Random segfaults with Apache 2.4 and grsecurity kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

since updating to Apache 2.4 I'm getting random segfaults. The server
runs fine for a while (ranging from a few minutes to a few hours), then
child processes start crashing and getting zombified.

Installed is:

- Linux 3.11.2 with grsecurity patches (hardened-sources-3.11.2 from Gentoo)
- Apache 2.4.6
- APR 1.4.8
- APR-util 1.5.2
- Tried the following PHP versions: 5.4.20, 5.5.4, 5.5.6

I also tried to completely disable SSL, doesn't make a difference.

Example backtraces:

Program terminated with signal 11, Segmentation fault.
(gdb) bt
#0  sapi_remove_header (l=0x2efb0000b10,
    name=name@entry=0x2efb00341e0
"\212\035GP\233\232\360\237\202\371\017#02\245\272\275\225BIy*\034\342\275C\236\354,\257\332\341o}\342@b\232'\362\241\064\233\340\205B\270\206\221\347\370>\303!\230#0@V\340C\226\313\300Qx<\\\306\354\333G\220\237\236WiB\325Qܻ\t\265!ǵm",
len=7)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/main/SAPI.c:602
#1  0x000002eff6bf9dd2 in sapi_header_add_op (op=<optimized out>,
sapi_header=0x2efda9ed600,
    tsrm_ls=0x2efb00008c0) at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/main/SAPI.c:650
#2  0x000002eff6bfb4df in sapi_header_op (op=SAPI_HEADER_REPLACE,
arg=arg@entry=0x2efda9ed670,
    tsrm_ls=tsrm_ls@entry=0x2efb00008c0)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/main/SAPI.c:842
#3  0x000002eff6bfb94b in sapi_add_header_ex (
    header_line=header_line@entry=0x2eff710a298 "Expires: Thu, 19 Nov
1981 08:52:00 GMT",
    header_line_len=header_line_len@entry=38,
duplicate=duplicate@entry=1 '\001', replace=replace@entry=1 '\001',
    tsrm_ls=tsrm_ls@entry=0x2efb00008c0)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/main/SAPI.c:630
#4  0x000002eff6ae4796 in _php_cache_limiter_nocache (tsrm_ls=0x2efb00008c0)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/ext/session/session.c:1212
#5  0x000002eff6ae9d16 in php_session_cache_limiter (tsrm_ls=0x2efb00008c0)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/ext/session/session.c:1250
#6  php_session_start (tsrm_ls=tsrm_ls@entry=0x2efb00008c0)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/ext/session/session.c:1543
#7  0x000002eff6aea47c in zif_session_start (ht=<optimized out>,
return_value=0x2efb0032fe8,
    return_value_ptr=<optimized out>, this_ptr=<optimized out>,
return_value_used=<optimized out>,
    tsrm_ls=0x2efb00008c0)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/ext/session/session.c:2002
#8  0x000002eff6d37846 in zend_do_fcall_common_helper_SPEC
(execute_data=<optimized out>, tsrm_ls=0x2efb00008c0)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/Zend/zend_vm_execute.h:550
#9  0x000002eff6cf068b in execute_ex (execute_data=0x2efb0005be0,
tsrm_ls=0x2efb00008c0)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/Zend/zend_vm_execute.h:363
#10 0x000002eff6c6b5d7 in zend_execute_scripts (type=0, type@entry=2,
tsrm_ls=0x0, tsrm_ls@entry=0x1,
    retval=retval@entry=0x0, file_count=0, file_count@entry=1)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/Zend/zend.c:1320
#11 0x000002eff6d3b3b2 in php_handler (r=0x0)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/sapi/apache2handler/sapi_apache2.c:669
#12 0x0000000000000000 in ?? ()

Program terminated with signal 11, Segmentation fault.
#0  0x000002c339a83bfc in i_create_execute_data_from_op_array
(tsrm_ls=0x2c2f0240730, nested=0 '\000',
    op_array=0x2c2f0247238)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/Zend/zend_execute.c:1632
#1  zend_execute (op_array=0x2c2f0247238, tsrm_ls=0x2c2f0240730)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/Zend/zend_vm_execute.h:388
#2  0x000002c3399b85d7 in zend_execute_scripts (type=type@entry=2,
tsrm_ls=0x2c2f0240730, tsrm_ls@entry=0x28,
    retval=0x0, retval@entry=0x2c30c00a538, file_count=file_count@entry=1)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/Zend/zend.c:1320
#3  0x000002c339a883b2 in php_handler (r=0x2c2f05b99a0)
    at
/var/tmp/portage/dev-lang/php-5.5.6/work/sapis-build/apache2/sapi/apache2handler/sapi_apache2.c:669
#4  0x000000675bb4c96d in ap_run_handler (r=r@entry=0x2c2f05b99a0) at
config.c:169
#5  0x000000675bb4cfcb in ap_invoke_handler (r=r@entry=0x2c2f05b99a0) at
config.c:432
#6  0x000000675bb6487a in ap_process_async_request (r=0x2c2f05b99a0) at
http_request.c:317
#7  0x000000675bb64b5f in ap_process_request (r=r@entry=0x2c2f05b99a0)
at http_request.c:363
#8  0x000000675bb607d5 in ap_process_http_sync_connection
(c=0x2c3240331b8) at http_core.c:190
#9  ap_process_http_connection (c=0x2c3240331b8) at http_core.c:231
#10 0x000000675bb5747d in ap_run_process_connection
(c=c@entry=0x2c3240331b8) at connection.c:41
#11 0x000000675bb579e0 in ap_process_connection
(c=c@entry=0x2c3240331b8, csd=csd@entry=0x2c324032fa0)
    at connection.c:202
#12 0x000000675bb6c28d in process_socket (bucket_alloc=<optimized out>,
my_thread_num=1, my_child_num=0,
    sock=0x2c324032fa0, p=0x2c324032f18, thd=0x675e664b48) at worker.c:620
#13 worker_thread (thd=0x675e664b48, dummy=<optimized out>) at worker.c:979
#14 0x000002c33ff4bec6 in start_thread () from /lib64/libpthread.so.0
#15 0x000002c33fa804bd in clone () from /lib64/libc.so.6

Note that it's not always crashing in PHP.

Does anyone have an idea how to debug this? Downgrading to Apache 2.2
seems to resolve the issue, however I would really like to keep 2.4.

--Dirk Best

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux