Discussion:
[Opendnssec-user] ods-signerd 1.4.10 crash
Havard Eidnes
2016-09-14 21:42:33 UTC
Permalink
Hi,

I recently added and removed a few zones from our OpenDNSSEC
setup, and this appears to have caused ods-signerd to crash:

pid 1361 (ods-signerd), uid 1072: exited on signal 11 (core dumped)

stack trace:

Core was generated by `ods-signerd'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000042a45a in netio_dispatch ()
(gdb) where
#0 0x000000000042a45a in netio_dispatch ()
#1 0x000000000040df3e in xfrhandler_start ()
#2 0x000000000040e26e in xfrhandler_thread_start ()
#3 0x00007f7ff560b3ae in ?? () from /usr/lib/libpthread.so.1
#4 0x00007f7ff6075e90 in ___lwp_park50 () from /usr/lib/libc.so.12
#5 0x00007f7ff4400000 in ?? ()
#6 0x00007f7ff7ff14c0 in ?? ()
#7 0x0000000111110001 in ?? ()
#8 0x0000000033330003 in ?? ()
#9 0x0000000000000000 in ?? ()
(gdb)
(gdb) x/i netio_dispatch
0x42a383 <netio_dispatch>: push %r15
(gdb)

Anyone with an idea what this may be?

Regards,

- Håvard
Havard Eidnes
2016-09-14 22:04:18 UTC
Permalink
Post by Havard Eidnes
Core was generated by `ods-signerd'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000042a45a in netio_dispatch ()
(gdb) where
#0 0x000000000042a45a in netio_dispatch ()
#1 0x000000000040df3e in xfrhandler_start ()
#2 0x000000000040e26e in xfrhandler_thread_start ()
#3 0x00007f7ff560b3ae in ?? () from /usr/lib/libpthread.so.1
#4 0x00007f7ff6075e90 in ___lwp_park50 () from /usr/lib/libc.so.12
#5 0x00007f7ff4400000 in ?? ()
#6 0x00007f7ff7ff14c0 in ?? ()
#7 0x0000000111110001 in ?? ()
#8 0x0000000033330003 in ?? ()
#9 0x0000000000000000 in ?? ()
(gdb)
(gdb) x/i netio_dispatch
0x42a383 <netio_dispatch>: push %r15
(gdb)
With debug symbols:

Program terminated with signal 11, Segmentation fault.
#0 netio_dispatch (netio=0x7f7ff7b2a0c0, timeout=<optimized out>, sigmask=0x0)
at wire/netio.c:250
250 relative.tv_sec = handler->timeout->tv_sec;
(gdb) p handler
$1 = (netio_handler_type *) 0x7f7fe300b2b8
(gdb) p $->timeout
$2 = (struct timespec *) 0x7522203031203031
(gdb) p handler->timeout->tv_sec
Cannot access memory at address 0x7522203031203031
(gdb) where
#0 netio_dispatch (netio=0x7f7ff7b2a0c0, timeout=<optimized out>, sigmask=0x0)
at wire/netio.c:250
#1 0x000000000040df3e in xfrhandler_start (xfrhandler=0x7f7ff7b76090)
at daemon/xfrhandler.c:133
#2 0x000000000040e26e in xfrhandler_thread_start (arg=<optimized out>)
at daemon/engine.c:255
#3 0x00007f7ff560b3ae in ?? () from /usr/lib/libpthread.so.1
#4 0x00007f7ff6075e90 in ___lwp_park50 () from /usr/lib/libc.so.12
#5 0x00007f7ff4400000 in ?? ()
#6 0x00007f7ff7ff14c0 in ?? ()
#7 0x0000000111110001 in ?? ()
#8 0x0000000033330003 in ?? ()
#9 0x0000000000000000 in ?? ()
(gdb)

Looks like either "use after free" or "someone scribbled
somewhere they should not".

Regards,

- Håvard
Berry A.W. van Halderen
2016-09-15 06:52:56 UTC
Permalink
Post by Havard Eidnes
Post by Havard Eidnes
Core was generated by `ods-signerd'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000042a45a in netio_dispatch ()
(gdb) where
#0 0x000000000042a45a in netio_dispatch ()
#1 0x000000000040df3e in xfrhandler_start ()
#2 0x000000000040e26e in xfrhandler_thread_start ()
#3 0x00007f7ff560b3ae in ?? () from /usr/lib/libpthread.so.1
#4 0x00007f7ff6075e90 in ___lwp_park50 () from /usr/lib/libc.so.12
#5 0x00007f7ff4400000 in ?? ()
#6 0x00007f7ff7ff14c0 in ?? ()
#7 0x0000000111110001 in ?? ()
#8 0x0000000033330003 in ?? ()
#9 0x0000000000000000 in ?? ()
(gdb)
(gdb) x/i netio_dispatch
0x42a383 <netio_dispatch>: push %r15
(gdb)
Program terminated with signal 11, Segmentation fault.
#0 netio_dispatch (netio=0x7f7ff7b2a0c0, timeout=<optimized out>, sigmask=0x0)
at wire/netio.c:250
250 relative.tv_sec = handler->timeout->tv_sec;
(gdb) p handler
$1 = (netio_handler_type *) 0x7f7fe300b2b8
(gdb) p $->timeout
$2 = (struct timespec *) 0x7522203031203031
(gdb) p handler->timeout->tv_sec
Cannot access memory at address 0x7522203031203031
(gdb) where
#0 netio_dispatch (netio=0x7f7ff7b2a0c0, timeout=<optimized out>, sigmask=0x0)
at wire/netio.c:250
#1 0x000000000040df3e in xfrhandler_start (xfrhandler=0x7f7ff7b76090)
at daemon/xfrhandler.c:133
#2 0x000000000040e26e in xfrhandler_thread_start (arg=<optimized out>)
at daemon/engine.c:255
#3 0x00007f7ff560b3ae in ?? () from /usr/lib/libpthread.so.1
#4 0x00007f7ff6075e90 in ___lwp_park50 () from /usr/lib/libc.so.12
#5 0x00007f7ff4400000 in ?? ()
#6 0x00007f7ff7ff14c0 in ?? ()
#7 0x0000000111110001 in ?? ()
#8 0x0000000033330003 in ?? ()
#9 0x0000000000000000 in ?? ()
(gdb)
Looks like either "use after free" or "someone scribbled
somewhere they should not".
Thank you for reporting it. I suspect this might be a problem that the
signer still is busy with a transfer, or wants to do a transfer for a
zone that is no longer there.
I've filed an issue for it: OPENDNSSEC-838 so that we can look into it.

With kind regards,
Berry van Halderen
Post by Havard Eidnes
Regards,
- Håvard
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
Loading...