Bug 1172935 - bind-libs-9.9.6-4.fc21.i686: dns_name_copy: host killed by SIGABRT
Summary: bind-libs-9.9.6-4.fc21.i686: dns_name_copy: host killed by SIGABRT
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: bind
Version: 21
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomáš Hozza
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1150995 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-12-11 06:31 UTC by Shivaram Lingamneni
Modified: 2015-04-14 19:27 UTC (History)
14 users (show)

Fixed In Version: bind-9.9.6-6.P1.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-01-11 02:59:30 UTC
Type: Bug


Attachments (Terms of Use)
core dump from systemd-coredump (169.65 KB, application/x-xz)
2014-12-11 06:31 UTC, Shivaram Lingamneni
no flags Details
File: backtrace (11.89 KB, text/plain)
2015-01-10 16:41 UTC, Timur Kristóf
no flags Details

Description Shivaram Lingamneni 2014-12-11 06:31:50 UTC
Created attachment 967094 [details]
core dump from systemd-coredump

Description of problem:

On certain cases (involving a SERVFAIL response and possibly a timeout), /bin/host can die with SIGABRT due to an assertion failure.

Version-Release number of selected component (if applicable):

bind-utils-9.9.6-4.fc21.i686
bind-libs-9.9.6-4.fc21.i686

How reproducible:

Run /bin/host against a suitably bad domain name and a suitable DNS server. My case is `host tracker.istole.it 192.168.1.1`, where 192.168.1.1 is a residential gateway running dnsmasq.

Actual results:

$ host tracker.istole.it 192.168.1.1
name.c:2445: REQUIRE((((source) != ((void *)0)) && (((const isc__magic_t *)(source))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n')))))) failed, back trace
#0 0xb750061f in ??
#1 0xb7500545 in ??
#2 0xb762644f in ??
#3 0x80502e4 in ??
#4 0x80503ba in ??
#5 0x805062b in ??
#6 0x8055fad in ??
#7 0xb7528828 in ??
#8 0xb71a0313 in ??
#9 0xb6ec5c2e in ??
Aborted (core dumped)

Backtrace under gdb without debuginfo:

#0  0xb779bbcc in __kernel_vsyscall ()
#1  0xb6dee297 in raise () from /lib/libc.so.6
#2  0xb6defb69 in abort () from /lib/libc.so.6
#3  0xb74f654a in isc_assertion_failed () from /lib/libisc.so.95
#4  0xb761c44f in dns_name_copy () from /lib/libdns.so.104
#5  0x080502e4 in clone_lookup ()
#6  0x080503ba in requeue_lookup ()
#7  0x0805062b in next_origin ()
#8  0x08055fad in connect_timeout ()
#9  0xb751e828 in run () from /lib/libisc.so.95
#10 0xb7196313 in start_thread () from /lib/libpthread.so.0
#11 0xb6ebbc2e in clone () from /lib/libc.so.6

Backtrace under gdb with debuginfo:

#0  0xb7fdbbcc in __kernel_vsyscall ()
#1  0xb762e297 in __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#2  0xb762fb69 in __GI_abort () at abort.c:89
#3  0xb7d3654a in isc_assertion_failed (file=file@entry=0xb7f85ba6 "name.c", line=line@entry=2445, type=type@entry=isc_assertiontype_require, 
    cond=cond@entry=0xb7f861b0 "(((source) != ((void *)0)) && (((const isc__magic_t *)(source))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n')))))") at assertions.c:58
#4  0xb7e5c44f in dns_name_copy (source=source@entry=0xb74d75a0, dest=dest@entry=0xb5923240, target=target@entry=0x0) at name.c:2445
#5  0x080502e4 in clone_lookup (lookold=lookold@entry=0xb74d6010, servers=servers@entry=isc_boolean_true) at dighost.c:915
#6  0x080503ba in requeue_lookup (lookold=0xb74d6010, servers=isc_boolean_true) at dighost.c:942
#7  0x0805062b in next_origin (oldlookup=0xb74d6010) at dighost.c:1999
#8  0x08055fad in connect_timeout (task=0xb74cb008, event=0x0) at dighost.c:2833
#9  0xb7d5e828 in dispatch (manager=0xb74ca008) at task.c:1116
#10 run (uap=0xb74ca008) at task.c:1286
#11 0xb79d6313 in start_thread (arg=0xb74c4b40) at pthread_create.c:310
#12 0xb76fbc2e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:122

Expected results:

host should report "NXDOMAIN" or "SERVFAIL" as appropriate rather than crashing.

Comment 1 Tomáš Hozza 2014-12-11 08:40:40 UTC
Hi.

Thank you for your report. I'll look at the possible cause.

Comment 2 Tomáš Hozza 2014-12-11 12:04:52 UTC
*** Bug 1150995 has been marked as a duplicate of this bug. ***

Comment 3 Tomáš Hozza 2014-12-12 09:46:48 UTC
I'm able to reproduce the issue. The assert is triggered when the server doesn't respond and the query times out.

Comment 4 Tomáš Hozza 2014-12-12 13:14:00 UTC
Due to change in next_origin() function parameters in dighost.c our downstream patch was causing the crash. I will fix it in F21, but since upstream recently rejected the patch, I'm going to drop it in rawhide.

Comment 5 Tomáš Hozza 2014-12-12 13:20:28 UTC
Fixed in:
bind-9.9.6-6.P1.fc22
bind-9.9.6-6.P1.fc21

Comment 6 Michael Cronenworth 2015-01-08 18:18:16 UTC
Is the update for F21 going to be created in bodhi?

Comment 7 Tomáš Hozza 2015-01-09 08:56:02 UTC
(In reply to Michael Cronenworth from comment #6)
> Is the update for F21 going to be created in bodhi?

Sure. I just didn't want to push update with a single issue fixed.

Comment 8 Fedora Update System 2015-01-09 08:57:06 UTC
bind-9.9.6-6.P1.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/bind-9.9.6-6.P1.fc21

Comment 9 Fedora Update System 2015-01-10 02:59:50 UTC
Package bind-9.9.6-6.P1.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing bind-9.9.6-6.P1.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-0510/bind-9.9.6-6.P1.fc21
then log in and leave karma (feedback).

Comment 10 Timur Kristóf 2015-01-10 16:41:13 UTC
Another user experienced a similar problem:

I issued the command 'nslookup venemo.net 8.8.8.8'

reporter:       libreport-2.3.0
backtrace_rating: 4
cmdline:        nslookup venemo.net 8.8.8.8
crash_function: isc_assertion_failed
executable:     /usr/bin/nslookup
kernel:         3.17.7-300.fc21.x86_64
package:        bind-utils-9.9.6-5.P1.fc21
reason:         nslookup killed by SIGABRT
runlevel:       N 5
type:           CCpp
uid:            1000

Comment 11 Timur Kristóf 2015-01-10 16:41:15 UTC
Created attachment 978540 [details]
File: backtrace

Comment 12 Fedora Update System 2015-01-11 02:59:30 UTC
bind-9.9.6-6.P1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Yonatan 2015-01-11 08:01:27 UTC
Another user experienced a similar problem:

Using Steam.

reporter:       libreport-2.3.0
backtrace_rating: 4
cmdline:        host -4 download.eac-cdn.com
crash_function: isc_assertion_failed
executable:     /usr/bin/host
kernel:         3.17.7-300.fc21.i686
package:        bind-utils-9.9.6-5.P1.fc21
reason:         host killed by SIGABRT
runlevel:       N 5
type:           CCpp
uid:            1000


Note You need to log in before you can comment on or make changes to this bug.