Hi!
On Fri, Mar 06, 2009 at 07:28:17PM +0200, [email protected] wrote:
> it's always the latter ;), i need to make sure it's a PaX problem.
Ok. With this kernel, using pax-linux-2.6.28.7-test19.patch, I was able to
reproduce issues with apache/php/{ioncube,zendoptimizer} and perl module
Math::Pari. Amarok doesn't crash.
> i mentioned them quite a few times on the list and bugzilla and the grsec
> forums,
> here it is again. first, the coredump: you enable coredumps in your shell
thanks for instructions, here are results:
I've tried to recompile perl, apache and php with "debug" USE-flag enabled,
but looks like ioncube&zendoptimizer don't support php built this way.
So, only perl & apache was built with "debug" flag.
When I run apache for the first time after reboot - without strace/core,
just to see is it crash - I got this in kernel log:
2009-03-06_20:48:56.60108 kern.info: apache2[4621]: segfault at
4d554ed0 ip 4d541399 sp 594130d0 error 7 in ld-2.6.1.so[4d53a000+1a000]
I must note it looks very similar to errors I got previously with this
issue - segfault always was reported like "error 7 in ld-2.6.1.so".
But all next runs (under strace and with core dumps enabled) doesn't
produce any error messages in kernel log, which is quite unusual.
# strace -f apache2 -D NO_DETACH -k start -D MANUAL -D DEFLATE -D FASTCGI -D
PHP5 -D SSL &>apache2.strace
# gdb
(gdb) core /core
(no debugging symbols found)
Core was generated by `apache2 -D NO_DETACH -k start -D MANUAL -D DEFLATE -D
FASTCGI -D PHP5 -D SSL'.
Program terminated with signal 11, Segmentation fault.
[New process 11835]
#0 0x4ce14399 in ?? ()
(gdb) bt
#0 0x4ce14399 in ?? ()
#1 0x4ce27000 in ?? ()
#2 0x00000ed4 in ?? ()
#3 0x00000003 in ?? ()
#4 0x00000003 in ?? ()
#5 0x00000004 in ?? ()
#6 0x00000000 in ?? ()
(gdb) x/8i $pc
0x4ce14399: Cannot access memory at address 0x4ce14399
(gdb) x/8x $sp
0x5a681770: 0x4ce27000 0x00000ed4 0x00000003 0x00000003
0x5a681780: 0x00000004 0x00000000 0x00000001 0x4cb5a170
(gdb) info reg
eax 0xffffffff -1
ecx 0x4ce27fc4 1289912260
edx 0xd 13
ebx 0x4ce27fc4 1289912260
esp 0x5a681770 0x5a681770
ebp 0x5a681890 0x5a681890
esi 0x4ce27000 1289908224
edi 0xed4 3796
eip 0x4ce14399 0x4ce14399
eflags 0x10286 [ PF SF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
# vi /etc/php/apache2-php5/php.ini ### disable ioncube
# strace -f apache2 -D NO_DETACH -k start -D MANUAL -D DEFLATE -D FASTCGI -D
PHP5 -D SSL &>apache2.strace_zend
# gdb /usr/sbin/apache2 /core
This GDB was configured as "i686-pc-linux-gnu"...
(no debugging symbols found)
warning: Can't read pathname for load map: Input/output error.
(no debugging symbols found)
Loaded symbols for /usr/sbin/apache2
...
Reading symbols from /usr/local/Zend/lib/ZendExtensionManager.so...(no
debugging symbols found)...done.
Loaded symbols for /usr/local/Zend/lib/ZendExtensionManager.so
(no debugging symbols found)
Core was generated by `apache2 -D NO_DETACH -k start -D MANUAL -D DEFLATE -D
FASTCGI -D PHP5 -D SSL'.
Program terminated with signal 11, Segmentation fault.
[New process 31217]
#0 0x51015399 in ?? () from /lib/ld-linux.so.2
(gdb) bt
#0 0x51015399 in ?? () from /lib/ld-linux.so.2
#1 0x51028000 in ?? ()
#2 0x00000ed4 in ?? ()
#3 0x00000003 in ?? ()
#4 0x5d5cf82c in ?? ()
#5 0x00000004 in ?? ()
#6 0x00000000 in ?? ()
(gdb) x/8i $pc
0x51015399 <f...@plt+27445>: orl $0x7,-0xf4(%ebx)
0x510153a0 <f...@plt+27452>: mov $0x1,%ecx
0x510153a5 <f...@plt+27457>: mov %ecx,0x8(%esp)
0x510153a9 <f...@plt+27461>: mov %edi,0x4(%esp)
0x510153ad <f...@plt+27465>: mov %esi,(%esp)
0x510153b0 <f...@plt+27468>: call 0x51022e80
0x510153b5 <f...@plt+27473>: jmp 0x5101505c <f...@plt+26616>
0x510153ba <f...@plt+27478>: xor %ecx,%ecx
(gdb) x/8x $sp
0x5d5cf800: 0x51028000 0x00000ed4 0x00000003 0x5d5cf82c
0x5d5cf810: 0x00000004 0x00000000 0x00000001 0x50d5b170
(gdb) info reg
eax 0xffffffff -1
ecx 0x51028fc4 1359122372
edx 0xd 13
ebx 0x51028fc4 1359122372
esp 0x5d5cf800 0x5d5cf800
ebp 0x5d5cf920 0x5d5cf920
esi 0x51028000 1359118336
edi 0xed4 3796
eip 0x51015399 0x51015399 <f...@plt+27445>
eflags 0x10286 [ PF SF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
# ACCEPT_KEYWORDS=~x86 emerge -a math-pari
if I run perl without strace - I got error message in kernel log:
# perl -e 'use Math::Pari;'
Segmentation fault (core dumped)
2009-03-06_21:31:02.23339 kern.info: perl[17676]: segfault at 4ebd7ed0
ip 4ebc4399 sp 58019490 error 7 in ld-2.6.1.so[4ebbd000+1a000]
if I run perl with strace - there will be no messages in kernel log
# strace -f perl -e 'use Math::Pari;' &>perl.strace
# gdb /usr/bin/perl core
This GDB was configured as "i686-pc-linux-gnu"...
(no debugging symbols found)
warning: Can't read pathname for load map: Input/output error.
(no debugging symbols found)
Loaded symbols for /usr/bin/perl
Reading symbols from /lib/libpthread.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libnsl.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libdl.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libcrypt.so.1...
(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libutil.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libutil.so.1
Reading symbols from /lib/libc.so.6...
(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from
/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Math/Pari/Pari.so...
(no debugging symbols found)...done.
Loaded symbols for
/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Math/Pari/Pari.so
(no debugging symbols found)
Core was generated by `perl -e use Math::Pari;'.
Program terminated with signal 11, Segmentation fault.
[New process 30393]
#0 0x4fa55399 in ?? () from /lib/ld-linux.so.2
(gdb) bt
#0 0x4fa55399 in ?? () from /lib/ld-linux.so.2
#1 0x4fa68000 in ?? ()
#2 0x00000ed4 in ?? ()
#3 0x00000003 in ?? ()
#4 0x17364a75 in ?? () from /usr/bin/perl
#5 0x00000145 in ?? ()
#6 0x17426824 in ?? ()
#7 0x5a96a6a8 in ?? ()
#8 0x17301567 in ?? () from /usr/bin/perl
#9 0x17426824 in ?? ()
#10 0x00000050 in ?? ()
#11 0x173040d8 in Perl_av_undef () from /usr/bin/perl
#12 0x4fa55f4e in ?? () from /lib/ld-linux.so.2
#13 0x5a96a79c in ?? ()
#14 0x17443df8 in ?? ()
#15 0x00000000 in ?? ()
(gdb) x/8i $pc
0x4fa55399 <f...@plt+27445>: orl $0x7,-0xf4(%ebx)
0x4fa553a0 <f...@plt+27452>: mov $0x1,%ecx
0x4fa553a5 <f...@plt+27457>: mov %ecx,0x8(%esp)
0x4fa553a9 <f...@plt+27461>: mov %edi,0x4(%esp)
0x4fa553ad <f...@plt+27465>: mov %esi,(%esp)
0x4fa553b0 <f...@plt+27468>: call 0x4fa62e80
0x4fa553b5 <f...@plt+27473>: jmp 0x4fa5505c <f...@plt+26616>
0x4fa553ba <f...@plt+27478>: xor %ecx,%ecx
(gdb) x/8x $sp
0x5a96a600: 0x4fa68000 0x00000ed4 0x00000003 0x17364a75
0x5a96a610: 0x00000145 0x17426824 0x5a96a6a8 0x17301567
(gdb) info reg
eax 0xffffffff -1
ecx 0x4fa68fc4 1336315844
edx 0xd 13
ebx 0x4fa68fc4 1336315844
esp 0x5a96a600 0x5a96a600
ebp 0x5a96a720 0x5a96a720
esi 0x4fa68000 1336311808
edi 0xed4 3796
eip 0x4fa55399 0x4fa55399 <f...@plt+27445>
eflags 0x10286 [ PF SF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
> on a second thought, i'd need the strace output regardless of the gdb
> analysis,
> just to see how text relocations went as that's where the problem is probably.
http://powerman.name/tmp/apache2.strace
http://powerman.name/tmp/apache2.strace_zend
http://powerman.name/tmp/perl.strace
--
WBR, Alex.
