Panic: nil pointer dereference in dns.MessageToAddresses

[surinrasu]

Operating system

macOS

System version

15.2(24C101)

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version HEAD-cf89b24

Environment: go1.23.6 darwin/arm64
Tags: with_gvisor,with_quic,with_wireguard,with_utls,with_reality_server,with_clash_api
Revision: cf89b24a2ca2b9550ee6bb87051821e17fcfb384
CGO: enabled

Description

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x18 pc=0x1016c5d1c]

goroutine 52 [running]:
github.com/sagernet/sing-box/dns.MessageToAddresses(0x14000226680?)
	github.com/sagernet/sing-box/dns/client.go:486 +0x1c
github.com/sagernet/sing-box/dns/transport/local.(*Transport).exchangeParallel.func1({0x1020517c0?, 0x140002521e0?}, {0x14000046560, 0x1d})
	github.com/sagernet/sing-box/dns/transport/local/local.go:89 +0x74
created by github.com/sagernet/sing-box/dns/transport/local.(*Transport).exchangeParallel in goroutine 69
	github.com/sagernet/sing-box/dns/transport/local/local.go:103 +0x174

I speculate this happens because in exchangeParallel(), tryOneName() returns nil as value of response, which is then passed directly to MessageToAddresses()

Since MessageToAddresses() does not check for nil before accessing response.Rcode, it results in a null pointer dereference, causing the panic

Reproduction

First run sing-box and set system proxy:

% sudo sing-box run -c min.json &
Password:
+0800 2025-02-08 20:36:19 INFO network: updated default interface en0, index 14
+0800 2025-02-08 20:36:19 INFO inbound/mixed[0]: tcp server started at 127.0.0.1:5353
+0800 2025-02-08 20:36:19 INFO sing-box started (0.00s)
% sudo networksetup -setwebproxy "Thunderbolt Ethernet" 127.0.0.1 5353
% sudo networksetup -setsecurewebproxy "Thunderbolt Ethernet" 127.0.0.1 5353

Then open some websites in browser:

% safari driver -v
Safari Technology Preview 18.2
session 66C4E128-15C4-4CB5-9CA5-1AB62E7226F7
> https://cn.bing.com
null
# Several attempts ......

Above is an interactive cli app for Safari's WebDriver, equivalent to sending a POST request to /session followed by a few to /session/{sessionId}/url with https://cn.bing.com, or opening a new Safari session in GUI and visiting the website several times

After this sing-box panicked:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x18 pc=0x1016c5d1c]

goroutine 52 [running]:
github.com/sagernet/sing-box/dns.MessageToAddresses(0x14000226680?)
	github.com/sagernet/sing-box/dns/client.go:486 +0x1c
github.com/sagernet/sing-box/dns/transport/local.(*Transport).exchangeParallel.func1({0x1020517c0?, 0x140002521e0?}, {0x14000046560, 0x1d})
	github.com/sagernet/sing-box/dns/transport/local/local.go:89 +0x74
created by github.com/sagernet/sing-box/dns/transport/local.(*Transport).exchangeParallel in goroutine 69
	github.com/sagernet/sing-box/dns/transport/local/local.go:103 +0x174

[1]  + exit 2     sudo sing-box run -c min.json

min.json:

{
  "log": {
    "level": "trace",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "type": "local",
        "tag": "local-dns"
      }
    ],
    "final": "local-dns"
  },
  "inbounds": [
    {
      "type": "mixed",
      "listen": "127.0.0.1",
      "listen_port": 5353
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "tag": "proxy-out",
      "server": "example.com",
      "server_port": 12345,
      "method": "2022-blake3-aes-128-gcm",
      "password": "password"
    }
  ],
  "route": {
    "default_domain_resolver": {
      "server": "local-dns",
      "client_subnet": "1.1.1.1"
    }
  }
}

Logs

+0800 2025-02-08 20:36:19 INFO network: updated default interface en0, index 14
+0800 2025-02-08 20:36:19 INFO inbound/mixed[0]: tcp server started at 127.0.0.1:5353
+0800 2025-02-08 20:36:19 INFO sing-box started (0.00s)
+0800 2025-02-08 20:36:19 INFO [1001029760 0ms] inbound/mixed[0]: inbound connection from 127.0.0.1:53543
+0800 2025-02-08 20:36:19 INFO [1001029760 0ms] inbound/mixed[0]: inbound connection to cn.bing.com:443
+0800 2025-02-08 20:36:19 INFO [1001029760 0ms] outbound/shadowsocks[proxy-out]: outbound connection to cn.bing.com:443
+0800 2025-02-08 20:36:19 DEBUG [1001029760 0ms] dns: lookup domain ab84luoz8.klmnodes.one
+0800 2025-02-08 20:36:19 DEBUG [1001029760 96ms] dns: exchanged ab84luoz8.klmnodes.one NOERROR 15
+0800 2025-02-08 20:36:19 DEBUG [1001029760 96ms] dns: exchanged CNAME ab84luoz8.klmnodes.one. 15 IN CNAME bj38a5uo.klmdns.com.
+0800 2025-02-08 20:36:19 DEBUG [1001029760 96ms] dns: exchanged A bj38a5uo.klmdns.com. 15 IN A 163.177.58.148
+0800 2025-02-08 20:36:19 DEBUG [1001029760 96ms] dns: exchanged OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x000f, udp: 4096
+0800 2025-02-08 20:36:19 DEBUG [1001029760 122ms] dns: lookup succeed for ab84luoz8.klmnodes.one: 163.177.58.148
+0800 2025-02-08 20:36:19 TRACE [1001029760 494ms] connection: connection download closed
+0800 2025-02-08 20:36:19 DEBUG [1001029760 494ms] connection: connection upload finished
+0800 2025-02-08 20:36:19 INFO [194152984 0ms] inbound/mixed[0]: inbound connection from 127.0.0.1:53549
+0800 2025-02-08 20:36:19 INFO [194152984 0ms] inbound/mixed[0]: inbound connection to cn.bing.com:443
+0800 2025-02-08 20:36:19 INFO [194152984 0ms] outbound/shadowsocks[proxy-out]: outbound connection to cn.bing.com:443
+0800 2025-02-08 20:36:19 DEBUG [194152984 0ms] dns: lookup domain ab84luoz8.klmnodes.one
+0800 2025-02-08 20:36:19 DEBUG [194152984 15ms] dns: exchanged ab84luoz8.klmnodes.one NOERROR 15
+0800 2025-02-08 20:36:19 DEBUG [194152984 15ms] dns: exchanged CNAME ab84luoz8.klmnodes.one. 15 IN CNAME bj38a5uo.klmdns.com.
+0800 2025-02-08 20:36:19 DEBUG [194152984 15ms] dns: exchanged A bj38a5uo.klmdns.com. 15 IN A 163.177.58.148
+0800 2025-02-08 20:36:19 DEBUG [194152984 15ms] dns: exchanged OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x000f, udp: 4096
+0800 2025-02-08 20:36:19 DEBUG [194152984 59ms] dns: lookup succeed for ab84luoz8.klmnodes.one: 163.177.58.148
+0800 2025-02-08 20:36:20 TRACE [194152984 458ms] connection: connection download closed
+0800 2025-02-08 20:36:20 DEBUG [194152984 458ms] connection: connection upload finished
+0800 2025-02-08 20:36:20 INFO [3487332595 0ms] inbound/mixed[0]: inbound connection from 127.0.0.1:53551
+0800 2025-02-08 20:36:20 INFO [3487332595 0ms] inbound/mixed[0]: inbound connection to cn.bing.com:443
+0800 2025-02-08 20:36:20 INFO [3487332595 0ms] outbound/shadowsocks[proxy-out]: outbound connection to cn.bing.com:443
+0800 2025-02-08 20:36:20 DEBUG [3487332595 0ms] dns: lookup domain ab84luoz8.klmnodes.one
+0800 2025-02-08 20:36:20 DEBUG [3487332595 19ms] dns: exchanged ab84luoz8.klmnodes.one NOERROR 15
+0800 2025-02-08 20:36:20 DEBUG [3487332595 19ms] dns: exchanged CNAME ab84luoz8.klmnodes.one. 15 IN CNAME bj38a5uo.klmdns.com.
+0800 2025-02-08 20:36:20 DEBUG [3487332595 19ms] dns: exchanged A bj38a5uo.klmdns.com. 15 IN A 163.177.58.148
+0800 2025-02-08 20:36:20 DEBUG [3487332595 19ms] dns: exchanged OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x000f, udp: 4096
+0800 2025-02-08 20:36:20 DEBUG [3487332595 60ms] dns: lookup succeed for ab84luoz8.klmnodes.one: 163.177.58.148
+0800 2025-02-08 20:36:20 TRACE [3487332595 480ms] connection: connection download closed
+0800 2025-02-08 20:36:20 DEBUG [3487332595 480ms] connection: connection upload finished
+0800 2025-02-08 20:36:20 INFO [805745208 0ms] inbound/mixed[0]: inbound connection from 127.0.0.1:53555
+0800 2025-02-08 20:36:20 INFO [805745208 0ms] inbound/mixed[0]: inbound connection to cn.bing.com:443
+0800 2025-02-08 20:36:20 INFO [805745208 0ms] outbound/shadowsocks[proxy-out]: outbound connection to cn.bing.com:443
+0800 2025-02-08 20:36:20 DEBUG [805745208 0ms] dns: lookup domain ab84luoz8.klmnodes.one
+0800 2025-02-08 20:36:20 DEBUG [805745208 17ms] dns: exchanged ab84luoz8.klmnodes.one NOERROR 14
+0800 2025-02-08 20:36:20 DEBUG [805745208 17ms] dns: exchanged CNAME ab84luoz8.klmnodes.one. 14 IN CNAME bj38a5uo.klmdns.com.
+0800 2025-02-08 20:36:20 DEBUG [805745208 17ms] dns: exchanged A bj38a5uo.klmdns.com. 14 IN A 163.177.58.148
+0800 2025-02-08 20:36:20 DEBUG [805745208 17ms] dns: exchanged OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x000e, udp: 4096
+0800 2025-02-08 20:36:20 DEBUG [805745208 60ms] dns: lookup succeed for ab84luoz8.klmnodes.one: 163.177.58.148
+0800 2025-02-08 20:36:21 TRACE [805745208 389ms] connection: connection download closed
+0800 2025-02-08 20:36:21 DEBUG [805745208 389ms] connection: connection upload finished
+0800 2025-02-08 20:36:21 INFO [3990789498 0ms] inbound/mixed[0]: inbound connection from 127.0.0.1:53564
+0800 2025-02-08 20:36:21 INFO [3990789498 0ms] inbound/mixed[0]: inbound connection to cn.bing.com:443
+0800 2025-02-08 20:36:21 INFO [3990789498 0ms] outbound/shadowsocks[proxy-out]: outbound connection to cn.bing.com:443
+0800 2025-02-08 20:36:21 DEBUG [3990789498 0ms] dns: lookup domain ab84luoz8.klmnodes.one
+0800 2025-02-08 20:36:21 DEBUG [3990789498 22ms] dns: exchanged ab84luoz8.klmnodes.one NOERROR 14
+0800 2025-02-08 20:36:21 DEBUG [3990789498 22ms] dns: exchanged CNAME ab84luoz8.klmnodes.one. 14 IN CNAME bj38a5uo.klmdns.com.
+0800 2025-02-08 20:36:21 DEBUG [3990789498 22ms] dns: exchanged A bj38a5uo.klmdns.com. 14 IN A 163.177.58.148
+0800 2025-02-08 20:36:21 DEBUG [3990789498 22ms] dns: exchanged OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x000e, udp: 4096
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x18 pc=0x1016c5d1c]

goroutine 52 [running]:
github.com/sagernet/sing-box/dns.MessageToAddresses(0x14000226680?)
	github.com/sagernet/sing-box/dns/client.go:486 +0x1c
github.com/sagernet/sing-box/dns/transport/local.(*Transport).exchangeParallel.func1({0x1020517c0?, 0x140002521e0?}, {0x14000046560, 0x1d})
	github.com/sagernet/sing-box/dns/transport/local/local.go:89 +0x74
created by github.com/sagernet/sing-box/dns/transport/local.(*Transport).exchangeParallel in goroutine 69
	github.com/sagernet/sing-box/dns/transport/local/local.go:103 +0x17

Supporter

• I am a sponsor

Integrity requirements

• I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

[nekohasekai]

Can you confirm if this issue has been fixed?

[surinrasu]

Can you confirm if this issue has been fixed?

Looks like it! 🥰 It has been running flawlessly under the same config since yesterday