Use after free in dns_dnssec_matchdskey
mkeys system test failed
Job #463900 failed for 067ab246:
Additionally the wrong path name was used.
I:mkeys:reinitialize trust anchors, add second key to bind.keys
I:mkeys:no response from ns2
I:mkeys:failed
No test directory: "/builds/isc-projects/bind9/bin/tests/mkeys"
I:mkeys:ns2 died before a SIGTERM was sent
R:mkeys:FAIL
E:mkeys:Tue Dec 10 02:26:40 UTC 2019
=================================================================
==5224==
ERROR: AddressSanitizer: heap-use-after-free on address 0x6070003924e0 at pc 0x7f47c32ee88e bp 0x7f47b38ef840 sp 0x7f47b38eeff0
READ of size 36 at 0x6070003924e0 thread T14
#0 0x7f47c32ee88d (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xd588d)
#1 0x7f47c0ab66d1 in isc_region_compare /builds/isc-projects/bind9/lib/isc/region.c:31
#2 0x7f47c1ee65ed in compare_ds rdata/generic/ds_43.c:229
#3 0x7f47c1ee65ed in dns_rdata_compare /builds/isc-projects/bind9/lib/dns/rdata.c:637
#4 0x7f47c1c48991 in dns_dnssec_matchdskey /builds/isc-projects/bind9/lib/dns/dnssec.c:2313
#5 0x7f47c20b0991 in validate_dnskey /builds/isc-projects/bind9/lib/dns/validator.c:2051
#6 0x7f47c20bd842 in validator_start /builds/isc-projects/bind9/lib/dns/validator.c:3155
#7 0x7f47c0acaffe in dispatch /builds/isc-projects/bind9/lib/isc/task.c:1134
#8 0x7f47c0acaffe in run /builds/isc-projects/bind9/lib/isc/task.c:1319
#9 0x7f47c02f9fb6 in start_thread /build/glibc-suXNNi/glibc-2.29/nptl/pthread_create.c:486
#10 0x7f47bf8be2ce in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfa2ce)
0x6070003924e0 is located 16 bytes inside of 69-byte region [0x6070003924d0,0x607000392515)
freed by thread T16 here:
#0 0x7f47c3320277 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x107277)
#1 0x7f47c0a5deab in default_memfree /builds/isc-projects/bind9/lib/isc/mem.c:713
#2 0x7f47c0a67914 in mem_put /builds/isc-projects/bind9/lib/isc/mem.c:627
#3 0x7f47c0a67914 in isc___mem_free /builds/isc-projects/bind9/lib/isc/mem.c:1343
#4 0x7f47c0a77010 in isc__mem_free /builds/isc-projects/bind9/lib/isc/mem.c:2408
#5 0x7f47c0a78b36 in isc___mem_put /builds/isc-projects/bind9/lib/isc/mem.c:1061
#6 0x7f47c0a73443 in isc__mem_put /builds/isc-projects/bind9/lib/isc/mem.c:2373
#7 0x7f47c1c81a18 in free_dslist /builds/isc-projects/bind9/lib/dns/keytable.c:153
#8 0x7f47c1c87ebe in update_keynode /builds/isc-projects/bind9/lib/dns/keytable.c:184
#9 0x7f47c1c87ebe in insert /builds/isc-projects/bind9/lib/dns/keytable.c:342
#10 0x7f47c1c881bd in dns_keytable_add /builds/isc-projects/bind9/lib/dns/keytable.c:373
#11 0x7f47c20f292c in trust_key /builds/isc-projects/bind9/lib/dns/zone.c:3967
#12 0x7f47c216663a in keyfetch_done /builds/isc-projects/bind9/lib/dns/zone.c:10348
#13 0x7f47c0acaffe in dispatch /builds/isc-projects/bind9/lib/isc/task.c:1134
#14 0x7f47c0acaffe in run /builds/isc-projects/bind9/lib/isc/task.c:1319
#15 0x7f47c02f9fb6 in start_thread /build/glibc-suXNNi/glibc-2.29/nptl/pthread_create.c:486
previously allocated by thread T9 here:
#0 0x7f47c3320628 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x107628)
#1 0x7f47c0a5df68 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:685
#2 0x7f47c0a656f8 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:598
#3 0x7f47c0a656f8 in mem_allocateunlocked /builds/isc-projects/bind9/lib/isc/mem.c:1222
#4 0x7f47c0a656f8 in isc___mem_allocate /builds/isc-projects/bind9/lib/isc/mem.c:1242
#5 0x7f47c0a75968 in isc__mem_allocate /builds/isc-projects/bind9/lib/isc/mem.c:2387
#6 0x7f47c0a75dd1 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1007
#7 0x7f47c0a72766 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2365
#8 0x7f47c1c86a43 in prepend_keynode /builds/isc-projects/bind9/lib/dns/keytable.c:260
#9 0x7f47c1c880fd in insert /builds/isc-projects/bind9/lib/dns/keytable.c:355
#10 0x7f47c1c881bd in dns_keytable_add /builds/isc-projects/bind9/lib/dns/keytable.c:373
#11 0x55f7f1fe6892 in process_key server.c:1029
#12 0x55f7f1fe730e in load_view_keys server.c:1081
#13 0x55f7f1fe91ec in configure_view_dnsseckeys server.c:1240
#14 0x55f7f200a910 in configure_view server.c:5347
#15 0x55f7f203d4d3 in load_configuration server.c:8932
#16 0x55f7f204497b in run_server server.c:9654
#17 0x7f47c0acaffe in dispatch /builds/isc-projects/bind9/lib/isc/task.c:1134
#18 0x7f47c0acaffe in run /builds/isc-projects/bind9/lib/isc/task.c:1319
#19 0x7f47c02f9fb6 in start_thread /build/glibc-suXNNi/glibc-2.29/nptl/pthread_create.c:486
Thread T14 created by T0 here:
#0 0x7f47c32529b2 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x399b2)
#1 0x7f47c0b357fe in isc_thread_create /builds/isc-projects/bind9/lib/isc/pthreads/thread.c:75
#2 0x7f47c0ad34c0 in isc_taskmgr_create /builds/isc-projects/bind9/lib/isc/task.c:1410
#3 0x55f7f1fc8f6c in create_managers main.c:902
#4 0x55f7f1fc8f6c in setup main.c:1235
#5 0x55f7f1fc8f6c in main main.c:1515
#6 0x7f47bf7eabba in __libc_start_main ../csu/libc-start.c:308
Thread T16 created by T0 here:
#0 0x7f47c32529b2 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x399b2)
#1 0x7f47c0b357fe in isc_thread_create /builds/isc-projects/bind9/lib/isc/pthreads/thread.c:75
#2 0x7f47c0ad34c0 in isc_taskmgr_create /builds/isc-projects/bind9/lib/isc/task.c:1410
#3 0x55f7f1fc8f6c in create_managers main.c:902
#4 0x55f7f1fc8f6c in setup main.c:1235
#5 0x55f7f1fc8f6c in main main.c:1515
#6 0x7f47bf7eabba in __libc_start_main ../csu/libc-start.c:308
Thread T9 created by T0 here:
#0 0x7f47c32529b2 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x399b2)
#1 0x7f47c0b357fe in isc_thread_create /builds/isc-projects/bind9/lib/isc/pthreads/thread.c:75
#2 0x7f47c0ad34c0 in isc_taskmgr_create /builds/isc-projects/bind9/lib/isc/task.c:1410
#3 0x55f7f1fc8f6c in create_managers main.c:902
#4 0x55f7f1fc8f6c in setup main.c:1235
#5 0x55f7f1fc8f6c in main main.c:1515
#6 0x7f47bf7eabba in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: heap-use-after-free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xd588d)
Shadow bytes around the buggy address:
0x0c0e8006a440: fd fd fa fa fa fa fd fd fd fd fd fd fd fd fd fa
0x0c0e8006a450: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
0x0c0e8006a460: fa fa fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0e8006a470: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fd fd
0x0c0e8006a480: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
=>0x0c0e8006a490: fd fd fd fd fd fd fa fa fa fa fd fd[fd]fd fd fd
0x0c0e8006a4a0: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0e8006a4b0: fd fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
0x0c0e8006a4c0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
0x0c0e8006a4d0: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
0x0c0e8006a4e0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==5224==ABORTING
context
10-Dec-2019 02:25:39.905 sockmgr 0x610000000150 thread 6: watcher got message -2 for socket -1
10-Dec-2019 02:25:39.905 managed-keys-zone: Returned from key fetch in keyfetch_done() for '.': success
10-Dec-2019 02:25:39.905 managed-keys-zone: Verifying DNSKEY set for zone '.' using DS 18325/8: success
10-Dec-2019 02:25:39.905 dispatchmgr 0x61500000ff90: destroy_mgr_ok: shuttingdown=0, listnonempty=1, depool=128, rpool=0, dpool=128
10-Dec-2019 02:25:39.905 managed-keys-zone: Initializing automatic trust anchor management for zone '.'; DNSKEY ID 18325 is now trusted, waiving the normal 30-day waiting period.
=================================================================
10-Dec-2019 02:25:39.905 set_refreshkeytimer: managed-keys-zone: enter
10-Dec-2019 02:25:39.905 managed-keys-zone: next key refresh: 10-Dec-2019 02:25:49.905
10-Dec-2019 02:25:39.905 zone_settimer: managed-keys-zone: enter
10-Dec-2019 02:25:39.905 managed-keys-zone: Initializing automatic trust anchor management for zone '.'; DNSKEY ID 30370 is now trusted, waiving the normal 30-day waiting period.
==5224==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070003924e0 at pc 0x7f47c32ee88e bp 0x7f47b38ef840 sp 0x7f47b38eeff0
10-Dec-2019 02:25:39.905 set_refreshkeytimer: managed-keys-zone: enter
10-Dec-2019 02:25:39.905 managed-keys-zone: next key refresh: 10-Dec-2019 02:25:49.905
10-Dec-2019 02:25:39.905 zone_settimer: managed-keys-zone: enter
READ of size 36 at 0x6070003924e0 thread T14
10-Dec-2019 02:25:39.905 zone_journal: managed-keys-zone: enter
10-Dec-2019 02:25:39.905 writing to journal
10-Dec-2019 02:25:39.905 del . 0 IN SOA . . 1 0 0 0 0
10-Dec-2019 02:25:39.905 del . 0 IN TYPE65533 \# 16 00000000000000000000000000000000
10-Dec-2019 02:25:39.905 add . 0 IN SOA . . 2 0 0 0 0
10-Dec-2019 02:25:39.905 add . 0 IN TYPE65533 \# 276 5DEF022D5DEF0223000000000101030803010001A419854D3F352C1E E25F7827850AFC3D710B34ED03A925BDED58CCF28F389BD6BCB0644D C40202AA0446869F8F02FC7FAFF744561CD41B16025A355BA4CAF2C0 DFE87B1A3DB0CFB35E9101C22584FF94B928257A998C04BCD4CA7A4B 1C011CDC609F645B319F474AC26834C3EBBE44614E077A8E5866F8BD 43376096463EFB8C220D07310FCB086927E69DCD8D5A757111E252C7 E49807FC780FD67378B320377E2B803ED7A4F5AF2AD23FED1EB567C8 B64531B4EA48FBC83B88697E2049895964095AA3B5630EAFCA385268 D51499FC541CCD00DD862C88667C25B1529BC9B30F919C032746218F 61A02E6AFD26AE1E491FC5E93AC86F748D8A8BD52290A729
10-Dec-2019 02:25:39.905 add . 0 IN TYPE65533 \# 276 5DEF022D5DEF0223000000000101030803010001DD9361ABDDFBFBC9 8A25C0D02EF3FDD33051D17956C6B2C805EF0D5C81AF0D934B3DE4E3 7C4425E17C66A6709B6A00282DF5E61EFF5BD3D627492119BC2047AE 368A35739C540D230AF5DC9B5E9F0CB26F914DC29CD5832DC4D56B02 B5B885CE20C6388332FA6385A3A937A173EBAFCAD5E40AD57BFC513F 3D8B2BCC78FEB01563D877738E1BCBF008A9B342945229F788B93F42 948A4A71E5C47934D5A761F050D3C9B7BA90E6F1E5F98B2D15226E4D 74BAE812806AB264FCDF2543BB22DB7EB3155564620D424B99E0A005 CB458075A8ACB0A8381D62F324009F3B9E83C64842005AC54C0CDAD0 6F2C8B4355F28554023EE9265F38786896359255C34A0F57
10-Dec-2019 02:25:39.905 zone_needdump: managed-keys-zone: enter
10-Dec-2019 02:25:39.905 zone_settimer: managed-keys-zone: enter
#0 0x7f47c32ee88d (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xd588d)
#1 0x7f47c0ab66d1 in isc_region_compare /builds/isc-projects/bind9/lib/isc/region.c:31
#2 0x7f47c1ee65ed in compare_ds rdata/generic/ds_43.c:229
#3 0x7f47c1ee65ed in dns_rdata_compare /builds/isc-projects/bind9/lib/dns/rdata.c:637
#4 0x7f47c1c48991 in dns_dnssec_matchdskey /builds/isc-projects/bind9/lib/dns/dnssec.c:2313