Package: bind9
Version: 1:9.10.3.dfsg.P4-12.3+deb9u11
Severity: important
File: /usr/sbin/named
Dear Maintainer,
today we start updating bind9 on stretch with the latest security update. After
update
the bind9 starts and crashed after a few seconds with:
../../../lib/dns/name.c:2487: REQUIRE((((dest) != ((void *)0)) && (((const
isc__magic_t *)(dest))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 |
('n')))))) failed, back trace
I stripped down configuration to
options {
forward only;
forwarders {
x.x.x.x;
};
};
I used several ip-address for forwarding, always the same error.
Starting in debug mode - some lines before and after:
19-Mar-2022 11:17:09.791 client 127.0.0.1#40316: UDP request
19-Mar-2022 11:17:09.791 client 127.0.0.1#40316: using view '_default'
19-Mar-2022 11:17:09.791 client 127.0.0.1#40316: request is not signed
19-Mar-2022 11:17:09.791 client 127.0.0.1#40316: recursion available
19-Mar-2022 11:17:09.791 client 127.0.0.1#40316: query
19-Mar-2022 11:17:09.791 client 127.0.0.1#40316 (.): query (cache) './NS/IN'
approved
19-Mar-2022 11:17:09.791 client 127.0.0.1#40316 (.): replace
19-Mar-2022 11:17:09.791 clientmgr @0x7fbe2ed63458: get client
19-Mar-2022 11:17:09.791 clientmgr @0x7fbe2ed63458: create new
19-Mar-2022 11:17:09.791 clientmgr @0x7fbe2ed63458: clientmctx
19-Mar-2022 11:17:09.791 client @0x7fbe2004cfa0: create
19-Mar-2022 11:17:09.792 fetch: ./NS
19-Mar-2022 11:17:09.792 client @0x7fbe2004cfa0: udprecv
19-Mar-2022 11:17:09.792 ../../../lib/dns/name.c:2487: REQUIRE((((dest) !=
((void *)0)) && (((const isc__magic_t *)(dest))->magic == ((('D') << 24 | ('N')
<< 16 | ('S') << 8 | ('n')))))) failed, back trace
19-Mar-2022 11:17:09.792 #0 0x558b9ace0d80 in ??
19-Mar-2022 11:17:09.792 #1 0x7fbe2cef39aa in ??
19-Mar-2022 11:17:09.792 #2 0x7fbe2e5ddf36 in ??
19-Mar-2022 11:17:09.792 #3 0x7fbe2e65ff64 in ??
19-Mar-2022 11:17:09.792 #4 0x7fbe2e6622a4 in ??
19-Mar-2022 11:17:09.792 #5 0x7fbe2e662b84 in ??
19-Mar-2022 11:17:09.792 #6 0x7fbe2cf17a23 in ??
19-Mar-2022 11:17:09.792 #7 0x7fbe2c8be4a4 in ??
19-Mar-2022 11:17:09.792 #8 0x7fbe2bd0fd0f in ??
19-Mar-2022 11:17:09.792 exiting (due to assertion failure)
After reinstalling version deb9u6 everything works as before. Because name.c is
not in patchfile debian/patches/CVE-2021-25220.patch I assume regression error?
I checked it with stretch-backports - no error found. So I assume it's
stretch-related?
Anything I can provide more?
-- System Information:
Debian Release: 9.13
APT prefers oldoldstable
APT policy: (990, 'oldoldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-18-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages bind9 depends on:
ii adduser 3.115
ii bind9utils 1:9.10.3.dfsg.P4-12.3+deb9u11
ii debconf [debconf-2.0] 1.5.61
ii init-system-helpers 1.56~bpo9+1
ii libbind9-140 1:9.10.3.dfsg.P4-12.3+deb9u11
ii libc6 2.24-11+deb9u4
ii libcap2 1:2.25-1
ii libcomerr2 1.43.4-2+deb9u2
ii libdns162 1:9.10.3.dfsg.P4-12.3+deb9u11
ii libgeoip1 1.6.9-4
ii libgssapi-krb5-2 1.15-1+deb9u3
ii libirs141 1:9.10.3.dfsg.P4-12.3+deb9u11
ii libisc160 1:9.10.3.dfsg.P4-12.3+deb9u11
ii libisccc140 1:9.10.3.dfsg.P4-12.3+deb9u11
ii libisccfg140 1:9.10.3.dfsg.P4-12.3+deb9u11
ii libk5crypto3 1.15-1+deb9u3
ii libkrb5-3 1.15-1+deb9u3
ii liblwres141 1:9.10.3.dfsg.P4-12.3+deb9u11
ii libssl1.0.2 1.0.2u-1~deb9u7
ii libxml2 2.9.4+dfsg1-2.2+deb9u5
ii lsb-base 9.20161125
ii net-tools 1.60+git20161116.90da8a0-1
ii netbase 5.4
bind9 recommends no packages.
Versions of packages bind9 suggests:
pn bind9-doc <none>
ii dnsutils 1:9.10.3.dfsg.P4-12.3+deb9u11
pn resolvconf <none>
pn ufw <none>
-- debconf information:
bind9/different-configuration-file:
bind9/start-as-user: bind
bind9/run-resolvconf: false
regards,
Andreas Schulz
Fujitsu TDS GmbH
