Skip to content

A flaw in serve-stale's interaction with fetch limits causes crashes for dual-mode (authoritative + recursive) servers

There's a crash on v9_16_sub in the serve-stale system test:

rbtdb.c:5195: REQUIRE(version == ((void *)0)) failed, back trace
Core was generated by `/builds/isc-private/bind9/bin/named/.libs/lt-named -D serve-stale-ns1 -X named.'.
Program terminated with signal 6, Aborted.
#0  0x00007f6a3c45b387 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55
55	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
#0  0x00007f6a3c45b387 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55
#1  0x00007f6a3c45ca78 in __GI_abort () at abort.c:90
#2  0x000000000041fe04 in assertion_failed (file=<optimized out>, line=<optimized out>, type=<optimized out>, cond=<optimized out>) at ./main.c:267
#3  0x00007f6a3e6f2ba0 in isc_assertion_failed (file=file@entry=0x7f6a3faf3b13 "rbtdb.c", line=line@entry=5195, type=type@entry=isc_assertiontype_require, cond=cond@entry=0x7f6a3fb12e6a "version == ((void *)0)") at assertions.c:46
#4  0x00007f6a3f9e88e4 in cache_findext (db=0x7f6a2792b020, name=0x7f69d800ece0, version=<optimized out>, type=16, options=3072, now=1615310907, nodep=0x7f6a3a8f9c20, foundname=0x7f69d800ec90, methods=0x7f6a3a8f9c58, clientinfo=0x0, rdataset=0x7f69d80135a0, sigrdataset=0x0) at rbtdb.c:5195
#5  0x00007f6a3f96f3a0 in dns_db_findext (db=0x7f6a2792b020, name=name@entry=0x7f69d800ece0, version=0x7f6a27977348, type=<optimized out>, options=options@entry=3072, now=1615310907, nodep=nodep@entry=0x7f6a3a8f9c20, foundname=0x7f69d800ec90, methods=methods@entry=0x7f6a3a8f9c58, clientinfo=clientinfo@entry=0x0, rdataset=0x7f69d80135a0, sigrdataset=0x0) at db.c:526
#6  0x00007f6a3fd7615c in query_lookup (qctx=qctx@entry=0x7f6a3a8f9790) at query.c:6011
#7  0x00007f6a3fd77f2a in query_delegation_recurse (qctx=qctx@entry=0x7f6a3a8f9790) at query.c:9109
#8  0x00007f6a3fd782a7 in query_delegation (qctx=qctx@entry=0x7f6a3a8f9790) at query.c:9036
#9  0x00007f6a3fd78688 in query_notfound (qctx=qctx@entry=0x7f6a3a8f9790) at query.c:8813
#10 0x00007f6a3fd75821 in query_gotanswer (qctx=qctx@entry=0x7f6a3a8f9790, res=res@entry=23) at query.c:7791
#11 0x00007f6a3fd764bd in query_lookup (qctx=qctx@entry=0x7f6a3a8f9790) at query.c:6217
#12 0x00007f6a3fd77cf4 in query_zone_delegation (qctx=qctx@entry=0x7f6a3a8f9790) at query.c:8960
#13 0x00007f6a3fd7805b in query_delegation (qctx=qctx@entry=0x7f6a3a8f9790) at query.c:8988
#14 0x00007f6a3fd7582e in query_gotanswer (qctx=qctx@entry=0x7f6a3a8f9790, res=res@entry=65565) at query.c:7794
#15 0x00007f6a3fd764bd in query_lookup (qctx=qctx@entry=0x7f6a3a8f9790) at query.c:6217
#16 0x00007f6a3fd777c7 in ns__query_start (qctx=qctx@entry=0x7f6a3a8f9790) at query.c:5659
#17 0x00007f6a3fd7b5f2 in query_setup (client=client@entry=0x7f69d8005a08, qtype=qtype@entry=16) at query.c:5372
#18 0x00007f6a3fd7bf7a in ns_query_start (client=client@entry=0x7f69d8005a08, handle=handle@entry=0x7f69d80058a0) at query.c:12294
#19 0x00007f6a3fd588ad in ns__client_request (handle=0x7f69d80058a0, eresult=<optimized out>, region=<optimized out>, arg=<optimized out>) at client.c:2250
#20 0x00007f6a3e70b3e4 in isc__nm_async_readcb (worker=worker@entry=0x0, ev0=ev0@entry=0x7f6a3a8fa8a0) at netmgr.c:1861
#21 0x00007f6a3e70b4c0 in isc__nm_readcb (sock=sock@entry=0x7f6a2050bf10, uvreq=<optimized out>, eresult=eresult@entry=0) at netmgr.c:1836
#22 0x00007f6a3e70fdd8 in udp_recv_cb (handle=<optimized out>, nrecv=53, buf=0x7f6a3a8fa9d0, addr=0x7f6a3a8faa20, flags=<optimized out>) at udp.c:466
#23 0x00007f6a3d30906f in uv__udp_io () from /lib64/libuv.so.1
#24 0x00007f6a3d30a8c3 in uv__io_poll () from /lib64/libuv.so.1
#25 0x00007f6a3d2fa0d0 in uv_run () from /lib64/libuv.so.1
#26 0x00007f6a3e70bedc in nm_thread (worker0=0xdc8da0) at netmgr.c:553
#27 0x00007f6a3e729950 in isc__trampoline_run (arg=0xdb7b00) at trampoline.c:191
#28 0x00007f6a3c7faea5 in start_thread (arg=0x7f6a3a8fe700) at pthread_create.c:307
#29 0x00007f6a3c52396d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

thread apply all bt full: 1564386-bt.txt

core: core.1436.gz

named.run: named.run

Edited by Michał Kępień
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information