# BIND 9 (named) Segmentation Faults with user named [SOLVED]

## amasidlover

Hi,

Starting named from /etc/init.d/named or named -n 2 -u named (or with -n 1) results in a Segmentation fault. Starting without the -u named (i.e. as root) works fine. The /etc/bind and /var/bind came from an older Gentoo machine, (profile 2004 I think) but I have ensured all the ownerships are named:named.

Bind is version: net-dns/bind-9.3.4-r3

I have tried strace and the following comes out:

```
open("/etc/hosts", O_RDONLY)            = 4

fcntl64(4, F_GETFD)                     = 0

fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0

fstat64(4, {st_mode=S_IFREG|0644, st_size=1114, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f34000

read(4, "# /etc/hosts: Local Host Databas"..., 4096) = 1114

read(4, "", 4096)                       = 0

close(4)                                = 0

munmap(0xb7f34000, 4096)                = 0

open("/etc/hosts", O_RDONLY)            = 4

fcntl64(4, F_GETFD)                     = 0

fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0

fstat64(4, {st_mode=S_IFREG|0644, st_size=1114, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f34000

read(4, "# /etc/hosts: Local Host Databas"..., 4096) = 1114

read(4, "", 4096)                       = 0

close(4)                                = 0

munmap(0xb7f34000, 4096)                = 0

time(NULL)                              = 1181571954

--- SIGSEGV (Segmentation fault) @ 0 (0) ---

+++ killed by SIGSEGV +++

Process 8810 detached

```

But I can't see anything that helps me in this...

For the moment I've simply removed the -u named from the /etc/init.d/named - but its not an ideal solution...

Thanks in advance,

Alex

---title edited 14th Jun 06

----------

## Hu

Bug 158664 tracks crashes in net-dns/bind-9.3.3.  It may be related, but the ChangeLog suggests that the 9.3.4-rX series is more stable.  What is the output of emerge --info; emerge -pv bind; gcc-config -l?

Can you capture a core dump as described in How to get meaningful backtraces in Gentoo?  If so, please use gdb (from sys-devel/gdb) to get a backtrace to show where the crash is occurring.

----------

## amasidlover

Hi and thanks for the reply. I'm not running the hardened profile and I have tried disabling my zones and just allowing forwarding, so I don't  think its related to that bug.

With debug info, gdb gives the following:

Program received signal SIGSEGV, Segmentation fault.

0xb7b436f8 in __res_hostalias () from /lib/libresolv.so.2

The portage/gcc info is as follows: 

```

Portage 2.1.2.7 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.5-r3, 2.6.19-gentoo-r5 i686)

=================================================================

System uname: 2.6.19-gentoo-r5 i686 Genuine Intel(R) CPU            2140  @ 1.60GHz

Gentoo Base System release 1.12.9

Timestamp of tree: Thu, 07 Jun 2007 12:00:01 +0000

dev-lang/python:     2.4.4-r4

dev-python/pycrypto: 2.0.1-r5

sys-apps/sandbox:    1.2.17

sys-devel/autoconf:  2.61

sys-devel/automake:  1.4_p6, 1.6.3, 1.7.9-r1, 1.9.6-r2, 1.10

sys-devel/binutils:  2.16.1-r3

sys-devel/gcc-config: 1.3.14

sys-devel/libtool:   1.5.22

virtual/os-headers:  2.6.17-r2

ACCEPT_KEYWORDS="x86"

AUTOCLEAN="yes"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-O2 -march=i686 -pipe"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/share/X11/xkb /var/bind"

CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/terminfo"

CXXFLAGS="-O2 -march=i686 -pipe"

DISTDIR="/usr/portage/distfiles"

FEATURES="distlocks metadata-transfer sandbox sfperms strict"

GENTOO_MIRRORS="http://gentoo.virginmedia.com/ ftp://gentoo.virginmedia.com/sites/gentoo http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/ ftp://ftp.mirrorservice.org/sites/www.ibiblio.org/gentoo/ "

MAKEOPTS="-j3"

PKGDIR="/usr/portage/packages"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="X acl acpi alsa apache2 arts backendonly berkdb bitmap-fonts cairo cdr cli cracklib crypt cups dbus dri dvb dvd dvdr dvdread eds emboss encode esd evo fam firefox fortran gdbm gif gnome gpm gstreamer hal iconv ipv6 isdnlog ivtv jpeg kde kerberos ldap libg++ mad midi mikmod mp3 mpeg mudflap mysql ncurses nls nptl nptlonly ogg opengl openmp oss pam pcre pdf perl png posix pppd python qt3 qt3support qt4 quicktime readline reflection sdl session spell spl ssl svg tcpd tiff truetype truetype-fonts type1-fonts unicode vorbis win32codecs x86 xml xorg xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="i810"

Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] net-dns/bind-9.3.4-r3  USE="berkdb ipv6 ldap mysql* ssl -dlz -doc -idn -odbc -postgres -resolvconf (-selinux) -threads" 5,279 kB 

Total: 1 package (1 reinstall), Size of downloads: 5,279 kB

 [1] i686-pc-linux-gnu-4.1.1

 [2] i686-pc-linux-gnu-4.1.2 *

```

----------

## Hu

Please post the full output of bt, not just the one function that gdb reports when you first open the core file.

----------

## amasidlover

Sorry, missed that bit of the intstructions....

```
noam ~ # gdb /usr/sbin/named

GNU gdb 6.6

Copyright (C) 2006 Free Software Foundation, Inc.

GDB is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain conditions.

Type "show copying" to see the conditions.

There is absolutely no warranty for GDB.  Type "show warranty" for details.

This GDB was configured as "i686-pc-linux-gnu"...

Using host libthread_db library "/lib/libthread_db.so.1".

(gdb) run -u named

Starting program: /usr/sbin/named -u named

Program received signal SIGSEGV, Segmentation fault.

0xb7a9e6f8 in __res_hostalias () from /lib/libresolv.so.2

(gdb) bt 

#0  0xb7a9e6f8 in __res_hostalias () from /lib/libresolv.so.2

#1  0xb79ab44f in _nss_dns_gethostbyname3_r () from /lib/libnss_dns.so.2

#2  0xb79ab567 in _nss_dns_gethostbyname2_r () from /lib/libnss_dns.so.2

#3  0xb7bf7b7e in ?? () from /lib/libc.so.6

#4  0xb7bf86d2 in getaddrinfo () from /lib/libc.so.6

#5  0xb7afa5ca in ldap_connect_to_host () from /usr/lib/libldap-2.3.so.0

#6  0xb7ae68f8 in ldap_int_open_connection () from /usr/lib/libldap-2.3.so.0

#7  0xb7af84d3 in ldap_new_connection () from /usr/lib/libldap-2.3.so.0

#8  0xb7ae67f1 in ldap_open_defconn () from /usr/lib/libldap-2.3.so.0

#9  0xb7af8e5e in ldap_send_initial_request () from /usr/lib/libldap-2.3.so.0

#10 0xb7aedf5f in ldap_sasl_bind () from /usr/lib/libldap-2.3.so.0

#11 0xb7aee8e4 in ldap_simple_bind () from /usr/lib/libldap-2.3.so.0

#12 0xb7b13909 in ?? () from /lib/libnss_ldap.so.2

#13 0x0fefa080 in ?? ()

#14 0x00000000 in ?? ()

(gdb) 

```

----------

## Hu

There do not appear to be any open bugs about this issue.  Please file a bug about the crash.  Include all the information you have provided here in the bug report.  I suspect the developers will have additional questions about your configuration and/or the crash itself.

Based on the stack trace, it looks like the LDAP library may have passed bad data to getaddrinfo.  Please include in the bug report all information about how your installation of bind uses LDAP.  The problem may be as simple as bad input validation in LDAP-related code that propagates down to the DNS resolver before it finally crashes.

----------

## amasidlover

Thanks for your help with this Hu - I was obviously half asleep when I looked at the backtrace. If I remove ldap from my hosts line then named will start with -u named. At the moment I don't need to use our ldap server for host resolution so I will take that out and hopefully make my bind instance as secure as it should be. I've filed the bug anyway in case I or anyone else needs a machine with BIND that can also do LDAP host resolution, its bug 181986.

----------

