Summary: | SIGBUS on FreeBSD 4.x (semi-reproducable) | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Jeremy Chadwick <apache> |
Component: | mod_ssl | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED WORKSFORME | ||
Severity: | normal | CC: | pgollucci, sheshka.a |
Priority: | P2 | ||
Version: | 2.2.2 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | FreeBSD |
Description
Jeremy Chadwick
2006-06-07 09:52:23 UTC
Segfaults at restart can happen because of global state abuse in OpenSSL. Is your httpd binary linked against both libssl and libcrypto? You are not linking php into the httpd process at all, that's correct? (In reply to comment #1) > Segfaults at restart can happen because of global state abuse in OpenSSL. > Is your httpd binary linked against both libssl and libcrypto? You are not > linking php into the httpd process at all, that's correct? I think I may have figured out what's happening, although it's something that *should* be reproducable. Sifting through my logs, I found a series of strange HTTPS requests coming from what Apache believes is the same IP as the SSL-based vhost itself (FYI, I run NOTHING that can cause this to happen, so it's very strange indeed). The timestamps of the requests match up with when I rotate my logs (more on that in a moment). Be sure to note the HTTP response, and the actual HTTP fetch itself (lack-of HTTP/1.0 or HTTP/1.1 for example): From the error log: [Mon Jun 19 00:00:01 2006] [notice] Graceful restart requested, doing restart From the access log: support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:01 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" support.parodius.com 64.62.145.231 - - [19/Jun/2006:00:00:02 -0700] "GET /" 400 1018 "-" "-" I still can't explain the above. It looks suspicious, and to be honest it looks like some sort-of weird bug in Apache (?!). I assure you -- there is NOTHING running at that time which queries https://support.parodius.com/. It's been worrying me that sending two SIGUSR1s to httpd in very short succession might cause the problem (look closely at newsyslog.conf). However, my Apache logs only show one SIGUSR1 being received by Apache (no idea if that's true or not, I'd have to truss or ktrace the process to see). So I've since changed my newsyslog to do the following: /var/log/httpd-*.log 640 13 * @T00 GB /var/run/httpd.pid 30 Which is to send one single SIGUSR1 to Apache then rotate the logs. Now, about which libraries are linked in -- yes, that is correct. PHP is NOT the problem here, it's run purely as a CGI. We do use the SUPHP module, but it acts basically as suexec (calling PHP as a CGI). $ ldd /usr/local/sbin/httpd /usr/local/sbin/httpd: libm.so.2 => /usr/lib/libm.so.2 (0x280c1000) libaprutil-1.so.2 => /usr/local/lib/libaprutil-1.so.2 (0x280dc000) libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x280f8000) libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28115000) libapr-1.so.2 => /usr/local/lib/libapr-1.so.2 (0x28202000) libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x2822e000) libc.so.4 => /usr/lib/libc.so.4 (0x28247000) And just for details, loaded modules we have: LoadModule authn_file_module libexec/apache22/mod_authn_file.so LoadModule authn_dbm_module libexec/apache22/mod_authn_dbm.so LoadModule authn_anon_module libexec/apache22/mod_authn_anon.so LoadModule authn_default_module libexec/apache22/mod_authn_default.so LoadModule authz_host_module libexec/apache22/mod_authz_host.so LoadModule authz_groupfile_module libexec/apache22/mod_authz_groupfile.so LoadModule authz_user_module libexec/apache22/mod_authz_user.so LoadModule authz_dbm_module libexec/apache22/mod_authz_dbm.so LoadModule authz_owner_module libexec/apache22/mod_authz_owner.so LoadModule authz_default_module libexec/apache22/mod_authz_default.so LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so #LoadModule auth_digest_module libexec/apache22/mod_auth_digest.so #LoadModule file_cache_module libexec/apache22/mod_file_cache.so #LoadModule cache_module libexec/apache22/mod_cache.so #LoadModule disk_cache_module libexec/apache22/mod_disk_cache.so LoadModule include_module libexec/apache22/mod_include.so LoadModule filter_module libexec/apache22/mod_filter.so LoadModule charset_lite_module libexec/apache22/mod_charset_lite.so LoadModule deflate_module libexec/apache22/mod_deflate.so LoadModule log_config_module libexec/apache22/mod_log_config.so LoadModule logio_module libexec/apache22/mod_logio.so LoadModule env_module libexec/apache22/mod_env.so LoadModule mime_magic_module libexec/apache22/mod_mime_magic.so #LoadModule cern_meta_module libexec/apache22/mod_cern_meta.so LoadModule expires_module libexec/apache22/mod_expires.so LoadModule headers_module libexec/apache22/mod_headers.so LoadModule usertrack_module libexec/apache22/mod_usertrack.so LoadModule unique_id_module libexec/apache22/mod_unique_id.so LoadModule setenvif_module libexec/apache22/mod_setenvif.so LoadModule version_module libexec/apache22/mod_version.so LoadModule ssl_module libexec/apache22/mod_ssl.so LoadModule mime_module libexec/apache22/mod_mime.so #LoadModule dav_module libexec/apache22/mod_dav.so #LoadModule status_module libexec/apache22/mod_status.so LoadModule autoindex_module libexec/apache22/mod_autoindex.so #LoadModule asis_module libexec/apache22/mod_asis.so #LoadModule info_module libexec/apache22/mod_info.so LoadModule cgi_module libexec/apache22/mod_cgi.so #LoadModule dav_fs_module libexec/apache22/mod_dav_fs.so LoadModule vhost_alias_module libexec/apache22/mod_vhost_alias.so LoadModule negotiation_module libexec/apache22/mod_negotiation.so LoadModule dir_module libexec/apache22/mod_dir.so #LoadModule imagemap_module libexec/apache22/mod_imagemap.so LoadModule actions_module libexec/apache22/mod_actions.so #LoadModule speling_module libexec/apache22/mod_speling.so LoadModule userdir_module libexec/apache22/mod_userdir.so LoadModule alias_module libexec/apache22/mod_alias.so LoadModule rewrite_module libexec/apache22/mod_rewrite.so LoadModule suphp_module libexec/apache22/mod_suphp.so LoadModule bw_module libexec/apache22/mod_bw.so We also use mmap and sendfile: EnableMMAP on EnableSendfile on The dummy requests are made by httpd to wake up all the children. It may help here to link httpd itself against both -lssl and -lcrypto; can you try adding: $(SSL_LIBS) to the end of the AP_LIBS = definition in build/config_vars.mk; then delete httpd and rebuild. I have similar issue on Debian box: xx.yy.zz.cc - - [29/Aug/2007:12:00:17 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:18 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:19 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:20 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:22 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:23 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:25 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:27 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:28 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:33 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:36 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:37 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:40 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:48 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:49 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:50 +0300] "GET /" 400 452 "-" "-" xx.yy.zz.cc - - [29/Aug/2007:12:00:51 +0300] "GET /" 400 452 "-" "-" My config: ServerRoot "/usr" PidFile /var/run/httpd.pid Timeout 300 KeepAlive off MinSpareServers 1 MaxSpareServers 1 StartServers 1 MaxClients 256 ServerLimit 555 MaxRequestsPerChild 1111 RLimitCPU 120 180 RLimitMEM 64000000 96000000 Listen 80 LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so LoadModule authn_alias_module /usr/lib/apache2/modules/mod_authn_alias.so LoadModule authn_anon_module /usr/lib/apache2/modules/mod_authn_anon.so LoadModule authn_dbd_module /usr/lib/apache2/modules/mod_authn_dbd.so LoadModule authn_dbm_module /usr/lib/apache2/modules/mod_authn_dbm.so LoadModule authn_default_module /usr/lib/apache2/modules/mod_authn_default.so LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so LoadModule authz_dbm_module /usr/lib/apache2/modules/mod_authz_dbm.so LoadModule authz_default_module /usr/lib/apache2/modules/mod_authz_default.so LoadModule authz_groupfile_module /usr/lib/apache2/modules/mod_authz_groupfile.so LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so LoadModule authz_owner_module /usr/lib/apache2/modules/mod_authz_owner.so LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so LoadModule actions_module /usr/lib/apache2/modules/mod_actions.so LoadModule asis_module /usr/lib/apache2/modules/mod_asis.so LoadModule cache_module /usr/lib/apache2/modules/mod_cache.so LoadModule cern_meta_module /usr/lib/apache2/modules/mod_cern_meta.so LoadModule cgid_module /usr/lib/apache2/modules/mod_cgid.so LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so LoadModule disk_cache_module /usr/lib/apache2/modules/mod_disk_cache.so LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so LoadModule ext_filter_module /usr/lib/apache2/modules/mod_ext_filter.so LoadModule file_cache_module /usr/lib/apache2/modules/mod_file_cache.so LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so LoadModule include_module /usr/lib/apache2/modules/mod_include.so LoadModule info_module /usr/lib/apache2/modules/mod_info.so LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so LoadModule mem_cache_module /usr/lib/apache2/modules/mod_mem_cache.so LoadModule mime_magic_module /usr/lib/apache2/modules/mod_mime_magic.so LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so LoadModule speling_module /usr/lib/apache2/modules/mod_speling.so LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so LoadModule suexec_module /usr/lib/apache2/modules/mod_suexec.so LoadModule unique_id_module /usr/lib/apache2/modules/mod_unique_id.so LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so LoadModule userdir_module /usr/lib/apache2/modules/mod_userdir.so LoadModule usertrack_module /usr/lib/apache2/modules/mod_usertrack.so LoadModule vhost_alias_module /usr/lib/apache2/modules/mod_vhost_alias.so LoadModule status_module /usr/lib/apache2/modules/mod_status.so LoadModule env_module /usr/lib/apache2/modules/mod_env.so LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so LoadModule autoindex_module /usr/lib/apache2/modules/mod_autoindex.so LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so LoadModule suphp_module /usr/lib/apache2/modules/mod_suphp.so LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so User www-data Group www-data Software versions: ii apache2 2.2.4-3 Next generation, scalable, extendable web se ii apache2-mpm-prefork 2.2.4-3 Traditional model for Apache HTTPD ii apache2-utils 2.2.4-3 utility programs for webservers ii apache2.2-common 2.2.4-3 Next generation, scalable, extendable web se ii libapache-mod-php5 5.2.0-8+etch1 server-side, HTML-embedded scripting languag ii libapache2-mod-jk 1:1.2.18-3 Apache 2 connector for the Tomcat Java servl ii libapache2-mod-suphp 0.6.2-1 Apache2 module to run php scripts with the o CC myself on FreeBSD related bugs This bug has been for 5 years in NEEDINFO, I don't think it is reproducable or relevant. |