Skip to content

Segmentation fault in host when Ctrl+C

Summary

hostsegfaults while resolving invalid hosts and hitting Ctrl+C

$ host o
^C;; communications error to 127.0.0.53#53: shutting down
zsh: segmentation fault (core dumped)  host o

BIND version used

Debian's bind9-host version 1:9.19.11-1

Steps to reproduce

host o and Ctrl+C

What is the current bug behavior?

It segfaults.

What is the expected correct behavior?

It should quit cleanly.

Relevant logs and/or screenshots

With gdb it's possible to see:

$ gdb /usr/bin/host -c core
GNU gdb (Debian 13.1-2) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/host...
Reading symbols from /usr/lib/debug/.build-id/29/70e64f967c02ea5047fa09f747a3b172195433.debug...
[New LWP 102076]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `host fafdafdas'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f9956c14004 in uv_signal_stop () from /lib/x86_64-linux-gnu/libuv.so.1
(gdb) thread apply all bt full

Thread 1 (Thread 0x7f9955af42c0 (LWP 102076)):
#0  0x00007f9956c14004 in uv_signal_stop () from /lib/x86_64-linux-gnu/libuv.so.1
No symbol table info available.
#1  0x00007f995664df89 in isc_signal_stop () from /lib/x86_64-linux-gnu/libisc-9.19.11-1-Debian.so
No symbol table info available.
#2  0x00007f9956642f9a in isc_loopmgr_blocking () from /lib/x86_64-linux-gnu/libisc-9.19.11-1-Debian.so
No symbol table info available.
#3  0x0000558dac5d01b2 in get_address (host=0x7f9952c72000 "127.0.0.53", myport=<optimized out>, sockaddr=0x7f9952c9fb58) at ./bin/dig/dighost.c:4528
        count = 32665
        result = <optimized out>
#4  0x0000558dac5d258d in start_udp (query=<optimized out>, query@entry=0x7f9952c9fa80) at ./bin/dig/dighost.c:3272
        result = <optimized out>
        next = 0x0
        connectquery = 0x0
#5  0x0000558dac5d66a6 in recv_done (handle=0x7f9952c9f8c0, eresult=<optimized out>, region=<optimized out>, arg=<optimized out>) at ./bin/dig/dighost.c:4008
        newq = 0x7f9952c9fa80
        sockstr = "127.0.0.53#53", '\000' <repeats 12 times>, "P\000\000\000\000\000\000\240\216\347\250\374\177\000\000\020:\257U\231\177\000\000\3406\257U\231\177\000\000\3506\257U\231\177"
        query = 0x7f9952c9f700
        b = {magic = 0, base = 0x0, length = 0, used = 0, current = 0, active = 0, extra = 1684431206, dynamic = 97, link = {prev = 0x73, next = 0x0}, mctx = 0x0}
        msg = 0x0
        result = <optimized out>
        n = 0x0
        l = 0x7f99525b6000
        docancel = false
        donext = false
        match = true
        done_process_opt = false
        parseflags = <optimized out>
        id = 21083
        msgflags = 32665
        newedns = <optimized out>
        peer = {type = {sa = {sa_family = 128, sa_data = "\000\000\000\000\000\000\300\000\340R\231\177\000"}, sin = {sin_family = 128, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\300\000\340R\231\177\000"}, sin6 = {sin6_family = 128, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = "\300\000\340R\231\177\000\000\000\000\000\000\000\000\000", __u6_addr16 = {192, 21216, 32665, 0, 0, 0, 0, 0}, __u6_addr32 = {1390411968, 32665, 0, 0}}}, sin6_scope_id = 1390519296}, ss = {ss_family = 128, __ss_padding = "\000\000\000\000\000\000\300\000\340R\231\177", '\000' <repeats 11 times>, "\244\341R\231\177\000\000\3306\257U\231\177\000\000\252\277\203U\231\177\000\000\350\004\340R\231\177\000\000\300\000\340R\231\177\000\000\000\244\341R\231\177\000\000\200[\036\000\000\000\000\000\200\000\000\000\000\000\000\000(ăU\231\177\000\000\020\000\340R\231\177\000\000\200\377\377\377\377\377\377\377@\216\347\250\374\177\000", __ss_align = 140296497135840}, sunix = {sun_family = 128, sun_path = "\000\000\000\000\000\000\300\000\340R\231\177", '\000' <repeats 11 times>, "\244\341R\231\177\000\000\3306\257U\231\177\000\000\252\277\203U\231\177\000\000\350\004\340R\231\177\000\000\300\000\340R\231\177\000\000\000\244\341R\231\177\000\000\200[\036\000\000\000\000\000\200\000\000\000\000\000\000\000(ăU\231\177\000\000\020\000\340R\231\177\000\000\200\377\377\377\377\377"}}, length = 1390494808, link = {prev = 0x63b4135a0d0e5b00, next = 0x7f9952e1a380}}
        __func__ = "recv_done"
        next_lookup = <optimized out>
        cancel_lookup = <optimized out>
        keep_query = <optimized out>
#6  0x00007f995662175c in isc.nm_async_readcb () from /lib/x86_64-linux-gnu/libisc-9.19.11-1-Debian.so
No symbol table info available.
#7  0x00007f99566218d4 in isc.nm_readcb () from /lib/x86_64-linux-gnu/libisc-9.19.11-1-Debian.so
No symbol table info available.
#8  0x00007f995662f2c9 in isc.nm_udp_failed_read_cb () from /lib/x86_64-linux-gnu/libisc-9.19.11-1-Debian.so
No symbol table info available.
#9  0x00007f9956c08243 in uv_walk () from /lib/x86_64-linux-gnu/libuv.so.1
No symbol table info available.
#10 0x00007f99566228d9 in ?? () from /lib/x86_64-linux-gnu/libisc-9.19.11-1-Debian.so
No symbol table info available.
#11 0x00007f995663b3b6 in ?? () from /lib/x86_64-linux-gnu/libisc-9.19.11-1-Debian.so
No symbol table info available.
#12 0x00007f9956c108a1 in ?? () from /lib/x86_64-linux-gnu/libuv.so.1
No symbol table info available.
#13 0x00007f9956c099b9 in uv_run () from /lib/x86_64-linux-gnu/libuv.so.1
No symbol table info available.
#14 0x00007f9956641363 in ?? () from /lib/x86_64-linux-gnu/libisc-9.19.11-1-Debian.so
No symbol table info available.
#15 0x0000558dac5c9fd0 in main (argc=2, argv=0x7ffca8e79628) at ./bin/dig/host.c:914
No locals.
(gdb)

gzipped core dump and the same output above as text gdb output

The query that it sends query.pcap

If I wait for host o it properly returns after some time (about 8 seconds):

$ host o
Host o not found: 3(NXDOMAIN)

Hitting Ctrl+C triggers a segfault in any period between the almost 8 seconds of the full capture fullcapture.pcap

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information