Bug 4232 - Unbound keeps crashing on opnsense with libressl and dns-over-tls config
Unbound keeps crashing on opnsense with libressl and dns-over-tls config
Status: ASSIGNED
Product: unbound
Classification: Unclassified
Component: server
1.9.0
x86_64 other
: P5 blocker
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-03 16:58 CET by Menco
Modified: 2019-03-05 09:53 CET (History)
2 users (show)

See Also:


Attachments
Logging from unbound (499.48 KB, text/x-log)
2019-03-03 19:07 CET, Menco
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Menco 2019-03-03 16:58:01 CET
When configuring unbound on opnsense for dns-over-tls it keeps crashing with a segfault. 

System logging : 
Mar 3 16:03:24 	kernel: -> pid: 74771 ppid: 1 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
Mar 3 16:03:24 	kernel: [HBSD SEGVGUARD] [unbound (74771)] Suspension expired.
Mar 3 16:03:24 	kernel: pid 74771 (unbound), uid 59: exited on signal 11


Config : 

server:
  tls-cert-bundle: "/etc/ssl/cert.pem"

forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 1.1.1.1@853#cloudflare-dns.com
  forward-addr: 1.0.0.1@853#cloudflare-dns.com


OPNsense 19.1.2-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
LibreSSL 2.8.3
Comment 1 Menco 2019-03-03 19:07:36 CET
Created attachment 565 [details]
Logging from unbound
Comment 2 Wouter Wijngaards 2019-03-04 09:18:28 CET
Hi Menco,

That log is surprisingly not useful, like the last part is not pertinent to what you are saying.  Could it be shortened?

Regardless of that, a crash bug has been fixed recently and using the version from the code repository may just fix the issue you have.  I can send a tarball of that latest version if you prefer.

The other option is to get a stack trace, like with libabrt, or valgrind or with gdb.  That could tell me more about what is going on.  (Or some way to reproduce it issue over here (and then I run gdb on it :-) ) ).

Best regards, Wouter
Comment 3 Menco 2019-03-05 09:49:19 CET
Hello Wouter, 

Sadly, that's all there is in logs. No error message, just a crash. How to debug on opnsense, I don't know... I'm just a user reporting a crash :-). If you could give me pointers to how to debug. Or I could give you my unbound config. 
When will there be a new release containing the crash fix? So I can trigger the maintainers of opnsense of the new version. 

Regards, 
Menco
Comment 4 Wouter Wijngaards 2019-03-05 09:53:33 CET
Hi Menco,

The 1.9.1rc1 pre-release is today, in an hour or so, when I can finish typing it :-)

Best regards, Wouter