dnsmasq-2.82/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C /nix/store/4h3aq40g5qnxx6cgqbmm2mdj1r56ifrq-dnsmasq.conf
dnsmasq   5713  0.0  0.0      0     0 ?        Z    14:48   0:00  \_ [dnsmasq] <defunct>

It might be an issue upstream has to fix.

Expected behavior dnsmasq answers the requests and don't do anything further

Screenshots Screenshot from 2020-11-18 16-56-47

The program is not detected correctly, so nmap probably never got the banner.

Additional context It's the first time i disabled IPv6 on NixOS, but that probably don't cause such issues.

Notify maintainers @fpletz @globin

Metadata

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute: dnsmasq
# a list of nixos modules affected by the problem
module:
stale[bot] commented 3 years ago

I marked this as stale due to inactivity. → More info