Received: (qmail 57469 invoked by uid 501); 28 Apr 2001 20:35:54 -0000 Message-Id: <20010428203554.57464.qmail@apache.org> Date: 28 Apr 2001 20:35:54 -0000 From: Benoit de Mulder Reply-To: benoit@decollage.org To: submit@bugz.apache.org Subject: Apache 1.3.19 segmentation fault in a jail X-Send-Pr-Version: 3.110 >Number: 7648 >Category: os-freebsd >Synopsis: Apache 1.3.19 segmentation fault in a jail >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: duplicate >Submitter-Id: apache >Arrival-Date: Sat Apr 28 13:40:00 PDT 2001 >Closed-Date: Thu May 17 13:43:32 PDT 2001 >Last-Modified: Thu May 17 13:43:32 PDT 2001 >Originator: benoit@decollage.org >Release: 1.3.19 >Organization: >Environment: Operating system : FreeBSD 4.3-RELEASE Compiler : gcc version 2.95.3 [FreeBSD] 20010315 (release) >Description: When launching Apache 1.3.19 in a jail on a FREEBSD 4.3 server running a SMP kernel, the program core dumped. Apache 1.3.17 run fine with the same settings on the same server. Configure option : ./configure --prefix=/usr --target=adminhttp --sysconfdir=/etc/apache --iconsdir=/usr/share/apache --htdocsdir=/var/www --cgidir=/var/lib/cgi-bin --localstatedir=/var --logfiledir=/var/log/apache The backtrace : admin# truss /usr/bin/adminhttp __sysctl(0xbfbffab0,0x2,0x280c7c88,0xbfbffaac,0x0,0x0) = 0 (0x0) mmap(0x0,32768,0x3,0x1002,-1,0x0) = 671911936 (0x280c9000) geteuid() = 0 (0x0) getuid() = 0 (0x0) getegid() = 0 (0x0) getgid() = 0 (0x0) open("/var/run/ld-elf.so.hints",0,00) ERR#2 'No such file or directory' access("/usr/lib/elf/libcrypt.so.2",0) ERR#2 'No such file or directory' access("/usr/lib/libcrypt.so.2",0) = 0 (0x0) open("/usr/lib/libcrypt.so.2",0,027757775410) = 3 (0x3) fstat(3,0xbfbffad8) = 0 (0x0) read(0x3,0xbfbfeaa8,0x1000) = 4096 (0x1000) mmap(0x0,12288,0x5,0x2,3,0x0) = 671944704 (0x280d1000) mmap(0x280d3000,4096,0x3,0x12,3,0x1000) = 671952896 (0x280d3000) close(3) = 0 (0x0) access("/usr/lib/elf/libc.so.4",0) ERR#2 'No such file or directory' access("/usr/lib/libc.so.4",0) = 0 (0x0) open("/usr/lib/libc.so.4",0,027757775410) = 3 (0x3) fstat(3,0xbfbffad8) = 0 (0x0) read(0x3,0xbfbfeaa8,0x1000) = 4096 (0x1000) mmap(0x0,622592,0x5,0x2,3,0x0) = 671956992 (0x280d4000) mmap(0x28154000,16384,0x3,0x12,3,0x7f000) = 672481280 (0x28154000) mmap(0x28158000,81920,0x3,0x1012,-1,0x0) = 672497664 (0x28158000) close(3) = 0 (0x0) sigaction(SIGILL,0xbfbffb30,0xbfbffb18) = 0 (0x0) sigprocmask(0x1,0x0,0x280c7bbc) = 0 (0x0) sigaction(SIGILL,0xbfbffb18,0x0) = 0 (0x0) sigprocmask(0x1,0x280c7b80,0xbfbffb58) = 0 (0x0) sigprocmask(0x3,0x280c7b90,0x0) = 0 (0x0) readlink("/etc/malloc.conf",0xbfbffa34,63) ERR#2 'No such file or directory' mmap(0x0,4096,0x3,0x1002,-1,0x0) = 672579584 (0x2816c000) break(0x80c0000) = 0 (0x0) break(0x80c3000) = 0 (0x0) break(0x80c6000) = 0 (0x0) break(0x80c9000) = 0 (0x0) break(0x80cc000) = 0 (0x0) break(0x80cf000) = 0 (0x0) break(0x80d0000) = 0 (0x0) stat("/usr/bin/suexec",0xbfbffb00) ERR#2 'No such file or directory' geteuid() = 0 (0x0) stat("/etc/spwd.db",0xbfbff9b4) = 0 (0x0) open("/etc/spwd.db",0,00) = 3 (0x3) fcntl(0x3,0x2,0x1) = 0 (0x0) read(0x3,0x80cf200,0x104) = 260 (0x104) break(0x80d1000) = 0 (0x0) break(0x80d2000) = 0 (0x0) break(0x80d3000) = 0 (0x0) lseek(3,0x5000,0) = 20480 (0x5000) read(0x3,0x80d2000,0x1000) = 4096 (0x1000) break(0x80d4000) = 0 (0x0) close(3) = 0 (0x0) open("/etc/group",0,0666) = 3 (0x3) fstat(3,0xbfbff974) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 337 (0x151) read(0x3,0x80d0000,0x2000) = 0 (0x0) lseek(3,0x0,1) = 337 (0x151) lseek(3,0x0,0) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 337 (0x151) close(3) = 0 (0x0) lstat("/etc/apache/adminhttp.conf",0xbfbff9f4) = 0 (0x0) open("/etc/apache/adminhttp.conf",0,0666) = 3 (0x3) fstat(3,0xbfbff9e8) = 0 (0x0) fstat(3,0xbfbfd8b4) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 8192 (0x2000) stat("/usr",0xbfbfd914) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 8192 (0x2000) geteuid() = 0 (0x0) stat("/etc/spwd.db",0xbfbfd824) = 0 (0x0) open("/etc/spwd.db",0,00) = 4 (0x4) fcntl(0x4,0x2,0x1) = 0 (0x0) read(0x4,0x80cf200,0x104) = 260 (0x104) break(0x80d5000) = 0 (0x0) break(0x80d6000) = 0 (0x0) break(0x80d7000) = 0 (0x0) lseek(4,0x5000,0) = 20480 (0x5000) read(0x4,0x80d6000,0x1000) = 4096 (0x1000) close(4) = 0 (0x0) open("/etc/group",0,0666) = 4 (0x4) fstat(4,0xbfbfd7e4) = 0 (0x0) read(0x4,0x80d4000,0x2000) = 337 (0x151) read(0x4,0x80d4000,0x2000) = 0 (0x0) lseek(4,0x0,1) = 337 (0x151) lseek(4,0x0,0) = 0 (0x0) read(0x4,0x80d4000,0x2000) = 337 (0x151) close(4) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 8192 (0x2000) break(0x80da000) = 0 (0x0) break(0x80dd000) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 7805 (0x1e7d) break(0x80de000) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 0 (0x0) close(3) = 0 (0x0) stat("/etc/apache/srm.conf",0xbfbffa94) = 0 (0x0) lstat("/etc/apache/srm.conf",0xbfbff9f4) = 0 (0x0) open("/etc/apache/srm.conf",0,0666) = 3 (0x3) fstat(3,0xbfbff9e8) = 0 (0x0) fstat(3,0xbfbfd8b4) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 369 (0x171) read(0x3,0x80d0000,0x2000) = 0 (0x0) close(3) = 0 (0x0) stat("/etc/apache/access.conf",0xbfbffa94) = 0 (0x0) lstat("/etc/apache/access.conf",0xbfbff9f4) = 0 (0x0) open("/etc/apache/access.conf",0,0666) = 3 (0x3) fstat(3,0xbfbff9e8) = 0 (0x0) fstat(3,0xbfbfd8b4) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 360 (0x168) read(0x3,0x80d0000,0x2000) = 0 (0x0) close(3) = 0 (0x0) break(0x80e1000) = 0 (0x0) __sysctl(0xbfbff5ac,0x2,0xbfbff5e4,0xbfbff5a8,0x0,0x0) = 0 (0x0) gettimeofday(0xbfbff0cc,0x0) = 0 (0x0) getpid() = 37003 (0x908b) issetugid() = 0 (0x0) open("/etc/resolv.conf",0,0666) = 3 (0x3) fstat(3,0xbfbfefc4) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 23 (0x17) read(0x3,0x80d0000,0x2000) = 0 (0x0) close(3) = 0 (0x0) __sysctl(0xbfbff0bc,0x2,0xbfbff190,0xbfbff0b8,0x0,0x0) = 0 (0x0) issetugid() = 0 (0x0) open("/etc/host.conf",0,0666) = 3 (0x3) fstat(3,0xbfbff024) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 205 (0xcd) read(0x3,0x80d0000,0x2000) = 0 (0x0) close(3) = 0 (0x0) open("/etc/hosts",0,0666) = 3 (0x3) fstat(3,0xbfbff404) = 0 (0x0) read(0x3,0x80d0000,0x2000) = 1073 (0x431) read(0x3,0x80d0000,0x2000) = 0 (0x0) close(3) = 0 (0x0) kqueue() = 3 (0x3) socket(0x2,0x2,0x0) = 4 (0x4) connect(0x4,0x2816b9b0,0x10) = 0 (0x0) sendto(0x4,0xbfbfe854,0x25,0x0,0x0,0x0) = 37 (0x25) kevent(0x3,0xbfbfe614,0x1,0xbfbfe614,0x1,0xbfbfe600) = 1 (0x1) recvfrom(0x4,0xbfbff154,0x400,0x0,0xbfbfe628,0xbfbfe5fc) = 109 (0x6d) close(4) = 0 (0x0) close(3) = 0 (0x0) kqueue() = 3 (0x3) socket(0x2,0x2,0x0) = 4 (0x4) connect(0x4,0x2816b9b0,0x10) = 0 (0x0) sendto(0x4,0xbfbfe854,0x33,0x0,0x0,0x0) = 51 (0x33) kevent(0x3,0xbfbfe614,0x1,0xbfbfe614,0x1,0xbfbfe600) = 1 (0x1) recvfrom(0x4,0xbfbff154,0x400,0x0,0xbfbfe628,0xbfbfe5fc) = 123 (0x7b) close(4) = 0 (0x0) close(3) = 0 (0x0) SIGNAL 11 SIGNAL 11 Process stopped because of: 16 process exit, rval = 139 Segmentation fault (core dumped) >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open-feedback State-Changed-By: trawick State-Changed-When: Sun Apr 29 06:42:03 PDT 2001 State-Changed-Why: Please give a gdb backtrace from the coredump. I'm 90% sure this is a known problem in ap_get_local_host() where a DNS lookup fails but we segfault dereferencing the return value from gethostbyname(). See this patch to ap_get_local_host() if you're interested: http://www.apache.org/websrc/viewcvs.cgi/apache-1.3/src/main/util.c.diff?r1=1.194&r2=1.195 To get a gdb backtrace: gdb /path/to/httpd /path/to/httpd.core bt Thanks! State-Changed-From-To: feedback-closed State-Changed-By: trawick State-Changed-When: Thu May 17 13:43:26 PDT 2001 State-Changed-Why: The requested feedback was never received, but it is safe to state that this is the oft-seen 1.3.19 bug in ap_get_local_host() which is fixed in CVS and will be fixed in the next release of Apache 1.3.x. Class-Changed-From-To: sw-bug-duplicate Class-Changed-By: trawick Class-Changed-When: Thu May 17 13:43:26 PDT 2001 >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]