If 9.16 reload is executed repeatedly, memory leakage may occur
Summary
BIND version affected
9.16.50
BIND 9.16.50 (Extended Support Version) id:113a865 running on Linux aarch64 5.10.0-136.aarch64 #1 SMP Sun Apr 14 16:12:21 UTC 2024 built by make with '--build=aarch64-linux-gnu' '--host=aarch64-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/bin/python3' '--with-libtool' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-gssapi=yes' '--with-lmdb=yes' '--without-libjson' '--with-json-c' '--with-cmocka' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=aarch64-linux-gnu' 'host_alias=aarch64-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/generic-hardened-cc1 -fasynchronous-unwind-tables -fstack-clash-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/generic-hardened-ld' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' compiled by GCC 10.3.1 compiled with OpenSSL version: OpenSSL 1.1.1m 14 Dec 2021 linked to OpenSSL version: OpenSSL 1.1.1m 14 Dec 2021 compiled with libuv version: 1.42.0 linked to libuv version: 1.42.0 compiled with libxml2 version: 2.9.14 linked to libxml2 version: 20914 compiled with json-c version: 0.16 linked to json-c version: 0.16 compiled with zlib version: 1.2.11 linked to zlib version: 1.2.11 linked to maxminddb version: 1.5.0 threads support is enabled DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448 DS algorithms: SHA-1 SHA-256 SHA-384 HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512 TKEY mode 2 support (Diffie-Hellman): yes TKEY mode 3 support (GSS-API): yes
default paths: named configuration: /etc/named.conf rndc configuration: /etc/rndc.conf DNSSEC root key: /etc/bind.keys nsupdate session key: /var/run/named/session.key named PID file: /var/run/named/named.pid named lock file: /var/run/named/named.lock geoip-directory: /usr/share/GeoIP
Steps to reproduce
- Start the named service.
- Repeatedly reload the service
What is the current bug behavior?
Run the ps -eF command to check the RSS of the named process or check the heap in the maps. Both of them increase.The reload operation is performed every second,After 23 hours, the memory usage is about 800 MB.This problem seems to have existed before, #446 (closed)
But I don't see the problem on 9.18.24
What is the expected correct behavior?
No memory usage increases after repeated execution. A few memory fragments may exist, but the memory usage should not increase to 800 MB.
Relevant configuration files
named.conf
options { listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing"; allow-query { localhost; };
recursion yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "." IN { type hint; file "named.ca"; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";