Bug#496954: bind9: 496954: more info needed

[Maykel Moya]

On jue, 2008-10-02 at 03:03 +0800, Paul Wise wrote:

> On Tue, 2008-09-30 at 14:20 +0800, Paul Wise wrote:
> > On Thu, 2008-09-25 at 15:25 +0800, Paul Wise wrote:
> > 
> > > Can you run the following gdb commands at the point of the crash?
> > 
> > Any luck with this?
> 
> After moya sent me his configs in private, I cannot reproduce the crash
> on amd64 with bind9 version 1:9.5.0.dfsg.P2-1 nor in an i386 chroot with
> 1:9.5.0.dfsg.P1-2 or 1:9.5.0.dfsg.P2-1.
> 
> I didn't attempt to replicate the network setup, just put the configs in
> place. moya, are you able to reproduce it in a separate machine at all?

A short history about the machines. There are three, namely, ns{1,2,3}

1. ns1 is master, ns{2,3} are slaves
2. the three were etch, configuration almost the same
3. I did upgrade the three to lenny
4. ns3's named didn't crash, ns1 and ns2's named did

5. I created a clean /etc/bind in ns2. bind started gracefully
6. ... then I copied the relevant bits of my old configuration over the
freshly created /etc/bind in ns2. bind started gracefully

7. I created a clean /etc/bind in ns1. bind started gracefully
8. ... then I copied the relevant bits of my old configuration over
the freshly created /etc/bind in ns1. bind crash at startup

bind is crashing only in the master server.

With respect to the data at the point of the crash

(gdb) p *node
$1 = {bit = 19, prefix = 0xb41f50e8, l = 0xb41f4da0, r = 0xb41f90d0,
parent = 0xb41f9418, data = {0x0, 0x0}, node_num = {29, -1}}
(gdb) p node->data
$2 = {0x0, 0x0}
(gdb) p node->data[0]
$3 = (void *) 0x0
(gdb) p *(node->data[0])
Attempt to dereference a generic pointer.

The full backtrace is attached.

Cheers,
maykel


(gdb) bt full
#0  0xb7dcffc5 in dns_acl_match (reqaddr=0xb6ce7274, reqsigner=0x0, 
acl=0xb74e91e8, env=0xb74f40a8, match=0xb6ce68ac, matchelt=0x0) at acl.c:226
        bitlen = 32
        family = 2
        pfx = {family = 2, bitlen = 32, refcount = {refs = 0}, add = {sin = 
{s_addr = 2346638537}, sin6 = {in6_u = {
        u6_addr8 = "���\213", '\0' <repeats 11 times>, u6_addr16 = {56521, 
35806, 0, 0, 0, 0, 0, 0}, u6_addr32 = {2346638537, 0, 0, 0}}}}}
        node = (isc_radix_node_t *) 0xb41f4c60
        addr = (const isc_netaddr_t *) 0xb6ce7274
        v4addr = {family = 3086119696, type = {in = {s_addr = 3066980408}, in6 
= {in6_u = {u6_addr8 = "8hζ֭෼\"2��\0172�", u6_addr16 = {26680, 46798, 
          44502, 47072, 8892, 46130, 4040, 46130}, u6_addr32 = {3066980408, 
3084955094, 3023184572, 3023179720}}}, 
    un = "8hζ֭෼\"2��\0172�R\004\000\000\000\000\000\000\000\000\000\000\002", 
'\0' <repeats 19 times>, "����������H\t\004\000\000\000\001", '\0' <repeats 15 
times>, 
"�\"2��}��\001\000\001\0000�1�\000\000\000\000\000\000\000\000\020s��"}, zone = 
2}
        result = 0
        match_num = 29
        i = 3066980504
#1  0x0805a80f in allowed (addr=0xb6ce7274, signer=0x0, acl=0xb74e91e8) at 
client.c:1265
        match = 0
        result = 2
#2  0x0805b840 in client_request (task=0xb74ff7c0, event=0xb43220f8) at 
client.c:1699
        tsig = (dns_name_t *) 0x0
        client = (ns_client_t *) 0xb431e008
        sevent = (isc_socketevent_t *) 0xb43220f8
        result = 0
        sigresult = 0
        buffer = (isc_buffer_t *) 0xb6ce72ec
        tbuffer = {magic = 1114990113, base = 0x948b1a0, length = 33, used = 
33, current = 33, active = 33, link = {prev = 0xffffffff, next = 0xffffffff}, 
  mctx = 0x0}
        view = (dns_view_t *) 0xb44cc008
        opt = (dns_rdataset_t *) 0x0
        signame = (dns_name_t *) 0xb6ce7328
        ra = 134581014
        netaddr = {family = 2, type = {in = {s_addr = 2346638537}, in6 = {in6_u 
= {u6_addr8 = "���\213�޿�(�O��rζ", u6_addr16 = {56521, 35806, 57056, 
          47039, 58408, 46927, 29396, 46798}, u6_addr32 = {2346638537, 
3082804960, 3075466280, 3066983124}}}, 
    un = "���\213�޿�(�O��rζ", '\0' <repeats 32 times>, "�rζ{�\005\b", '\0' 
<repeats 20 times>, 
"DS\v\b�rζ�俷(�O�\000\000\000\000��O�\000\000\000\000�\037��"}, zone = 0}
        destaddr = {family = 2, type = {in = {s_addr = 2212420809}, in6 = 
{in6_u = {u6_addr8 = "���\203\020\000\000\000T���(�O�", u6_addr16 = {56521, 
          33758, 16, 0, 53588, 47040, 58408, 46927}, u6_addr32 = {2212420809, 
16, 3082867028, 3075466280}}}, 
    un = 
"���\203\020\000\000\000T���(�O�\000\000\000\000Hrζ8�����O��rζ\000\020\000\000\000\000\000\0000\033`�\005\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000T���xrζO�����O��rζ�rζ�rζ\000\000\000\000!\000\000\000!\000\000\000\000\000\000"},
 zone = 0}
        match = 0
        id = 60135
---Type <return> to continue, or q <return> to quit---
        flags = 256
        notimp = isc_boolean_false
        rdata = {data = 0x0, length = 0, rdclass = 0, type = 0, flags = 5, link 
= {prev = 0xb7bea2c1, next = 0xb7a6590c}}
        optcode = 0
#3  0xb7beb62e in dispatch (manager=0xb74ec008) at task.c:862
        dispatch_count = 1
        done = isc_boolean_false
        finished = isc_boolean_false
        requeue = isc_boolean_false
        event = (isc_event_t *) 0xb43220f8
        task = (isc_task_t *) 0xb74ff7c0
#4  0xb7beb8c8 in run (uap=0xb74ec008) at task.c:1005
        manager = (isc_taskmgr_t *) 0xb74ec008
#5  0xb7a62f3b in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#6  0xb78afc9e in clone () from /lib/libc.so.6
No symbol table info available.