Named segmentation fault in libisc.so.1608.0.1
Summary
(Summarize the bug encountered concisely.)
BIND version used
named -V
BIND 9.16.10 (Stable Release) <id:fac8def>
running on Linux x86_64 3.10.0-1160.11.1.el7.x86_64 #1 SMP Fri Dec 18 16:34:56 UTC 2020
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/isc/isc-bind/root/usr' '--exec-prefix=/opt/isc/isc-bind/root/usr' '--bindir=/opt/isc/isc-bind/root/usr/bin' '--sbindir=/opt/isc/isc-bind/root/usr/sbin' '--sysconfdir=/etc/opt/isc/isc-bind' '--datadir=/opt/isc/isc-bind/root/usr/share' '--includedir=/opt/isc/isc-bind/root/usr/include' '--libdir=/opt/isc/isc-bind/root/usr/lib64' '--libexecdir=/opt/isc/isc-bind/root/usr/libexec' '--localstatedir=/var/opt/isc/isc-bind' '--sharedstatedir=/var/opt/isc/isc-bind/lib' '--mandir=/opt/isc/isc-bind/root/usr/share/man' '--infodir=/opt/isc/isc-bind/root/usr/share/info' '--disable-static' '--enable-dnstap' '--with-pic' '--with-gssapi' '--with-json-c' '--with-libtool' '--with-libxml2' '--without-lmdb' '--with-python' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro -L/opt/isc/isc-bind/root/usr/lib64' 'LT_SYS_LIBRARY_PATH=/usr/lib64' 'PKG_CONFIG_PATH=:/opt/isc/isc-bind/root/usr/lib64/pkgconfig:/opt/isc/isc-bind/root/usr/share/pkgconfig' 'SPHINX_BUILD=/builddir/build/BUILD/bind-9.16.10/sphinx/bin/sphinx-build'
compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-44)
compiled with OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
compiled with libuv version: 1.40.0
linked to libuv version: 1.40.0
compiled with libxml2 version: 2.9.1
linked to libxml2 version: 20901
compiled with json-c version: 0.11
linked to json-c version: 0.11
compiled with zlib version: 1.2.7
linked to zlib version: 1.2.7
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
default paths:
named configuration: /etc/opt/isc/isc-bind/named.conf
rndc configuration: /etc/opt/isc/isc-bind/rndc.conf
DNSSEC root key: /etc/opt/isc/isc-bind/bind.keys
nsupdate session key: /var/opt/isc/isc-bind/run/named/session.key
named PID file: /var/opt/isc/isc-bind/run/named/named.pid
named lock file: /var/opt/isc/isc-bind/run/named/named.lock
Steps to reproduce
(How one can reproduce the issue - this is very important.)
What is the current bug behavior?
(What actually happens.) Named "just" crashed under normal operation.
What is the expected correct behavior?
(What you should see instead.)
Relevant configuration files
named-checkconf -px
acl "XX-Customers" {
....
};
logging {
channel "query" {
file "/var/opt/isc/isc-bind/log/query.log" versions 2 size 52428800;
severity dynamic;
print-time yes;
};
channel "security" {
file "/var/opt/isc/isc-bind/log/security.log" versions 2 size 52428800;
severity dynamic;
print-time yes;
};
channel "client" {
file "/var/opt/isc/isc-bind/log/client.log" versions 2 size 52428800;
severity dynamic;
print-time yes;
};
channel "dnssec" {
file "/var/opt/isc/isc-bind/log/dnssec.log" versions 2 size 52428800;
severity dynamic;
print-time yes;
};
channel "rate-limit" {
file "/var/opt/isc/isc-bind/log/rate-limit.log" versions 2 size 52428800;
severity dynamic;
print-time yes;
};
channel "general" {
file "/var/opt/isc/isc-bind/log/general.log" versions 2 size 52428800;
severity dynamic;
print-time yes;
};
channel "resolver" {
file "/var/opt/isc/isc-bind/log/resolver.log" versions 2 size 52428800;
severity dynamic;
print-time yes;
};
channel "network" {
file "/var/opt/isc/isc-bind/log/network.log" versions 2 size 52428800;
severity dynamic;
print-time yes;
};
channel "dispatch" {
file "/var/opt/isc/isc-bind/log/dispatch.log" versions 2 size 52428800;
severity dynamic;
print-time yes;
};
channel "default" {
file "/var/opt/isc/isc-bind/log/named.log" versions 2 size 52428800;
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
category "default" {
"default";
};
category "queries" {
"null";
};
category "security" {
"null";
};
category "client" {
"client";
};
category "dnssec" {
"dnssec";
};
category "rate-limit" {
"rate-limit";
};
category "query-errors" {
"null";
};
category "resolver" {
"resolver";
};
category "lame-servers" {
"null";
};
category "rpz" {
"null";
};
category "dispatch" {
"dispatch";
};
category "network" {
"network";
};
};
options {
directory "/var/opt/isc/isc-bind/named/data";
listen-on port 53 {
"any";
};
listen-on-v6 port 53 {
"none";
};
recursive-clients 1000;
tcp-clients 500;
version "Nothing to see here.";
dnssec-validation auto;
max-cache-size 8589934592;
minimal-responses yes;
query-source address 85.218.232.228 port 0;
rate-limit {
errors-per-second 100;
ipv4-prefix-length 32;
log-only no;
nxdomains-per-second 100;
responses-per-second 100;
window 5;
};
recursion yes;
response-policy {
zone "XX";
zone "XX";
zone "XX";
zone "XX";
zone "XX";
} qname-wait-recurse no;
allow-query {
"XX-Customers";
};
};
statistics-channels {
inet 127.0.0.1 port 8080 allow {
127.0.0.1/32;
};
};
zone "XX.com" {
type forward;
forwarders {
1.1.1.1;
};
};
zone "XX.com" {
type forward;
forwarders {
1.1.1.1;
};
};
zone "XX.org" {
type forward;
forwarders {
1.1.1.1;
};
};
zone "XX" {
type master;
file "XX.db";
allow-query {
"XX-Customers";
};
};
zone "XX" {
type master;
file "XX.db";
allow-query {
"XX-Customers";
};
};
zone "XX" {
type master;
file "X.db";
allow-query {
"XX-Customers";
};
};
zone "XX" {
type master;
file "XX.db";
allow-query {
"XX-Customers";
};
};
zone "XX" {
type master;
file "XX.db";
allow-query {
"XX-Customers";
};
};
Relevant logs and/or screenshots
Nothing in the logs.. But the kernel logged this:
[Wed Dec 30 14:42:36 2020] isc-net-0011[1933]: segfault at 10 ip 00007fd9beb61a4b sp 00007fd9b54b3900 error 4 in libisc.so.1608.0.1[7fd9beb2c000+75000]