Arch Linux

loqs

Member

Registered: 2014-03-06

Posts: 18,306

bind hangs with glibc-2.26

This was https://bugs.archlinux.org/task/55987 which was closed as fixed but with the latest version 9.11.2.P1-1 or bind 9.11.2-3 the original reproducer still hangs on this system.
Can anyone else reproduce this issue before I request it be reopened.
Install bind

# /usr/sbin/named -f -u named -L /dev/stdout

The process will hang and can only be killed with SIGKILL.

amish

Member

Registered: 2014-05-10

Posts: 475

Re: bind hangs with glibc-2.26

Working for me:

# pacman -Qs ^bind
local/bind 9.11.2.P1-1

# echo making sure new bind is used
# systemctl restart named
# ps aux |grep -i named
named    23909  1.4  0.5 320400 20728 ?        Ssl  11:22   0:00 /usr/bin/named -f -u named

# nslookup google.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.160.206
Name:   google.com
Address: 2404:6800:4009:80b::200e

# journalctl -f -u named
...
Jan 17 11:22:25 mysystem named[23909]: all zones loaded
Jan 17 11:22:25 mysystem named[23909]: running

Last edited by amish (2018-01-17 05:59:06)

loqs

Member

Registered: 2014-03-06

Posts: 18,306

Re: bind hangs with glibc-2.26

That works here as well

# /usr/sbin/named -f -u named

It seems only when the -L option is as well as the -u option used will the issue be triggered

# /usr/sbin/named -f -u named -L /dev/stdout

ayekat

Member

Registered: 2011-01-17

Posts: 1,616

Re: bind hangs with glibc-2.26

I can reproduce this if I run it with -L (no matter what file): it blocks, and it does not listen to any port according to ss, and I have to send a SIGKILL.

But if I don't set any log file, it runs fine (however, I'm a bit puzzled that it doesn't give any output to stdout whatsoever—the systemd service launches it without -L, and its output ends up in the journal nevertheless).

--edit, whoops, didn't see your reply.

--edit2: Maybe its permission issue (e.g. named doesn't have access to your stdout or any local file if you set it explicitly?)—I'll test that...

--edit3: Yup! Can confirm, this works (and the log also contains actual content):

mkdir blabla
sudo chown named:named blabla
sudo named -f -u named -L blabla/blublu.log

Last edited by ayekat (2018-01-17 11:45:00)

---

pkgs │ hacks │ cfg │ blag

loqs

Member

Registered: 2014-03-06

Posts: 18,306

Re: bind hangs with glibc-2.26

@ayekat that is very interesting research.  Strange that this patch prevents named from becoming a zombie in such a case.
Edit:
It seems the following is happening when named can not open the log file it will try to open it again every time a message is to be logged eventually leading to the blocked openat call after seccomp has been started

seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 EINVAL (Invalid argument)
seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=38, filter=0x555882dac6e0}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3687, ...}) = 0
stat("foo2/bar.log", 0x7ffd530c7f10)    = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "foo2/bar.log", O_WRONLY|O_CREAT|O_APPEND, 0666) = ?

Edit2:
Seems not much point in reporting this upstream as upstream plans to drop seccomp support in 9.13 https://bugs.isc.org/Public/Bug/Display.html?id=46729

Last edited by loqs (2018-01-17 14:21:05)