Unbound crashes when using DNSSEC validation

Thank you for taking the time to report this bug and helping to make Ubuntu better.

Please could you provide exact steps to reproduce the issue? Are you saying that it's segfaulting in its default configuration? This seems unlikely as we haven't been flooded with reports. Is there some specific configuration you're applying? Is the problem reproducible?

It's happening to us too. When some load is applied it begins to crash from time to time.

our configuration is pretty standard:

        statistics-interval: 0
        statistics-cumulative: no
        extended-statistics: yes
        num-threads: 6
        serve-expired: yes
        outgoing-range: 8192
        outgoing-num-tcp: 512
        incoming-num-tcp: 512
        so-rcvbuf: 0
        so-sndbuf: 0
        so-reuseport: yes
        edns-buffer-size: 1232
        msg-cache-size: 512m
        msg-cache-slabs: 4
        num-queries-per-thread: 4096
        rrset-cache-size: 512m
        rrset-cache-slabs: 4
        infra-cache-slabs: 4
        do-ip4: yes
        do-ip6: yes
        do-udp: yes
        do-tcp: yes
        chroot: ""
        username: "unbound"
        hide-identity: yes
        hide-version: yes
        unwanted-reply-threshold: 10000000
        prefetch: yes
        prefetch-key: yes
        rrset-roundrobin: yes
        minimal-responses: yes
        module-config: "respip validator iterator"
        val-clean-additional: yes
        val-log-level: 1
        key-cache-slabs: 4
        deny-any: yes

[Expired for unbound (Ubuntu) because there has been no activity for 60 days.]

Thanks for providing more information, and apologies for taking some time to get back to it.

I gave it a try here but couldn't reproduce the issue locally. Unbound is tricky and there are many small things that can affect a specific scenario, so I'm not entirely surprised.

If you're still experiencing the crash, could you please provide the following:

1) Steps to reproduce the issue, if you're able to. I understand that some issues may not be easily reproducible in a test environment, but having a way to verify the crash and confirm a possible fix would be ideal.

2) Failing that, please provide a coredump file so that we can examine the backtrace and try to establish some similarity between the crash you're experiencing and the upstream PR you linked above. Do note that coredump files may contain sensitive information about the process (although I don't believe there's anything really sensitive going through Unbound), so please let us know if you don't feel comfortable providing it.

3) Some log files (with verbose/debug options enabled) would also be helpful.

I'm going to set this bug status to Incomplete again. Please set it back to New once you've provided the information requested above.

Thank you.