[squid-users] version 5.4.1 aborts squid process (SIGABRT)

Eugene Grosbein eugen at grosbein.net
Tue Mar 22 09:27:42 UTC 2022 

Hi!

Recently I upgraded one old squid-3.5 instance to the version 5.4.1 under FreeBSD-12.3/amd64 (64 bit)
using its Ports Collection.

Old version worked rock-stable for years but after upgrade new one crashed with a message from the kernel:

kernel: pid 43512 (squid), jid 0, uid 100: exited on signal 6 (core dumped)

Then, I rebuilt squid with debugging symbols enabled and next time it crashed
I've got nice coredump and backtrace:

(gdb) bt
#0  0x000000080175bf1a in thr_kill () from /lib/libc.so.7
#1  0x000000080175a2d4 in raise () from /lib/libc.so.7
#2  0x00000008016d2d29 in abort () from /lib/libc.so.7
#3  0x000000080174a2c1 in __assert () from /lib/libc.so.7
#4  0x00000000009c2d07 in Ip::Address::getAddrInfo (this=0x81393b7e8,
    dst=@0x7fffffffdfa0: 0x813af39d0, force=0) at Address.cc:663
#5  0x00000000009b2300 in comm_openex (sock_type=1, proto=6, addr=..., flags=1,
    note=0x84cd1b040 "[fe80::30be:e84c:67b2:d2c2]") at comm.cc:347
#6  0x0000000000a060cb in Comm::ConnOpener::createFd (this=0x80d8c72d8) at ConnOpener.cc:288
#7  0x0000000000a05ca1 in Comm::ConnOpener::start (this=0x80d8c72d8) at ConnOpener.cc:261
#8  0x00000000009a2983 in NullaryMemFunT<AsyncJob>::doDial (this=0x80ca26ed8)
    at ../../src/base/AsyncJobCalls.h:103
#9  0x00000000009a2e6b in JobDialer<AsyncJob>::dial (this=0x80ca26ed8, call=...)
    at ../../src/base/AsyncJobCalls.h:175
#10 0x00000000009a2cfc in AsyncCallT<NullaryMemFunT<AsyncJob> >::fire (this=0x80ca26ea0)
    at ../../src/base/AsyncCall.h:145
#11 0x000000000099e62d in AsyncCall::make (this=0x80ca26ea0) at AsyncCall.cc:44
#12 0x000000000099f5df in AsyncCallQueue::fireNext (this=0x802280cd0) at AsyncCallQueue.cc:60
#13 0x000000000099f1cc in AsyncCallQueue::fire (this=0x802280cd0) at AsyncCallQueue.cc:43
#14 0x00000000006a0839 in EventLoop::dispatchCalls (this=0x7fffffffea90) at EventLoop.cc:144
#15 0x00000000006a0711 in EventLoop::runOnce (this=0x7fffffffea90) at EventLoop.cc:121
#16 0x00000000006a0580 in EventLoop::run (this=0x7fffffffea90) at EventLoop.cc:83
#17 0x0000000000826ed3 in SquidMain (argc=5, argv=0x7fffffffeba8) at main.cc:1716
#18 0x0000000000826155 in SquidMainSafe (argc=5, argv=0x7fffffffeba8) at main.cc:1403
#19 0x0000000000826122 in main (argc=5, argv=0x7fffffffeba8) at main.cc:1391

(gdb) frame 4
#4  0x00000000009c2d07 in Ip::Address::getAddrInfo (this=0x81393b7e8,
    dst=@0x7fffffffdfa0: 0x813af39d0, force=0) at Address.cc:663
663             IASSERT("false",false);
(gdb) l
658
659             dst->ai_addrlen = sizeof(struct sockaddr_in);
660
661             dst->ai_family = ((struct sockaddr_in*)dst->ai_addr)->sin_family;
662         } else {
663             IASSERT("false",false);
664         }
665     }
666
667     void
(gdb) p Ip::EnableIpv6
$27 = 0

It was built from source without --enable-ipv6,
also src/cf.data.pre was modified before build (by Ports building system):

"::1" removed from the line "DEFAULT: localhost src 127.0.0.1/32 ::1"
"::1/128 ::/128" removed from the line "DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1/128 ::/128"
"2001:DB8::2" removed from the line "acl htcp_clr_peer src 192.0.2.2 2001:DB8::2"
"2001:DB8::a:0/64" removed from the line "acl localclients src 192.0.2.0/24 2001:DB8::a:0/64"

Also, the following lines removed completely:

acl localnet src fc00::/7              # RFC 4193 local private network range
acl localnet src fe80::/10             # RFC 4291 link-local (directly plugged) machines
tcp_outgoing_address 2001:db8::c001 good_service_net
tcp_outgoing_address 2001:db8::beef normal_service_net
tcp_outgoing_address 2001:db8::1

The system is not configured for IPv6 ether, as it runs inside private IPv4-only network behind NAT box
that has no IPv6 connectivity, too. The system has no IPv6 addresses configured on its network interfaces
except of loopback "inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3" on the interface lo0.

So, the function comm_openex() calls addr.getAddrInfo(AI) with default value of force argument:
https://github.com/squid-cache/squid/blame/master/src/comm.cc#L345

EnableIpv6 is zero, therefore Ip::Address::getAddrInfo() crashes squid:
https://github.com/squid-cache/squid/blame/master/src/ip/Address.cc#L663

Looks like a bug in the Ip::Address::getAddrInfo(), does it?

More information about the squid-users mailing list