Hi *, When using the auth-zone feature, unbound 1.7.3 crashes when trying to XFR one of my private zone. Other zones are OK. I've attached the aggregated config, the gdb full backtrace and the verb 4 logs. If needed, I could also share the private zone via direct email.
Regards, Simon
[New LWP 12000]
warning: Corrupted shared library list: 0x7f7b4aea41a0 != 0x21
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/unbound -d'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:520
520 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory.
#0 __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:520
No locals.
#1 0x0000557f3f28b379 in memmove (__len=<optimized out>, __src=<optimized out>, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40
No locals.
#2 rrset_add_rr (rr_ttl=rr_ttl@entry=172800, rdata=rdata@entry=0x557f4163c80d "", rdatalen=rdatalen@entry=297, insert_sig=0, rrset=<optimized out>) at services/authzone.c:812
d = 0x557f41650a70
old = 0x557f41650800
total = 2
old_total = 1
#3 0x0000557f3f28dfec in az_domain_add_rr (duplicate=0x0, rdatalen=297, rdata=0x557f4163c80d "", rr_ttl=172800, rr_type=46, node=<optimized out>) at services/authzone.c:1124
rrset = <optimized out>
rrset = <optimized out>
ctype = <optimized out>
rrsig = <optimized out>
#4 az_insert_rr (z=z@entry=0x557f40f87a30, rr=rr@entry=0x557f4163c7f0 "", rr_len=rr_len@entry=326, dname_len=<optimized out>, duplicate=duplicate@entry=0x0) at services/authzone.c:1170
node = <optimized out>
dname = 0x557f4163c7f0 ""
rr_type = 46
rr_class = <optimized out>
rr_ttl = 172800
rdatalen = 297
rdata = 0x557f4163c80d ""
#5 0x0000557f3f290e6c in az_insert_rr_decompress (duplicate=0x0, rr_rdlen=<optimized out>, rr_data=<optimized out>, rr_ttl=<optimized out>, rr_class=<optimized out>, rr_type=<optimized out>, dname=<optimized out>, scratch_buffer=<optimized out>, pktlen=<optimized out>, pkt=<optimized out>, z=0x557f40f87a30) at services/authzone.c:1412
rr = <optimized out>
rr_len = <optimized out>
dname_len = <optimized out>
pkt = <optimized out>
rr_type = <optimized out>
rr_class = <optimized out>
rr_ttl = <optimized out>
z = 0x557f40f87a30
rr_len = <optimized out>
pktlen = <optimized out>
dname = <optimized out>
dname_len = <optimized out>
rr_data = <optimized out>
rr_rdlen = <optimized out>
duplicate = 0x0
scratch_buffer = <optimized out>
rr = <optimized out>
rr = <optimized out>
rr_len = <optimized out>
dname_len = <optimized out>
rr = <optimized out>
rr_len = <optimized out>
dname_len = <optimized out>
#6 apply_axfr (scratch_buffer=<optimized out>, z=0x557f40f87a30, xfr=0x557f40f87af0) at services/authzone.c:4629
rr_chunk = 0x557f4164f3a0
rr_type = 46
rr_class = 1
rr_ttl = 172800
rr_nextpos = 992
rr_pos = 685
rr_dname = 0x557f4166060d "\302\030"
serial = 2018031859
rr_counter = 5
have_end_soa = 0
rr_num = 5
rr_rdata = 0x557f41660619 ""
rr_rdlen = 295
rr_chunk = <optimized out>
rr_num = <optimized out>
rr_pos = <optimized out>
rr_dname = <optimized out>
rr_rdata = <optimized out>
rr_type = <optimized out>
rr_class = <optimized out>
rr_rdlen = <optimized out>
rr_ttl = <optimized out>
serial = <optimized out>
rr_nextpos = <optimized out>
rr_counter = <optimized out>
have_end_soa = <optimized out>
#7 xfr_process_chunk_list (xfr=xfr@entry=0x557f40f87af0, env=env@entry=0x557f40f9f6b0, ixfr_fail=ixfr_fail@entry=0x7fff89f60764) at services/authzone.c:4853
z = 0x557f40f87a30
#8 0x0000557f3f296482 in process_list_end_transfer (xfr=0x557f40f87af0, env=0x557f40f9f6b0) at services/authzone.c:5504
ixfr_fail = 0
sr = <optimized out>
has_sr = <optimized out>
lockret_err = <optimized out>
lockret_err = <optimized out>
#9 0x0000557f3f29710a in auth_xfer_transfer_tcp_callback (c=<optimized out>, arg=<optimized out>, err=<optimized out>, repinfo=<optimized out>) at services/authzone.c:5599
xfr = <optimized out>
env = <optimized out>
gonextonfail = 1
transferdone = <optimized out>
#10 0x0000557f3f2c419e in tcp_callback_reader (c=c@entry=0x557f4164fe20) at util/netevent.c:977
__func__ = "tcp_callback_reader"
#11 0x0000557f3f2c4e78 in comm_point_tcp_handle_read (fd=15, c=0x557f4164fe20, short_ok=<optimized out>) at util/netevent.c:1414
r = <optimized out>
short_ok = <optimized out>
c = 0x557f4164fe20
fd = 15
r = <optimized out>
r = <optimized out>
#12 0x0000557f3f2c511d in comm_point_tcp_handle_callback (fd=15, event=<optimized out>, arg=0x557f4164fe20) at util/netevent.c:1672
c = 0x557f4164fe20
__func__ = "comm_point_tcp_handle_callback"
#13 0x00007f7b4a3dc8f8 in event_persist_closure (ev=<optimized out>, base=0x557f40f9f9c0) at event.c:1580
evcb_callback = 0x557f3f2c4ff0 <comm_point_tcp_handle_callback>
evcb_fd = 15
evcb_res = 2
evcb_arg = 0x557f4164fe20
evcb_callback = <optimized out>
evcb_fd = <optimized out>
evcb_res = <optimized out>
evcb_arg = <optimized out>
run_at = <optimized out>
relative_to = <optimized out>
delay = <optimized out>
now = <optimized out>
usec_mask = <optimized out>
#14 event_process_active_single_queue (base=base@entry=0x557f40f9f9c0, activeq=0x557f40f9fe10, max_to_process=max_to_process@entry=2147483647, endtime=endtime@entry=0x0) at event.c:1639
ev = <optimized out>
evcb = <optimized out>
count = 1
__func__ = "event_process_active_single_queue"
#15 0x00007f7b4a3dd33f in event_process_active (base=0x557f40f9f9c0) at event.c:1738
activeq = <optimized out>
i = 0
c = 0
tv = {tv_sec = 37985, tv_usec = 71521}
maxcb = 2147483647
endtime = 0x0
limit_after_prio = 2147483647
activeq = <optimized out>
i = <optimized out>
c = <optimized out>
endtime = <optimized out>
tv = <optimized out>
maxcb = <optimized out>
limit_after_prio = <optimized out>
#16 event_base_loop (base=0x557f40f9f9c0, flags=flags@entry=0) at event.c:1961
n = <optimized out>
evsel = 0x7f7b4a60d800 <epollops>
tv = {tv_sec = 0, tv_usec = 143999}
tv_p = <optimized out>
res = <optimized out>
done = 0
retval = 0
__func__ = "event_base_loop"
#17 0x00007f7b4a3dd5e7 in event_base_dispatch (event_base=<optimized out>) at event.c:1772
No locals.
#18 0x0000557f3f2cd6d5 in ub_event_base_dispatch (base=<optimized out>) at util/ub_event.c:280
No locals.
#19 0x0000557f3f2c2a4c in comm_base_dispatch (b=<optimized out>) at util/netevent.c:242
retval = <optimized out>
#20 0x0000557f3f22cd59 in worker_work (worker=<optimized out>) at daemon/worker.c:1844
No locals.
#21 0x0000557f3f2226bb in daemon_fork (daemon=0x557f40e64290) at daemon/daemon.c:663
have_view_respip_cfg = 0
#22 0x0000557f3f21e16c in run_daemon (need_pidfile=1, log_default_identity=0x7fff89f61f22 "unbound", debug_mode=1, cmdline_verbose=0, cfgfile=0x557f3f2dc7cf "/etc/unbound/unbound.conf") at daemon/unbound.c:649
cfg = 0x557f40e85210
daemon = 0x557f40e64290
done_setup = 1
cfg = <optimized out>
daemon = <optimized out>
done_setup = <optimized out>
fd = <optimized out>
#23 main (argc=<optimized out>, argv=<optimized out>) at daemon/unbound.c:746
c = <optimized out>
cfgfile = <optimized out>
winopt = <optimized out>
log_ident_default = 0x7fff89f61f22 "unbound"
cmdline_verbose = 0
debug_mode = 1
need_pidfile = 1
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"
server:
# Send minimum amount of information to upstream servers to enhance
# privacy. Only sends minimum required labels of the QNAME and sets
# QTYPE to NS when possible.
# See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for
# details.
qname-minimisation: yes
server:
# The following line will configure unbound to perform cryptographic
# DNSSEC validation using the root trust anchor.
auto-trust-anchor-file: "/var/lib/unbound/root.key"
server:
verbosity: 4
# disable the subnet module
module-config: "validator iterator"
private-address: 172.24.0.0/16
# Allow to resolve AS112 zones
local-zone: "24.172.in-addr.arpa" nodefault
trust-anchor: "24.172.in-addr.arpa. IN DS 52954 8 2
4250E2716D37A6674E4793AD3FDEA1440936728B2A1D09B126C692D59F51254B"
auth-zone:
name: "24.172.in-addr.arpa"
zonefile: /var/lib/unbound/24.172.in-addr.arpa
for-downstream: no
master: 2001:470:b1c3:7941::53
master: 172.24.21.53
Starting Unbound DNS server...
/var/lib/unbound/root.key has content
success: the anchor is ok
[1534250338] unbound[12285:0] debug: creating udp6 socket ::1 53
[1534250338] unbound[12285:0] debug: creating tcp6 socket ::1 53
[1534250338] unbound[12285:0] debug: creating udp4 socket 127.0.0.1 53
[1534250338] unbound[12285:0] debug: creating tcp4 socket 127.0.0.1 53
[1534250338] unbound[12285:0] debug: creating tcp6 socket ::1 8953
[1534250338] unbound[12285:0] debug: creating tcp4 socket 127.0.0.1 8953
[1534250338] unbound[12285:0] debug: setup SSL certificates
[1534250338] unbound[12285:0] debug: switching log to syslog
[12285:0] debug: chdir to /etc/unbound
[12285:0] debug: drop user privileges, run as unbound
[12285:0] debug: read zonefile /var/lib/unbound/24.172.in-addr.arpa for 24.172.in-addr.arpa.
[12285:0] debug: no zonefile /var/lib/unbound/24.172.in-addr.arpa for 24.172.in-addr.arpa.
[12285:0] debug: module config: "validator iterator"
[12285:0] notice: init module 0: validator
[12285:0] info: adding trusted key 24.172.in-addr.arpa. DS IN
[12285:0] debug: reading autotrust anchor file /var/lib/unbound/root.key
[12285:0] info: trust point . : 1
[12285:0] info: assembled 0 DS and 2 DNSKEYs
[12285:0] info: DNSKEY:: . 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b}
[12285:0] info: DNSKEY:: . 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b}
[12285:0] info: file /var/lib/unbound/root.key
[12285:0] info: last_queried: 1534250338 Tue Aug 14 12:38:58 2018
[12285:0] info: last_success: 1534250338 Tue Aug 14 12:38:58 2018
[12285:0] info: next_probe_time: 1534291221 Wed Aug 15 00:00:21 2018
[12285:0] info: query_interval: 43200
[12285:0] info: retry_time: 8640
[12285:0] info: query_failed: 0
[12285:0] info: [ VALID ] . 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state:2 ;;pending_count:0 last:Mon Aug 13 17:09:19 2018
[12285:0] info: [ VALID ] . 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state:2 ;;pending_count:0 last:Mon Aug 13 17:09:19 2018
[12285:0] debug: validator nsec3cfg keysz 1024 mxiter 150
[12285:0] debug: validator nsec3cfg keysz 2048 mxiter 500
[12285:0] debug: validator nsec3cfg keysz 4096 mxiter 2500
[12285:0] notice: init module 1: iterator
[12285:0] debug: target fetch policy for level 0 is 3
[12285:0] debug: target fetch policy for level 1 is 2
[12285:0] debug: target fetch policy for level 2 is 1
[12285:0] debug: target fetch policy for level 3 is 0
[12285:0] debug: target fetch policy for level 4 is 0
[12285:0] debug: donotq: 127.0.0.0/8
[12285:0] debug: donotq: ::1
[12285:0] debug: total of 59474 outgoing ports available
[12285:0] debug: start threads
[12285:0] debug: libevent 2.1.8-stable user epoll method.
[12285:0] debug: no config, using builtin root hints.
[12285:0] debug: auth zone 24.172.in-addr.arpa. timeout in 0 seconds
[12285:0] debug: cache memory msg=66072 rrset=66072 infra=7808 val=66352 subnet=0
[12285:0] info: start of service (unbound 1.7.3).
Started Unbound DNS server.
[12285:0] debug: autotrust probe timer callback
[12285:0] debug: autotrust probe timer 0 callbacks done
[12285:0] debug: auth zone 24.172.in-addr.arpa.: soa probe serial is 2018031859
[12285:0] debug: auth_zone updated, start transfer
[12285:0] debug: close fd 15
[12285:0] debug: comm point start listening 15
[12285:0] debug: comm point stop listening 15
[12285:0] debug: comm point start listening 15
[12285:0] debug: Reading tcp query of length 18928
[12285:0] debug: comm point stop listening 15
[12285:0] debug: xfr 172.24.21.53: contains SOA serial 2018031859
[12285:0] debug: xfr 172.24.21.53: last AXFR packet
[12285:0] debug: close fd 15
unbound.service: Main process exited, code=dumped, status=11/SEGV
unbound.service: Failed with result 'core-dump'.
unbound.service: Service hold-off time over, scheduling restart.
unbound.service: Scheduled restart job, restart counter is at 5.
Stopped Unbound DNS server.
unbound.service: Start request repeated too quickly.
unbound.service: Failed with result 'core-dump'.
Failed to start Unbound DNS server.
signature.asc
Description: OpenPGP digital signature
