unbound-1.19.0 alloc_reg_obtain() core dumps

Sami Kerola kerolasa at iki.fi
Tue Feb 6 13:38:59 UTC 2024 

On Fri, 2 Feb 2024 at 11:43, Sami Kerola <kerolasa at iki.fi> wrote:
> On Fri, 2 Feb 2024 at 09:06, Yorgos Thessalonikefs via Unbound-users
> <unbound-users at lists.nlnetlabs.nl> wrote:
> > I'll have a look but probably next week.
>
> Thank you.
>
> There are more cores.  Many repeats of the same old same old.  One is
> something I have not seen before.

Some debugging observations since previous message.

* The cores appear to come only from servers that connectivity problems.
* Configuration has defines both prefetch and serve-expired.
* Sometime last message before crash is "all servers for this domain failed,
  at zone" other times it is "all servers for this domain failed, at zone".
  ACK, this might not mean anything at all.

While ago I received this backtrace, that looks different than all the other
crashes so far.  The infra_lookup_nottl() does not manipulate infra pointer,
but when function received the pointer it was different than at time of use.
Unfortunately '(gdb) info threads' does not provide hints what else was
happening.

-- snip
Program terminated with signal SIGSEGV, Segmentation fault.

(gdb) bt -full
#0  0x000055b596e194f9 in infra_lookup_nottl (infra=0x55b597000000,
infra at entry=0x55b597fbe230, addr=0x0, addr at entry=0x55b5986b2198,
addrlen=1633904901, addrlen at entry=16, name=0x6772 <error: Cannot
access memory at address 0x6772>, name at entry=0x55b5988cc338 "rg",
namelen=namelen at entry=11, wr=-1763693056, wr at entry=0) at
services/cache/infra.c:383
        k = {addr = {ss_family = 2,
            __ss_padding =
"\0005\307\004\2125\000\000\000\000\000\000\000\000\n\000\0005\000\000\000\000
e\346\226\265U\000\000\003\000\000\000\000\000\000\000@\205m\233\265U\000\000
\303\213\230\265U\000\000\320\302\213\230\265U\000\000\320\302\213\230\265U\000\000&\230\343\226\265U\000\000\000\363\222\272\374\177\000\000`\342\213\230\265U\000\000\000\000\000\000\000\000\000\000\003\000\000\000\001\000\000\000\020\000\000\0000\000\000",
__ss_align = 140723438679024}, addrlen = 16, zonename = 0x55b5988cc338
"rg", namelen = 11, entry = {lock = {__data = {__readers = 2531963245,
__writers = 21941, __wrphase_futex = 2532224530, __writers_futex =
21941, __pad3 = 0, __pad4 = 0, __cur_writer = 16, __shared = 48,
__rwelision = 48 '0',
                __pad1 = "\364\222\272\374\177\000", __pad2 =
140723438678896, __flags = 3469711703}, __size =
"m\261\352\226\265U\000\000\022\256\356\226\265U\000\000\000\000\000\000\000\000\000\000\020\000\000\0000\000\000\0000\364\222\272\374\177\000\000p\363\222\272\374\177\000\000W\231\317\316\222\177\000",
__align = 94238409404781}, overflow_next = 0x55b5986e8bc8,
            lru_next = 0x196e4a95a, lru_prev = 0xe5, hash =
1679659776, key = 0x3000000010, data = 0x7ffcba92f470}}
#1  0x000055b596e19578 in infra_host (infra=0x55b597fbe230,
addr=0x55b5986b2198, addrlen=16, nm=0x55b5988cc338 "rg", nmlen=11,
timenow=1707222584, edns_vs=0x7ffcba92f468,
edns_lame_known=0x7ffcba92f467 "", to=0x7ffcba92f46c) at
services/cache/infra.c:451
        e = <optimized out>
        data = <optimized out>
        wr = <optimized out>
#2  0x000055b596ead09b in serviced_udp_send
(sq=sq at entry=0x55b5986b2140, buff=buff at entry=0x55b59ae3fea0) at
services/outside_network.c:2890
        rtt = 0
        vs = 2
        edns_lame_known = 0 '\000'
        now = <optimized out>
#3  0x000055b596eb052b in serviced_timer_cb (arg=0x55b5986b2140) at
services/outside_network.c:2585
        sq = 0x55b5986b2140
        outnet = <optimized out>
#4  0x00007f92cecf0482 in ?? ()
No symbol table info available.
...
#15 0x0000000000000000 in ?? ()
No symbol table info available.

(gdb) frame 0
#0  0x000055b596e194f9 in infra_lookup_nottl (infra=0x55b597000000,
infra at entry=0x55b597fbe230, addr=0x0, addr at entry=0x55b5986b2198,
addrlen=1633904901, addrlen at entry=16, name=0x6772 <error: Cannot
access memory at address 0x6772>, name at entry=0x55b5988cc338 "rg",
namelen=namelen at entry=11, wr=-1763693056, wr at entry=0) at
services/cache/infra.c:383
383     in services/cache/infra.c
(gdb) print *infra
Cannot access memory at address 0x55b597000000
(gdb) print *name
Cannot access memory at address 0x6772

(gdb) frame 1
#1  0x000055b596e19578 in infra_host (infra=0x55b597fbe230,
addr=0x55b5986b2198, addrlen=16, nm=0x55b5988cc338 "rg", nmlen=11,
timenow=1707222584, edns_vs=0x7ffcba92f468,
edns_lame_known=0x7ffcba92f467 "", to=0x7ffcba92f46c) at
services/cache/infra.c:451
451     in services/cache/infra.c
(gdb) print *infra
$2 = {hosts = 0x55b597ba7cb0, host_ttl = 86400, infra_keep_probing =
1, domain_rates = 0x55b597fd3680, domain_limits = {root =
0x55b596f4f680 <rbtree_null_node>, count = 0, cmp = 0x55b596e431c0
<name_tree_compare>}, client_ip_rates = 0x55b597fd4150}
(gdb) print *infra->hosts
$3 = {size = 128, mask = 4261412864, shift = 25, array = 0x55b597fbe270}
(gdb) print **infra->hosts->array
$4 = {lock = 1, sizefunc = 0x55b596e14a00 <infra_sizefunc>, compfunc =
0x55b596e18cc0 <infra_compfunc>, delkeyfunc = 0x55b596e15140
<infra_delkeyfunc>, deldatafunc = 0x55b596e14d60 <infra_deldatafunc>,
markdelfunc = 0x0, cb_arg = 0x0, size = 32, size_mask = 31, array =
0x55b597fbe710, lru_start = 0x55b598274c28, lru_end = 0x55b598274c28,
num = 1, space_used = 307,
  space_max = 242187, max_collisions = 0}
-- snip

Cheers Sami

-- 
Sami Kerola
https://kerolasa.iki.fi/

More information about the Unbound-users mailing list