Skip to content

nsupdate segfaults in tsiggss on FreeBSD 14

nsupdate segfaults in the tsiggss system test on FreeBSD 14.0 on v9.18 and v9.16.

Here's a first crash in the system test. There are several more crashes afterward.

2023-11-15 12:20:53,799    INFO:tsiggss      I:tsiggss_tmp_dk09tbmf:testing updates to testdc1 as administrator (1)
2023-11-15 12:20:53,800    INFO:tsiggss      I:tsiggss_tmp_dk09tbmf:testing update for testdc1.example.nil. A 86400 A 10.53.0.10
2023-11-15 12:20:53,840    INFO:tsiggss      Segmentation fault (core dumped)
2023-11-15 12:20:53,841    INFO:tsiggss      I:tsiggss_tmp_dk09tbmf:update failed for testdc1.example.nil. A 86400 A 10.53.0.10
2023-11-15 12:20:53,841    INFO:tsiggss      I:Reply from SOA query:
2023-11-15 12:20:53,841    INFO:tsiggss      I:;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:  47069
2023-11-15 12:20:53,842    INFO:tsiggss      I:;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
2023-11-15 12:20:53,842    INFO:tsiggss      I:;; QUESTION SECTION:
2023-11-15 12:20:53,842    INFO:tsiggss      I:;testdc1.example.nil.		IN	SOA
2023-11-15 12:20:53,842    INFO:tsiggss      I:
2023-11-15 12:20:53,842    INFO:tsiggss      I:;; AUTHORITY SECTION:
2023-11-15 12:20:53,842    INFO:tsiggss      I:example.nil.		0	IN	SOA	blu.example.nil. hostmaster.example.nil. 2010113027 172800 14400 3628800 604800
2023-11-15 12:20:53,842    INFO:tsiggss      I:
2023-11-15 12:20:53,842    INFO:tsiggss      I:Found zone name: example.nil
2023-11-15 12:20:53,842    INFO:tsiggss      I:The primary is: blu.example.nil
2023-11-15 12:20:53,843    INFO:tsiggss      I:start_gssrequest
2023-11-15 12:20:53,843    INFO:tsiggss      I:Found realm from ticket: EXAMPLE.NIL
2023-11-15 12:20:53,843    INFO:tsiggss      I:tsiggss_tmp_dk09tbmf:failed

Sample nsupdate backtrace:

Core was generated by `/root/bind9/bin/nsupdate/.libs/nsupdate -g -d ns1/update.txt'.
Program terminated with signal SIGSEGV, Segmentation fault.
Address not mapped to object.
#0  0x00000008316a1a0f in EVP_Cipher () from /lib/libcrypto.so.30
[Current thread is 1 (LWP 188477)]
#0  0x00000008316a1a0f in EVP_Cipher () from /lib/libcrypto.so.30
#1  0x000000082e96f4b6 in ?? () from /usr/lib/libkrb5.so.11
#2  0x000000082e973ac8 in krb5_encrypt_ivec () from /usr/lib/libkrb5.so.11
#3  0x000000082e973de5 in krb5_encrypt () from /usr/lib/libkrb5.so.11
#4  0x000000082e9675bf in _krb5_build_authenticator () from /usr/lib/libkrb5.so.11
#5  0x000000082dcff3f6 in ?? () from /usr/lib/libgssapi_krb5.so.10
#6  0x000000082dcfed0b in _gsskrb5_init_sec_context () from /usr/lib/libgssapi_krb5.so.10
#7  0x000000082d95bd4f in gss_init_sec_context () from /usr/lib/libgssapi.so.10
#8  0x000000083ed613b6 in ?? () from /usr/lib/libgssapi_spnego.so.10
#9  0x000000083ed5f5c0 in _gss_spnego_indicate_mechtypelist () from /usr/lib/libgssapi_spnego.so.10
#10 0x000000083ed607ee in _gss_spnego_init_sec_context () from /usr/lib/libgssapi_spnego.so.10
#11 0x000000082d95bd4f in gss_init_sec_context () from /usr/lib/libgssapi.so.10
#12 0x0000000822a308e5 in dst_gssapi_initctx (name=<optimized out>, intoken=intoken@entry=0x0, outtoken=outtoken@entry=0x83d56d700, gssctx=0x83d56e218, mctx=0x1aef866b3000, err_message=0x83d56e200) at gssapictx.c
#13 0x0000000822b0c9af in dns_tkey_buildgssquery (msg=0x1aef87203a80, name=0x2130e0 <fkname>, gname=0x1aef87234300, gname@entry=0x83d56d7a0, intoken=0x1aef872700f0, intoken@entry=0x0, lifetime=lifetime@entry=0, context=0xcf, context@entry=0x83d56e218, win2k=<optimized out>, mctx=0x1aef866b3000, err_message=0x83d56e200) at tkey.c
#14 0x000000000020e790 in start_gssrequest (primary=primary@entry=0x83d56e730) at nsupdate.c
#15 0x000000000020e33c in recvsoa (task=<optimized out>, event=0x0) at nsupdate.c
#16 0x0000000821c68370 in task_run (task=0x1aef8665c140) at task.c
#17 isc_task_run (task=0x1aef8665c140) at task.c
#18 0x0000000821c38689 in isc__nm_async_task (worker=worker@entry=0x1aef866d0000, ev0=0x1aef872700f0, ev0@entry=0x1aef8721c480) at netmgr/netmgr.c
#19 0x0000000821c32ec6 in process_netievent (worker=worker@entry=0x1aef866d0000, ievent=ievent@entry=0x1aef8721c480) at netmgr/netmgr.c
#20 0x0000000821c384f2 in process_queue (worker=worker@entry=0x1aef866d0000, type=type@entry=NETIEVENT_TASK) at netmgr/netmgr.c
#21 0x0000000821c2e6bd in process_all_queues (worker=0x1aef866d0000) at netmgr/netmgr.c
#22 async_cb (handle=0x1aef866d02d8) at netmgr/netmgr.c
#23 0x0000000829b3c871 in ?? () from /usr/local/lib/libuv.so.1
#24 0x0000000829b4e0fd in ?? () from /usr/local/lib/libuv.so.1
#25 0x0000000829b3ce60 in uv_run () from /usr/local/lib/libuv.so.1
#26 0x0000000821c2e7ab in nm_thread (worker0=0x1aef866d0000) at netmgr/netmgr.c
#27 0x0000000821c70e46 in isc__trampoline_run (arg=0x1aef8662bb90) at trampoline.c
#28 0x00000008376e0a75 in ?? () from /lib/libthr.so.3
#29 0x0000000000000000 in ?? ()
BIND 9.18.21-dev (Extended Support Version) <id:ed78bc4>
running on FreeBSD amd64 14.0-RC2 FreeBSD 14.0-RC2 #0 releng/14.0-n265317-1d2ff5639925: Fri Oct 20 06:17:03 UTC 2023     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
built by make with  '--disable-maintainer-mode' '--enable-developer' '--enable-option-checking=fatal' '--enable-dnstap' '--with-cmocka' '--with-libxml2' '--with-json-c' '--with-readline=libedit'
compiled by CLANG FreeBSD Clang 16.0.6 (https://github.com/llvm/llvm-project.git llvmorg-16.0.6-0-g7cbf1a259152)
compiled with OpenSSL version: OpenSSL 3.0.11 19 Sep 2023
linked to OpenSSL version: OpenSSL 3.0.11 19 Sep 2023
compiled with libuv version: 1.46.0
linked to libuv version: 1.46.0
compiled with libnghttp2 version: 1.57.0
linked to libnghttp2 version: 1.57.0
compiled with libxml2 version: 2.10.4
linked to libxml2 version: 21004
compiled with json-c version: 0.17
linked to json-c version: 0.17
compiled with zlib version: 1.3
linked to zlib version: 1.3
linked to maxminddb version: 1.7.1
compiled with protobuf-c version: 1.4.1
linked to protobuf-c version: 1.4.1
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes

default paths:
  named configuration:  /usr/local/etc/named.conf
  rndc configuration:   /usr/local/etc/rndc.conf
  DNSSEC root key:      /usr/local/etc/bind.keys
  nsupdate session key: /usr/local/var/run/named/session.key
  named PID file:       /usr/local/var/run/named/named.pid
  named lock file:      /usr/local/var/run/named/named.lock
  geoip-directory:      /usr/local/share/GeoIP
checking for krb5-config... /usr/bin/krb5-config
checking for gssapi libraries... -I/usr/include  -L/usr/lib -lgssapi -lgssapi_krb5 -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lwind -lheimbase -lroken -lcrypt -pthread
checking for gssapi/gssapi.h... yes
checking for gssapi/gssapi_krb5.h... yes
checking for gssapi_krb5.h... no
checking for gss_acquire_cred... yes
checking for krb5 libraries... -I/usr/include  -L/usr/lib -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lwind -lheimbase -lroken -lcrypt -pthread
checking for krb5/krb5.h... no
checking for krb5.h... yes
checking for krb5_init_context... yes

pytest.log.txt

core.43134-backtrace.txt

core.43041-backtrace.txt

core.44009-backtrace.txt

core.43922-backtrace.txt

core.43252-backtrace.txt

core.43094-backtrace.txt

core.42986-backtrace.txt

core.42931-backtrace.txt

nsupdate.out6

nsupdate.out5

nsupdate.out8

nsupdate.out7

nsupdate.out4

nsupdate.out3

nsupdate.out2

nsupdate.out11

nsupdate.out10

nsupdate.out1

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information