Summary: | net-dns/bind-9.16.8 segfault DLZ mysql-connector-c at startup | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Janpieter Sollie <janpieter.sollie> |
Component: | Current packages | Assignee: | Mikle Kolyada (RETIRED) <zlogene> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | chutzpah |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
bind output with reduced DLZ + -d 1
SQL db info bind blocked zone file mysql dump including contents |
Description
Janpieter Sollie
2020-12-24 12:56:35 UTC
A stack trace if possible could help. https://wiki.gentoo.org/wiki/Debugging (In reply to Sam James from comment #1) > A stack trace if possible could help. > > https://wiki.gentoo.org/wiki/Debugging Which packages need recompiling for this stack trace? - bind - mysql-connector-c - mariadb - glibc - kernel debug info thx (In reply to Janpieter Sollie from comment #2) > (In reply to Sam James from comment #1) > > A stack trace if possible could help. > > > > https://wiki.gentoo.org/wiki/Debugging > > Which packages need recompiling for this stack trace? > - bind > - mysql-connector-c > - mariadb These might be relevant, please provide them and open this bug again if still exists. The issue is still valid. A backtrace from GDB: > 24-Feb-2021 09:16:01.262 managed-keys-zone: loaded serial 1 > double free or corruption (!prev) > double free or corruption (out) > --Type <RET> for more, q to quit, c to continue without paging-- > > Thread 55 "isc-worker0021" received signal SIGABRT, Aborted. > [Switching to Thread 0x7fffd9893640 (LWP 13853)] > 0x00007ffff70a0aa1 in raise () from /lib64/libc.so.6 (gdb) bt > #0 0x00007ffff70a0aa1 in raise () from /lib64/libc.so.6 > #1 0x00007ffff708a2b6 in abort () from /lib64/libc.so.6 > #2 0x00007ffff70e3607 in ?? () from /lib64/libc.so.6 > #3 0x00007ffff70eb3ba in ?? () from /lib64/libc.so.6 > #4 0x00007ffff70ed40c in ?? () from /lib64/libc.so.6 > #5 0x00007ffff761f130 in Vio::~Vio (this=<optimized out>, __in_chrg=<optimized out>) at /var/tmp/portage/dev-db/mysql-connector-c-8.0.22/work/mysql-8.0.22/vio/vio.cc:115 > #6 0x00007ffff761fa6d in internal_vio_delete (vio=0x7fff23139db0) at /var/tmp/portage/dev-db/mysql-connector-c-8.0.22/work/mysql-8.0.22/vio/vio.cc:541 > #7 0x00007ffff75bb079 in end_server (mysql=0x7fff23139460) at /var/tmp/portage/dev-db/mysql-connector-c-8.0.22/work/mysql-8.0.22/sql-common/client.cc:1808 > #8 0x00007ffff75bb491 in cli_safe_read_with_ok_complete (mysql=0x7fff23139460, parse_ok=<optimized out>, is_data_packet=0x0, len=18446744073709551615) > at /var/tmp/portage/dev-db/mysql-connector-c-8.0.22/work/mysql-8.0.22/sql-common/client.cc:1154 > #9 0x00007ffff75c078e in cli_read_query_result (mysql=0x7fff23139460) at /var/tmp/portage/dev-db/mysql-connector-c-8.0.22/work/mysql-8.0.22/sql-common/client.cc:6984 > #10 0x00007ffff75c4315 in mysql_real_query (mysql=0x7fff23139460, query=query@entry=0x7fff26619158 "select 'centro.pixel.ad' AS zone from dns_records where zone = 'null' OR zone = 'centro.pixel.ad'", length=97) > at /var/tmp/portage/dev-db/mysql-connector-c-8.0.22/work/mysql-8.0.22/sql-common/client.cc:7195 > #11 0x00007ffff75b0d4a in mysql_query (mysql=<optimized out>, query=query@entry=0x7fff26619158 "select 'centro.pixel.ad' AS zone from dns_records where zone = 'null' OR zone = 'centro.pixel.ad'") > at /var/tmp/portage/dev-db/mysql-connector-c-8.0.22/work/mysql-8.0.22/libmysql/libmysql.cc:658 > #12 0x00005555555adeae in mysql_get_resultset (rs=<synthetic pointer>, dbdata=0x7fff22f1f520, query=4, client=0x0, record=0x0, zone=0x7fffd9892740 "centro.pixel.ad") at ../../contrib/dlz/drivers/dlz_mysql_driver.c:308 > #13 mysql_findzone (driverarg=<optimized out>, dbdata=0x7fff22f1f520, name=0x7fffd9892740 "centro.pixel.ad", methods=<optimized out>, clientinfo=<optimized out>) at ../../contrib/dlz/drivers/dlz_mysql_driver.c:489 > #14 0x00007ffff7e6d106 in dns_sdlzfindzone (driverarg=0x7ffff6b33290, dbdata=0x7fff22f1f520, mctx=0x5555555ed090, rdclass=<optimized out>, name=0x7fff2d993c90, methods=0x0, clientinfo=0x0, dbp=0x7fffd9892bd8) at sdlz.c:1681 > #15 0x00007ffff7ecf0e4 in zone_load (zone=0x7fff2d993b50, flags=<optimized out>, locked=locked@entry=true) at zone.c:2159 > #16 0x00007ffff7ecf5a1 in zone_asyncload (task=0x7fff34dbd308, event=<optimized out>) at zone.c:2303 > #17 0x00007ffff7c88150 in dispatch (threadid=<optimized out>, manager=0x7fffe49fa010) at task.c:1152 > #18 run (queuep=<optimized out>) at task.c:1344 > #19 0x00007ffff756bfde in start_thread () from /lib64/libpthread.so.0 > #20 0x00007ffff715873f in clone () from /lib64/libc.so.6 > (gdb) Created attachment 688218 [details]
bind output with reduced DLZ + -d 1
The zones being queried are the zones I want to blacklist, I'll add the blacklist.dlz file.
I'll also add a SQL dump of the database + the described queries in DLZ
Created attachment 688221 [details]
SQL db info
these are the settings in /etc/named.conf + the sql dump of the database
Created attachment 688230 [details]
bind blocked zone file
Further investigation shows it was in the "update counter" statement. So I performed some deeper inspection on these: > (gdb) set args -u named -f -d 1 -c /etc/bind/named.conf -n 1 > (gdb) run > Starting program: /usr/sbin/named -u named -f -d 1 -c /etc/bind/named.conf -n 1 > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > [New Thread 0x7ffff69f0640 (LWP 15498)] > [New Thread 0x7ffff61ef640 (LWP 15499)] > [New Thread 0x7ffff59ee640 (LWP 15500)] > [New Thread 0x7ffff51c3640 (LWP 15501)] > > Thread 3 "isc-worker0000" received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x7ffff61ef640 (LWP 15499)] > 0x00007ffff70f5746 in strlen () from /lib64/libc.so.6 > (gdb) bt > #0 0x00007ffff70f5746 in strlen () from /lib64/libc.so.6 > #1 0x00005555555abe3d in sdlzh_build_querystring > (mctx=mctx@entry=0x5555555ed090, querylist=0x7fffd6ac4d70) at ../../contrib/dlz/drivers/sdlz_helper.c:287 > #2 0x00005555555ad32c in mysql_get_resultset (zone=<optimized out>, record=<optimized out>, client=<optimized out>, query=5, dbdata=0x7fffd6adb8c8, rs=0x0) at ../../contrib/dlz/drivers/dlz_mysql_driver.c:276 > #3 0x00005555555ae077 in mysql_findzone (driverarg=<optimized out>, methods=<optimized out>, clientinfo=<optimized out>, name=0x7ffff61ee740 "www.weknow.ac", dbdata=0x7fffd6adb8c8) at ../../contrib/dlz/drivers/dlz_mysql_driver.c:508 > #4 mysql_findzone (driverarg=<optimized out>, dbdata=0x7fffd6adb8c8, name=0x7ffff61ee740 "www.weknow.ac", methods=<optimized out>, clientinfo=<optimized out>) at ../../contrib/dlz/drivers/dlz_mysql_driver.c:478 > #5 0x00007ffff7e6d106 in dns_sdlzfindzone (driverarg=0x7ffff6b33330, dbdata=0x7fffd6adb8c8, mctx=0x5555555ed090, rdclass=<optimized out>, name=0x7fffe2dcd0c0, methods=0x0, clientinfo=0x0, dbp=0x7ffff61eebd8) at sdlz.c:1681 > #6 0x00007ffff7ecf0e4 in zone_load (zone=0x7fffe2dccf80, flags=<optimized out>, locked=locked@entry=true) at zone.c:2159 > #7 0x00007ffff7ecf5a1 in zone_asyncload (task=0x7ffff092c398, event=<optimized out>) at zone.c:2303 > #8 0x00007ffff7c88150 in dispatch (threadid=<optimized out>, manager=0x7ffff6b3e010) at task.c:1152 > #9 run (queuep=<optimized out>) at task.c:1344 > #10 0x00007ffff756bfde in start_thread () from /lib64/libpthread.so.0 > #11 0x00007ffff715873f in clone () from /lib64/libc.so.6 > (gdb) up > #1 0x00005555555abe3d in sdlzh_build_querystring (mctx=mctx@entry=0x5555555ed090, querylist=0x7fffd6ac4d70) at ../../contrib/dlz/drivers/sdlz_helper.c:287 ../../contrib/dlz/drivers/sdlz_helper.c: No such file or directory. > (gdb) print *tseg > $1 = {sql = 0x7fffd6adb918, strlen = 0, direct = false, link = {prev = 0x7ffff03823d0, next = 0x7ffff0394240}} > (gdb) print *tseg->sql > Attempt to dereference a generic pointer. > (gdb) print *((char**)tseg->sql) > $2 = 0x0 > (gdb) print *querylist > $3 = {head = 0x7ffff03e5c10, tail = 0x7ffff0394240} > (gdb) print *querylist->head > $4 = {sql = 0x7ffff6b333d8, strlen = 71, direct = true, link = {prev = 0x0, next = 0x7ffff0622a00}} > (gdb) print *querylist->head->link->next > $5 = {sql = 0x7fffd6adb908, strlen = 0, direct = false, link = {prev = 0x7ffff03e5c10, next = 0x7ffff03823d0}} > (gdb) print *querylist->head->link->next->link->next > $6 = {sql = 0x7ffff0100598, strlen = 17, direct = true, link = {prev = 0x7ffff0622a00, next = 0x7fffe83d0970}} > (gdb) print *querylist->head->link->next->link->next->link->next > $7 = {sql = 0x7fffd6adb918, strlen = 0, direct = false, link = {prev = 0x7ffff03823d0, next = 0x7ffff0394240}} > (gdb) frame 2 > #2 0x00005555555ad32c in mysql_get_resultset (zone=<optimized out>, record=<optimized out>, client=<optimized out>, query=5, dbdata=0x7fffd6adb8c8, rs=0x0) at ../../contrib/dlz/drivers/dlz_mysql_driver.c:276 ../../contrib/dlz/drivers/dlz_mysql_driver.c: No such file or directory. > (gdb) print *dbi->countzone_q > $8 = {head = 0x7ffff03e5c10, tail = 0x7ffff0394240} > (gdb) print *dbi->countzone_q->head > $9 = {sql = 0x7ffff6b333d8, strlen = 71, direct = true, link = {prev = 0x0, next = 0x7ffff0622a00}} > (gdb) print *((char*) dbi->countzone_q->head->sql) $10 = 117 'u' > (gdb) printf "%s\n", *((char*) dbi->countzone_q->head->sql) Cannot access memory at address 0x75 > (gdb) print *dbi->zone > $11 = 119 'w' > (gdb) print *dbi > $12 = {dbconn = 0x7fffd6cf44d0, allnodes_q = 0x7fffd6adad70, allowxfr_q = 0x7fffd6ad6d70, authority_q = 0x7fffd6acfd70, findzone_q = 0x7fffd6acad70, lookup_q = 0x7fffd6abdd70, countzone_q = 0x7fffd6ac4d70, query_buf = 0x0, zone = 0x7fffd7a1c900 "www.weknow.ac", record = 0x0, client = 0x0, mctx = 0x5555555ed090, instance_lock = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 3, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 16 times>, "\003", '\000' <repeats 22 times>, __align = 0}, link = {prev = 0x0, next = 0x0}} > (gdb) print *dbi->countzone_q > $13 = {head = 0x7ffff03e5c10, tail = 0x7ffff0394240} > (gdb) print *dbi->countzone_q->head > $14 = {sql = 0x7ffff6b333d8, strlen = 71, direct = true, link = {prev = 0x0, next = 0x7ffff0622a00}} > (gdb) print *((char**)dbi->countzone_q->head->sql) $15 = 0x6420657461647075 <error: Cannot access memory at address 0x6420657461647075> Created attachment 688236 [details]
mysql dump including contents
the issue was somewhere in my config files. Due to poor documentation, I got myself confused in dirty config settings. To address the "poor documentation" issue, I'll write a documentation about it in the forum in case someone else has issues with it (In reply to Janpieter Sollie from comment #10) > the issue was somewhere in my config files. Due to poor documentation, I > got myself confused in dirty config settings. > To address the "poor documentation" issue, I'll write a documentation about > it in the forum in case someone else has issues with it Please, provide a link to said forum-post, I'm facing the very same issues. BR Charlie (In reply to Charlie Gehlin from comment #11) > (In reply to Janpieter Sollie from comment #10) > > the issue was somewhere in my config files. Due to poor documentation, I > > got myself confused in dirty config settings. > > To address the "poor documentation" issue, I'll write a documentation about > > it in the forum in case someone else has issues with it > > Please, provide a link to said forum-post, I'm facing the very same issues. > BR Charlie Sorry, it seemed to be a bind connector bug ater all ... I opened a bug at ISC, but so far, no news. https://gitlab.isc.org/isc-projects/bind9/-/issues/2530 Ok, thanks for info. Please consider revisiting this bug when you receive any info over at ISC, as "voters" get notified :) BR /Charlie |