ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2021-09-02T11:36:15Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2325CID 313612: Error handling uv_timer_init() in tlsdns.c2021-09-02T11:36:15ZMichal NowakCID 313612: Error handling uv_timer_init() in tlsdns.cCoverity identified following [error](https://scan8.coverity.com/reports.htm#v38342/p12579/fileInstanceId=37809089&defectInstanceId=11335293&mergedDefectId=313612) on `main` (source 634bdfb16d8f91ba411f43d0e871ff45cebe125e):
```
*** CID...Coverity identified following [error](https://scan8.coverity.com/reports.htm#v38342/p12579/fileInstanceId=37809089&defectInstanceId=11335293&mergedDefectId=313612) on `main` (source 634bdfb16d8f91ba411f43d0e871ff45cebe125e):
```
*** CID 313612: Error handling issues (CHECKED_RETURN)
/lib/isc/netmgr/tlsdns.c: 163 in dnslisten_acceptcb()
157
158 dnssock->peer = handle->sock->peer;
159 dnssock->read_timeout = handle->sock->mgr->init;
160 dnssock->tid = isc_nm_tid();
161 dnssock->closehandle_cb = resume_processing;
162
>>> CID 313612: Error handling issues (CHECKED_RETURN)
>>> Calling "uv_timer_init" without checking return value (as is done elsewhere 10 out of 12 times).
163 uv_timer_init(&dnssock->mgr->workers[isc_nm_tid()].loop,
164 &dnssock->timer);
165 dnssock->timer.data = dnssock;
166 dnssock->timer_initialized = true;
167 uv_timer_start(&dnssock->timer, dnstcp_readtimeout,
168 dnssock->read_timeout, 0);
```September 2021 (9.16.21, 9.16.21-S1, 9.17.18)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2616Use-after-free in xfrin2021-09-02T10:35:22ZOndřej SurýUse-after-free in xfrinThe logging is trying to lookup the name from already freed object. I thought we already fixed this, but apparently not.
https://gitlab.isc.org/isc-projects/bind9/-/jobs/1623383
```
D:inline:Core was generated by `/builds/isc-projects/...The logging is trying to lookup the name from already freed object. I thought we already fixed this, but apparently not.
https://gitlab.isc.org/isc-projects/bind9/-/jobs/1623383
```
D:inline:Core was generated by `/builds/isc-projects/bind9/bin/named/.libs/named -D inline-ns3 -X named.lock -m'.
D:inline:Program terminated with signal SIGABRT, Aborted.
D:inline:#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
D:inline:[Current thread is 1 (Thread 0x7fa0e386d700 (LWP 23301))]
D:inline:#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
D:inline:#1 0x00007fa0eb21b535 in __GI_abort () at abort.c:79
D:inline:#2 0x0000000000443a9e in abort ()
D:inline:#3 0x00000000004d6dfe in assertion_failed (file=<optimized out>, line=<optimized out>, type=<optimized out>, cond=<optimized out>) at main.c:259
D:inline:#4 0x00007fa0ec14484e in isc_assertion_failed (file=0x2 <error: Cannot access memory at address 0x2>, line=-477983568, line@entry=15631, type=type@entry=isc_assertiontype_require, cond=0x7fa0eb2307bb <__GI_raise+267> "H\213\214$\b\001") at assertions.c:46
D:inline:#5 0x00007fa0ec0155cc in dns_zone_name (zone=0x7b7800050410, buf=buf@entry=0x7fa0e38293f0 "\001", length=length@entry=1055) at zone.c:15631
D:inline:#6 0x00007fa0ec0012fa in xfrin_log (xfr=xfr@entry=0x7b6800060010, level=level@entry=-1, fmt=0x7fa0ec096271 "Transfer status: %s") at xfrin.c:1650
D:inline:#7 0x00007fa0ec000e40 in xfrin_destroy (xfr=xfr@entry=0x7b6800060010) at xfrin.c:1518
D:inline:#8 0x00007fa0ec0009d9 in dns_xfrin_detach (xfrp=0x7fa0e3829b20) at xfrin.c:748
D:inline:#9 0x00007fa0ec002806 in xfrin_recv_done (handle=<optimized out>, handle@entry=0x7b4800072490, result=<optimized out>, result@entry=0, region=<optimized out>, region@entry=0x7fa0e3829b60, cbarg=<optimized out>) at xfrin.c:1492
D:inline:#10 0x00007fa0ec112571 in isc__nm_async_readcb (worker=<optimized out>, ev0=<optimized out>, ev0@entry=0x7fa0e3829bb0) at netmgr/netmgr.c:2411
D:inline:#11 0x00007fa0ec1123a5 in isc__nm_readcb (sock=sock@entry=0x7b74000e0610, uvreq=uvreq@entry=0x7b7000014800, eresult=eresult@entry=0) at netmgr/netmgr.c:2386
D:inline:#12 0x00007fa0ec11b0c6 in isc__nm_tcpdns_processbuffer (sock=sock@entry=0x7b74000e0610) at netmgr/tcpdns.c:795
D:inline:#13 0x00007fa0ec111510 in processbuffer (sock=sock@entry=0x7b74000e0610) at netmgr/netmgr.c:1962
D:inline:#14 0x00007fa0ec11142e in isc__nm_process_sock_buffer (sock=sock@entry=0x7b74000e0610) at netmgr/netmgr.c:1987
D:inline:#15 0x00007fa0ec11b369 in isc__nm_tcpdns_read_cb (stream=<optimized out>, nread=<optimized out>, buf=0x7fa0e3829d30) at netmgr/tcpdns.c:858
D:inline:#16 0x00007fa0eb9bace7 in ?? () from /usr/lib/x86_64-linux-gnu/libuv.so.1
D:inline:#17 0x00007fa0eb9bb908 in ?? () from /usr/lib/x86_64-linux-gnu/libuv.so.1
D:inline:#18 0x00007fa0eb9c04b0 in uv.io_poll () from /usr/lib/x86_64-linux-gnu/libuv.so.1
D:inline:#19 0x00007fa0eb9b1f85 in uv_run () from /usr/lib/x86_64-linux-gnu/libuv.so.1
D:inline:#20 0x00007fa0ec10a39b in nm_thread (worker0=0x7b9c00001690) at netmgr/netmgr.c:558
D:inline:#21 0x00007fa0ec17470a in isc__trampoline_run (arg=0x7b0800020220) at trampoline.c:184
D:inline:#22 0x000000000043e29d in __tsan_thread_start_func ()
D:inline:#23 0x00007fa0eb97dfa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
D:inline:#24 0x00007fa0eb2f24cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
```September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2286Using "rndc delzone" during zone transfer may crash named2021-09-02T10:34:46ZMichał KępieńUsing "rndc delzone" during zone transfer may crash namedThe following crash occurred during the `inline` system test:
```
17-Nov-2020 04:26:19.900 queue_xfrin: zone test-l/IN (unsigned): enter
17-Nov-2020 04:26:19.900 zone test-l/IN (unsigned): Transfer started.
17-Nov-2020 04:26:19.900 zone...The following crash occurred during the `inline` system test:
```
17-Nov-2020 04:26:19.900 queue_xfrin: zone test-l/IN (unsigned): enter
17-Nov-2020 04:26:19.900 zone test-l/IN (unsigned): Transfer started.
17-Nov-2020 04:26:19.900 zone test-l/IN (unsigned): no database exists yet, requesting AXFR of initial version from 10.53.0.2#12100
17-Nov-2020 04:26:19.904 received control channel command 'delzone test-l'
17-Nov-2020 04:26:19.904 zone test-l scheduled for removal via delzone
17-Nov-2020 04:26:19.904 transfer of 'test-l/IN (unsigned)' from 10.53.0.2#12100: connected using 10.53.0.2#12100
17-Nov-2020 04:26:19.904 deleting zone test-l in view _default via delzone
17-Nov-2020 04:26:19.904 transfer of 'test-l/IN (unsigned)' from 10.53.0.2#12100: sent request data
17-Nov-2020 04:26:19.904 transfer of 'test-l/IN (unsigned)' from 10.53.0.2#12100: received 148 bytes
17-Nov-2020 04:26:19.904 received message from 10.53.0.2#12100
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19176
;; flags: qr aa; QUESTION: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;test-l. IN AXFR
;; ANSWER SECTION:
test-l. 300 IN SOA ns2.test-l. . 2000042407 20 20 1814400 3600
test-l. 300 IN NS ns3.test-l.
ns2.test-l. 300 IN A 10.53.0.2
ns3.test-l. 300 IN A 10.53.0.3
test-l. 300 IN SOA ns2.test-l. . 2000042407 20 20 1814400 3600
17-Nov-2020 04:26:19.904 transfer of 'test-l/IN (unsigned)' from 10.53.0.2#12100: got nonincremental response
17-Nov-2020 04:26:19.904 zone_shutdown: zone test-l/IN (signed): shutting down
17-Nov-2020 04:26:19.904 zone_shutdown: zone test-l/IN (unsigned): shutting down
17-Nov-2020 04:26:19.904 transfer of 'test-l/IN (unsigned)' from 10.53.0.2#12100: shut down: operation canceled
17-Nov-2020 04:26:19.904 dns_zone_verifydb: zone test-l/IN (unsigned): enter
17-Nov-2020 04:26:19.904 zone test-l/IN (unsigned): zone transfer finished: operation canceled
17-Nov-2020 04:26:19.904 removing journal file
17-Nov-2020 04:26:19.904 zone test-l/IN (unsigned): replacing zone database
17-Nov-2020 04:26:19.904 zone test-l/IN (unsigned): zone transfer finished: success
17-Nov-2020 04:26:19.904 zone test-l/IN (unsigned): transferred serial 2000042407
17-Nov-2020 04:26:19.904 zone_needdump: zone test-l/IN (unsigned): enter
17-Nov-2020 04:26:19.904 zone_settimer: zone test-l/IN (unsigned): enter
17-Nov-2020 04:26:19.904 zone_settimer: zone test-l/IN (unsigned): enter
17-Nov-2020 04:26:19.904 transfer of 'test-l/IN (unsigned)' from 10.53.0.2#12100: Transfer status: success
17-Nov-2020 04:26:19.904 transfer of 'test-l/IN (unsigned)' from 10.53.0.2#12100: Transfer completed: 1 messages, 5 records, 148 bytes, 0.001 secs (148000 bytes/sec) (serial 2000042407)
17-Nov-2020 04:26:19.904 transfer of 'test-l/IN (unsigned)' from 10.53.0.2#12100: freeing transfer context
17-Nov-2020 04:26:19.904 zone.c:16915: INSIST(((__extension__ ({ __auto_type __atomic_load_ptr = ((&(zone)->flags)); __typeof__ (*__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, (memory_order_relaxed)); __atomic_load_tmp; }) & (DNS_ZONEFLG_REFRESH)) != 0)) failed, back trace
17-Nov-2020 04:26:19.904 /builds/isc-projects/bind9/bin/named/.libs/lt-named() [0x428fcc]
17-Nov-2020 04:26:19.904 /builds/isc-projects/bind9/lib/isc/.libs/libisc.so.1705(isc_assertion_failed+0xa) [0x7ff0d8adfc7a]
17-Nov-2020 04:26:19.904 /builds/isc-projects/bind9/lib/dns/.libs/libdns.so.1706(+0x185385) [0x7ff0d8812385]
17-Nov-2020 04:26:19.904 /builds/isc-projects/bind9/lib/dns/.libs/libdns.so.1706(+0x16f8e1) [0x7ff0d87fc8e1]
17-Nov-2020 04:26:19.904 /builds/isc-projects/bind9/lib/dns/.libs/libdns.so.1706(dns_xfrin_shutdown+0x31) [0x7ff0d87fca61]
17-Nov-2020 04:26:19.904 /builds/isc-projects/bind9/lib/dns/.libs/libdns.so.1706(+0x19111e) [0x7ff0d881e11e]
17-Nov-2020 04:26:19.904 /builds/isc-projects/bind9/lib/isc/.libs/libisc.so.1705(+0x5a879) [0x7ff0d8b00879]
17-Nov-2020 04:26:19.904 /lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba) [0x7ff0d71576ba]
17-Nov-2020 04:26:19.904 /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7ff0d66ad4dd]
17-Nov-2020 04:26:19.904 exiting (due to assertion failure)
```
Looks like the `test-l` zone was deleted using `rndc` while its transfer
was in progress.
While I do not have any proof that this is related to migrating zone
transfer code to netmgr, this particular `INSIST` has been in place for
the past 20 years, so it would be quite a coincidence to only start
hitting it now. If that turned out to be the case, branches other than
~"v9.17" might be affected, too, but I am sticking with the netmgr
theory for now.September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2428CID 316515: Insecure data handling (TAINTED_SCALAR)2021-09-02T10:32:04ZMichal NowakCID 316515: Insecure data handling (TAINTED_SCALAR)```
*** CID 316515: Insecure data handling (TAINTED_SCALAR)
/bin/tools/genrandom.c: 112 in main()
106 bytes = k << 10;
107
108 #ifndef HAVE_ARC4RANDOM
109 srand(0x12345678);
110 #endif
111 if (n == 1) {
>>> ...```
*** CID 316515: Insecure data handling (TAINTED_SCALAR)
/bin/tools/genrandom.c: 112 in main()
106 bytes = k << 10;
107
108 #ifndef HAVE_ARC4RANDOM
109 srand(0x12345678);
110 #endif
111 if (n == 1) {
>>> CID 316515: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "bytes" to "generate", which uses it as a loop boundary.
112 generate(argv[isc_commandline_index], bytes);
113 return (0);
114 }
115
116 len = strlen(argv[isc_commandline_index]);
117 INSIST((len + 2) > len);
```September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2575memory leak when named attempts to listen on FreeBSD virtual interface2021-09-02T09:52:46Zjohn heasleymemory leak when named attempts to listen on FreeBSD virtual interface### Summary
On FBSD 12.2 running chroot'd bind 9.16.12 listening on all v4/v6 interfaces and bhyve running without any VMs, named leaks memory each time it attempts to listen on the virbr0 virtual bridge interface. It leaks until it has...### Summary
On FBSD 12.2 running chroot'd bind 9.16.12 listening on all v4/v6 interfaces and bhyve running without any VMs, named leaks memory each time it attempts to listen on the virbr0 virtual bridge interface. It leaks until it has consumed all the available system memory - 38G+. In roughly 20 minutes it has inflated to ~1G, about 300M more than its typical state. It also hangs if sent a signal 15 and never dumps the memstats file.
### BIND version used
```BIND 9.16.12 (Stable Release) <id:aeb943d>
running on FreeBSD amd64 12.2-RELEASE-p4 FreeBSD 12.2-RELEASE-p4 GENERIC
built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
compiled with OpenSSL version: OpenSSL 1.1.1h-freebsd 22 Sep 2020
linked to OpenSSL version: OpenSSL 1.1.1h-freebsd 22 Sep 2020
compiled with libuv version: 1.40.0
linked to libuv version: 1.41.0
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
compiled with protobuf-c version: 1.3.2
linked to protobuf-c version: 1.3.2
threads support is enabled
default paths:
named configuration: /usr/local/etc/namedb/named.conf
rndc configuration: /usr/local/etc/namedb/rndc.conf
DNSSEC root key: /usr/local/etc/namedb/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/pid
named lock file: /var/run/named/named.lock
```
### Steps to reproduce
```
Run named chrooted on freebsd with bhyve's virbr0 interface up with an IPv4 address. Watch it leak memory.
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=e503bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether 0c:c4:7a:d9:e0:0a
inet xxxx netmask 0xffffff80 broadcast xxxx
inet6 fe80::ec4:7aff:fed9:e00a%igb0 prefixlen 64 scopeid 0x1
inet6 2001:418:3fe::4 prefixlen 80
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=e507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether 0c:c4:7a:d9:e0:0b
inet xxxx netmask 0xffffffe0 broadcast xxxx
media: Ethernet autoselect
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tap0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether 58:9c:fc:10:97:78
groups: tap
media: Ethernet autoselect
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:13:28:b1:48:00
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>
vm-bb: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether d6:5f:8b:8b:fe:e1
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 20000
groups: bridge vm-switch viid-21ad0@
nd6 options=1<PERFORMNUD>
virbr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 52:54:00:ef:5e:80
inet 192.168.122.1 netmask 0xffffff00 broadcast 192.168.122.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 4
maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
groups: bridge
nd6 options=1<PERFORMNUD>
If virbr0 is down, the problem continues. Only by removing the address will the logs and leak cease. Adding a v6 address produces the same problem.[tracefile](/uploads/a520ef32cc74c02ecb3a1b9aec35f46f/tracefile)
Also see the attached tracefile; it shows permission denied trying to bind a socket to the address of virbr0.
### What is the current *bug* behavior?
Memory leak. eg:
PID USER PRI NI VIRT RES S CPU% MEM% TIME+ Command
2932 bind 21 0 15.0G 13.3G S 0.0 10.2 0:56.49 /usr/local/sbin/named -....
```
### What is the expected *correct* behavior?
(What you should see instead.)
### Relevant configuration files
```
listen-on { 127.0.0.1; };
listen-on { any; };
listen-on-v6 { any; };
```
### Relevant logs and/or screenshots
```At start-up:
named[2918]: listening on IPv6 interface igb0, fe80::....
named[2918]: listening on IPv6 interface igb0, 2001:....
named[2918]: listening on IPv4 interface igb1, 198....
named[2918]: listening on IPv6 interface lo0, ::1#53
named[2918]: listening on IPv6 interface lo0, fe80::1%3#53
named[2918]: listening on IPv4 interface lo0, 127.0.0.1#53
Ad nauseam:
named[2918]: network: info: listening on IPv4 interface virbr0, 192.168.122.1#53
named[2918]: network: error: creating IPv4 interface virbr0 failed; interface ignored
```
### Possible fixes
(If you can, link to the line of code that might be responsible for the
problem.)September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2659named shutdown hang in inline system test2021-09-02T09:47:48ZMichal Nowaknamed shutdown hang in inline system test`named` [hangs](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1670553) on ~"v9.16" (looks similar to https://gitlab.isc.org/isc-projects/bind9/-/issues/2057):
```
S:inline:2021-04-28T03:14:39+0000
T:inline:1:A
A:inline:System test in...`named` [hangs](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1670553) on ~"v9.16" (looks similar to https://gitlab.isc.org/isc-projects/bind9/-/issues/2057):
```
S:inline:2021-04-28T03:14:39+0000
T:inline:1:A
A:inline:System test inline
I:inline:PORTRANGE:8500 - 8599
I:inline:starting servers
I:inline:checking that an unsupported algorithm is not used for signing (1)
I:inline:checking that rrsigs are replaced with ksk only (2)
I:inline:checking that the zone is signed on initial transfer (3)
I:inline:checking expired signatures are updated on load (4)
I:inline:checking removal of private type record via 'rndc signing -clear' (5)
I:inline:checking private type was properly signed (6)
I:inline:checking removal of remaining private type record via 'rndc signing -clear all' (7)
I:inline:checking negative private type response was properly signed (8)
I:inline:checking that the record is added on the hidden primary (9)
I:inline:checking that update has been transferred and has been signed (10)
I:inline:checking YYYYMMDDVV (2011072400) serial on hidden primary (11)
I:inline:checking YYYYMMDDVV (2011072400) serial in signed zone (12)
I:inline:checking that the zone is signed on initial transfer, noixfr (13)
I:inline:checking that the record is added on the hidden primary, noixfr (14)
I:inline:checking that update has been transferred and has been signed, noixfr (15)
I:inline:checking YYYYMMDDVV (2011072400) serial on hidden primary, noixfr (16)
I:inline:checking YYYYMMDDVV (2011072400) serial in signed zone, noixfr (17)
I:inline:checking that the primary zone signed on initial load (18)
I:inline:checking removal of private type record via 'rndc signing -clear' (primary) (19)
I:inline:checking private type was properly signed (primary) (20)
I:inline:checking removal of remaining private type record via 'rndc signing -clear' (primary) (21)
I:inline:check adding of record to unsigned primary (22)
I:inline:ns3 zone reload queued
I:inline:check adding record fails when SOA serial not changed (23)
I:inline:ns3 server reload successful
I:inline:check adding record works after updating SOA serial (24)
I:inline:ns3 zone reload queued
I:inline:check the added record was properly signed (25)
I:inline:checking that the dynamic primary zone signed on initial load (26)
I:inline:checking primary zone that was updated while offline is correct (27)
I:inline:checking adding of record to unsigned primary using UPDATE (28)
I:inline:stop bump in the wire signer server (29)
I:inline:restart bump in the wire signer server (30)
I:inline:checking YYYYMMDDVV (2011072450) serial on hidden primary (31)
I:inline:checking YYYYMMDDVV (2011072450) serial in signed zone (32)
I:inline:checking YYYYMMDDVV (2011072450) serial on hidden primary, noixfr (33)
I:inline:checking YYYYMMDDVV (2011072450) serial in signed zone, noixfr (34)
I:inline:checking forwarded update on hidden primary (35)
I:inline:checking forwarded update on signed zone (36)
I:inline:checking forwarded update on hidden primary, noixfr (37)
I:inline:checking forwarded update on signed zone, noixfr (38)
I:inline:checking turning on of inline signing in a secondary zone via reload (39)
I:inline:ns5 server reload successful
I:inline:checking rndc freeze/thaw of dynamic inline zone no change (40)
I:inline:checking rndc freeze/thaw of dynamic inline zone (41)
I:inline:check added record freeze1.dynamic (42)
I:inline:checking rndc freeze/thaw of server (43)
I:inline:check added record freeze2.dynamic (44)
I:inline:check rndc reload allows reuse of inline-signing zones (45)
I:inline:ns3 server reload successful
I:inline:check rndc sync removes both signed and unsigned journals (46)
I:inline:checking that the retransfer record is added on the hidden primary (47)
I:inline:checking that the change has not been transferred due to notify (48)
I:inline:check rndc retransfer of a inline secondary zone works (49)
I:inline:check 'rndc signing -nsec3param' requests are queued for zones which are not loaded (50)
I:inline:check rndc retransfer of a inline nsec3 secondary retains nsec3 (51)
I:inline:check rndc retransfer of a inline nsec3 secondary does not trigger an infinite loop (52)
I:inline:stop bump in the wire signer server (53)
I:inline:update SOA record while stopped
I:inline:restart bump in the wire signer server (54)
I:inline:updates to SOA parameters other than serial while stopped are reflected in signed zone (55)
I:inline:check that reloading all zones does not cause zone maintenance to cease for inline-signed zones (56)
I:inline:ns3 server reload successful
I:inline:check that reloading errors prevent synchronization (57)
I:inline:ns3 server reload successful
I:inline:check inline-signing with an include file (58)
I:inline:ns3 server reload successful
I:inline:test add/del zone combinations (59)
I:inline:testing adding external keys to a inline zone (60)
I:inline:checking NSEC3RSASHA1
I:inline:testing imported key won't overwrite a private key (61)
I:inline:testing updating inline secure serial via 'rndc signing -serial' (62)
I:inline:testing updating inline secure serial via 'rndc signing -serial' with negative change (63)
I:inline:testing updating inline secure serial via 'rndc signing -serial' when frozen (64)
I:inline:testing updating dynamic serial via 'rndc signing -serial' (65)
I:inline:testing updating dynamic serial via 'rndc signing -serial' with negative change (66)
I:inline:testing updating dynamic serial via 'rndc signing -serial' when frozen (67)
I:inline:testing that inline signing works with inactive ZSK and active KSK (68)
I:inline:testing that inline signing works with inactive KSK and active ZSK (69)
I:inline:checking that changes to raw zone are applied to a previously unsigned secure zone (70)
I:inline:checking that changes to raw zone are not applied to a previously signed secure zone with no keys available (primary) (71)
I:inline:checking that backlogged changes to raw zone are applied after keys become available (primary) (72)
I:inline:checking that changes to raw zone are not applied to a previously signed secure zone with no keys available (secondary) (73)
I:inline:checking that backlogged changes to raw zone are applied after keys become available (secondary) (74)
I:inline:checking that records added from a journal are scheduled to be resigned (75)
I:inline:ns3 didn't die when sent a SIGTERM
I:inline:check that zonestatus reports 'type: primary' for an inline primary zone (76)
I:inline:check that zonestatus reports 'type: secondary' for an inline secondary zone (77)
I:inline:checking reload of touched inline zones (78)
I:inline: pre-reload 'next key event'
I:inline: found: 16/16
I:inline: touch and reload
I:inline:ns3 server reload successful
I:inline: post-reload 'next key event'
I:inline: found: 16/16
I:inline:exit status: 0
I:inline:stopping servers
I:inline:Core dump(s) found: inline/ns3/core.18034
R:inline:FAIL
D:inline:backtrace from inline/ns3/core.18034:
D:inline:--------------------------------------------------------------------------------
D:inline:Core was generated by `/builds/isc-projects/bind9/bin/named/.libs/named -D inline-ns3 -X named.lock -m'.
D:inline:Program terminated with signal SIGABRT, Aborted.
D:inline:#0 0x00007f5877aeb495 in __GI___pthread_timedjoin_ex (threadid=140017740494592, thread_return=0x0, abstime=0x0, block=<optimized out>) at pthread_join_common.c:89
D:inline:[Current thread is 1 (Thread 0x7f5875369440 (LWP 18034))]
D:inline:#0 0x00007f5877aeb495 in __GI___pthread_timedjoin_ex (threadid=140017740494592, thread_return=0x0, abstime=0x0, block=<optimized out>) at pthread_join_common.c:89
D:inline:#1 0x0000000000441552 in pthread_join ()
D:inline:#2 0x00007f5877fc0938 in isc_thread_join (thread=140017740495312, result=result@entry=0x0) at thread.c:92
D:inline:#3 0x00007f5877fa4150 in isc_taskmgr_destroy (managerp=0xfa8e90 <named_g_taskmgr>) at task.c:1512
D:inline:#4 0x00000000004dd202 in destroy_managers () at ./main.c:981
D:inline:#5 0x00000000004db9f5 in cleanup () at ./main.c:1357
D:inline:#6 0x00000000004da369 in main (argc=<optimized out>, argv=<optimized out>) at ./main.c:1615
D:inline:--------------------------------------------------------------------------------
D:inline:full backtrace from inline/ns3/core.18034 saved in inline/ns3/core.18034-backtrace.txt
D:inline:core dump inline/ns3/core.18034 archived as inline/ns3/core.18034.gz
E:inline:2021-04-28T03:17:52+0000
```
Full backtrace: [core.18034-backtrace.txt](/uploads/3a4ee8563e679fc3512a073d9ebbf899/core.18034-backtrace.txt)
Core file: [core.18034.gz](/uploads/c9eaa2c6522800ddd94521129e7ee0c1/core.18034.gz)September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2660named shutdown hang in notify system test2021-09-02T09:47:29ZMichal Nowaknamed shutdown hang in notify system testJob [#1670803](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1670803) produced a shutdown hang for 99a4f6119a99e9b15c33488940c1f1d4f356239f on `main`.
```
S:notify:2021-04-28T04:21:42+0000
T:notify:1:A
A:notify:System test notify
I:n...Job [#1670803](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1670803) produced a shutdown hang for 99a4f6119a99e9b15c33488940c1f1d4f356239f on `main`.
```
S:notify:2021-04-28T04:21:42+0000
T:notify:1:A
A:notify:System test notify
I:notify:PORTS:23243,23244,23245,23246,23247,23248,23249,23250,23251,23252,23253,23254,23255
I:notify:starting servers
I:notify:checking initial status (1)
I:notify:checking startup notify rate limit (2)
I:notify:reloading with example2 using HUP and waiting up to 45 seconds
I:notify:checking notify message was logged (3)
I:notify:checking example2 loaded (4)
I:notify:checking example2 contents have been transferred after HUP reload (5)
I:notify:stopping master and restarting with example4 then waiting up to 45 seconds
I:notify:checking notify message was logged (6)
I:notify:checking example4 loaded (7)
I:notify:checking example4 contents have been transferred after restart (8)
I:notify:checking notify to alternate port with master inheritance (9)
I:notify:checking notify to multiple views using tsig (10)
I:notify:exit status: 0
I:notify:stopping servers
I:notify:ns2 didn't die when sent a SIGTERM
I:notify:stopping servers failed
I:notify:Core dump(s) found: notify/ns2/core.15610
D:notify:backtrace from notify/ns2/core.15610:
D:notify:--------------------------------------------------------------------------------
D:notify:Core was generated by `/builds/isc-projects/bind9/bind-9.17.11/bin/named/.libs/named -D notify-ns2 -X'.
D:notify:Program terminated with signal SIGABRT, Aborted.
D:notify:#0 0x00007f41a3e05720 in __GI___nanosleep (requested_time=requested_time@entry=0x7ffd666405b0, remaining=remaining@entry=0x0) at ../sysdeps/unix/sysv/linux/nanosleep.c:28
D:notify:[Current thread is 1 (Thread 0x7f41a19b8880 (LWP 15610))]
D:notify:#0 0x00007f41a3e05720 in __GI___nanosleep (requested_time=requested_time@entry=0x7ffd666405b0, remaining=remaining@entry=0x0) at ../sysdeps/unix/sysv/linux/nanosleep.c:28
D:notify:#1 0x00007f41a3e30874 in usleep (useconds=useconds@entry=10000) at ../sysdeps/posix/usleep.c:32
D:notify:#2 0x00007f41a4a3607a in isc_nm_destroy (mgr0=0x561d43970f60 <named_g_nm>) at netmgr/netmgr.c:537
D:notify:#3 0x0000561d43902a22 in destroy_managers () at main.c:1014
D:notify:#4 cleanup () at main.c:1350
D:notify:#5 main (argc=<optimized out>, argv=<optimized out>) at main.c:1598
D:notify:--------------------------------------------------------------------------------
D:notify:full backtrace from notify/ns2/core.15610 saved in notify/ns2/core.15610-backtrace.txt
D:notify:core dump notify/ns2/core.15610 archived as notify/ns2/core.15610.gz
R:notify:FAIL
E:notify:2021-04-28T04:23:12+0000
FAIL notify (exit status: 1)
```
Full backtrace: [core.15610-backtrace.txt](/uploads/7c39760a5a0f9c5526dbf0b208566deb/core.15610-backtrace.txt)
Core file: [core.15610.gz](/uploads/a68c6b374a259bd637d91095f313bd08/core.15610.gz)October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)https://gitlab.isc.org/isc-projects/bind9/-/issues/2638Run internal tasks on top of network manager worker loops2021-09-02T09:40:28ZOndřej SurýRun internal tasks on top of network manager worker loopsAfter the networking manager was introduced, the existing taskmgr kept its own set of worker threads competing with the netmgr threads. This issue is about moving the tasks to run on top of netmgr loops while keeping the existing interfa...After the networking manager was introduced, the existing taskmgr kept its own set of worker threads competing with the netmgr threads. This issue is about moving the tasks to run on top of netmgr loops while keeping the existing interface.
---
The primary merge requests implementing this change are:
- !4918
- !4983
The above changes required some follow-up tweaks, which were implemented in:
- !4980
- !4981
- !4982
- !5006
- !5008
- !5009
- !5010May 2021 (9.11.32, 9.11.32-S1, 9.16.16, 9.16.16-S1, 9.17.13)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2677ThreadSanitizer: data race in memmove2021-09-02T09:40:26ZMichal NowakThreadSanitizer: data race in memmovehttps://gitlab.isc.org/isc-projects/bind9/-/jobs/1692745:
```
WARNING: ThreadSanitizer: data race
Read of size 8 at 0x000000000001 by thread T1:
#0 memmove <null>
#1 isc_buffer_copyregion lib/isc/buffer.c:530:3
#2 dns_zone...https://gitlab.isc.org/isc-projects/bind9/-/jobs/1692745:
```
WARNING: ThreadSanitizer: data race
Read of size 8 at 0x000000000001 by thread T1:
#0 memmove <null>
#1 isc_buffer_copyregion lib/isc/buffer.c:530:3
#2 dns_zone_forwardupdate lib/dns/zone.c:17752:11
#3 forward_action lib/ns/update.c:3556:11
#4 dispatch lib/isc/task.c:1132:7
#5 run lib/isc/task.c:1324:2
#6 isc__trampoline_run lib/isc/trampoline.c:191:11
Previous write of size 8 at 0x000000000001 by thread T2:
#0 recvmsg <null>
#1 <null> <null>
#2 isc__trampoline_run lib/isc/trampoline.c:191:11
Location is heap block of size 1310737 at 0x000000000011 allocated by main thread:
#0 malloc <null>
#1 default_memalloc lib/isc/mem.c:715:8
#2 mem_get lib/isc/mem.c:624:8
#3 mem_allocateunlocked lib/isc/mem.c:1290:8
#4 isc___mem_allocate lib/isc/mem.c:1310:7
#5 isc__mem_allocate lib/isc/mem.c:2538:10
#6 isc___mem_get lib/isc/mem.c:1059:11
#7 isc__mem_get lib/isc/mem.c:2517:10
#8 isc_nm_start lib/isc/netmgr/netmgr.c:279:21
#9 create_managers bin/named/./main.c:925:15
#10 setup bin/named/./main.c:1272:11
#11 main bin/named/./main.c:1575:2
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:79:8
#2 isc_taskmgr_create lib/isc/task.c:1412:3
#3 create_managers bin/named/./main.c:931:11
#4 setup bin/named/./main.c:1272:11
#5 main bin/named/./main.c:1575:2
Thread T2 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:79:8
#2 isc_nm_start lib/isc/netmgr/netmgr.c:288:3
#3 create_managers bin/named/./main.c:925:15
#4 setup bin/named/./main.c:1272:11
#5 main bin/named/./main.c:1575:2
SUMMARY: ThreadSanitizer: data race in memmove
```September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2333TCP "connection refused" handling in dig on Windows is broken2021-09-02T09:23:43ZMichał KępieńTCP "connection refused" handling in dig on Windows is brokenBelow, I present behavior of `dig` on Windows for three different source
code revisions:
- before !4115
- after !4115, before !4444
- after !4444
This is what happens for d48e04003560d4a87a659af9319219a123c69c75
(before !4115) wh...Below, I present behavior of `dig` on Windows for three different source
code revisions:
- before !4115
- after !4115, before !4444
- after !4444
This is what happens for d48e04003560d4a87a659af9319219a123c69c75
(before !4115) when one tries to query a TCP port on which nothing is
listening:
```
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=1 +time=2
; <<>> DiG 9.17.6 <<>> @127.0.0.1 -p 12345 isc.org. +tcp +tries=1 +time=2
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: timed out.
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=2 +time=2
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: timed out.
; <<>> DiG 9.17.6 <<>> @127.0.0.1 -p 12345 isc.org. +tcp +tries=2 +time=2
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: timed out.
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=1 +time=3
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=2 +time=3
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=1 +time=2
; <<>> DiG 9.17.6 <<>> @10.53.0.5 -p 12345 isc.org. +tcp +tries=1 +time=2
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=2 +time=2
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
; <<>> DiG 9.17.6 <<>> @10.53.0.5 -p 12345 isc.org. +tcp +tries=2 +time=2
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=1 +time=3
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: connection refused.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=2 +time=3
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: connection refused.
```
Observations:
- the message logged depends on what `+time` is set to,
- traffic sniffer shows multiple SYN/RST+ACK exchanges whose count
depends on whether the connection "times out" or is "refused".
This is what happens for 3a366622074d8e55b361356e89c19d6e139bd0b6
(after !4115, before !4444):
```
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=1 +time=2
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=2 +time=2
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=1 +time=3
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=2 +time=3
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=1 +time=2
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=2 +time=2
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=1 +time=3
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: connection refused.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=2 +time=3
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: connection refused.
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: connection refused.
```
Observations:
- Queries sent towards 127.0.0.1 seem to work fine:
- `dig` invocations exit quickly,
- traffic sniffer shows just one SYN/RST+ACK pair being exchanged
per each `+tries`,
- "connection refused" is consistently logged, no matter what
`+time` is set to.
- Queries sent towards 10.53.0.5 (configured on a loopback interface)
behave oddly:
- `dig` invocations takes a longer while to return,
- traffic sniffer shows multiple SYN/RST+ACK pairs being exchanged
per each `+tries`,
- the message logged depends on what `+time` is set to.
!4444 seems to break things in an even different way:
```
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=1 +time=2
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=2 +time=2
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=1 +time=3
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
>>>>> dig @127.0.0.1 -p 12345 isc.org. +tcp +tries=2 +time=3
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
;; Connection to 127.0.0.1#12345(127.0.0.1) for isc.org. failed: connection refused.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=1 +time=2
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=2 +time=2
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=1 +time=3
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
>>>>> dig @10.53.0.5 -p 12345 isc.org. +tcp +tries=2 +time=3
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
;; Connection to 10.53.0.5#12345(10.53.0.5) for isc.org. failed: timed out.
```
Observations:
- Queries sent towards 127.0.0.1 still seem to work fine.
- Queries sent towards 10.53.0.5 never return "connection refused" any
more despite the packet sniffer showing multiple SYN/RST+ACK
exchanges per each `+tries`.
Windows Firewall is disabled on the host on which the above tests were
run.
All in all, with the code in its current shape (after !4444), the
`legacy` system test is consistently failing due to no "connection
refused" messages being logged for queries sent towards `named`
instances that intentionally do not listen for TCP connections.
From a user's perspective, I would expect the following:
- 1 SYN/RST+ACK exchange per each `+tries`,
- timeouts should never be logged if "connection refused" is
detected,
- `dig` should behave consistently for all target addresses.September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2410Follow-up from "Draft: refactor TLSDNS module to work with libuv/ssl directly"2021-09-02T09:10:46ZOndřej SurýFollow-up from "Draft: refactor TLSDNS module to work with libuv/ssl directly"The following discussion from !4584 should be addressed:
- [ ] @each started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4584#note_187796): (+1 comment)
> The "dot" system test is currently only using...The following discussion from !4584 should be addressed:
- [ ] @each started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4584#note_187796): (+1 comment)
> The "dot" system test is currently only using "tls ephemeral". I'm thinking we really should add a test with a non-ephemeral cert and key, but I'm not sure how best to do that. Can we generate some with extremely long lifetimes and put them in the source tree?September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2510CID 320479: Resource leaks (RESOURCE_LEAK)2021-09-02T09:05:38ZMark AndrewsCID 320479: Resource leaks (RESOURCE_LEAK)Investigate
```
* CID 320479: Resource leaks (RESOURCE_LEAK)
/lib/isc/netmgr/tlsdns.c: 1383 in tls_cycle_output()
________________________________________________________________________________________________________
*** CID 3204...Investigate
```
* CID 320479: Resource leaks (RESOURCE_LEAK)
/lib/isc/netmgr/tlsdns.c: 1383 in tls_cycle_output()
________________________________________________________________________________________________________
*** CID 320479: Resource leaks (RESOURCE_LEAK)
/lib/isc/netmgr/tlsdns.c: 1383 in tls_cycle_output()
1377
1378 err = uv_write(&req->uv_req.write, &sock->uv_handle.stream,
1379 &sock->tls.senddata, 1, tls_write_cb);
1380
1381 INSIST(err == 0);
1382
CID 320479: Resource leaks (RESOURCE_LEAK)
Variable "req" going out of scope leaks the storage it points to.
1383 break;
1384 }
1385
1386 return (result);
1387 }
1388
```September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2558CID 329158: Waiting while holding a lock in lib/ns/interfacemgr.c2021-09-02T08:54:15ZMichal NowakCID 329158: Waiting while holding a lock in lib/ns/interfacemgr.cCoverity Scan [identified](https://scan8.coverity.com/reports.htm#v38342/p12579/fileInstanceId=40401352&defectInstanceId=11469125&mergedDefectId=329158) a problem on `main` after isc-projects/bind9!4672 was merged:
```
*** CID 329158: P...Coverity Scan [identified](https://scan8.coverity.com/reports.htm#v38342/p12579/fileInstanceId=40401352&defectInstanceId=11469125&mergedDefectId=329158) a problem on `main` after isc-projects/bind9!4672 was merged:
```
*** CID 329158: Program hangs (SLEEP)
/lib/ns/interfacemgr.c: 777 in purge_old_interfaces()
771 char sabuf[256];
772 ISC_LIST_UNLINK(ifp->mgr->interfaces, ifp, link);
773 isc_sockaddr_format(&ifp->addr, sabuf, sizeof(sabuf));
774 isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_INFO,
775 "no longer listening on %s", sabuf);
776 ns_interface_shutdown(ifp);
>>> CID 329158: Program hangs (SLEEP)
>>> Call to "ns_interface_detach" might sleep while holding lock "mgr->lock".
777 ns_interface_detach(&ifp);
778 }
779 }
780 UNLOCK(&mgr->lock);
781 }
782
```
/cc @each @artemSeptember 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2764zone magic failure in dns_zone_setprimaries2021-09-02T08:16:42ZMark Andrewszone magic failure in dns_zone_setprimariesJob [#1784836](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1784836) failed for ea4ae7169845c7223e823e28259b40217720ca72:
```
FAIL: views
8401===========
8402S:views:2021-06-09T23:27:05+0000
8403T:views:1:A
8404A:views:System test v...Job [#1784836](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1784836) failed for ea4ae7169845c7223e823e28259b40217720ca72:
```
FAIL: views
8401===========
8402S:views:2021-06-09T23:27:05+0000
8403T:views:1:A
8404A:views:System test views
8405I:views:PORTS:24830,24831,24832,24833,24834,24835,24836,24837,24838,24839,24840,24841,24842
8406I:views:starting servers
8407I:views:fetching a.example from ns2's initial configuration
8408I:views:fetching a.example from ns3's initial configuration
8409I:views:copying in new configurations for ns2 and ns3
8410I:views:reloading ns2 and ns3 with rndc
8411I:views:ns2 server reload successful
8412I:views:ns3 server reload successful
8413I:views:wait for reload to complete
8414I:views:fetching a.example from ns2's 10.53.0.4, source address 10.53.0.4
8415I:views:fetching a.example from ns2's 10.53.0.2, source address 10.53.0.2
8416I:views:fetching a.example from ns3's 10.53.0.3, source address defaulted
8417I:views:comparing ns3's initial a.example to one from reconfigured 10.53.0.2
8418I:views:comparing ns3's initial a.example to one from reconfigured 10.53.0.3
8419I:views:comparing ns2's initial a.example to one from reconfigured 10.53.0.4
8420I:views:comparing ns2's initial a.example to one from reconfigured 10.53.0.3
8421I:views:(should be different)
8422I:views:updating cloned zone in internal view
8423I:views:sleeping to allow update to take effect
8424I:views:verifying update affected both views
8425I:views:verifying forwarder in cloned zone works
8426I:views:verifying inline zones work with views
8427I:views:verifying adding of multiple inline zones followed by reconfiguration works
8428I:views:exit status: 0
8429I:views:stopping servers
8430I:views:Core dump(s) found: views/ns2/core.1018
8431D:views:backtrace from views/ns2/core.1018:
8432D:views:--------------------------------------------------------------------------------
8433D:views:Core was generated by `/builds/isc-projects/bind9/bin/named/.libs/named -D views-ns2 -X named.lock -m'.
8434D:views:Program terminated with signal SIGABRT, Aborted.
8435D:views:#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
8436D:views:[Current thread is 1 (Thread 0x7f3d022bd700 (LWP 1046))]
8437D:views:#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
8438D:views:#1 0x00007f3d067ee535 in __GI_abort () at abort.c:79
8439D:views:#2 0x00007f3d0767751b in abort () from /usr/lib/x86_64-linux-gnu/libtsan.so.0
8440D:views:#3 0x0000556b241b4080 in assertion_failed (file=<optimized out>, line=<optimized out>, type=<optimized out>, cond=<optimized out>) at main.c:249
8441D:views:#4 0x00007f3d075cc7e1 in isc_assertion_failed (file=file@entry=0x7f3d07549e83 "zone.c", line=line@entry=6226, type=type@entry=isc_assertiontype_require, cond=cond@entry=0x7f3d07543a90 "(__builtin_expect(!!((zone) != ((void *)0)), 1) && __builtin_expect(!!(((const isc__magic_t *)(zone))->magic == ((('Z') << 24 | ('O') << 16 | ('N') << 8 | ('E')))), 1))") at assertions.c:48
8442D:views:#5 0x00007f3d074b227c in dns_zone_setprimaries (zone=zone@entry=0x7b780005e810, masters=masters@entry=0x0, keynames=keynames@entry=0x0, tlsnames=tlsnames@entry=0x0, count=count@entry=0) at zone.c:6305
8443D:views:#6 0x00007f3d074b38cc in zone_free (zone=zone@entry=0x7b780005e810) at zone.c:1254
8444D:views:#7 0x00007f3d074b3d93 in dns_zone_idetach (zonep=zonep@entry=0x7f3d02279948) at zone.c:5711
8445D:views:#8 0x00007f3d074f59ea in zone_asyncload (task=<optimized out>, event=<optimized out>) at zone.c:2299
8446D:views:#9 0x00007f3d07613c12 in task_run (task=0x7b3400000aa0) at task.c:828
8447D:views:#10 isc_task_run (task=0x7b3400000aa0) at task.c:908
8448D:views:#11 0x00007f3d075a79b9 in isc__nm_async_task (worker=worker@entry=0x7ba000008010, ev0=ev0@entry=0x7b4800104100) at netmgr/netmgr.c:849
8449D:views:#12 0x00007f3d075b0b44 in process_netievent (worker=worker@entry=0x7ba000008010, ievent=ievent@entry=0x7b4800104100) at netmgr/netmgr.c:928
8450D:views:#13 0x00007f3d075b1600 in process_queue (worker=worker@entry=0x7ba000008010, type=type@entry=NETIEVENT_TASK) at netmgr/netmgr.c:1018
8451D:views:#14 0x00007f3d075b1ed0 in process_all_queues (worker=0x7ba000008010) at netmgr/netmgr.c:768
8452D:views:#15 async_cb (handle=0x7ba000008370) at netmgr/netmgr.c:797
8453D:views:#16 0x00007f3d06de9668 in ?? () from /usr/lib/x86_64-linux-gnu/libuv.so.1
8454D:views:#17 0x00007f3d06df84b0 in uv.io_poll () from /usr/lib/x86_64-linux-gnu/libuv.so.1
8455D:views:#18 0x00007f3d06de9f85 in uv_run () from /usr/lib/x86_64-linux-gnu/libuv.so.1
8456D:views:#19 0x00007f3d075b1745 in nm_thread (worker0=0x7ba000008010) at netmgr/netmgr.c:703
8457D:views:#20 0x00007f3d0761c99b in isc__trampoline_run (arg=0x7b080001a9c0) at trampoline.c:184
8458D:views:#21 0x00007f3d07671b3e in ?? () from /usr/lib/x86_64-linux-gnu/libtsan.so.0
8459D:views:#22 0x00007f3d069befa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
8460D:views:#23 0x00007f3d068c54cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
8461D:views:--------------------------------------------------------------------------------
8462D:views:full backtrace from views/ns2/core.1018 saved in views/ns2/core.1018-backtrace.txt
8463D:views:core dump views/ns2/core.1018 archived as views/ns2/core.1018.gz
8464R:views:FAIL
8465E:views:2021-06-09T23:27:48+0000
8466FAIL views (exit status: 1)
```September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2773TSAN error in 9.16/9.17 forwarding updates2021-09-02T08:10:46ZMark AndrewsTSAN error in 9.16/9.17 forwarding updatesJob [#1795733](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1795733) failed for 2c38ba46706b5699a3d142dcb3ee4be4d18ac398:
```
WARNING: ThreadSanitizer: data race
Write of size 8 at 0x000000000001 by thread T1:
#0 recvmsg <nul...Job [#1795733](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1795733) failed for 2c38ba46706b5699a3d142dcb3ee4be4d18ac398:
```
WARNING: ThreadSanitizer: data race
Write of size 8 at 0x000000000001 by thread T1:
#0 recvmsg <null>
#1 <null> <null>
#2 isc__trampoline_run lib/isc/trampoline.c:191
#3 <null> <null>
Previous read of size 8 at 0x000000000001 by thread T2:
#0 memmove <null>
#1 isc_buffer_copyregion lib/isc/buffer.c:530
#2 dns_zone_forwardupdate lib/dns/zone.c:17897
#3 forward_action lib/ns/update.c:3556
#4 task_run lib/isc/task.c:857
#5 isc_task_run lib/isc/task.c:950
#6 isc__nm_async_task lib/isc/netmgr/netmgr.c:880
#7 process_netievent lib/isc/netmgr/netmgr.c:959
#8 process_queue lib/isc/netmgr/netmgr.c:1028
#9 process_all_queues lib/isc/netmgr/netmgr.c:799
#10 async_cb lib/isc/netmgr/netmgr.c:828
#11 <null> <null>
#12 isc__trampoline_run lib/isc/trampoline.c:191
#13 <null> <null>
Location is heap block of size 1310737 at 0x000000000016 allocated by main thread:
#0 malloc <null>
#1 default_memalloc lib/isc/mem.c:717
#2 mem_get lib/isc/mem.c:626
#3 mem_allocateunlocked lib/isc/mem.c:1292
#4 isc___mem_allocate lib/isc/mem.c:1312
#5 isc__mem_allocate lib/isc/mem.c:2563
#6 isc___mem_get lib/isc/mem.c:1061
#7 isc__mem_get lib/isc/mem.c:2542
#8 isc__netmgr_create lib/isc/netmgr/netmgr.c:365
#9 isc_managers_create lib/isc/managers.c:33
#10 create_managers main.c:920
#11 setup main.c:1245
#12 main main.c:1548
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:79
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:374
#3 isc_managers_create lib/isc/managers.c:33
#4 create_managers main.c:920
#5 setup main.c:1245
#6 main main.c:1548
Thread T2 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:79
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:374
#3 isc_managers_create lib/isc/managers.c:33
#4 create_managers main.c:920
#5 setup main.c:1245
#6 main main.c:1548
SUMMARY: ThreadSanitizer: data race in __interceptor_recvmsg
```September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/2338Code coverage statistics graph not updated anymore2021-09-01T11:34:54ZMichal NowakCode coverage statistics graph not updated anymoreFrom "Code coverage statistics" [graph](https://gitlab.isc.org/isc-projects/bind9/-/graphs/main/charts) is apparent that code coverage stopped being reported to this graph around October 24.
Around that time 2dabf328c406036e012a9b0b30ed...From "Code coverage statistics" [graph](https://gitlab.isc.org/isc-projects/bind9/-/graphs/main/charts) is apparent that code coverage stopped being reported to this graph around October 24.
Around that time 2dabf328c406036e012a9b0b30ed952785565d51 was merged. Also, suspiciously, graphs label in full mentions the `master` (sic) branch: "Code coverage statistics for *master* Sep 05 - Dec 04", which was removed in June 2020.
Weirdly enough, the [gcov](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1345869) CI job on `main` passes and correctly reports: "Coverage: 77%", though the graph is not updated.October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2861Extend the doth system test with dig invocations doing name resolution agains...2021-09-01T10:43:40ZArtem BoldarievExtend the doth system test with dig invocations doing name resolution against an IPv6 addressCurrently the `doth` system test uses IPv4 addresses exclusively. We might want to extend it with `dig` invocations against a server listening on an IPv6 address. That should help preventing issues like #2858, #2860.Currently the `doth` system test uses IPv4 addresses exclusively. We might want to extend it with `dig` invocations against a server listening on an IPv6 address. That should help preventing issues like #2858, #2860.September 2021 (9.16.21, 9.16.21-S1, 9.17.18)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2877v9.17 cannot be compiled on a system without libnghttp2 library2021-09-01T10:37:04ZPetr Špačekpspacek@isc.orgv9.17 cannot be compiled on a system without libnghttp2 library### Summary
main branch cannot be compiled on a system without libnghttp2 library.
### BIND version used
00c376f34d6e4732e5bb68638db7fca488ae26d1
### Steps to reproduce
1. Start with a system without libnghttp2
2. Run ./configure '-...### Summary
main branch cannot be compiled on a system without libnghttp2 library.
### BIND version used
00c376f34d6e4732e5bb68638db7fca488ae26d1
### Steps to reproduce
1. Start with a system without libnghttp2
2. Run ./configure '--disable-doh'
3. Run make
### What is the current *bug* behavior?
Compilation fails:
```
main.c:104:10: fatal error: nghttp2/nghttp2.h: No such file or directory
104 | #include <nghttp2/nghttp2.h>
```
Also, it seems that `--with-libnghttp2=no` is not implied by `--disable-doh`, but using both switches at the same time does not fix the build.
### What is the expected *correct* behavior?
Compiles and works.September 2021 (9.16.21, 9.16.21-S1, 9.17.18)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/kea/-/issues/1333simple optimizations2021-09-01T10:28:43ZFrancis Dupontsimple optimizationsA set of simple optimizations (one by MR).A set of simple optimizations (one by MR).Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2891Missing parenthesis in the `atomic_load_explicit` macro2021-09-01T10:18:23ZArаm SаrgsyаnMissing parenthesis in the `atomic_load_explicit` macroThere are missing parenthesis in the definition of `atomic_load_explicit` macro in `lib/isc/win32/include/isc/stdatomic.h` which results of always evaluating to `sizeof(bool)` instead of getting the size of the actual expression.There are missing parenthesis in the definition of `atomic_load_explicit` macro in `lib/isc/win32/include/isc/stdatomic.h` which results of always evaluating to `sizeof(bool)` instead of getting the size of the actual expression.September 2021 (9.16.21, 9.16.21-S1, 9.17.18)