Floods journal (100%CPU unbound, 100%CPU sd-journald) with errors when it can't reply to control socket peer

[nabijaczleweli]

Describe the bug Floods journal (100%CPU unbound, 100%CPU sd-journald) with errors when it can't reply to control socket peer

To reproduce

#include <unistd.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/sendfile.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/un.h>

int main(int argc, const char * const * argv) {
    struct sockaddr_un unbound_ctl;
    unbound_ctl.sun_family = AF_UNIX;
    strncpy(unbound_ctl.sun_path, argv[1], sizeof(unbound_ctl.sun_path));

    int local_datas = socket(AF_UNIX, SOCK_STREAM, 0);
    connect(local_datas, &unbound_ctl, sizeof(unbound_ctl));
#define LOCAL_DATAS "UBCT1 local_datas\n"
    write(local_datas, LOCAL_DATAS, sizeof(LOCAL_DATAS) - 1);
    while(sendfile(local_datas, 0, 0, 128 * 1024 * 1024))
        ;
}

$ { printf '%s\n' 'UBCT1 local_datas' ';; a' 'abc.def. 3600 in txt testupa' ';; b'; } > badzone
$ cc badzone.c -o badzone.run
$ sudo ./badzone.run /run/unbound.ctl < badzone

(if you run badzone.run under strace it doesn't reliably reproduce; attaching strace to unbound may also affect this).

journalctl -f:

2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe
2023-10-09T16:55:42+0200 tarta unbound[1362853]: [1362853:0] error: could not send: Broken pipe

&c.

Needs SIGKILL.

Expected behavior not that

System:

• Unbound version: 1.17.1-2 off Debian
• Unbound version: 1.18.0-2 off Debian
• OS: Debian
• unbound -V output:

  
  Version 1.17.1

Configure line: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking --with-pythonmodule --with-pyunbound --enable-subnet --enable-dnstap --enable-systemd --with-libnghttp2 --with-chroot-dir= --with-dnstap-socket-path=/run/dnstap.sock --disable-rpath --with-pidfile=/run/unbound.pid --with-libevent --enable-tfo-client --with-rootkey-file=/usr/share/dns/root.key --enable-tfo-server Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.0.11 19 Sep 2023 Linked modules: dns64 python subnetcache respip validator iterator TCP Fastopen feature available

BSD licensed, see LICENSE in source package for details. Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues

Version 1.18.0

Configure line: --build=x86_64-linux-gnux32 --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnux32 --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking --with-pythonmodule --with-pyunbound --enable-subnet --enable-dnstap --enable-systemd --enable-cachedb --with-libhiredis --with-libnghttp2 --with-chroot-dir= --with-dnstap-socket-path=/run/dnstap.sock --disable-rpath --with-pidfile=/run/unbound.pid --with-libevent --enable-tfo-client --with-rootkey-file=/usr/share/dns/root.key --disable-flto --enable-tfo-server Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.0.11 19 Sep 2023 Linked modules: dns64 python cachedb subnetcache respip validator iterator TCP Fastopen feature available

BSD licensed, see LICENSE in source package for details. Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues

**Additional information**
Downstream bug: https://bugs.debian.org/1051818

[gthess]

Thanks for reporting and the analysis! This should be addressed now with https://github.com/NLnetLabs/unbound/commit/516f90abdb0f27d46c2bf7239c196ad08621df29; at least I cannot reproduce it anymore. Could you verify?