You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2010/12/24 20:53:17 UTC
DO NOT REPLY [Bug 50520] New: Segment fault in brigade_consume
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Summary: Segment fault in brigade_consume
Product: Apache httpd-2
Version: 2.2.17
Platform: PC
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: j-comm@westvi.com
As mentioned in header:
glibc 2.12.2
OpenSSL: 1.0.0c
gcc 4.5.2
HTTPD: 2.2.17
APR: 1.4.2
APR-Util: 1.3.10
Trivially reproducable.
Please let me know if anything else is needed.
Stack trace:
(gdb) bt full
#0 0x00000058 in ?? ()
No symbol table info available.
#1 0x080c6a94 in brigade_consume (bio=0x853f938, in=0x85515ae "", inlen=79) at
ssl_engine_io.c:419
b = 0x854910c
str = 0x806be8b "memmove"
str_len = 3087003636
consume = <value optimized out>
actual = 0
status = 0
#2 bio_filter_in_read (bio=0x853f938, in=0x85515ae "", inlen=79) at
ssl_engine_io.c:534
inl = 79
inctx = 0x8547048
block = APR_BLOCK_READ
#3 0x081122e4 in BIO_read ()
No symbol table info available.
#4 0x080f9a27 in ssl3_read_n ()
No symbol table info available.
#5 0x080fa72a in ssl3_read_bytes ()
No symbol table info available.
#6 0x080fbea4 in ssl3_get_message ()
No symbol table info available.
#7 0x080ec8c9 in ssl3_get_client_hello ()
No symbol table info available.
#8 0x080f0c39 in ssl3_accept ()
No symbol table info available.
#9 0x080e2acb in SSL_accept ()
No symbol table info available.
#10 0x080da461 in ssl23_get_client_hello ()
No symbol table info available.
#11 0x080da5ec in ssl23_accept ()
No symbol table info available.
#12 0x080e2acb in SSL_accept ()
No symbol table info available.
#13 0x080c5e8a in ssl_io_filter_connect (filter_ctx=0x853dea8) at
ssl_engine_io.c:1111
c = 0x853d990
sslconn = 0x853de50
sc = <value optimized out>
cert = <value optimized out>
n = <value optimized out>
ssl_err = <value optimized out>
verify_result = <value optimized out>
server = 0x831fd38
#14 0x080c649f in ssl_io_filter_input (f=0x8549078, bb=0x854b010,
mode=AP_MODE_GETLINE, block=APR_BLOCK_READ, readbytes=0)
at ssl_engine_io.c:1357
status = <value optimized out>
inctx = 0x8547048
len = 8192
is_init = 0
#15 0x080959fb in ap_rgetline_core (s=0x854a0a8, n=8192, read=0xbffff3ac,
r=0x854a090, fold=0, bb=0x854b010)
at protocol.c:231
rv = <value optimized out>
e = <value optimized out>
bytes_handled = 0
current_alloc = 0
pos = <value optimized out>
last_char = 0x0
do_alloc = 1
saw_eos = 0
#16 0x080977d6 in read_request_line (conn=0x853d990) at protocol.c:596
rv = <value optimized out>
ll = <value optimized out>
pro = <value optimized out>
major = 1
minor = 0
http = "\350\363\377\277"
len = 139712912
num_blank_lines = 0
max_blank_lines = 100
uri = <value optimized out>
#17 ap_read_request (conn=0x853d990) at protocol.c:891
r = 0x854a090
p = 0x854a050
expect = <value optimized out>
access_status = <value optimized out>
tmp_bb = 0x854b010
csd = <value optimized out>
cur_timeout = <value optimized out>
#18 0x081b7e35 in ap_process_http_connection (c=0x853d990) at http_core.c:183
r = <value optimized out>
csd = 0x0
#19 0x080aa876 in ap_run_process_connection (c=0x853d990) at connection.c:43
pHook = <value optimized out>
n = <value optimized out>
rv = <value optimized out>
#20 0x081ed792 in child_main (child_num_arg=<value optimized out>) at
prefork.c:662
current_conn = <value optimized out>
csd = 0x853d7f8
ptrans = 0x853d7b8
allocator = 0x853b728
status = <value optimized out>
i = <value optimized out>
lr = <value optimized out>
pollset = 0x853b858
sbh = 0x853b850
bucket_alloc = 0x8541aa0
last_poll_idx = 1
#21 0x081eda9f in make_child (s=0x82758b0, slot=0) at prefork.c:707
pid = <value optimized out>
#22 0x081ee2fc in ap_mpm_run (_pconf=0x82710a8, plog=0x82b71c0, s=0x82758b0) at
prefork.c:983
index = <value optimized out>
remaining_children_to_start = <value optimized out>
rv = <value optimized out>
#23 0x0808fb55 in main (argc=2, argv=0xbffff7d4) at main.c:739
c = 88 'X'
configtestonly = 0
confname = 0x81f8267 "conf/httpd.conf"
def_server_root = 0x81f8254 "/usr/local/apache2"
temp_error_log = 0x0
error = <value optimized out>
process = 0x826f130
server_conf = 0x82758b0
pglobal = 0x826f0a0
pconf = 0x82710a8
plog = 0x82b71c0
ptemp = 0x82790c8
pcommands = 0x82730b0
opt = 0x8273150
rv = 0
mod = <value optimized out>
optarg = 0x0
signal_server = <value optimized out>
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume caused by
header file/GCC optimization confusion - workaround is adding
"-fno-strict-aliasing" to CFLAGS
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Joel <j-...@westvi.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P2
Status|RESOLVED |REOPENED
Resolution|INVALID |
Summary|Segment fault in |Segment fault in
|brigade_consume caused by |brigade_consume caused by
|GCC 4.5.2 compiler - |header file/GCC
|closing bug but consider |optimization confusion -
|avoiding 4.5.2. |workaround is adding
| |"-fno-strict-aliasing" to
| |CFLAGS
Severity|normal |major
--- Comment #6 from Joel <j-...@westvi.com> 2010-12-30 10:47:19 EST ---
This problem is indeed solved by adding -fno-strict-aliasing to CFLAGS.
(In reply to comment #5)
> (In reply to comment #4)
> > I've verified this as definitely a problem going from 4.5.1 to 4.5.2, as I
> > returned all the optimization levels back to their defaults, and the bug
> > happens with 4.5.2 compilation, not 4.5.1.
>
> Can you please try if adding -fno-strict-aliasing to the CFLAGS fixes the
> problem even with 4.5.2 and optimization? If yes, this may be the same as bug
> 50190
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume caused by
header file (APR_RING/APR_BRIGADE)/GCC optimization confusion - workaround is
adding "-fno-strict-aliasing" to CFLAGS
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Joel <j-...@westvi.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Segment fault in |Segment fault in
|brigade_consume caused by |brigade_consume caused by
|header file/GCC |header file
|optimization confusion - |(APR_RING/APR_BRIGADE)/GCC
|workaround is adding |optimization confusion -
|"-fno-strict-aliasing" to |workaround is adding
|CFLAGS |"-fno-strict-aliasing" to
| |CFLAGS
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Joel <j-...@westvi.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |critical
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume caused by
GCC 4.5.2 compiler - closing bug but consider avoiding 4.5.2.
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Joel <j-...@westvi.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Segment fault in |Segment fault in
|brigade_consume caused by |brigade_consume caused by
|GCC 4.5.2 compiler - avoid |GCC 4.5.2 compiler -
|it! |closing bug but consider
| |avoiding 4.5.2.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume caused by
header file (APR_RING/APR_BRIGADE)/GCC optimization confusion - workaround is
using gcc 4.5.1
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |silversens@gmail.com
--- Comment #8 from Eric Covener <co...@gmail.com> 2011-01-10 18:49:37 EST ---
*** Bug 50564 has been marked as a duplicate of this bug. ***
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume caused by
GCC 4.5.2 compiler - closing bug but consider avoiding 4.5.2.
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
--- Comment #5 from Stefan Fritsch <sf...@sfritsch.de> 2010-12-27 17:09:04 EST ---
(In reply to comment #4)
> I've verified this as definitely a problem going from 4.5.1 to 4.5.2, as I
> returned all the optimization levels back to their defaults, and the bug
> happens with 4.5.2 compilation, not 4.5.1.
Can you please try if adding -fno-strict-aliasing to the CFLAGS fixes the
problem even with 4.5.2 and optimization? If yes, this may be the same as bug
50190
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
--- Comment #2 from Joel <j-...@westvi.com> 2010-12-24 15:30:08 EST ---
Here is extra info. Note that "bb->list.next->type" is really bogus. It has a
garbage name, garbage name_func, is_metadata is a mess, and the 'read' function
is the value '0x58'. It looks like the data stored here makes no sense at all,
and whatever caused that is the core problem.
This is in brigade_consume
(gdb) print *b
$4 = {link = {next = 0x8541bf8, prev = 0x85490c4}, type = 0x8541ad0, length =
139759840, start = -5190357751035555528,
data = 0x808ca4c, free = 0x853d7e8, list = 0x854915c}
(gdb) print *(b->type)
$5 = {name = 0x853b7e0 "\250\020'\310\372S\370\361\063\254\020'\b\271S\b",
num_func = 139704152, is_metadata = 139729632,
destroy = 0x8541ab8, read = 0x58, setaside = 0x8541ad0, split = 0x8541ab8,
copy = 0}
(gdb) print bb
$6 = (apr_bucket_brigade *) 0x85490c0
(gdb) print *bb
$7 = {p = 0x853d7e8, list = {next = 0x854913c, prev = 0x8541af0}, bucket_alloc
= 0x8541ad0}
(gdb) print *(bb->list.next)
$8 = {link = {next = 0x8541bf8, prev = 0x85490c4}, type = 0x8541ad0, length =
139759840, start = -5190357751035555528,
data = 0x808ca4c, free = 0x853d7e8, list = 0x854915c}
(gdb) print *(bb->list.next->type)
$9 = {name = 0x853b7e0 "\250\020'\310\372S\370\361\063\254\020'\b\271S\b",
num_func = 139704152, is_metadata = 139729632,
destroy = 0x8541ab8, read = 0x58, setaside = 0x8541ad0, split = 0x8541ab8,
copy = 0}
(gdb) print *(bb->list.prev->type)
$10 = {name = 0xb7f94f40 "HEAP", num_func = 5, is_metadata = APR_BUCKET_DATA,
destroy = 0xb7f817a0 <heap_bucket_destroy>,
read = 0xb7f81780 <heap_bucket_read>, setaside = 0x808c96c
<ap...@plt>,
split = 0x808ca8c <ap...@plt>, copy = 0x808ce7c
<ap...@plt>}
(gdb) up
#2 bio_filter_in_read (bio=0x853f968, in=0x85515de "", inlen=79) at
ssl_engine_io.c:534
534 inctx->rc = brigade_consume(inctx->bb, block, in, &inl);
(gdb)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume caused by
header file (APR_RING/APR_BRIGADE)/GCC optimization confusion - workaround is
using gcc 4.5.1
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Joel <j-...@westvi.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Segment fault in |Segment fault in
|brigade_consume caused by |brigade_consume caused by
|header file |header file
|(APR_RING/APR_BRIGADE)/GCC |(APR_RING/APR_BRIGADE)/GCC
|optimization confusion - |optimization confusion -
|workaround is adding |workaround is using gcc
|"-fno-strict-aliasing" to |4.5.1
|CFLAGS |
--- Comment #7 from Joel <j-...@westvi.com> 2010-12-30 11:11:00 EST ---
I tried this, and some web pages now worked, but later, I discovered others did
not.
(In reply to comment #5)
> (In reply to comment #4)
> > I've verified this as definitely a problem going from 4.5.1 to 4.5.2, as I
> > returned all the optimization levels back to their defaults, and the bug
> > happens with 4.5.2 compilation, not 4.5.1.
>
> Can you please try if adding -fno-strict-aliasing to the CFLAGS fixes the
> problem even with 4.5.2 and optimization? If yes, this may be the same as bug
> 50190
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Joel <j-...@westvi.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P2 |P1
CC| |j-comm@westvi.com
OS/Version| |All
--- Comment #1 from Joel <j-...@westvi.com> 2010-12-24 14:55:58 EST ---
Marked P1 because this just stops everything - no SSL capability on site at
all.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume caused by
header file (APR_RING/APR_BRIGADE)/GCC optimization confusion - workaround is
using gcc 4.5.1
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Joe Orton <jo...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |DUPLICATE
--- Comment #10 from Joe Orton <jo...@redhat.com> 2011-01-17 05:31:30 EST ---
*** This bug has been marked as a duplicate of bug 50190 ***
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume caused by
header file (APR_RING/APR_BRIGADE)/GCC optimization confusion - workaround is
using gcc 4.5.1
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
--- Comment #9 from Sÿl <si...@gmail.com> 2011-01-11 02:52:41 EST ---
(In reply to comment #8)
> *** Bug 50564 has been marked as a duplicate of this bug. ***
Downgrading to 4.5.1 fixed the problem for me too.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Joel <j-...@westvi.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P1 |P3
Severity|critical |normal
--- Comment #3 from Joel <j-...@westvi.com> 2010-12-24 20:03:36 EST ---
I was able to work around this by:
1) Reverting to GCC 4.5.1
2) Rebuilding the entire 'webserver' toolchain (PHP, OpenSSL, HTTPD, APR,
APR-util, etc.) compiling with "-O0".
Yes, I did an experiment by changing two things, but I needed to get the server
up and running.
In a few days, I will try to build with optimizations back on and GCC 4.5.1,
meaning the only difference will be the compiler variant.
My guess is that this has uncovered an optimization bug in GCC 4.5.2.
I have no idea exactly WHERE the failure is in the compiler, so I have NO IDEA
how to report this problem. Nor do I know if the compiler is ok, and its
discovering a sloppy piece of code in the 'webserver toolchain' that was wrong,
but wasn't creating an 'evident' problem before.
I just know that as more people move to GCC 4.5.2, they will hit this.
How to best report this to the GCC folks? Help on how to proceed, please! :D
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume caused by
GCC 4.5.2 compiler - avoid it!
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Joel <j-...@westvi.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
Summary|Segment fault in |Segment fault in
|brigade_consume |brigade_consume caused by
| |GCC 4.5.2 compiler - avoid
| |it!
--- Comment #4 from Joel <j-...@westvi.com> 2010-12-25 09:49:31 EST ---
I've verified this as definitely a problem going from 4.5.1 to 4.5.2, as I
returned all the optimization levels back to their defaults, and the bug
happens with 4.5.2 compilation, not 4.5.1.
Not sure if this is in OpenSSL or in HTTPD, but either way it's not Apache's
fault (or the OpenSSL project). I am working to narrow this down to submit to
the GCC team.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50520] Segment fault in brigade_consume
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50520
Joel <j-...@westvi.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS/Version|All |Linux
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org