Bug 1818761

Summary: unbound crash, abrt report
Product: Red Hat Enterprise Linux 8 Reporter: Petr Sklenar <psklenar>
Component: unboundAssignee: aegorenk
Status: CLOSED ERRATA QA Contact: Petr Sklenar <psklenar>
Severity: high Docs Contact:
Priority: medium    
Version: 8.1CC: aegorenk, pzhukov, thozza
Target Milestone: rcKeywords: AutoVerified, Patch, TestCaseProvided, Triaged
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1824536 (view as bug list) Environment:
Last Closed: 2020-11-04 02:37:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1771008, 1824536    

Description Petr Sklenar 2020-03-30 09:56:14 UTC 
Report URL: https://faf.lab.eng.brq.redhat.com/faf/reports/bthash/e91b638bc1854d8639d6015aefecb59ffec362b3/

there is sometime crash in unbound in test:
/CoreOS/ldns/Regression/RFE-ldns-does-not-support-ECDSA-DNSSEC-keys-RFC

but its not reproducible so easily.
Comment 2 Petr Sklenar 2020-03-30 11:41:07 UTC 
no test needed:

just start and stop, try few time and you would see:

[root@ci-vm-10-0-138-99 ~]# service unbound start
Redirecting to /bin/systemctl start unbound.service
[root@ci-vm-10-0-138-99 ~]# Mar 30 07:40:04 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com systemd[1]: Starting Unbound recursive Domain Name Server...
Mar 30 07:40:04 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com unbound-checkconf[5882]: unbound-checkconf: no errors in /etc/unbound/unbound.conf
Mar 30 07:40:04 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com systemd[1]: Started Unbound recursive Domain Name Server.
Mar 30 07:40:04 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com unbound[5885]: [5885:0] notice: init module 0: ipsecmod
Mar 30 07:40:04 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com unbound[5885]: [5885:0] notice: init module 1: validator
Mar 30 07:40:04 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com unbound[5885]: [5885:0] notice: init module 2: iterator
Mar 30 07:40:04 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com unbound[5885]: [5885:0] info: start of service (unbound 1.7.3).

[root@ci-vm-10-0-138-99 ~]# 
[root@ci-vm-10-0-138-99 ~]# service unbound stop
Redirecting to /bin/systemctl stop unbound.service
[root@ci-vm-10-0-138-99 ~]# Mar 30 07:40:07 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com systemd[1]: Stopping Unbound recursive Domain Name Server...
Mar 30 07:40:07 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com unbound[5885]: [5885:0] info: service stopped (unbound 1.7.3).
Mar 30 07:40:07 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com kernel: unbound[5885]: segfault at 78 ip 0000562de9bc3a35 sp 00007fff07e60e90 error 4 in unbound[562de9b3c000+135000]
Mar 30 07:40:07 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com kernel: Code: f7 48 83 ec 30 64 48 8b 04 25 28 00 00 00 48 89 44 24 28 31 c0 e8 1b e1 f8 ff 85 c0 0f 85 f3 00 00 00 48 8b 43 70 48 8b 68 08 <48> 8b 55 78 44 8b 42 2c 45 85 c0 0f 85 0a 01 00 00 8b 48 20 45 85
Mar 30 07:40:07 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com unbound[5885]: [5885:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 30 07:40:07 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com systemd[1]: unbound.service: Main process exited, code=killed, status=11/SEGV
Mar 30 07:40:07 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com unbound[5885]: [5885:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 30 07:40:07 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com systemd[1]: unbound.service: Failed with result 'signal'.
Mar 30 07:40:07 ci-vm-10-0-138-99.hosted.upshift.rdu2.redhat.com systemd[1]: Stopped Unbound recursive Domain Name Server.
Comment 4 aegorenk 2020-04-15 14:40:34 UTC 
Way to reproduce:
Create a config file with FQDN of nameservers as masters in auth-zone section. Current version of default unbound.config suits this condition.
Start unbound with `unbound -d` command and terminate it in short period of time. You should see a segfault.

The problem was reported to the upstream:
https://github.com/NLnetLabs/unbound/issues/220
Comment 5 Pavel Zhukov 2020-04-16 07:24:37 UTC 
https://github.com/NLnetLabs/unbound/commit/8a87fc6ae7e17490b9bbb79c31f78977e2744ac3
Comment 18 errata-xmlrpc 2020-11-04 02:37:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (unbound bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4645