Comment # 6 on bug 1191345 from 
Today I got around to test for this bug / crash another time.

For both tw VERSION_ID 20211120 (libunbound8-1.13.2-2.1), and VERSION_ID
20211220 (libunbound8-1.14.0-1.1), I could see the segv.

A forced --oldpackage downgrade to a safekept libunbound8-1.13.1-2.1, once more
fixes the problem even with 20211220 state of the world, so is a viable
workaround.

This time, I got a coredump recorded from the 1.14.0 case, and for your kind
consderation, attach its analysis here. It clearly shows a null pointer issue.


=============================================
Core was generated by `/usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f985ac9c38a in serviced_udp_callback (c=0x7f984c2ed7d0,
arg=0x7f9840045180, error=-1, rep=0x0) at services/outside_network.c:3115
Downloading 0.11 MB source file
/usr/src/debug/unbound-1.14.0-1.1.x86_64/services/outside_network.c
3115            struct port_if* pi = p->pc->pif;
[Current thread is 1 (Thread 0x7f9857386640 (LWP 1239))]
(gdb) bt
#0  0x00007f985ac9c38a in serviced_udp_callback (c=0x7f984c2ed7d0,
arg=0x7f9840045180, error=-1, rep=0x0) at services/outside_network.c:3115
#1  0x00007f985ac96c24 in outnet_send_wait_udp
(outnet=outnet@entry=0x7f984c2bb820) at services/outside_network.c:1343
#2  0x00007f985ac97032 in outnet_udp_cb (c=0x7f984c2ed7d0, arg=0x7f984c2bb820,
error=<optimized out>, reply_info=0x7f9857385840)
    at services/outside_network.c:1428
#3  0x00007f985ac917f5 in comm_point_udp_callback (fd=41, event=<optimized
out>, arg=<optimized out>) at util/netevent.c:784
#4  0x00007f985a5a68b8 in event_persist_closure (ev=<optimized out>,
base=0x7f984c281270) at /usr/src/debug/libevent-2.1.12-2.4.x86_64/event.c:1638
#5  event_process_active_single_queue (base=base@entry=0x7f984c281270,
activeq=0x7f984c2816e0, max_to_process=max_to_process@entry=2147483647,
    endtime=endtime@entry=0x0) at
/usr/src/debug/libevent-2.1.12-2.4.x86_64/event.c:1697
#6  0x00007f985a5a82bf in event_process_active (base=0x7f984c281270) at
/usr/src/debug/libevent-2.1.12-2.4.x86_64/event.c:1798
#7  event_base_loop (base=0x7f984c281270, flags=0) at
/usr/src/debug/libevent-2.1.12-2.4.x86_64/event.c:2040
#8  0x00007f985acbd270 in ub_event_base_dispatch (base=<optimized out>) at
util/ub_event_pluggable.c:491
#9  comm_base_dispatch.isra.0 (b=<optimized out>, b=<optimized out>) at
util/netevent.c:256
#10 0x00007f985ac1206f in libworker_dobg (arg=0x7f984c0cefc0) at
libunbound/libworker.c:370
#11 0x00007f985aa30427 in start_thread (arg=<optimized out>) at
pthread_create.c:435
#12 0x00007f985aab9810 in clone3 () at
../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
(gdb) print p
$1 = (struct pending *) 0x7f98400452d0
(gdb) print p->pc
$2 = (struct port_comm *) 0x0
(gdb) print *p
$3 = {node = {parent = 0x7f9840044fd0, left = 0x7f985ad30dc0
<rbtree_null_node>, right = 0x7f985ad30dc0 <rbtree_null_node>, key =
0x7f98400452d0,
    color = 1 '\001'}, id = 25476, addr = {ss_family = 10,
    __ss_padding =
"\000\065\000\000\000\000&\000\024\001\000\001\000\000\000\000\000\000\000\000\000C",
'\000' <repeats 95 times>,
    __ss_align = 0}, addrlen = 28, pc = 0x0, timer = 0x7f98400453e0, cb =
0x7f985ac9c350 <serviced_udp_callback>, cb_arg = 0x7f9840045180,
  outnet = 0x7f984c2bb820, sq = 0x7f9840045180, next_waiting = 0x7f98400454f0,
timeout = 376, pkt = 0x0, pkt_len = 0}

You are receiving this mail because: