host crashes with SIGABRT in isc_assertion_failed()

Upstream bug report:

https://gitlab.isc.org/isc-projects/bind9/-/issues/3020

Upstream has merged the fix for this bug:

https://gitlab.isc.org/isc-projects/bind9/-/commit/da0d85d7483437e110111025399ec7fc9bf6ff30

I've been trying to reproduce it using a Jammy container, but so far I haven't been able to. I'm running the "host -v" command in a loop, but it never seems to crash.

Anyway, I've talked to Athos and reassigned the bug to myself. I will prepare an MP for it soon, but I'd like to be able to reproduce the bug first. I will keep investigating here.

Hello Thomas,

I still cannot reproduce this issue, so I would like to know if you could test the bind9 package from the following PPA and let me know if it fixes your problem:

https://launchpad.net/~sergiodj/+archive/ubuntu/bind9-bugfix

It contains the backported patches from the upstream Merge Request mentioned above.

Thanks in advance.

Hi Sergio,
I will test it as soon as possible, right now I am travelling.

Cheers
TB

El 21 de marzo de 2022 20:05:58 ART, Sergio Durigan Junior <email address hidden> escribió:
>Hello Thomas,
>
>I still cannot reproduce this issue, so I would like to know if you
>could test the bind9 package from the following PPA and let me know if
>it fixes your problem:
>
>https://launchpad.net/~sergiodj/+archive/ubuntu/bind9-bugfix
>
>It contains the backported patches from the upstream Merge Request
>mentioned above.
>
>Thanks in advance.
>
>--
>You received this bug notification because you are subscribed to the bug
>report.
>https://bugs.launchpad.net/bugs/1964400
>
>Title:
> host crashes with SIGABRT in isc_assertion_failed()
>
>Status in bind9 package in Ubuntu:
> Triaged
>Status in bind9 package in Debian:
> Confirmed
>
>Bug description:
> LP: #1964264 reported `host` intermittent crashes when performing
> numeric lookups.
>
> I could reproduce the issue by running the command below a few times
> in a new jammy installation. I was also able to reproduce the issue in
> Debian.
>
> Since LP: #1964264 is private and contains a user's core dump. I am
> filing a new bug report so we can publicly address the issue.
>
> # host -v 192.108.254.91
> Trying "91.254.108.192.in-addr.arpa"
> netmgr/netmgr.c:1731: REQUIRE((((handle) != ((void *)0) && ((const isc__magic_t *)(handle))->magic == ((('N') << 24 | ('M') << 16 | ('H') << 8 | ('D')))) && __extension__ ({ __auto_type __atomic_load_ptr = (&(handle)->references); __typeof__ ((void)0, *__atomic_load_ptr) __atomic_load_tmp; __atomic_load (__atomic_load_ptr, &__atomic_load_tmp, (5)); __atomic_load_tmp; }) > 0)) failed, back trace
> /lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(+0x32953)[0x7fbb5b941953]
> /lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(isc_assertion_failed+0x10)[0x7fbb5b940e40]
> /lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(isc__nmhandle_attach+0x67)[0x7fbb5b92a7e7]
> host(+0xea22)[0x55e9ea129a22]
> host(+0xee85)[0x55e9ea129e85]
> host(+0x117c0)[0x55e9ea12c7c0]
> /lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(isc__nm_async_readcb+0xb1)[0x7fbb5b92fff1]
> /lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(isc__nm_readcb+0x9b)[0x7fbb5b93012b]
> /lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(+0x2f980)[0x7fbb5b93e980]
> /lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(isc__nm_udp_read_cb+0x4a)[0x7fbb5b93eb1a]
> /lib/x86_64-linux-gnu/libuv.so.1(+0x23e6b)[0x7fbb5b457e6b]
> /lib/x86_64-linux-gnu/libuv.so.1(+0x2511e)[0x7fbb5b45911e]
> /lib/x86_64-linux-gnu/libuv.so.1(uv_run+0x678)[0x7fbb5b442c88]
> /lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(+0x2622e)[0x7fbb5b93522e]
> /lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(isc__trampoline_run+0x1a)[0x7fbb5b96822a]
> /lib/x86_64-linux-gnu/libc.so.6(+0x98b43)[0x7fbb5b4feb43]
> /lib/x86_64-linux-gnu/libc.so.6(+0x12ab80)[0x7fbb5b590b80]
> Aborted (core dumped)
>
> Same in Debian unstable with bind 9.18.0-2:
>
> # host -v 192.108.254.91
> Trying "91.254.108.192.in-addr.arpa"
> Host 91.254.108.192.in-addr.arpa not found: 2(SERVFAIL)
> Received 45 byt...

This bug was fixed in the package bind9 - 1:9.18.1-1ubuntu1

---------------
bind9 (1:9.18.1-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1965981). Remaining changes:
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1104.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap nor install dnstap.proto
    - Add back apport:
      + d/bind9.apport: add back old bind9 apport hook, but without calling
        attach_conffiles() since that is already done by apport itself, with
        confirmation from the user.
      + d/control, d/rules: build-depends on dh-apport and use it
    - d/NEWS: mention some of the bigger changes in 9.16.0 packaging
    - d/bind9.named.service: use systemd Type=forking to signal daemon init.
      This fixes a regression of #900788 where services whose startup depend
      on name resolutions may fail due to bind9 not being ready (LP #1899902).
    - d/control: remove optional libjemalloc-dev Build-Depends as it is not in
      main.
    - d/NEWS: mention some of the relevant changes in 9.18.0 packaging
      or functionality that may affect usability.
  * Dropped changes:
    - d/p/0003-Remove-spurious-debugging-true.patch: remove development leftover
      debugging flag from nslookup code (LP: #1961556).
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: cache poisoning via bogus NS records
      + debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of
        records into the cache in lib/dns/resolver.c.
      + CVE-2021-25220
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: DoS via specially crafted TCP stream
      + debian/patches/CVE-2022-0396.patch: ensure correct ordering in
        lib/isc/netmgr/netmgr.c.
      + CVE-2022-0396
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: DNAME insist with synth-from-dnssec enabled
      + debian/patches/CVE-2022-0635.patch: fix logic in lib/dns/rbtdb.c.
      + CVE-2022-0635
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: Assertion failure on delayed DS lookup
      + debian/patches/CVE-2022-0667.patch: fix logic in lib/dns/resolver.c.
      + CVE-2022-0667
      [ Incorporated in 9.18.1. ]
  * Added changes:
    - d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe.patch,
      d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo.patch,
      d/p/lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error-.patch,
      d/p/lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh.patch,
      d/p/lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv.patch,
      d/p/lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC.patch,
      d/p/lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the.patch:
      Fix dig error when trying the next server after a TCP connection
      failure. This upstream patchset also fixes a crash when using
      the "host" com...