BIND issueshttps://gitlab.isc.org/isc-projects/bind9/-/issues2020-10-30T14:02:38Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2240Feature request: show transport protocol in dig(1) footer2020-10-30T14:02:38ZJP MensFeature request: show transport protocol in dig(1) footer### Description
I just stumbled over `dig(1)` using TCP by default for `ANY` requests, which is documented, but in the course of time I somehow forgot about that. Carsten came up with an idea I'd like to endorse: add the `Transport prot...### Description
I just stumbled over `dig(1)` using TCP by default for `ANY` requests, which is documented, but in the course of time I somehow forgot about that. Carsten came up with an idea I'd like to endorse: add the `Transport protocol` to the footer of `dig(1)`'s output.
### Request
What we'd like to see is the transport `dig(1)` has ultimately used for the query, somewhat along these lines:
```
;; Query time: 589 msec
;; SERVER: 172.22.1.8#53(172.22.1.8)
;; TRANSPORT: TCP
;; WHEN: Thu Oct 29 12:40:17 UTC 2020
;; MSG SIZE rcvd: 53
```
The transport would likely be one of `TCP`, `UDP`, `DoT`, or `DoH`.
### Links / referenceshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2238Fix back port issues: missing checks.2021-03-03T09:59:54ZMark AndrewsFix back port issues: missing checks.```
** CID 312923: Error handling issues (CHECKED_RETURN)
/lib/dns/zone.c: 11660 in create_query()
________________________________________________________________________________________________________
*** CID 312923: Error handli...```
** CID 312923: Error handling issues (CHECKED_RETURN)
/lib/dns/zone.c: 11660 in create_query()
________________________________________________________________________________________________________
*** CID 312923: Error handling issues (CHECKED_RETURN)
/lib/dns/zone.c: 11660 in create_query()
11654 dns_message_t **messagep) {
11655 dns_message_t *message = NULL;
11656 dns_name_t *qname = NULL;
11657 dns_rdataset_t *qrdataset = NULL;
11658 isc_result_t result;
11659
CID 312923: Error handling issues (CHECKED_RETURN)
Calling "dns_message_create" without checking return value (as is done elsewhere 17 out of 21 times).
11660 dns_message_create(zone->mctx, DNS_MESSAGE_INTENTRENDER, &message);
11661
11662 message->opcode = dns_opcode_query;
11663 message->rdclass = zone->rdclass;
11664
11665 result = dns_message_gettempname(message, &qname);
** CID 312922: Error handling issues (CHECKED_RETURN)
/lib/dns/zone.c: 11994 in stub_request_nameserver_address()
________________________________________________________________________________________________________
*** CID 312922: Error handling issues (CHECKED_RETURN)
/lib/dns/zone.c: 11994 in stub_request_nameserver_address()
11988 zone = args->stub->zone;
11989 request = isc_mem_get(zone->mctx, sizeof(*request));
11990 request->request = NULL;
11991 request->args = args;
11992 request->name = (dns_name_t)DNS_NAME_INITEMPTY;
11993 request->ipv4 = ipv4;
CID 312922: Error handling issues (CHECKED_RETURN)
Calling "dns_name_dup" without checking return value (as is done elsewhere 52 out of 60 times).
11994 dns_name_dup(name, zone->mctx, &request->name);
11995
11996 result = create_query(zone, ipv4 ? dns_rdatatype_a : dns_rdatatype_aaaa,
11997 &request->name, &message);
11998 INSIST(result == ISC_R_SUCCESS);
11999
```March 2021 (9.11.29, 9.11.29-S1, 9.16.13, 9.16.13-S1, 9.17.11)Diego dos Santos FronzaDiego dos Santos Fronzahttps://gitlab.isc.org/isc-projects/bind9/-/issues/2233catalog zone VERSION number in Bv9ARM doesn't match draft's version number2022-05-03T11:26:48ZJP Menscatalog zone VERSION number in Bv9ARM doesn't match draft's version numberI note that the VERSION.$CATZ number in the [Bv9ARM section on catalog zones](https://bind9.readthedocs.io/en/v9_16_7/advanced.html#catalog-zones) insinuates we should use
```
version.catalog.example. IN TXT "1"
```
However, the [d...I note that the VERSION.$CATZ number in the [Bv9ARM section on catalog zones](https://bind9.readthedocs.io/en/v9_16_7/advanced.html#catalog-zones) insinuates we should use
```
version.catalog.example. IN TXT "1"
```
However, the [draft](https://tools.ietf.org/html/draft-ietf-dnsop-dns-catalog-zones-00#section-4.2) specifies
> For this memo, the value of one of the RRs in the "version.$CATZ" TXT RRset MUST be setto "2", i.e.
```
version.$CATZ 0 IN TXT "2"
```
Our friends over at Knot DNS [say](https://www.knot-dns.cz/docs/3.0/html/configuration.html#catalog-zones)
> required to include version record `version 0 IN TXT "2"`
So, my question actually is: does BIND now support version 2 and the documentation could be adjusted, or does BIND effectively (in current versions) support version 1?https://gitlab.isc.org/isc-projects/bind9/-/issues/2230legacy system test fails intermittently2020-11-13T11:17:19ZMark Andrewslegacy system test fails intermittentlyJob [#1241880](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1241880) failed for 4f4a728dee3253d628f15e2bd902c88b69d1dd64:
```
I:legacy:checking recursive lookup to edns 512 server fails (16)
7549I:legacy:failed
```
The SOA record b...Job [#1241880](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1241880) failed for 4f4a728dee3253d628f15e2bd902c88b69d1dd64:
```
I:legacy:checking recursive lookup to edns 512 server fails (16)
7549I:legacy:failed
```
The SOA record being queried for is learnt via the AAAA response over TCP due to the UDP response setting tc=1.November 2020 (9.11.25, 9.11.25-S1, 9.16.9, 9.16.9-S1, 9.17.7)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2229Private file is temporarily invalid.2020-10-23T08:57:42ZMark AndrewsPrivate file is temporarily invalid.Job [#1237357](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1237357) failed for 6f89451d3ee3e466993f999c4b2e7802000cc0b4:
```
I:kasp:error: missing CDS record in response for key 46399
8327I:kasp:error: CDS RRset not signed with key...Job [#1237357](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1237357) failed for 6f89451d3ee3e466993f999c4b2e7802000cc0b4:
```
I:kasp:error: missing CDS record in response for key 46399
8327I:kasp:error: CDS RRset not signed with key 46399
8328I:kasp:error: missing CDNSKEY record in response for key 46399
8329I:kasp:error: CDNSKEY RRset not signed with key 46399
8330I:kasp:failed
```
```
22-Oct-2020 05:36:49.245 keymgr: examine KSK view-rsasha256.kasp/RSASHA256/46399 type DNSKEY in state OMNIPRESENT
22-Oct-2020 05:36:49.245 keymgr: KSK view-rsasha256.kasp/RSASHA256/46399 type DNSKEY in stable state OMNIPRESENT
22-Oct-2020 05:36:49.245 keymgr: examine KSK view-rsasha256.kasp/RSASHA256/46399 type KRRSIG in state OMNIPRESENT
22-Oct-2020 05:36:49.245 keymgr: KSK view-rsasha256.kasp/RSASHA256/46399 type KRRSIG in stable state OMNIPRESENT
22-Oct-2020 05:36:49.245 keymgr: examine KSK view-rsasha256.kasp/RSASHA256/46399 type DS in state OMNIPRESENT
22-Oct-2020 05:36:49.245 keymgr: KSK view-rsasha256.kasp/RSASHA256/46399 type DS in stable state OMNIPRESENT
22-Oct-2020 05:36:49.245 dns_dnssec_findzonekeys2: error reading ./Kview-rsasha256.kasp.+008+46399.private: end of file
22-Oct-2020 05:36:49.245 Fetching view-rsasha256.kasp/RSASHA256/6429 (ZSK) from key repository.
22-Oct-2020 05:36:49.245 zone view-rsasha256.kasp/IN/external-view (signed): sign_apex:dns__zone_findkeys -> end of file
22-Oct-2020 05:36:49.245 DNSKEY view-rsasha256.kasp/RSASHA256/6429 (ZSK) is now published
22-Oct-2020 05:36:49.245 zone_settimer: zone view-rsasha256.kasp/IN/external-view (signed): enter
22-Oct-2020 05:36:49.245 CDS for key view-rsasha256.kasp/RSASHA256/46399 is now published
22-Oct-2020 05:36:49.245 CDNSKEY for key view-rsasha256.kasp/RSASHA256/46399 is now published
22-Oct-2020 05:36:49.245 zone_journal: zone view-rsasha256.kasp/IN/internal-view (signed): enter
```https://gitlab.isc.org/isc-projects/bind9/-/issues/2225named-checkconf: Validate that A records contain valid IP address (e.g. not a...2020-10-22T03:50:17ZElijah Lynnnamed-checkconf: Validate that A records contain valid IP address (e.g. not a CNAME)### Description
Recently ran into an issue with `named` failing to start on a deployment which appears to be due to the following type of entry:
`example IN A example.com` (no trailing period either)
We discussed adding some val...### Description
Recently ran into an issue with `named` failing to start on a deployment which appears to be due to the following type of entry:
`example IN A example.com` (no trailing period either)
We discussed adding some validation which led us to the `named-checkconf` tool, as referenced in https://www.cyberciti.biz/tips/howto-linux-unix-check-dns-file-errors.html. The tool doesn't appear to check for valid IPs and I think it could be a good place to put this logic. I tested locally and it doesn't appear to catch an invalid IP for an A record.
### Request
Can we consider adding validation support for valid IP addresses for A records in `named-checkconf`?
### Links / referenceshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2223Core dump in rndc2020-12-03T10:09:17ZMark AndrewsCore dump in rndcJob [#1230583](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1230583) failed for a63ac933bb9116d374ca00cacf9444f8ff5f2cce:Job [#1230583](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1230583) failed for a63ac933bb9116d374ca00cacf9444f8ff5f2cce:December 2020 (9.11.26, 9.11.26-S1, 9.16.10, 9.16.10-S1, 9.17.8)https://gitlab.isc.org/isc-projects/bind9/-/issues/2217TLS offloading with DOH2021-02-03T16:10:01ZVicky Riskvicky@isc.orgTLS offloading with DOHApparently the https library we are using for DOH supports http. At least one user would like to be able to use a TLS proxy.
some reasons:
* certificate rotation - e.g. Apache or nginx proxy can use ACME to automate all the certificate...Apparently the https library we are using for DOH supports http. At least one user would like to be able to use a TLS proxy.
some reasons:
* certificate rotation - e.g. Apache or nginx proxy can use ACME to automate all the certificate dance
* client authentication - TLS client certs + augmenting HTTP headers with proxied-for information
* logging at HTTP level
* offload the TLS processing on a dedicated system to reduce the impact of TLS on the BIND server and to centralize the certificate mgmt
- [ ] Please test this to see if it works
- [ ] Please document that this is supported in the ARM
ref: https://support.isc.org/Ticket/ModifyLinks.html?id=16797February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2210BIND 9.11.19 dead lock2021-05-26T20:44:51Znanwn147929@alibaba-inc.comBIND 9.11.19 dead lock<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
Seems that BIND has a deadlock. and I don't find any related race condition issues, maybe it is a new issue?
### BIND version used
```
BIND 9.11.19-RedHat-9.11.10-20200601113814.alios7 (Extended Support Version) <id:905ec64>
running on Linux x86_64 3.10.0-327.ali2012.alios7.x86_64 #1 SMP Mon Oct 9 14:09:14 CST 2017
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-epoll' '--with-tuning=large' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-python=/home/tops/bin/python2.7' '--with-python-install-dir=/home/tops' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-4)
compiled with OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013
linked to OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
compiled with libxml2 version: 2.9.1
linked to libxml2 version: 20901
compiled with zlib version: 1.2.7
linked to zlib version: 1.2.7
threads support is enabled
default paths:
named configuration: /etc/named.conf
rndc configuration: /etc/rndc.conf
DNSSEC root key: /etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
```
### Steps to reproduce
Not clear.
### What is the current *bug* behavior?
BIND is hung.
### What is the expected *correct* behavior?
(What you should see instead.)
### Relevant configuration files
```
logging {
channel "default_debug" {
file "data/named.run";
severity dynamic;
};
};
options {
bindkeys-file "/etc/named.iscdlv.key";
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
listen-on port 53 {
127.0.0.1/32;
};
listen-on-v6 port 53 {
::1/128;
};
memstatistics-file "/var/named/data/named_mem_stats.txt";
statistics-file "/var/named/data/named_stats.txt";
dnssec-enable yes;
dnssec-lookaside auto;
dnssec-validation yes;
recursion yes;
allow-query {
"localhost";
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update {
"none";
};
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update {
"none";
};
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update {
"none";
};
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update {
"none";
};
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update {
"none";
};
};
```
### Relevant logs and/or screenshots
Pstack result as followed:
```
Thread 19 (Thread 0x7f8a3d2fa700 (LWP 20008)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafd4af in dispatch (manager=0x7f8a41514eb0) at task.c:1103
#2 run (uap=0x7f8a41514eb0) at task.c:1331
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 18 (Thread 0x7f8a3caf9700 (LWP 20009)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafd4af in dispatch (manager=0x7f8a41514eb0) at task.c:1103
#2 run (uap=0x7f8a41514eb0) at task.c:1331
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 17 (Thread 0x7f8a3c2f8700 (LWP 20010)):
#0 0x00007f8a3ee3251d in __lll_lock_wait () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3ee2de51 in _L_lock_1022 () from /usr/lib64/libpthread.so.0
#2 0x00007f8a3ee2ddf2 in pthread_mutex_lock () from /usr/lib64/libpthread.so.0
#3 0x00007f8a40e20cd5 in empty_bucket (res=0x7f87d17a14b8) at resolver.c:8910
#4 0x00007f8a40e26c51 in fctx_doshutdown (task=<optimized out>, event=<optimized out>) at resolver.c:4144
#5 0x00007f8a3fafd6bb in dispatch (manager=0x7f8a41514eb0) at task.c:1157
#6 run (uap=0x7f8a41514eb0) at task.c:1331
#7 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#8 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 16 (Thread 0x7f8a3baf7700 (LWP 20011)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafd4af in dispatch (manager=0x7f8a41514eb0) at task.c:1103
#2 run (uap=0x7f8a41514eb0) at task.c:1331
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 15 (Thread 0x7f8a3b2f6700 (LWP 20012)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafd4af in dispatch (manager=0x7f8a41514eb0) at task.c:1103
#2 run (uap=0x7f8a41514eb0) at task.c:1331
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 14 (Thread 0x7f8a3aaf5700 (LWP 20013)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafd4af in dispatch (manager=0x7f8a41514eb0) at task.c:1103
#2 run (uap=0x7f8a41514eb0) at task.c:1331
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 13 (Thread 0x7f8a3a2f4700 (LWP 20014)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafd4af in dispatch (manager=0x7f8a41514eb0) at task.c:1103
#2 run (uap=0x7f8a41514eb0) at task.c:1331
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 12 (Thread 0x7f8a39af3700 (LWP 20015)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafd4af in dispatch (manager=0x7f8a41514eb0) at task.c:1103
#2 run (uap=0x7f8a41514eb0) at task.c:1331
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 11 (Thread 0x7f8a392f2700 (LWP 20016)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafcc33 in isc__task_beginexclusive (task0=<optimized out>) at task.c:1757
#2 0x000000000046850b in load_configuration ()
#3 0x000000000046c1d5 in loadconfig ()
#4 0x000000000046c42e in ns_server_reconfigcommand ()
#5 0x00000000004373bd in ns_control_docommand ()
#6 0x000000000043a483 in control_recvmessage ()
#7 0x00007f8a3fafd6bb in dispatch (manager=0x7f8a41514eb0) at task.c:1157
#8 run (uap=0x7f8a41514eb0) at task.c:1331
#9 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#10 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 10 (Thread 0x7f8a38af1700 (LWP 20017)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafd4af in dispatch (manager=0x7f8a41514eb0) at task.c:1103
#2 run (uap=0x7f8a41514eb0) at task.c:1331
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 9 (Thread 0x7f8a382f0700 (LWP 20018)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafd4af in dispatch (manager=0x7f8a41514eb0) at task.c:1103
#2 run (uap=0x7f8a41514eb0) at task.c:1331
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 8 (Thread 0x7f8a37aef700 (LWP 20019)):
#0 0x00007f8a3ee3251d in __lll_lock_wait () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3ee2de51 in _L_lock_1022 () from /usr/lib64/libpthread.so.0
#2 0x00007f8a3ee2ddf2 in pthread_mutex_lock () from /usr/lib64/libpthread.so.0
#3 0x00007f8a40e253ee in dns_resolver_shutdown (res=0x7f87d17a14b8) at resolver.c:9399
#4 0x00007f8a40e650c9 in view_flushanddetach (viewp=<optimized out>, flush=<optimized out>) at view.c:601
#5 0x000000000042e387 in exit_check ()
#6 0x0000000000443310 in prefetch_done ()
#7 0x00007f8a3fafd6bb in dispatch (manager=0x7f8a41514eb0) at task.c:1157
#8 run (uap=0x7f8a41514eb0) at task.c:1331
#9 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#10 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 7 (Thread 0x7f8a372ee700 (LWP 20020)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafd4af in dispatch (manager=0x7f8a41514eb0) at task.c:1103
#2 run (uap=0x7f8a41514eb0) at task.c:1331
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 6 (Thread 0x7f8a36aed700 (LWP 20021)):
#0 0x00007f8a3ee3251d in __lll_lock_wait () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3ee2de51 in _L_lock_1022 () from /usr/lib64/libpthread.so.0
#2 0x00007f8a3ee2ddf2 in pthread_mutex_lock () from /usr/lib64/libpthread.so.0
#3 0x00007f8a40e20cd5 in empty_bucket (res=0x7f87d17a14b8) at resolver.c:8910
#4 0x00007f8a40d35d9a in fetch_callback (task=<optimized out>, ev=0x7f85a1732568) at adb.c:3868
#5 0x00007f8a3fafd6bb in dispatch (manager=0x7f8a41514eb0) at task.c:1157
#6 run (uap=0x7f8a41514eb0) at task.c:1331
#7 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#8 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 5 (Thread 0x7f8a362ec700 (LWP 20022)):
#0 0x00007f8a3ee3251d in __lll_lock_wait () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3ee2de51 in _L_lock_1022 () from /usr/lib64/libpthread.so.0
#2 0x00007f8a3ee2ddf2 in pthread_mutex_lock () from /usr/lib64/libpthread.so.0
#3 0x00007f8a40e62106 in dns_view_findzonecut2 (view=0x7f88f1f49240, name=name@entry=0x7f851fd3cd08, fname=fname@entry=0x7f8a362e9070, now=now@entry=0, options=0, use_hints=use_hints@entry=true, use_cache=use_cache@entry=true, rdataset=rdataset@entry=0x7f89103158e8, sigrdataset=sigrdataset@entry=0x0) at view.c:1295
#4 0x00007f8a40e625e8 in dns_view_findzonecut (view=<optimized out>, name=name@entry=0x7f851fd3cd08, fname=fname@entry=0x7f8a362e9070, now=now@entry=0, options=<optimized out>, use_hints=use_hints@entry=true, rdataset=rdataset@entry=0x7f89103158e8, sigrdataset=sigrdataset@entry=0x0) at view.c:1256
#5 0x00007f8a40e23b62 in fctx_create (res=res@entry=0x7f87d17a14b8, name=name@entry=0x7f851fd3cd08, type=type@entry=1, domain=0x7f8a362e9070, domain@entry=0x0, nameservers=nameservers@entry=0x0, client=client@entry=0x0, options=options@entry=32, bucketnum=bucketnum@entry=400, depth=depth@entry=2, qc=qc@entry=0xf7d4918, fctxp=fctxp@entry=0x7f8a362e9f98) at resolver.c:4454
#6 0x00007f8a40e25dd8 in dns_resolver_createfetch3 (res=<optimized out>, name=name@entry=0x7f851fd3cd08, type=type@entry=1, domain=domain@entry=0x0, nameservers=nameservers@entry=0x0, forwarders=forwarders@entry=0x0, client=client@entry=0x0, id=id@entry=0, options=options@entry=32, depth=depth@entry=2, qc=qc@entry=0xf7d4918, task=0x7f8930a85ae8, action=action@entry=0x7f8a40d35c90 <fetch_callback>, arg=arg@entry=0x7f851fd3cd00, rdataset=rdataset@entry=0x7f851fd39088, sigrdataset=sigrdataset@entry=0x0, fetchp=fetchp@entry=0x7f851fd39080) at resolver.c:9630
#7 0x00007f8a40d30269 in fetch_name (adbname=adbname@entry=0x7f851fd3cd00, start_at_zone=start_at_zone@entry=false, depth=depth@entry=2, qc=qc@entry=0xf7d4918, type=type@entry=1) at adb.c:4056
#8 0x00007f8a40d39dde in dns_adb_createfind2 (adb=0x7f851fd08aa0, task=0x7f89251db3f0, action=action@entry=0x7f8a40e2b4b0 <fctx_finddone>, arg=arg@entry=0x7f88eadec120, name=name@entry=0x7f8a362eadd0, qname=qname@entry=0x7f88eadec130, qtype=28, options=223, now=now@entry=1601867731, target=target@entry=0x0, port=53, depth=2, qc=0xf7d4918, findp=findp@entry=0x7f8a362ea8b8) at adb.c:3192
#9 0x00007f8a40e1f92d in findname (fctx=fctx@entry=0x7f88eadec120, name=name@entry=0x7f8a362eadd0, port=port@entry=0, options=<optimized out>, options@entry=31, flags=flags@entry=0, now=1601867731, overquota=overquota@entry=0x7f8a362ead70, need_alternate=need_alternate@entry=0x7f8a362ead57, no_addresses=no_addresses@entry=0x7f8a362ead5c) at resolver.c:3166
#10 0x00007f8a40e27ca2 in fctx_getaddresses (fctx=fctx@entry=0x7f88eadec120, badcache=badcache@entry=false) at resolver.c:3462
#11 0x00007f8a40e2a36a in fctx_try (fctx=0x7f88eadec120, retrying=<optimized out>, badcache=<optimized out>) at resolver.c:3819
#12 0x00007f8a40e2d994 in resquery_response (task=<optimized out>, event=<optimized out>) at resolver.c:8747
#13 0x00007f8a3fafd6bb in dispatch (manager=0x7f8a41514eb0) at task.c:1157
#14 run (uap=0x7f8a41514eb0) at task.c:1331
#15 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#16 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 4 (Thread 0x7f8a35aeb700 (LWP 20023)):
#0 0x00007f8a3ee2f995 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fafd4af in dispatch (manager=0x7f8a41514eb0) at task.c:1103
#2 run (uap=0x7f8a41514eb0) at task.c:1331
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 3 (Thread 0x7f8a352ea700 (LWP 20024)):
#0 0x00007f8a3ee2fd42 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib64/libpthread.so.0
#1 0x00007f8a3fb1a3c8 in isc_condition_waituntil (c=c@entry=0x7f8a4151c078, m=m@entry=0x7f8a4151c028, t=t@entry=0x7f8a4151c06c) at condition.c:59
#2 0x00007f8a3fb036b3 in run (uap=0x7f8a4151c010) at timer.c:811
#3 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#4 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 2 (Thread 0x7f8a34ae9700 (LWP 20025)):
#0 0x00007f8a3e7ec183 in epoll_wait () from /usr/lib64/libc.so.6
#1 0x00007f8a3fb112f6 in watcher (uap=0x7f8a4151e010) at socket.c:4302
#2 0x00007f8a3ee2be25 in start_thread () from /usr/lib64/libpthread.so.0
#3 0x00007f8a3e7ebbad in clone () from /usr/lib64/libc.so.6
Thread 1 (Thread 0x7f8a41555840 (LWP 20007)):
#0 0x00007f8a3e7235f2 in sigsuspend () from /usr/lib64/libc.so.6
#1 0x00007f8a3fb04f00 in isc__app_ctxrun (ctx0=ctx0@entry=0x7f8a3fd38dc0 <isc_g_appctx>) at app.c:723
#2 0x00007f8a3fb0515c in isc__app_run () at app.c:756
#3 0x00007f8a3fb05a30 in isc_app_run () at ../app_api.c:207
#4 0x000000000042a905 in main ()
```
### Possible fixes
(If you can, link to the line of code that might be responsible for the
problem.)https://gitlab.isc.org/isc-projects/bind9/-/issues/2205Replace deprecated code in python tests2020-10-09T07:57:00ZMark AndrewsReplace deprecated code in python testsThe following warning is being issued.
```
D:statschannel:/usr/lib/python3/dist-packages/requests_toolbelt/_compat.py:11: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated...The following warning is being issued.
```
D:statschannel:/usr/lib/python3/dist-packages/requests_toolbelt/_compat.py:11: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated since Python 3.3, and in 3.9 it will stop working
```November 2020 (9.11.25, 9.11.25-S1, 9.16.9, 9.16.9-S1, 9.17.7)https://gitlab.isc.org/isc-projects/bind9/-/issues/2200The fuzzer dns_message_parse.c is leaking memory.2020-10-07T09:00:14ZMark AndrewsThe fuzzer dns_message_parse.c is leaking memory.Job [#1203280](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1203280) failed for f0a66cb5aadd741c799f80079a86389d0423c3a3:
```
==12100==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1017 byte(s) in 9 object(s) allocated...Job [#1203280](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1203280) failed for f0a66cb5aadd741c799f80079a86389d0423c3a3:
```
==12100==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1017 byte(s) in 9 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a7d7 in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:451:11
#6 0x7f7780ad7c5a in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2029:4
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c6e409 in towire_ptr /builds/isc-projects/bind9/lib/dns/./rdata/generic/ptr_12.c:105:10
#9 0x7f7780c67f9a in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Direct leak of 904 byte(s) in 8 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a7d7 in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:451:11
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c78caa in towire_nsec /builds/isc-projects/bind9/lib/dns/./rdata/generic/nsec_47.c:112:2
#9 0x7f7780c6826a in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Direct leak of 339 byte(s) in 3 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a7d7 in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:451:11
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c6e409 in towire_ptr /builds/isc-projects/bind9/lib/dns/./rdata/generic/ptr_12.c:105:10
#9 0x7f7780c67f9a in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Direct leak of 113 byte(s) in 1 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a7d7 in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:451:11
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c78689 in towire_rrsig /builds/isc-projects/bind9/lib/dns/./rdata/generic/rrsig_46.c:350:2
#9 0x7f7780c67aea in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 6667 byte(s) in 59 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a7d7 in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:451:11
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c78689 in towire_rrsig /builds/isc-projects/bind9/lib/dns/./rdata/generic/rrsig_46.c:350:2
#9 0x7f7780c67aea in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 5537 byte(s) in 49 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a7d7 in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:451:11
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c78caa in towire_nsec /builds/isc-projects/bind9/lib/dns/./rdata/generic/nsec_47.c:112:2
#9 0x7f7780c6826a in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 1140 byte(s) in 57 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a50d in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:417:9
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c78689 in towire_rrsig /builds/isc-projects/bind9/lib/dns/./rdata/generic/rrsig_46.c:350:2
#9 0x7f7780c67aea in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 1017 byte(s) in 9 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a7d7 in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:451:11
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c6e409 in towire_ptr /builds/isc-projects/bind9/lib/dns/./rdata/generic/ptr_12.c:105:10
#9 0x7f7780c67f9a in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 903 byte(s) in 27 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a50d in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:417:9
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c78caa in towire_nsec /builds/isc-projects/bind9/lib/dns/./rdata/generic/nsec_47.c:112:2
#9 0x7f7780c6826a in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 678 byte(s) in 6 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a7d7 in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:451:11
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c74f5e in towire_in_srv /builds/isc-projects/bind9/lib/dns/./rdata/in_1/srv_33.c:192:10
#9 0x7f7780c67e05 in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 452 byte(s) in 4 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a7d7 in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:451:11
#6 0x7f7780ad7c5a in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2029:4
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c6e409 in towire_ptr /builds/isc-projects/bind9/lib/dns/./rdata/generic/ptr_12.c:105:10
#9 0x7f7780c67f9a in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 392 byte(s) in 13 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a50d in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:417:9
#6 0x7f7780ad7c5a in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2029:4
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c6e409 in towire_ptr /builds/isc-projects/bind9/lib/dns/./rdata/generic/ptr_12.c:105:10
#9 0x7f7780c67f9a in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 254 byte(s) in 6 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a50d in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:417:9
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c6e409 in towire_ptr /builds/isc-projects/bind9/lib/dns/./rdata/generic/ptr_12.c:105:10
#9 0x7f7780c67f9a in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 226 byte(s) in 2 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a7d7 in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:451:11
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c7640f in towire_in_kx /builds/isc-projects/bind9/lib/dns/./rdata/in_1/kx_36.c:121:10
#9 0x7f7780c67c00 in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 226 byte(s) in 2 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a7d7 in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:451:11
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c77266 in towire_dname /builds/isc-projects/bind9/lib/dns/./rdata/generic/dname_39.c:93:10
#9 0x7f7780c68256 in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 33 byte(s) in 1 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a50d in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:417:9
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c7640f in towire_in_kx /builds/isc-projects/bind9/lib/dns/./rdata/in_1/kx_36.c:121:10
#9 0x7f7780c67c00 in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 29 byte(s) in 1 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a50d in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:417:9
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c74f5e in towire_in_srv /builds/isc-projects/bind9/lib/dns/./rdata/in_1/srv_33.c:192:10
#9 0x7f7780c67e05 in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
Indirect leak of 27 byte(s) in 1 object(s) allocated from:
#0 0x496b2d in malloc (/builds/isc-projects/bind9/fuzz/.libs/dns_message_parse+0x496b2d)
#1 0x7f77819380f0 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713:8
#2 0x7f7781928251 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622:8
#3 0x7f77819382c7 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044:9
#4 0x7f7781921460 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432:10
#5 0x7f778086a50d in dns_compress_add /builds/isc-projects/bind9/lib/dns/compress.c:417:9
#6 0x7f7780ad7820 in dns_name_towire2 /builds/isc-projects/bind9/lib/dns/name.c:2047:3
#7 0x7f7780ad6b5a in dns_name_towire /builds/isc-projects/bind9/lib/dns/name.c:1930:10
#8 0x7f7780c77266 in towire_dname /builds/isc-projects/bind9/lib/dns/./rdata/generic/dname_39.c:93:10
#9 0x7f7780c68256 in dns_rdata_towire /builds/isc-projects/bind9/lib/dns/rdata.c:804:2
#10 0x7f7780d837b3 in towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:492:13
#11 0x7f7780d824f5 in dns_rdataset_towiresorted /builds/isc-projects/bind9/lib/dns/rdataset.c:554:10
#12 0x7f7780a2329c in dns_message_rendersection /builds/isc-projects/bind9/lib/dns/message.c:2129:15
#13 0x4c776f in render_message /builds/isc-projects/bind9/fuzz/dns_message_parse.c:119:2
#14 0x4c6582 in LLVMFuzzerTestOneInput /builds/isc-projects/bind9/fuzz/dns_message_parse.c:164:11
#15 0x4c8614 in test_one_file /builds/isc-projects/bind9/fuzz/main.c:51:3
#16 0x4c88f8 in test_all_from /builds/isc-projects/bind9/fuzz/main.c:87:3
#17 0x4c80bd in main /builds/isc-projects/bind9/fuzz/main.c:123:2
#18 0x7f777fdcf09a in __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: 19954 byte(s) leaked in 258 allocation(s).
FAIL dns_message_parse (exit status: 134)
```October 2020 (9.11.24, 9.11.24-S1, 9.16.8, 9.16.8-S1, 9.17.6)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2199assertions.c:112:2: warning: ‘%s’ directive argument is null2020-10-07T09:34:47ZMichal Nowakassertions.c:112:2: warning: ‘%s’ directive argument is nullOn `v9_11` compiling with `--without-dlopen` produces warning:
```
gcc -I/home/newman/isc/ws/bind9-private -I../.. -I./unix/include -I./pthreads/include -I./x86_32/include -I./include -I./include -I/home/newman/isc/ws/bind9-private/lib...On `v9_11` compiling with `--without-dlopen` produces warning:
```
gcc -I/home/newman/isc/ws/bind9-private -I../.. -I./unix/include -I./pthreads/include -I./x86_32/include -I./include -I./include -I/home/newman/isc/ws/bind9-private/lib/dns/include -I../../lib/dns/include -D_REENTRANT -DOPENSSL -DPK11_LIB_LOCATION=\"undefined\" -D_GNU_SOURCE -g -O2 -I/usr/include/libxml2 -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing -fno-delete-null-pointer-checks -c assertions.c
assertions.c: In function ‘default_callback’:
assertions.c:112:2: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
112 | fprintf(stderr, "%s:%d: %s(%s) %s%s\n",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
113 | file, line, isc_assertion_typetotext(type), cond,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
114 | isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
115 | ISC_MSG_FAILED, "failed"), logsuffix);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
assertions.c:112:2: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
```October 2020 (9.11.24, 9.11.24-S1, 9.16.8, 9.16.8-S1, 9.17.6)https://gitlab.isc.org/isc-projects/bind9/-/issues/2192TSAN error accessing listener->connections2020-10-02T08:48:36ZMark AndrewsTSAN error accessing listener->connectionsJob [#1191892](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1191892) failed for cdd9852447067a0ec4841ff3ffbd326ad03bb5a7:
```
WARNING: ThreadSanitizer: data race
Write of size 8 at 0x000000000001 by thread T1:
#0 conn_reset b...Job [#1191892](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1191892) failed for cdd9852447067a0ec4841ff3ffbd326ad03bb5a7:
```
WARNING: ThreadSanitizer: data race
Write of size 8 at 0x000000000001 by thread T1:
#0 conn_reset bin/named/controlconf.c:574
#1 isc_nmhandle_detach netmgr/netmgr.c:1257
#2 isc__nm_uvreq_put netmgr/netmgr.c:1389
#3 tcp_send_cb netmgr/tcp.c:1030
#4 <null> <null>
#5 <null> <null>
Previous read of size 8 at 0x000000000001 by thread T2:
#0 conn_reset bin/named/controlconf.c:574
#1 isc_nmhandle_detach netmgr/netmgr.c:1257
#2 control_recvmessage bin/named/controlconf.c:556
#3 recv_data lib/isccc/ccmsg.c:110
#4 isc__nm_tcp_shutdown netmgr/tcp.c:1161
#5 shutdown_walk_cb netmgr/netmgr.c:1511
#6 uv_walk <null>
#7 process_queue netmgr/netmgr.c:656
#8 process_normal_queue netmgr/netmgr.c:582
#9 process_queues netmgr/netmgr.c:590
#10 async_cb netmgr/netmgr.c:548
#11 <null> <null>
#12 <null> <null>
Location is heap block of size 265 at 0x000000000017 allocated by thread T3:
#0 malloc <null>
#1 default_memalloc lib/isc/mem.c:713
#2 mem_get lib/isc/mem.c:622
#3 isc___mem_get lib/isc/mem.c:1044
#4 isc__mem_get lib/isc/mem.c:2432
#5 add_listener bin/named/controlconf.c:1127
#6 named_controls_configure bin/named/controlconf.c:1324
#7 load_configuration bin/named/server.c:9181
#8 run_server bin/named/server.c:9819
#9 dispatch lib/isc/task.c:1152
#10 run lib/isc/task.c:1344
#11 <null> <null>
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create pthreads/thread.c:73
#2 isc_nm_start netmgr/netmgr.c:232
#3 create_managers bin/named/main.c:909
#4 setup bin/named/main.c:1223
#5 main bin/named/main.c:1523
Thread T2 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create pthreads/thread.c:73
#2 isc_nm_start netmgr/netmgr.c:232
#3 create_managers bin/named/main.c:909
#4 setup bin/named/main.c:1223
#5 main bin/named/main.c:1523
Thread T3 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create pthreads/thread.c:73
#2 isc_taskmgr_create lib/isc/task.c:1434
#3 create_managers bin/named/main.c:915
#4 setup bin/named/main.c:1223
#5 main bin/named/main.c:1523
SUMMARY: ThreadSanitizer: data race bin/named/controlconf.c:574 in conn_reset
```October 2020 (9.11.24, 9.11.24-S1, 9.16.8, 9.16.8-S1, 9.17.6)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2188Bug in message.c:673: ENSURE(isc_mempool_getallocated(msg->namepool) == 0) fa...2024-03-22T08:14:06ZFstarkBug in message.c:673: ENSURE(isc_mempool_getallocated(msg->namepool) == 0) failed<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
message.c:673: ENSURE(isc_mempool_getallocated(msg->namepool) == 0) failed, back trace
```
test@test:~/bind9/collect$ ./dns_message_parse_fuzzer id\:000000\,sig\:06\,src\:002736+001626\,time\:192782276\,op\:splice\,rep\:128
INFO: Seed: 1666455395
INFO: Loaded 1 modules (61310 inline 8-bit counters): 61310 [0x100d2b0, 0x101c22e),
INFO: Loaded 1 PC tables (61310 PCs): 61310 [0x101c230,0x110ba10),
./dns_message_parse_fuzzer: Running 1 inputs 1 time(s) each.
Running: id:000000,sig:06,src:002736+001626,time:192782276,op:splice,rep:128
message.c:673: ENSURE(isc_mempool_getallocated(msg->namepool) == 0) failed, back trace
./dns_message_parse_fuzzer() [0xab474a]
./dns_message_parse_fuzzer() [0xab43d0]
./dns_message_parse_fuzzer() [0xab422a]
./dns_message_parse_fuzzer() [0x566c5f]
./dns_message_parse_fuzzer() [0x566da7]
./dns_message_parse_fuzzer() [0x551bc4]
./dns_message_parse_fuzzer() [0x550f98]
./dns_message_parse_fuzzer() [0x45a0c2]
./dns_message_parse_fuzzer() [0x445843]
./dns_message_parse_fuzzer() [0x44b89f]
./dns_message_parse_fuzzer() [0x473213]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0x7f0090f5eb97]
./dns_message_parse_fuzzer() [0x41fed9]
==23768== ERROR: libFuzzer: deadly signal
#0 0x527611 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:86:3
#1 0x472a38 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
#2 0x458b63 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:232:3
#3 0x7f009196489f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1289f)
#4 0x7f0090f7bf46 in __libc_signal_restore_set /build/glibc-2ORdQG/glibc-2.27/signal/../sysdeps/unix/sysv/linux/nptl-signals.h:80
#5 0x7f0090f7bf46 in gsignal /build/glibc-2ORdQG/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:48
#6 0x7f0090f7d8b0 in abort /build/glibc-2ORdQG/glibc-2.27/stdlib/abort.c:79
#7 0xab4233 in isc_assertion_failed /src/bind9/lib/isc/assertions.c:47:2
#8 0x566c5e in msgreset /src/bind9/lib/dns/message.c:673:2
#9 0x566da6 in dns_message_destroy /src/bind9/lib/dns/message.c:801:2
#10 0x551bc3 in render_message /src/bind9/fuzz/dns_message_parse.c:131:2
#11 0x550f97 in LLVMFuzzerTestOneInput /src/bind9/fuzz/dns_message_parse.c:162:11
#12 0x45a0c1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:558:15
#13 0x445842 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:296:6
#14 0x44b89e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:796:9
#15 0x473212 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#16 0x7f0090f5eb96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310
#17 0x41fed8 in _start (/home/test/bind9/collect/dns_message_parse_fuzzer+0x41fed8)
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
```
### BIND version used
master-git
### Steps to reproduce
./fuzzer POC
[bind9.zip](/uploads/58bf9e655b37622954937535b1e69bd6/bind9.zip)
### What is the current *bug* behavior?
crash
### Relevant logs and/or screenshots
File in zip
### Possible fixes
(If you can, link to the line of code that might be responsible for the
problem.)October 2020 (9.11.24, 9.11.24-S1, 9.16.8, 9.16.8-S1, 9.17.6)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2187Release Checklist for BIND 9.11.24, BIND 9.11.24-S1, BIND 9.16.8, BIND 9.16.8...2020-10-28T16:58:10ZMichał KępieńRelease Checklist for BIND 9.11.24, BIND 9.11.24-S1, BIND 9.16.8, BIND 9.16.8-S1, BIND 9.17.6## Release Schedule
**Code Freeze:** Wednesday, October 7th, 2020
**Tagging Deadline:** Monday, October 12th, 2020
**Public Release:** Wednesday, October 21st, 2020
## Release Checklist
### Before the Code Freeze
- [x] ***(QA)*** ...## Release Schedule
**Code Freeze:** Wednesday, October 7th, 2020
**Tagging Deadline:** Monday, October 12th, 2020
**Public Release:** Wednesday, October 21st, 2020
## Release Checklist
### Before the Code Freeze
- [x] ***(QA)*** Inform Support and Marketing of impending release (and give estimated release dates).
- [x] ***(QA)*** Ensure there are no permanent test failures on any platform.
- [x] ***(QA)*** Check Perflab to ensure there has been no unexplained drop in performance for the versions being released.
- [x] ***(QA)*** Check whether all issues assigned to the release milestone are resolved[^1].
- [x] ***(QA)*** Ensure that there are no outstanding merge requests in the private repository[^1] (Subscription Edition only).
- [x] ***(QA)*** Ensure all merge requests marked for backporting have been indeed backported.
### Before the Tagging Deadline
- [x] ***(QA)*** Look for outstanding documentation issues (e.g. `CHANGES` mistakes) and address them if any are found.
- [x] ***(QA)*** Ensure release notes are correct, ask Support and Marketing to check them as well.
- [x] ***(Support)*** Check release notes, ask QA to correct any mistakes found.
- [x] ***(Marketing)*** Check release notes, ask QA to correct any mistakes found.
- [x] ***(SwEng)*** Update API files for libraries with new version information.
- [x] ***(SwEng)*** Change software version and library versions in `configure.ac` (new major release only).
- [x] ***(SwEng)*** Rebuild `configure` using Autoconf on `docs.isc.org`.
- [x] ***(SwEng)*** Update `CHANGES`.
- [x] ***(SwEng)*** Update `CHANGES.SE` (Subscription Edition only).
- [x] ***(SwEng)*** Update `README.md`.
- [x] ***(SwEng)*** Update `version`.
- [x] ***(SwEng)*** Build documentation on `docs.isc.org`.
- [x] ***(QA)*** Check that all the above steps were performed correctly.
- [x] ***(QA)*** Check that the formatting is correct for text, PDF, and HTML versions of release notes.
- [x] ***(SwEng)*** Tag the releases[^2]. (Tags may only be pushed to the public repository for releases which are *not* security releases.)
- [x] ***(SwEng)*** If this is the first tag for a release (e.g. beta), create a release branch named `release_v9_X_Y` to allow development to continue on the maintenance branch whilst release engineering continues.
### Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases)
- [x] ***(QA)*** Verify GitLab CI results for the tags created and prepare a QA report for the releases to be published.
- [x] ***(QA)*** Request signatures for the tarballs, providing their location and checksums.
- [x] ***(Signers)*** Validate tarball checksums, sign tarballs, and upload signatures.
- [x] ***(QA)*** Verify tarball signatures and check tarball checksums again.
- [x] ***(Support)*** Pre-publish ASN and/or Subscription Edition tarballs so that packages can be built.
- [x] ***(QA)*** Build and test ASN and/or Subscription Edition packages.
- [x] ***(QA)*** Notify Support that the releases have been prepared.
- [x] ***(Support)*** Send out ASNs (if applicable).
### On the Day of Public Release
- [x] ***(Support)*** Wait for clearance from Security Officer to proceed with the public release (if applicable).
- [x] ***(Support)*** Place tarballs in public location on FTP site.
- [x] ***(Support)*** Publish links to downloads on ISC website.
- [x] ***(Support)*** Write release email to *bind-announce*.
- [x] ***(Support)*** Write email to *bind-users* (if a major release).
- [x] ***(Support)*** Send eligible customers updated links to the Subscription Edition.
- [x] ***(Support)*** Update tickets in case of waiting support customers.
- [x] ***(QA)*** Build and test any outstanding private packages.
- [x] ***(QA)*** Build public packages (`*.deb`, RPMs).
- [x] ***(QA)*** Inform Marketing of the release.
- [x] ***(QA)*** Update the internal [BIND release dates wiki page](https://wiki.isc.org/bin/view/Main/BindReleaseDates) when public announcement has been made.
- [x] ***(Marketing)*** Post short note to Twitter.
- [x] ***(Marketing)*** Update [Wikipedia entry for BIND](https://en.wikipedia.org/wiki/BIND).
- [x] ***(Marketing)*** Write blog article (if a major release).
- [x] ***(QA)*** Ensure all new tags are annotated and signed.
- [x] ***(SwEng)*** Merge the automatically prepared `prep 9.X.Y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_X`).
- [x] ***(SwEng)*** Push tags for the published releases to the public repository.
- [x] ***(QA)*** For each maintained branch, update the `BIND_BASELINE_VERSION` variable for the `abi-check` job in `.gitlab-ci.yml` to the latest published BIND version tag for a given branch.
- [x] ***(QA)*** Prepare empty release notes for the next set of releases.
- [x] ***(QA)*** Sanitize all confidential issues assigned to the release milestone and make them public.
- [x] ***(QA)*** Update QA tools used in GitLab CI (e.g. Flake8, PyLint) by modifying the relevant `Dockerfile`.
[^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
[^2]: Preferred command line: `git tag -u <DEVELOPER_KEYID> -a -s -m "BIND 9.X.Y[alphatag]" v9_X_Y[alphatag]`, where `[alphatag]` is an optional string such as `b1`, `rc1`, etc.October 2020 (9.11.24, 9.11.24-S1, 9.16.8, 9.16.8-S1, 9.17.6)Michał KępieńMichał Kępień2020-10-21https://gitlab.isc.org/isc-projects/bind9/-/issues/2181Follow-up from "Draft: Resolve "ThreadSanitizer: lock-order-inversion (potent...2021-03-04T14:18:10ZMark AndrewsFollow-up from "Draft: Resolve "ThreadSanitizer: lock-order-inversion (potential deadlock) in pthread_mutex_lock""The following discussion from !4150 should be addressed:
- [ ] @ondrej started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4150#note_164756): (+7 comments)
> Since this is the destroy code protected b...The following discussion from !4150 should be addressed:
- [ ] @ondrej started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4150#note_164756): (+7 comments)
> Since this is the destroy code protected by the reference counter, why do we need the lock at all here?https://gitlab.isc.org/isc-projects/bind9/-/issues/2175Double call to pkcs_C_DestroyObject?2020-09-21T07:02:39ZMark AndrewsDouble call to pkcs_C_DestroyObject?Job [#1167823](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1167823) failed for 469b4aeca03f02c2728c886bbbbaaf28e6e06ee8:Job [#1167823](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1167823) failed for 469b4aeca03f02c2728c886bbbbaaf28e6e06ee8:October 2020 (9.11.24, 9.11.24-S1, 9.16.8, 9.16.8-S1, 9.17.6)https://gitlab.isc.org/isc-projects/bind9/-/issues/2172dnssec-policy behaviour for algorithm 15 keys different to algorithm 8 keys2020-10-12T08:04:41ZMichael Glanznigdnssec-policy behaviour for algorithm 15 keys different to algorithm 8 keys<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
The new dnssec-policy seems to rollover KSKs of algorithm 15 even if no rollover is due according to the policy. Keys of algorithm 8 seem to work correctly. For KSKs and ZSKs also a lot of rollovers were generated for algorithm 15 keys after first rollout of the policy. This did not happen with algorithm 8 keys.
### BIND version used
```
BIND 9.16.7-Ubuntu (Stable Release) <id:6fd3eb7>
running on Linux x86_64 4.15.0-117-generic #118-Ubuntu SMP Fri Sep 4 20:02:41 UTC 2020
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-libjson-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-HlagpL/bind9-9.16.7=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 7.5.0
compiled with OpenSSL version: OpenSSL 1.1.1 11 Sep 2018
linked to OpenSSL version: OpenSSL 1.1.1 11 Sep 2018
compiled with libuv version: 1.38.1
linked to libuv version: 1.38.1
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
compiled with json-c version: 0.12.1
linked to json-c version: 0.12.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.3.2
compiled with protobuf-c version: 1.3.1
linked to protobuf-c version: 1.3.1
threads support is enabled
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
Have two DNSSEC signed zones which are currently managed with `auto-dnssec maintain` and `inline-signing yes`. Both zones are used in a split-horizon setup and use a internal and external view. Both views use DNSSEC. One zone uses algorithm 8 for ZSK and KSK while the other zone uses algorithm 15. Keys are managed manually and have no expiry dates set. Both keys are 6 months old. Change the zones to use a dnssec-policy instead where according to the policy a ZSK rollover would be due. For policies I used see [named.conf.policy](/uploads/e280b5c6a732ebb8e87c61efbda44200/named.conf.policy).
### What is the current *bug* behavior?
The above linked policies limit the KSK validity to one year and the ZSK to 3 months. Hence the ZSKs are due for rollover, but the KSKs aren't. This works well for algorithm 8 keys. The KSK stays untouched and a new ZSK is created while the old one is retired.
State files of keys:
```
; This is the state of key 10740, for REDACTED.
Algorithm: 8
Length: 1024
Lifetime: 8035200
Predecessor: 54528
KSK: no
ZSK: yes
Generated: 20200920175000 (Sun Sep 20 17:50:00 2020)
Published: 20200920175000 (Sun Sep 20 17:50:00 2020)
Active: 20200920185500 (Sun Sep 20 18:55:00 2020)
Retired: 20201222185500 (Tue Dec 22 18:55:00 2020)
Removed: 20210101200000 (Fri Jan 1 20:00:00 2021)
DNSKEYChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
ZRRSIGChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
DNSKEYState: rumoured
ZRRSIGState: rumoured
GoalState: omnipresent
; This is the state of key 39460, for REDACTED.
Algorithm: 8
Length: 2048
Lifetime: 31536000
KSK: yes
ZSK: no
Generated: 20200307174149 (Sat Mar 7 17:41:49 2020)
Published: 20200307174149 (Sat Mar 7 17:41:49 2020)
Active: 20200307174149 (Sat Mar 7 17:41:49 2020)
Retired: 20210307174149 (Sun Mar 7 17:41:49 2021)
Removed: 20210308214149 (Mon Mar 8 21:41:49 2021)
PublishCDS: 20200308184649 (Sun Mar 8 18:46:49 2020)
DNSKEYChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
KRRSIGChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
DSChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
DNSKEYState: omnipresent
KRRSIGState: omnipresent
DSState: hidden
GoalState: omnipresent
; This is the state of key 54528, for REDACTED.
Algorithm: 8
Length: 1024
Lifetime: 8035200
Successor: 10740
KSK: no
ZSK: yes
Generated: 20200307174138 (Sat Mar 7 17:41:38 2020)
Published: 20200307184138 (Sat Mar 7 18:41:38 2020)
Active: 20200307184138 (Sat Mar 7 18:41:38 2020)
Retired: 20200608184138 (Mon Jun 8 18:41:38 2020)
Removed: 20200618194638 (Thu Jun 18 19:46:38 2020)
DNSKEYChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
ZRRSIGChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
DNSKEYState: hidden
ZRRSIGState: unretentive
GoalState: hidden
```
However, for the algorithm 15 zone also the KSK is rolled over and a lot of transitions are generated. Again the state files:
```
; This is the state of key 1385, for REDACTED.
Algorithm: 15
Length: 256
Lifetime: 31536000
KSK: yes
ZSK: no
Generated: 20200920175500 (Sun Sep 20 17:55:00 2020)
Published: 20200920175500 (Sun Sep 20 17:55:00 2020)
Active: 20200920175500 (Sun Sep 20 17:55:00 2020)
Retired: 20200920175500 (Sun Sep 20 17:55:00 2020)
Removed: 20200921005500 (Mon Sep 21 00:55:00 2020)
PublishCDS: 20200921190000 (Mon Sep 21 19:00:00 2020)
DNSKEYChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
KRRSIGChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
DSChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
DNSKEYState: unretentive
KRRSIGState: unretentive
DSState: hidden
GoalState: hidden
; This is the state of key 10893, for REDACTED.
Algorithm: 15
Length: 256
Lifetime: 8035200
KSK: no
ZSK: yes
Generated: 20200920175500 (Sun Sep 20 17:55:00 2020)
Published: 20200920175500 (Sun Sep 20 17:55:00 2020)
Active: 20200920175500 (Sun Sep 20 17:55:00 2020)
Retired: 20200920175500 (Sun Sep 20 17:55:00 2020)
Removed: 20200930190000 (Wed Sep 30 19:00:00 2020)
DNSKEYChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
ZRRSIGChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
DNSKEYState: unretentive
ZRRSIGState: unretentive
GoalState: hidden
; This is the state of key 14222, for REDACTED.
Algorithm: 15
Length: 256
KSK: yes
ZSK: no
Generated: 20200223141731 (Sun Feb 23 14:17:31 2020)
Published: 20200223141731 (Sun Feb 23 14:17:31 2020)
Active: 20200223141731 (Sun Feb 23 14:17:31 2020)
Retired: 20200920175000 (Sun Sep 20 17:50:00 2020)
Removed: 20200921005000 (Mon Sep 21 00:50:00 2020)
DNSKEYChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
KRRSIGChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
DSChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
DNSKEYState: hidden
KRRSIGState: hidden
DSState: hidden
GoalState: hidden
; This is the state of key 14939, for REDACTED.
Algorithm: 15
Length: 256
Lifetime: 8035200
KSK: no
ZSK: yes
Generated: 20200920175000 (Sun Sep 20 17:50:00 2020)
Published: 20200920175000 (Sun Sep 20 17:50:00 2020)
Active: 20200920175000 (Sun Sep 20 17:50:00 2020)
Retired: 20200920175000 (Sun Sep 20 17:50:00 2020)
Removed: 20200930185500 (Wed Sep 30 18:55:00 2020)
DNSKEYChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
ZRRSIGChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
DNSKEYState: unretentive
ZRRSIGState: unretentive
GoalState: hidden
; This is the state of key 46932, for REDACTED.
Algorithm: 15
Length: 256
Lifetime: 8035200
KSK: no
ZSK: yes
Generated: 20200920175000 (Sun Sep 20 17:50:00 2020)
Published: 20200920175000 (Sun Sep 20 17:50:00 2020)
Active: 20200920175000 (Sun Sep 20 17:50:00 2020)
Retired: 20200920175500 (Sun Sep 20 17:55:00 2020)
Removed: 20200930190000 (Wed Sep 30 19:00:00 2020)
DNSKEYChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
ZRRSIGChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
DNSKEYState: unretentive
ZRRSIGState: unretentive
GoalState: hidden
; This is the state of key 47719, for REDACTED.
Algorithm: 15
Length: 256
Lifetime: 31536000
KSK: yes
ZSK: no
Generated: 20200920175500 (Sun Sep 20 17:55:00 2020)
Published: 20200920175500 (Sun Sep 20 17:55:00 2020)
Active: 20200920175500 (Sun Sep 20 17:55:00 2020)
Retired: 20210920175500 (Mon Sep 20 17:55:00 2021)
Removed: 20210921005500 (Tue Sep 21 00:55:00 2021)
PublishCDS: 20200921190000 (Mon Sep 21 19:00:00 2020)
DNSKEYChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
KRRSIGChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
DSChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
DNSKEYState: rumoured
KRRSIGState: rumoured
DSState: hidden
GoalState: omnipresent
; This is the state of key 58697, for REDACTED.
Algorithm: 15
Length: 256
Length: 256
Lifetime: 8035200
KSK: no
ZSK: yes
Generated: 20200920175500 (Sun Sep 20 17:55:00 2020)
Published: 20200920175500 (Sun Sep 20 17:55:00 2020)
Active: 20200920175500 (Sun Sep 20 17:55:00 2020)
Retired: 20201222175500 (Tue Dec 22 17:55:00 2020)
Removed: 20210101190000 (Fri Jan 1 19:00:00 2021)
DNSKEYChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
ZRRSIGChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
DNSKEYState: rumoured
ZRRSIGState: rumoured
GoalState: omnipresent
; This is the state of key 59076, for REDACTED.
Algorithm: 15
Length: 256
KSK: no
ZSK: yes
Generated: 20200223141612 (Sun Feb 23 14:16:12 2020)
Published: 20200223151612 (Sun Feb 23 15:16:12 2020)
Active: 20200223151612 (Sun Feb 23 15:16:12 2020)
Retired: 20200920175000 (Sun Sep 20 17:50:00 2020)
Removed: 20200930185500 (Wed Sep 30 18:55:00 2020)
DNSKEYChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
ZRRSIGChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
DNSKEYState: hidden
ZRRSIGState: unretentive
GoalState: hidden
; This is the state of key 62357, for REDACTED.
Algorithm: 15
Length: 256
Lifetime: 31536000
KSK: yes
ZSK: no
Generated: 20200920175000 (Sun Sep 20 17:50:00 2020)
Published: 20200920175000 (Sun Sep 20 17:50:00 2020)
Active: 20200920175000 (Sun Sep 20 17:50:00 2020)
Retired: 20200920175500 (Sun Sep 20 17:55:00 2020)
Removed: 20200921005500 (Mon Sep 21 00:55:00 2020)
PublishCDS: 20200921185500 (Mon Sep 21 18:55:00 2020)
DNSKEYChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
KRRSIGChange: 20200920175500 (Sun Sep 20 17:55:00 2020)
DSChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
DNSKEYState: unretentive
KRRSIGState: unretentive
DSState: hidden
GoalState: hidden
; This is the state of key 63427, for REDACTED.
Algorithm: 15
Length: 256
Lifetime: 31536000
KSK: yes
ZSK: no
Generated: 20200920175000 (Sun Sep 20 17:50:00 2020)
Published: 20200920175000 (Sun Sep 20 17:50:00 2020)
Active: 20200920175000 (Sun Sep 20 17:50:00 2020)
Retired: 20200920175000 (Sun Sep 20 17:50:00 2020)
Removed: 20200921005000 (Mon Sep 21 00:50:00 2020)
PublishCDS: 20200921185500 (Mon Sep 21 18:55:00 2020)
DNSKEYChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
KRRSIGChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
DSChange: 20200920175000 (Sun Sep 20 17:50:00 2020)
DNSKEYState: unretentive
KRRSIGState: unretentive
DSState: hidden
GoalState: hidden
```
### What is the expected *correct* behavior?
Algorithm 15 keys should behave in the same way as algorithm 8 keys. They should not rollover the KSK if not due and should not generate so many transitions.
### Relevant configuration files
See attached policy configuration.
### Relevant logs and/or screenshots
The DNSSEC portion of the log is attached in [dnssec.log](/uploads/a45dd08418ffa8f103f9c18152c6a5a3/dnssec.log). On my setup I have 4 zones. Two have keys with algorithm 8 and two have keys with algorithm 15. In reality those are domains with TLDs .at (15), .eu (15), .com (8), .de (8). All zones have an internal and an external view. I redacted the real domain names and named them `zone-algo-15-01/02` and `zone-algo-8-01/02` respectively.
### Additional question
Bind told me that `option 'parent-registration-delay' is obsolete and should be removed`. Why is that because I found that a useful option. In this case here I had to quickly update the DS at the registries since KSKs were rolled over. Is there a replacement or how is the need for manual intervention here handled?https://gitlab.isc.org/isc-projects/bind9/-/issues/2170rndc reconfig and plugin2020-09-21T13:06:57ZWayne Epsteinrndc reconfig and plugin### Summary
Not positive this is a bug but it seems odd to me.
When rndc reconfig is run a plugin will be loaded and then unloaded.
### BIND version used
```
BIND 9.14.6 (Stable Release) <id:unset_id>
running on Linux x86_64 4.19.0-9-...### Summary
Not positive this is a bug but it seems odd to me.
When rndc reconfig is run a plugin will be loaded and then unloaded.
### BIND version used
```
BIND 9.14.6 (Stable Release) <id:unset_id>
running on Linux x86_64 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2 (2020-04-29)
built by make with '--enable-dnstap' '--enable-dnsrps' '--sysconfdir=/etc/bind'
compiled by GCC 8.3.0
compiled with OpenSSL version: OpenSSL 1.1.1d 10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d 10 Sep 2019
threads support is enabled
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
```
### Steps to reproduce
configure a plugin<br>
start bind9<br>
rndc reconfig<br>
look at named.run
### What is the current *bug* behavior?
When rndc reconfig is run a plugin is loaded and then unloaded - see named.run.
### What is the expected *correct* behavior?
Would expect plugin to be unloaded and then loaded.
### Relevant configuration files
n/a
### Relevant logs and/or screenshots
```
14-Sep-2020 15:16:02.445 config: info: none:100: 'max-cache-size 90%' - setting to 3414MB (out of 3793MB)
14-Sep-2020 15:16:02.445 config: info: /etc/bind/named.conf.options:8: using specific query-source port suppresses port randomization and can be insecure.
14-Sep-2020 15:16:02.448 general: debug 1: managed-keys-zone: synchronizing trusted keys
!!!! 14-Sep-2020 15:16:02.448 general: info: loading plugin '/home/wepp/source/bind/bind9-v9_14/bin/plugins/filter-aaaa.so'
14-Sep-2020 15:16:02.448 general: info: registering plugin '/home/wepp/source/bind/bind9-v9_14/bin/plugins/filter-aaaa.so'
14-Sep-2020 15:16:02.448 general: info: registering 'filter-aaaa' module from /etc/bind/named.conf:28, with parameters
14-Sep-2020 15:16:02.449 general: debug 1: zone_settimer: zone version.bind/CH: enter
14-Sep-2020 15:16:02.449 general: debug 1: zone_settimer: zone hostname.bind/CH: enter
14-Sep-2020 15:16:02.449 general: debug 1: zone_settimer: zone authors.bind/CH: enter
14-Sep-2020 15:16:02.449 general: debug 1: zone_settimer: zone id.server/CH: enter
14-Sep-2020 15:16:02.449 config: info: none:100: 'max-cache-size 90%' - setting to 3414MB (out of 3793MB)
14-Sep-2020 15:16:02.449 config: info: /etc/bind/named.conf.options:8: using specific query-source port suppresses port randomization and can be insecure.
14-Sep-2020 15:16:02.452 general: info: configuring command channel from '/etc/bind/rndc.key'
14-Sep-2020 15:16:02.452 general: info: configuring command channel from '/etc/bind/rndc.key'
14-Sep-2020 15:16:02.452 general: debug 1: now using logging configuration from config file
14-Sep-2020 15:16:02.453 general: debug 1: load_configuration: success
14-Sep-2020 15:16:02.453 general: info: reloading configuration succeeded
14-Sep-2020 15:16:02.454 general: info: scheduled loading new zones
14-Sep-2020 15:16:02.455 database: debug 1: calling free_rbtdb(.)
14-Sep-2020 15:16:02.455 database: debug 1: done free_rbtdb(.)
!!!! 14-Sep-2020 15:16:02.455 general: debug 1: unloading plugin '/home/wepp/source/bind/bind9-v9_14/bin/plugins/filter-aaaa.so'
14-Sep-2020 15:16:02.456 general: info: any newly configured zones are now loaded
```
### Possible fixes
unknownhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2168What does managed-keys.bind used for?2020-09-21T06:48:26ZMingliWhat does managed-keys.bind used for?There always below warning when execute "systemctl status named" after upgrade bind to 9.16.5.
Sep 18 03:21:37 intel-x86-64 named[23272]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Then I check there two files which d...There always below warning when execute "systemctl status named" after upgrade bind to 9.16.5.
Sep 18 03:21:37 intel-x86-64 named[23272]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Then I check there two files which doesn't exist in the old bind 9.11.21. What does below files used for?
$ ls /var/cache/bind
managed-keys.bind managed-keys.bind.jnl