Bug 457175

Summary: Bind segfaults on update
Product: [Fedora] Fedora Reporter: Mark <mark>
Component: bindAssignee: Adam Tkac <atkac>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: low    
Version: 8CC: atkac, mark, ovasik
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-10 06:42:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark 2008-07-30 01:06:50 UTC 
Description of problem:
Bind segfaults when receiving updates.  Last working version of bind was 
bind-9.4.2-4.fc8.

Error:
named[9945]: segfault at 00000000 eip 0015b187 esp b7e980a0 error 4

Version-Release number of selected component (if applicable):
bind-debuginfo-9.5.0-28.P1.fc8
bind-libs-9.5.0-28.P1.fc8
bind-devel-9.5.0-28.P1.fc8
bind-9.5.0-28.P1.fc8
bind-utils-9.5.0-28.P1.fc8
bind-chroot-9.5.0-28.P1.fc8


How reproducible:
Always (within seconds of restarting named)

Steps to Reproduce:
1. Start bind
2. Update received
3. segfault
  
Actual results:


Expected results:


Additional info:
GNU gdb Red Hat Linux (6.6-45.fc8rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu".
Reading symbols from /usr/lib/debug/usr/sbin/named.debug...done.
Using host libthread_db library "/lib/libthread_db.so.1".

warning: Can't read pathname for load map: Input/output error.
Loaded symbols for /usr/sbin/named
Reading symbols from /usr/lib/liblwres.so.40.0.0...Reading symbols from /usr/
lib/debug/usr/lib/liblwres.so.40.0.0.debug...done.
done.
Loaded symbols for /usr/lib/liblwres.so.40.0.0
Reading symbols from /usr/lib/libdns.so.43.0.0...Reading symbols from /usr/lib/
debug/usr/lib/libdns.so.43.0.0.debug...done.
done.
Loaded symbols for /usr/lib/libdns.so.43.0.0
Reading symbols from /usr/lib/libbind9.so.40.0.3...Reading symbols from /usr/
lib/debug/usr/lib/libbind9.so.40.0.3.debug...done.
done.
Loaded symbols for /usr/lib/libbind9.so.40.0.3
Reading symbols from /usr/lib/libisccfg.so.40.0.3...Reading symbols from /usr/
lib/debug/usr/lib/libisccfg.so.40.0.3.debug...done.
done.
Loaded symbols for /usr/lib/libisccfg.so.40.0.3
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /lib/libcrypto.so.6...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /usr/lib/libisccc.so.40.0.0...Reading symbols from /usr/
lib/debug/usr/lib/libisccc.so.40.0.0.debug...done.
done.
Loaded symbols for /usr/lib/libisccc.so.40.0.0
Reading symbols from /usr/lib/libisc.so.41.1.0...Reading symbols from /usr/lib/
debug/usr/lib/libisc.so.41.1.0.debug...done.
done.
Loaded symbols for /usr/lib/libisc.so.41.1.0
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libkrb5support.so.0...done.
Loaded symbols for /usr/lib/libkrb5support.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libkeyutils.so.1...done.
Loaded symbols for /lib/libkeyutils.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libselinux.so.1...done.
Loaded symbols for /lib/libselinux.so.1
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Core was generated by `/usr/sbin/named -u named -t /var/named/chroot'.
Program terminated with signal 11, Segmentation fault.
#0  0x0015b187 in dns_acl_match (reqaddr=0xb7ec21b4, reqsigner=0x0, 
    acl=0xb60a61e8, env=0xb7ed00a8, match=0xb7ec21b0, matchelt=0x0)
    at acl.c:226
226			if (*(isc_boolean_t *) node->data[ISC_IS6(family)] == 
ISC_TRUE)
(gdb) t a a bt

Thread 4 (process 22725):
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x004ccc07 in sigsuspend () from /lib/libc.so.6
#2  0x0044f2d2 in isc_app_run () at app.c:533
#3  0xb7f45d2a in main (argc=0, argv=0xbf8a8134) at ./main.c:879

Thread 3 (process 22727):
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x00493902 in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib/libpthread.so.0
#2  0x00460fac in isc_condition_waituntil (c=0xb7ecc040, m=0xb7ecc010, 
    t=0xb7ecc038) at condition.c:59
#3  0x0044d930 in run (uap=0xb7ecc008) at timer.c:719
#4  0x0048f50b in start_thread () from /lib/libpthread.so.0
#5  0x00576b2e in clone () from /lib/libc.so.6

Thread 2 (process 22728):
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x0056f5f1 in select () from /lib/libc.so.6
#2  0x0045e26d in watcher (uap=0xb8212130) at socket.c:2513
#3  0x0048f50b in start_thread () from /lib/libpthread.so.0
#4  0x00576b2e in clone () from /lib/libc.so.6

Thread 1 (process 22726):
#0  0x0015b187 in dns_acl_match (reqaddr=0xb7ec21b4, reqsigner=0x0, 
    acl=0xb60a61e8, env=0xb7ed00a8, match=0xb7ec21b0, matchelt=0x0)
    at acl.c:226
#1  0xb7f35dc9 in ns_client_checkaclsilent (client=0xb5eba008, sockaddr=0x0, 
    acl=0xb60a61e8, default_allow=isc_boolean_true) at client.c:2604
#2  0xb7f472b7 in query_validatezonedb (client=0xb5eba008, name=0xb5ec1008, 
    qtype=1, options=0, zone=0xb8375390, db=0xb5be9008, versionp=0xb7ec29ec)
    at query.c:655
#3  0xb7f477fe in query_getzonedb (client=0xb5eba008, name=0xb5ec1008, 
    qtype=1, options=0, zonep=0xb7ec29e8, dbp=0xb7ec2a24, versionp=0xb7ec29ec)
    at query.c:754
#4  0xb7f47867 in query_getdb (client=0xb5eba008, name=0xb5ec1008, 
    qtype=<value optimized out>, options=0, zonep=0xb7ec29e8, dbp=0xb7ec2a24, 
    versionp=0xb7ec29ec, is_zonep=0xb7ec29f8) at query.c:952
#5  0xb7f4b883 in query_find (client=0xb5eba008, event=0x0, qtype=1)
    at query.c:3479
#6  0xb7f4ee3a in ns_query_start (client=0xb5eba008) at query.c:4649
#7  0xb7f3ba09 in client_request (task=0xb7edb8f8, event=0xb5ebe0f8)
    at client.c:1887
#8  0x0044b192 in run (uap=0xb7eca008) at task.c:862
#9  0x0048f50b in start_thread () from /lib/libpthread.so.0
#10 0x00576b2e in clone () from /lib/libc.so.6
Missing separate debuginfos, use: debuginfo-install e2fsprogs.i386 glibc.i686 
keyutils.i386 krb5.i386 libselinux.i386 openssl.i686 zli
b.i386
(gdb) quit
Comment 1 Adam Tkac 2008-07-30 10:06:50 UTC 
Would it be possible attach your named.conf, please? (or send me it to my mail)
Comment 2 Fedora Update System 2008-08-06 10:35:30 UTC 
bind-9.5.0-29.P2.fc8 has been submitted as an update for Fedora 8
Comment 3 Fedora Update System 2008-08-07 23:49:23 UTC 
bind-9.5.0-29.P2.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update bind'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-6992
Comment 4 Fedora Update System 2008-09-10 06:42:13 UTC 
bind-9.5.0-29.P2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.