Received: (qmail 23627 invoked by uid 501); 15 Oct 2000 04:38:19 -0000 Message-Id: <20001015043819.23626.qmail@locus.apache.org> Date: 15 Oct 2000 04:38:19 -0000 From: Michael Long Reply-To: mlong@infoave.net To: submit@bugz.apache.org Subject: segmentation fault (11) - client-induced crashes X-Send-Pr-Version: 3.110 >Number: 6680 >Category: os-osf >Synopsis: segmentation fault (11) - client-induced crashes >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sat Oct 14 21:40:00 PDT 2000 >Closed-Date: >Last-Modified: Sat Oct 14 23:30:00 PDT 2000 >Originator: mlong@infoave.net >Release: 1.3.12 >Organization: apache >Environment: uname -a OSF1 wtp01.webtelpro.com V5.0 1094 alpha sizer -v Compaq Tru64 UNIX V5.0A (Rev. 1094); Thu Sep 7 14:36:53 EDT 2000 >Description: I am seeing fairly random crashes: [Sat Oct 14 01:12:56 2000] [notice] child pid 799203 exit signal Segmentation fa ult (11) [Sat Oct 14 01:12:56 2000] [notice] child pid 798692 exit signal Segmentation fa ult (11) [Sat Oct 14 01:12:56 2000] [notice] child pid 797783 exit signal Segmentation fa ult (11) [Sat Oct 14 01:12:56 2000] [notice] child pid 797781 exit signal Segmentation fa ult (11) [Sat Oct 14 01:12:56 2000] [notice] child pid 797707 exit signal Segmentation fa ult (11) [Sat Oct 14 01:12:56 2000] [notice] child pid 797776 exit signal Segmentation fa ult (11) [Sat Oct 14 01:12:57 2000] [notice] child pid 798816 exit signal Segmentation fa From what I can gather, it may be related to an invalid URI request. First the logs: (Note that the images listed (images/bb*.gif) are being called from the root..thus ../ is entirely unneeded since you're not in a subdir..but I am not sure if that is causing the problem as apache should be able to catch that) 1/error_log:[Sat Oct 14 01:12:54 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb21.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:54 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb22.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:54 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb25.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:55 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb22.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:55 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb25.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:56 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb20.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:56 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb19.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:56 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb18.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:56 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb16.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:57 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb16.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:57 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb13.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:57 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb14.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:57 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb12.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:57 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb13.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:57 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/bb11.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:58 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/cp.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:58 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/cu.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:58 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/cu.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:58 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/wpr.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:58 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/jfk.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:59 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/wl.gif HTTP/1.0 1/error_log:[Sat Oct 14 01:12:59 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/BL_Logo.GIF HTTP/1.0 1/error_log:[Sat Oct 14 01:12:59 2000] [error] [client 204.116.96.13] Invalid UR I in request GET /../images/text.gif HTTP/1.0 Next the core dump: rw------- 1 apache system 29564928 Oct 14 01:13 core And the analysis--notice the last thing out is a customized 400 error, which translates to "bad uri request" -- signal Segmentation fault at >*[strcmp, 0x3ff800ce894] ldq_u t0, 0(a0) (dbx) where > 0 strcmp(0x140070aa0, 0x4, 0x120153f78, 0x1400f3360, 0x11fff1c10) [0x3ff800ce 894] 1 handle_include(in = 0x14142cb10, r = 0x1400f3360, error = 0x11fff7c70 = "[a n error occurred while processing this directive]", noexec = 0) ["mod_include.c" :715, 0x120154004] 2 send_parsed_content(f = 0x14142cb10, r = 0x1400f3360) ["mod_include.c":2261 , 0x12015725c] 3 send_parsed_file(r = 0x1400f3360) ["mod_include.c":2476, 0x1201578f4] 4 ap_invoke_handler(r = 0x1400f3360) ["http_config.c":508, 0x12018ea60] 5 process_request_internal(r = 0x1400f3360) ["http_request.c":1215, 0x12018a4 b0] 6 ap_internal_redirect(new_uri = 0x1400b0490 = "/errordocs/400.shtml", r = 0x 1400f2060) ["http_request.c":1339, 0x12018a91c] 7 ap_die(type = 400, r = 0x1400f2060) ["http_request.c":1038, 0x120189d28] 8 decl_die(status = 400, phase = 0x14003e410 = "translate", r = 0x1400f2060) ["http_request.c":1063, 0x120189e24] 9 process_request_internal(r = 0x1400f2060) ["http_request.c":1107, 0x120189f b8] 10 ap_process_request(r = 0x1400f2060) ["http_request.c":1231, 0x12018a54c] 11 child_main(child_num_arg = 15) ["http_main.c":4177, 0x1201714d0] 12 make_child(s = 0x140098860, slot = 15, now = 971494174) ["http_main.c":4336 , 0x1201717f0] 13 perform_idle_server_maintenance() ["http_main.c":4500, 0x120171bb4] 14 standalone_main(argc = 1, argv = 0x11fffc018) ["http_main.c":4732, 0x120172 2e0] More (n if no)?y 15 main(argc = 1, argv = 0x11fffc018) ["http_main.c":4978, 0x120172aec] >How-To-Repeat: The particular site in question is www.blomand.net. Interestingly enough, if I try to go to one of those URLs I don't get a customized error page..I instead get an IE error telling me it can't find the server. >Fix: -- >Release-Note: >Audit-Trail: From: Michael Long To: William A Rowe Jr Cc: apbugs@apache.org Subject: RE: os-osf/6680: segmentation fault (11) - client-induced crashes Date: Sun, 15 Oct 2000 01:43:40 -0400 Yeah just to let you know I am getting ready to submit a patch with about 10 bug fixes/improvements for 1.3.14 dealing with Tru64/OSF but I had this one last 1.3.x bug I couldn't figure out. I'd like to duplicate those to 2.0 as well to make sure Tru64 support is up to speed, but I couldn't get it to compile. So that's why I am submitting both 1.3.x and 2.0 bugs :) --On Sunday, October 15, 2000 12:23 AM -0500 William A Rowe Jr wrote: > In 2.0!?! this was a 1.3.x report? Retry under 1.3.14 for certain, > and append to the original report. I'm sorry, had just read your > bug report on 2.0a7/osf compile fails :-( > > If it's a tru/64 bug - I'll bet dollars to donuts that we made a bad > assumption on the size of the int type that blew up into this segfault. > > Bill > >> -----Original Message----- >> From: Michael Long [mailto:mlong@infoave.net] >> Sent: Sunday, October 15, 2000 12:16 AM >> To: William A Rowe Jr >> Subject: RE: os-osf/6680: segmentation fault (11) - client-induced >> crashes >> >> >> You mean SSI in 1.3.12 is unstable or in 2.0alpha? >> >> Could you tell if this was indeed caused by the ../ in the URL? >> >> --On Saturday, October 14, 2000 11:54 PM -0500 William A Rowe Jr >> wrote: >> >> > As soon as I noticed this ... >> > >> >> 1 handle_include(in = 0x14142cb10, r = 0x1400f3360, error >> >> = 0x11fff7c70 = "[a >> >> n error occurred while processing this directive]", noexec = >> >> 0) ["mod_include.c" >> >> :715, 0x120154004] >> > >> > I realized where you were. SSI is not presently stable, in fact >> > rbb and a few others are working on a complete overhaul. Since >> > Apache 2.0 is based on filtering, SSI is one of the key targets >> > to benefit (it is a filter in it's own right, not really the >> > usual 'handler'.) It's already undergone pretty massive changes >> > and I don't expect the 2.0a8 version will look anything like this >> > version (as you note, it's rather buggy at this moment.) >> > >> > I'll leave this note open until the overhaul is complete. Thanks >> > for your report, and interest in the Apache Alpha-2.0 project! >> > >> >> >> >> >> Michael Long >> Senior Systems Analyst >> Info Avenue Internet Services, LLC >> Michael Long Senior Systems Analyst Info Avenue Internet Services, LLC From: Michael Long To: William A Rowe Jr Cc: apbugs@apache.org Subject: RE: os-osf/6680: segmentation fault (11) - client-induced crashes Date: Sun, 15 Oct 2000 02:18:22 -0400 Oh one more thing...this came from a Compaq engineer who saw my core dump -- From a crude 1st pass through "modules/standard/mod_include.c", I wonder ... Hmmmmm ... why is get_tag() returning an invalid pointer which causes strcmp() to segmentation fault ? --On Sunday, October 15, 2000 12:23 AM -0500 William A Rowe Jr wrote: > > If it's a tru/64 bug - I'll bet dollars to donuts that we made a bad > assumption on the size of the int type that blew up into this segfault. >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]