Fwd: unbound dies on reboot : buffer overflow detected

Sean Darcy seandarcy2 at gmail.com
Mon Dec 10 19:59:32 CET 2018


---------- Forwarded message ---------
From: Sean Darcy <seandarcy2 at gmail.com>
Date: Mon, Dec 10, 2018 at 1:32 PM
Subject: Re: unbound dies on reboot : buffer overflow detected
To: <wouter at nlnetlabs.nl>


Here's the only backtrace with unbound.

sean

cat /var/spool/abrt/Python3-2018-12-07-21:31:47-1302/backtrace
subprocess.py:291:check_call:subprocess.CalledProcessError: Command
'['unbound-control', 'flush_requestlist']' returned non-zero exit
status 1.

Traceback (most recent call last):
  File "/usr/libexec/dnssec-trigger-script", line 748, in <module>
    main()
  File "/usr/libexec/dnssec-trigger-script", line 735, in main
    Application(sys.argv).run()
  File "/usr/libexec/dnssec-trigger-script", line 470, in run
    self.method()
  File "/usr/libexec/dnssec-trigger-script", line 633, in run_update
    self.run_update_connection_zones()
  File "/usr/libexec/dnssec-trigger-script", line 718, in
run_update_connection_zones
    unbound_zones.add(zone, self.global_forwarders, secure=False)
  File "/usr/libexec/dnssec-trigger-script", line 268, in add
    self._commit(zone, set(servers), secure)
  File "/usr/libexec/dnssec-trigger-script", line 299, in _commit
    self._control(["flush_requestlist"])
  File "/usr/libexec/dnssec-trigger-script", line 306, in _control
    subprocess.check_call(["unbound-control"] + args, stdout=DEVNULL,
stderr=DEVNULL)
  File "/usr/lib64/python3.6/subprocess.py", line 291, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['unbound-control',
'flush_requestlist']' returned non-zero exit status 1.

Local variables in innermost frame:
cmd: ['unbound-control', 'flush_requestlist']
retcode: 1
kwargs: {'stdout': <_io.BufferedWriter name='/dev/null'>, 'stderr':
<_io.BufferedWriter name='/dev/null'>}
popenargs: (['unbound-control', 'flush_requestlist'],)
On Mon, Dec 10, 2018 at 11:28 AM Wouter Wijngaards <wouter at nlnetlabs.nl> wrote:
>
> Hi Sean,
>
> I don't immediately see how 1.8.2 fixes it, so I think it is just
> waiting to happen again.  Could you run eg. valgrind on unbound, or use
> the abrt tool from fedora to get a stacktrace from the crash?
>
> The abrt tool may still have the crashdump from last time and may be
> able to produce a nice report with a stacktrace?  I think it saves
> crashreports (the app is called abrt or 'Problem Reporting', I think;
> /var/spool/abrt ).  If it does, just copy & paste into a reply mail?
>
> I looked at the code but could not easily see where the error would be,
> given the traced log messages.
>
> Best regards, Wouter
>
> On 12/10/18 3:32 PM, Sean Darcy wrote:
> > Wouter,
> >
> > I've upgraded to 1.8.2 and haven't seen this problem.
> >
> > Here's the auth-zone I used in 1.8.1. It's from the unbound.conf in
> > the fedora rpm:
> >
> > auth-zone:
> >         name: "."
> >         for-downstream: no
> >         for-upstream: yes
> >         fallback-enabled: yes
> >         master: b.root-servers.net
> >         master: c.root-servers.net
> >         master: e.root-servers.net
> >         master: f.root-servers.net
> >         master: g.root-servers.net
> >         master: k.root-servers.net
> >
> > Thanks for the quick response.
> >
> > sean
> > On Mon, Dec 10, 2018 at 3:37 AM Wouter Wijngaards via Unbound-users
> > <unbound-users at nlnetlabs.nl> wrote:
> >>
> >> Hi Sean,
> >>
> >> This looks like a bug that was fixed in 1.8.1, can you try with 1.8.2,
> >> and then I'd like to be able to replicate this.  Could you tell me parts
> >> of config pertinent to the auth-zone (because that is what seems to be
> >> failing here)?
> >>
> >> Best regards, Wouter
> >>
> >> On 12/8/18 3:56 PM, Sean Darcy via Unbound-users wrote:
> >>> 1.8.1
> >>> When rebooting, unbound dies:
> >>>
> >>> systemd[1]: Starting Unbound recursive Domain Name Server...
> >>> unbound-checkconf[1025]: unbound-checkconf: no errors in
> >>> /etc/unbound/unbound.conf
> >>> systemd[1]: Started Unbound recursive Domain Name Server.
> >>> unbound[1261]: [1261:0] notice: init module 0: ipsecmod
> >>> unbound[1261]: [1261:0] notice: init module 1: validator
> >>> unbound[1261]: [1261:0] notice: init module 2: iterator
> >>> unbound[1261]: [1261:0] info: start of service (unbound 1.8.1).
> >>> unbound[1261]: [1261:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
> >>> unbound[1261]: [1261:2] info: generate keytag query _ta-4a5c-4f66. NULL IN
> >>> unbound[1261]: [1261:0] error: .: failed lookup, cannot transfer from
> >>> master k.root-servers.net
> >>> unbound[1261]: [1261:0] error: .: failed lookup, cannot transfer from
> >>> master k.root-servers.net
> >>> unbound[1261]: [1261:0] error: .: failed lookup, cannot transfer from
> >>> master g.root-servers.net
> >>> unbound[1261]: [1261:0] error: .: failed lookup, cannot transfer from
> >>> master f.root-servers.net
> >>> unbound[1261]: [1261:0] error: .: failed lookup, cannot transfer from
> >>> master e.root-servers.net
> >>> unbound[1261]: [1261:0] error: .: failed lookup, cannot transfer from
> >>> master c.root-servers.net
> >>> unbound[1261]: [1261:0] error: .: failed lookup, cannot transfer from
> >>> master b.root-servers.net
> >>> unbound[1261]: *** buffer overflow detected ***: /usr/sbin/unbound terminated
> >>> systemd[1]: unbound.service: Main process exited, code=killed, status=6/ABRT
> >>> systemd[1]: unbound.service: Failed with result 'signal'.
> >>>
> >>> But no problem if restarted.
> >>> systemctl restart unbound
> >>>
> >>> systemd[1]: Starting Unbound recursive Domain Name Server...
> >>> unbound-checkconf[2775]: unbound-checkconf: no errors in
> >>> /etc/unbound/unbound.conf
> >>> systemd[1]: Started Unbound recursive Domain Name Server.
> >>> unbound[2778]: [2778:0] warning: did not exit gracefully last time (1261)
> >>> unbound[2778]: [2778:0] notice: init module 0: ipsecmod
> >>> unbound[2778]: [2778:0] notice: init module 1: validator
> >>> unbound[2778]: [2778:0] notice: init module 2: iterator
> >>> unbound[2778]: [2778:0] info: start of service (unbound 1.8.1).
> >>> unbound[2778]: [2778:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
> >>>
> >>> Any help appreciated.
> >>>
> >>> sean
> >>>
> >>
>


More information about the Unbound-users mailing list