Crashes related to memory reallocation on OpenBSD
New crashes, which seem to be related to memory reallocation, have been recently observed on OpenBSD:
-
https://gitlab.isc.org/isc-projects/bind9/-/jobs/1856101
D:fetchlimit:Core was generated by `named'. D:fetchlimit:Program terminated with signal SIGSEGV, Segmentation fault. D:fetchlimit:#0 isc___nmhandle_get (sock=0x4bdedbe5008, peer=<optimized out>, local=<optimized out>) at netmgr/netmgr.c:1658 D:fetchlimit:1658 INSIST(sock->ah_handles[pos] == NULL); D:fetchlimit:[Current thread is 1 (process 414524)] D:fetchlimit:#0 isc___nmhandle_get (sock=0x4bdedbe5008, peer=<optimized out>, local=<optimized out>) at netmgr/netmgr.c:1658 D:fetchlimit:#1 0x000004bd59eb8689 in isc__nm_get_read_req (sock=0x4bdedbe5008, sockaddr=0x4be16fdaae8) at netmgr/netmgr.c:2113 D:fetchlimit:#2 0x000004bd59ec666c in udp_recv_cb (handle=<optimized out>, nrecv=39, buf=0x4be16fdad70, addr=0x4be16fdac40, flags=<optimized out>) at netmgr/udp.c:402 D:fetchlimit:#3 0x000004bd6f10c137 in uv.udp_io () from /usr/local/lib/libuv.so.3.0 D:fetchlimit:#4 0x000004bd6f10da19 in uv.io_poll () from /usr/local/lib/libuv.so.3.0 D:fetchlimit:#5 0x000004bd6f0fc0b8 in uv_run () from /usr/local/lib/libuv.so.3.0 D:fetchlimit:#6 0x000004bd59eb0d6b in nm_thread (worker0=0x4be100990b8) at netmgr/netmgr.c:682 D:fetchlimit:#7 0x000004bd59f01d73 in isc__trampoline_run (arg=0x4be100b5580) at trampoline.c:180 D:fetchlimit:#8 0x000004be3b384f51 in _rthread_start (v=<optimized out>) at /usr/src/lib/librthread/rthread.c:96 D:fetchlimit:#9 0x000004be0da71a5a in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:84
-
https://gitlab.isc.org/isc-projects/bind9/-/jobs/1856602
D:fetchlimit:Core was generated by `named'. D:fetchlimit:Program terminated with signal SIGABRT, Aborted. D:fetchlimit:#0 thrkill () at /tmp/-:3 D:fetchlimit:[Current thread is 1 (process 478794)] D:fetchlimit:#0 thrkill () at /tmp/-:3 D:fetchlimit:#1 0x000009cadd8db7be in _libc_abort () at /usr/src/lib/libc/stdlib/abort.c:51 D:fetchlimit:#2 0x000009c8758fb913 in assertion_failed (file=<optimized out>, line=<optimized out>, type=<optimized out>, cond=<optimized out>) at main.c:249 D:fetchlimit:#3 0x000009ca795aeca0 in isc_assertion_failed (file=0x0, line=6, type=isc_assertiontype_require, cond=0x9cadd92dffa <thrkill+10> "r\001\303d\211\004% ") at assertions.c:47 D:fetchlimit:#4 0x000009ca795c2ec4 in mem_putstats (ctx=0x9ca7638f008, ptr=<optimized out>, size=13744632839234567870) at mem.c:386 D:fetchlimit:#5 isc__mem_reallocate (ctx=0x9ca7638f008, old_ptr=0x9cad038e408, new_size=512, file=0x9ca7957e4b2 "netmgr/netmgr.c", line=1645) at mem.c:899 D:fetchlimit:#6 0x000009ca7959bcf2 in isc___nmhandle_get (sock=0x9cb270af008, peer=<optimized out>, local=<optimized out>) at netmgr/netmgr.c:1643 D:fetchlimit:#7 0x000009ca7959d689 in isc__nm_get_read_req (sock=0x9cb270af008, sockaddr=0x9cb655d0318) at netmgr/netmgr.c:2113 D:fetchlimit:#8 0x000009ca795ab66c in udp_recv_cb (handle=<optimized out>, nrecv=39, buf=0x9cb655d05a0, addr=0x9cb655d0470, flags=<optimized out>) at netmgr/udp.c:402 D:fetchlimit:#9 0x000009cb515e8137 in uv.udp_io () from /usr/local/lib/libuv.so.3.0 D:fetchlimit:#10 0x000009cb515e9a19 in uv.io_poll () from /usr/local/lib/libuv.so.3.0 D:fetchlimit:#11 0x000009cb515d80b8 in uv_run () from /usr/local/lib/libuv.so.3.0 D:fetchlimit:#12 0x000009ca79595d6b in nm_thread (worker0=0x9ca954680b8) at netmgr/netmgr.c:682 D:fetchlimit:#13 0x000009ca795e6d73 in isc__trampoline_run (arg=0x9cb70b6dc00) at trampoline.c:180 D:fetchlimit:#14 0x000009cadeacdf51 in _rthread_start (v=<optimized out>) at /usr/src/lib/librthread/rthread.c:96 D:fetchlimit:#15 0x000009cadd94acca in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:84
It looks like these flaws might have been uncovered by !5252 (merged). @ondrej
said that they are related to OpenBSD not exposing malloc_size()
or malloc_usable_size()
and us having to work around it. He also
proposed a fix.
Edited by Michał Kępień