Bug 446848

Summary: Bind segfault'ing randomly
Product: [Fedora] Fedora Reporter: Vincent Liggio <vince>
Component: bindAssignee: Adam Tkac <atkac>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: low    
Version: 8CC: atkac, bilias, bill, mark, ovasik, redhat-tigerp, sjensen
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: 9.5.0-27.rc1.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-06-03 07:36:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
output from gdb
none
core dump trace none

Description Vincent Liggio 2008-05-16 13:21:25 UTC 
Description of problem:

named crashing randomly

May 13 15:08:14 www kernel: named[5127]: segfault at 00000000 eip 0015b1c7 esp
b613edb0 error 4
May 14 04:47:41 www kernel: named[12452]: segfault at 00000000 eip 0015b1c7 esp
b6aaff50 error 4
May 14 11:27:21 www kernel: named[4879]: segfault at 00000000 eip 0015b1c7 esp
b60d5db0 error 4
May 15 10:55:20 www kernel: named[12498]: segfault at 00000000 eip 0015b1c7 esp
b7509db0 error 4
May 16 04:28:05 www kernel: named[30998]: segfault at 00000000 eip 0015b1c7 esp
b74baf50 error 4

Version-Release number of selected component (if applicable):
bind 9.5.0-26.b3.fc8

How reproducible:
Daily occurrence

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 William H. Haller 2008-05-16 18:26:31 UTC 
Also occurs here. Only additional information I can give is there was a 
complaint about "too many timeouts resolving ... disabling EDNS the second 
before.

Previous bind release 9.5.0-23.b1.fc8 was OK. This problem is new with the 
latest one listed above.
Comment 2 Vincent Liggio 2008-05-16 18:36:23 UTC 
Yes, I see similar errors in my logs about EDNS. I'm going to disable it to see
if that keeps it from crashing.
Comment 3 Adam Tkac 2008-05-19 12:17:21 UTC 
*** Bug 447228 has been marked as a duplicate of this bug. ***
Comment 4 Adam Tkac 2008-05-19 12:22:13 UTC 
Could someone attach backtrace, please? I'm not able to reproduce this problem.

1) install bind-debuginfo
2) make /var/named directory writable by named user (you should not see "the
working directory is not writable" message in log when named starts)
3) wait for crash
4) open core file in gdb ($gdb /usr/sbin/named <core_file>)
5) type "t a a bt" in gdb and attach output, please

Thanks
Comment 5 Stefan Jensen 2008-05-19 23:07:06 UTC 
Created attachment 306030 [details]
output from gdb
Comment 6 Adam Tkac 2008-05-20 13:27:39 UTC 
(In reply to comment #5)
> Created an attachment (id=306030) [edit]
> outpu6 from gdb
> 

Thanks for it, would it be possible also attach named.conf, please?
Comment 7 William H. Haller 2008-05-21 03:32:55 UTC 
Created attachment 306206 [details]
core dump trace

I can e-mail you a named.conf directly if you need my input as well
Comment 8 Adam Tkac 2008-05-21 08:35:16 UTC 
(In reply to comment #7)
> Created an attachment (id=306206) [edit]
> core dump trace
> 
> I can e-mail you a named.conf directly if you need my input as well

It would be nice. Or you can attach it here and mark attachment as private. Thanks
Comment 10 Fedora Update System 2008-05-23 11:08:54 UTC 
bind-9.5.0-27.rc1.fc8 has been submitted as an update for Fedora 8
Comment 11 Fedora Update System 2008-05-29 02:40:15 UTC 
bind-9.5.0-27.rc1.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update bind'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-4465
Comment 12 Fedora Update System 2008-06-03 07:36:49 UTC 
bind-9.5.0-27.rc1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Mark 2008-06-04 22:11:41 UTC 
bind-9.5.0-27.rc1.fc8 still segfaults.

installed:
bind-devel-9.5.0-27.rc1.fc8
bind-9.5.0-27.rc1.fc8
bind-chroot-9.5.0-27.rc1.fc8
bind-debuginfo-9.5.0-27.rc1.fc8
bind-libs-9.5.0-27.rc1.fc8
bind-utils-9.5.0-27.rc1.fc8

Error:
kernel: named[25864]: segfault at 00000000 eip 0015b227 esp b7ed10a0 error 4

Debug:
GNU gdb Red Hat Linux (6.6-45.fc8rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".

warning: Can't read pathname for load map: Input/output error.
Loaded symbols for /usr/sbin/named
Reading symbols from /usr/lib/liblwres.so.40.0.0...Reading symbols from /usr/
lib/debug/usr/lib/liblwres.so.40.0.0.debug...done.
done.
Loaded symbols for /usr/lib/liblwres.so.40.0.0
Reading symbols from /usr/lib/libdns.so.42.0.1...Reading symbols from /usr/lib/
debug/usr/lib/libdns.so.42.0.1.debug...done.
done.
Loaded symbols for /usr/lib/libdns.so.42.0.1
Reading symbols from /usr/lib/libbind9.so.40.0.3...Reading symbols from /usr/
lib/debug/usr/lib/libbind9.so.40.0.3.debug...done.
done.
Loaded symbols for /usr/lib/libbind9.so.40.0.3
Reading symbols from /usr/lib/libisccfg.so.40.0.2...Reading symbols from /usr/
lib/debug/usr/lib/libisccfg.so.40.0.2.debug...done.
done.
Loaded symbols for /usr/lib/libisccfg.so.40.0.2
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /lib/libcrypto.so.6...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /usr/lib/libisccc.so.40.0.0...Reading symbols from /usr/
lib/debug/usr/lib/libisccc.so.40.0.0.debug...done.
done.
Loaded symbols for /usr/lib/libisccc.so.40.0.0
Reading symbols from /usr/lib/libisc.so.41.1.0...Reading symbols from /usr/lib/
debug/usr/lib/libisc.so.41.1.0.debug...done.
done.
Loaded symbols for /usr/lib/libisc.so.41.1.0
Reading symbols from /lib/libcap.so.1...done.
Loaded symbols for /lib/libcap.so.1
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /lib/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libkrb5support.so.0...done.
Loaded symbols for /usr/lib/libkrb5support.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libkeyutils.so.1...done.
Loaded symbols for /lib/libkeyutils.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libselinux.so.1...done.
Loaded symbols for /lib/libselinux.so.1
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Core was generated by `/usr/sbin/named -u named -t /var/named/chroot'.
Program terminated with signal 11, Segmentation fault.
#0  0x0015b227 in dns_acl_match (reqaddr=0xb7f391b4, reqsigner=0x0, 
acl=0xb611c4e8, env=0xb7f470a8, match=0xb7f391b0, matchelt=0x0)
    at acl.c:226
226                     if (*(isc_boolean_t *) node->data[ISC_IS6(family)] == 
ISC_TRUE)
(gdb) t a a bt

Thread 4 (process 20124):
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x00644c07 in sigsuspend () from /lib/libc.so.6
#2  0x00450ff2 in isc_app_run () at app.c:533
#3  0xb7fbe5da in main (argc=0, argv=0xbff0af94) at ./main.c:879

Thread 3 (process 20126):
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x00499902 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/
libpthread.so.0
#2  0x004631ec in isc_condition_waituntil (c=0xb7f43040, m=0xb7f43010, 
t=0xb7f43038) at condition.c:59
#3  0x0044f650 in run (uap=0xb7f43008) at timer.c:719
#4  0x0049550b in start_thread () from /lib/libpthread.so.0
#5  0x006eeb2e in clone () from /lib/libc.so.6

Thread 2 (process 20127):
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x006e75f1 in select () from /lib/libc.so.6
#2  0x004604ad in watcher (uap=0xb9a12148) at socket.c:2513
#3  0x0049550b in start_thread () from /lib/libpthread.so.0
#4  0x006eeb2e in clone () from /lib/libc.so.6

Thread 1 (process 20125):
#0  0x0015b227 in dns_acl_match (reqaddr=0xb7f391b4, reqsigner=0x0, 
acl=0xb611c4e8, env=0xb7f470a8, match=0xb7f391b0, matchelt=0x0)
    at acl.c:226
#1  0xb7fae659 in ns_client_checkaclsilent (client=0xb5f31008, sockaddr=0x0, 
acl=0xb611c4e8, default_allow=isc_boolean_true)
    at client.c:2612
#2  0xb7fbfb67 in query_validatezonedb (client=0xb5f31008, name=0xb5f38008, 
qtype=1, options=0, zone=0xb9b963f8, db=0xb5c6c008, 
    versionp=0xb7f399ec) at query.c:655
#3  0xb7fc00ae in query_getzonedb (client=0xb5f31008, name=0xb5f38008, qtype=1, 
options=0, zonep=0xb7f399e8, dbp=0xb7f39a24, 
    versionp=0xb7f399ec) at query.c:754
#4  0xb7fc0117 in query_getdb (client=0xb5f31008, name=0xb5f38008, qtype=<value 
optimized out>, options=0, zonep=0xb7f399e8, 
    dbp=0xb7f39a24, versionp=0xb7f399ec, is_zonep=0xb7f399f8) at query.c:952
#5  0xb7fc4133 in query_find (client=0xb5f31008, event=0x0, qtype=1) at 
query.c:3479
#6  0xb7fc76ea in ns_query_start (client=0xb5f31008) at query.c:4649
#7  0xb7fb42ba in client_request (task=0xb7f528f8, event=0xb5f350f8) at 
client.c:1895
#8  0x0044ceb2 in run (uap=0xb7f41008) at task.c:862
#9  0x0049550b in start_thread () from /lib/libpthread.so.0
#10 0x006eeb2e in clone () from /lib/libc.so.6
Missing separate debuginfos, use: debuginfo-install e2fsprogs.i386 glibc.i686 
keyutils.i386 krb5.i386 libcap.i386 libselinux.i386 lib
xml2.i386 openssl.i686 zlib.i386
(gdb) quit
Comment 14 Stefan Jensen 2008-06-04 22:32:11 UTC 
Just a quick note.

The update solved this for me: https://bugzilla.redhat.com/show_bug.cgi?id=447228

==> ../named/chroot/var/log/named.log <==
05-Jun-2008 00:30:49.409 general: error: invalid command from ::1#4401:
connection reset