Skip to content

RPZ crash in dns_qp_lookup()

Job #3739190 failed for cddd9dcb shortly after start.

Core was generated by `/builds/isc-projects/bind9/.local/usr/local/sbin/named -f -c ./named.conf'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  is_branch (n=0x2268) at /builds/isc-projects/bind9/lib/dns/qp_p.h:592
592		return (n->biglo & BRANCH_TAG);
[Current thread is 1 (Thread 0xffff8dffe300 (LWP 24181))]
#0  is_branch (n=0x2268) at /builds/isc-projects/bind9/lib/dns/qp_p.h:592
#1  dns_qp_lookup (qpr=qpr@entry=..., name=name@entry=0xffff7536ad80, foundname=foundname@entry=0x0, predecessor=predecessor@entry=0x0, chain=chain@entry=0xffff8dff59b0, pval_r=pval_r@entry=0xffff8dff61c8, ival_r=ival_r@entry=0x0) at qp.c:2055
#2  0x0000ffff9201b950 in dns_rpz_find_name (rpzs=rpzs@entry=0xffff8f980000, rpz_type=rpz_type@entry=DNS_RPZ_TYPE_QNAME, zbits=4089, trig_name=trig_name@entry=0xffff7536ad80) at rpz.c:2563
#3  0x0000ffff91e95b50 in rpz_rewrite_name (client=client@entry=0xffff755d0800, trig_name=0xffff7536ad80, qtype=qtype@entry=1, rpz_type=rpz_type@entry=DNS_RPZ_TYPE_QNAME, allowed_zbits=allowed_zbits@entry=18446744073709551615, recursed=recursed@entry=true, rdatasetp=rdatasetp@entry=0xffff8dff6cd8) at query.c:3987
#4  0x0000ffff91e9b8c4 in rpz_rewrite (client=0xffff755d0800, qtype=1, qresult=qresult@entry=DNS_R_NCACHENXDOMAIN, resuming=false, ordataset=<optimized out>, osigset=<optimized out>) at query.c:4321
#5  0x0000ffff91e9bdc0 in query_checkrpz (qctx=qctx@entry=0xffff8dff78d8, result=result@entry=DNS_R_NCACHENXDOMAIN) at query.c:7266
#6  0x0000ffff91e9e4e4 in query_gotanswer (qctx=qctx@entry=0xffff8dff78d8, res=res@entry=DNS_R_NCACHENXDOMAIN) at query.c:7696
#7  0x0000ffff91e9ead0 in query_lookup (qctx=qctx@entry=0xffff8dff78d8) at query.c:6179
#8  0x0000ffff91e9f0d0 in ns__query_start (qctx=qctx@entry=0xffff8dff78d8) at query.c:5820
#9  0x0000ffff91ea277c in query_setup (client=client@entry=0xffff755d0800, qtype=qtype@entry=1) at query.c:5532
#10 0x0000ffff91ea31c8 in ns_query_start (client=client@entry=0xffff755d0800, handle=handle@entry=0xffff86e03900) at query.c:12179
#11 0x0000ffff91e88800 in ns_client_request (handle=0xffff86e03900, eresult=<optimized out>, region=<optimized out>, arg=<optimized out>) at client.c:2227
#12 0x0000ffff92159ef8 in streamdns_on_complete_dnsmessage (dnsasm=<optimized out>, region=0xffff8dff8500, sock=0xffff86e6ec00, transphandle=0xffff86dfab40) at netmgr/streamdns.c:147
#13 0x0000ffff92159f60 in streamdns_on_dnsmessage_data_cb (dnsasm=<optimized out>, result=<optimized out>, region=<optimized out>, cbarg=<optimized out>, userarg=<optimized out>) at netmgr/streamdns.c:206
#14 0x0000ffff9215957c in isc__dnsstream_assembler_callcb (userarg=0xffff86dfab40, region=0xffff8dff8500, result=ISC_R_SUCCESS, dnsasm=0xffff7533b080) at ./include/isc/dnsstream.h:306
#15 isc__dnsstream_assembler_handle_message (dnsasm=dnsasm@entry=0xffff7533b080, userarg=userarg@entry=0xffff86dfab40) at ./include/isc/dnsstream.h:353
#16 0x0000ffff921595fc in isc__dnsstream_assembler_processing (dnsasm=dnsasm@entry=0xffff7533b080, userarg=userarg@entry=0xffff86dfab40) at ./include/isc/dnsstream.h:370
#17 0x0000ffff9215a328 in isc__dnsstream_assembler_incoming_direct (dnsasm=dnsasm@entry=0xffff7533b080, userarg=userarg@entry=0xffff86dfab40, buf=<optimized out>, buf_size=<optimized out>) at ./include/isc/dnsstream.h:396
#18 0x0000ffff9215a5a4 in isc_dnsstream_assembler_incoming (dnsasm=0xffff7533b080, userarg=userarg@entry=0xffff86dfab40, buf=0xffff8f702440, buf_size=5259) at ./include/isc/dnsstream.h:508
#19 0x0000ffff9215a608 in streamdns_handle_incoming_data (sock=sock@entry=0xffff86e6ec00, transphandle=transphandle@entry=0xffff86dfab40, data=<optimized out>, len=<optimized out>) at netmgr/streamdns.c:242
#20 0x0000ffff9215a6bc in streamdns_readcb (handle=0xffff86dfab40, result=<optimized out>, region=0xffff8dff8658, cbarg=0xffff86e6ec00) at netmgr/streamdns.c:526
#21 0x0000ffff92157d50 in isc___nm_readcb (arg=<optimized out>) at netmgr/netmgr.c:1764
#22 0x0000ffff92157e4c in isc__nm_readcb (sock=sock@entry=0xffff86e6ce00, uvreq=<optimized out>, eresult=eresult@entry=ISC_R_SUCCESS, async=async@entry=false) at netmgr/netmgr.c:1779
#23 0x0000ffff9215ee44 in isc__nm_tcp_read_cb (stream=<optimized out>, nread=5259, buf=0xffff8dff8820) at netmgr/tcp.c:770
#24 0x0000ffff916ecb38 in uv__read (stream=0xffff86e6d3c8) at /usr/src/libuv-v1.46.0/src/unix/stream.c:1143
#25 0x0000ffff916ece34 in uv__stream_io (loop=0xffff8fe841a0, w=0xffff86e6d450, events=1) at /usr/src/libuv-v1.46.0/src/unix/stream.c:1203
#26 0x0000ffff916f6d0c in uv__io_poll (loop=0xffff8fe841a0, timeout=0) at /usr/src/libuv-v1.46.0/src/unix/linux.c:1476
#27 0x0000ffff916db084 in uv_run (loop=0xffff8fe841a0, mode=UV_RUN_DEFAULT) at /usr/src/libuv-v1.46.0/src/unix/core.c:447
#28 0x0000ffff9217977c in loop_thread (arg=arg@entry=0xffff8fe84180) at loop.c:282
#29 0x0000ffff92189204 in thread_body (wrap=wrap@entry=0x331b89d0) at thread.c:85
#30 0x0000ffff92189234 in thread_run (wrap=0x331b89d0) at thread.c:100
#31 0x0000ffff9101bc54 in start_thread (arg=0xfffff281e2c7) at pthread_create.c:444
#32 0x0000ffff9108929c [PAC] in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:79

There's also a job 3738603 on FreeBSD 12.4 that crashed with SIGBUS.

core.24172-backtrace.txt

named.log

named.conf

#4384 (closed) happened in the same time frame but is a shutdown issue and not RPZ-related.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information