Many thanks,
Doug
----- Begin forwarded message ----- Ralf,
I have been doing some code-walking to track down a problem we've been having since last November with Apache child processes getting segmentation faults periodically, and it appears to boil down to something with mod_ssl and/or OpenSSL. I was hoping you could help shed some light on this, and/or suggest where to next extend my search. Here are the details thus far:
- Running Apache 1.3.27 and mod_ssl 2.8.14 with OpenSSL 0.9.7b (also tried with the 0.9.6 line with the same results)
gdb backtrace (attached) shows the segmentation fault being generated by ssl3_write_pending(). This happens when a timeout occurs during ap_send_fd() or ap_send_mmap(). The Apache timeout() handler is invoked by the SIGALRM handler, which closes the connection and frees the SSL context. When the signal handler finishes and returns to the stack (where we were in the middle of a write operation somewhere inside of ssl3_write_pending()), ssl3_write_pending() segfaults when it tries to access the non-existent context.
I'm not sure if this would be considered a deficiency in how mod_ssl closes the connection, in how OpenSSL's ssl3_write_pending() checks for a valid context after BIO_write(), or something else entirely.
Any direction you can provide would be greatly appreciated. I'd be more than happy to provide any additional info or debugging/troubleshooting steps.
Many thanks,
Doug
------------------------------------------------------------
This email, and any included attachments, have been checked by Norton AntiVirus Corporate Edition (Version 8.0), AVG Server Edition 6.0, and Merak Email Server Integrated Antivirus (Alwil Software's aVast! engine) and is certified Virus Free.
[EMAIL PROTECTED] ~]# gdb -x /tmp/gdb.cmd httpd GNU gdb Red Hat Linux (5.2-2) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... Breakpoint 1 at 0x80bd764: file http_main.c, line 1499. [New Thread 1024 (LWP 10906)] Processing config directory: /etc/httpd/conf/httpd.conf Processing config file: /etc/httpd/conf/httpd.conf/apache.conf
[Switching to Thread 1024 (LWP 10906)]
Breakpoint 1, timeout (sig=14) at http_main.c:1499
1499 if (alarms_blocked) {
(gdb) bt
#0 timeout (sig=14) at http_main.c:1499
#1 0x080ba0fb in alrm_handler (sig=14) at http_main.c:1628
#2 0x400275eb in pthread_sighandler (signo=14, ctx=
{gs = 0, __gsh = 0, fs = 0, __fsh = 0, es = 43, __esh = 0, ds = 43, __dsh = 0,
edi = 137328728, esi = 8221, ebp = 3221206440, esp = 3221206392, ebx = 7, edx = 8221,
ecx = 137328728, eax = 7146, trapno = 1, err = 0, eip = 1075341236, cs = 35, __csh =
0, eflags = 642, esp_at_signal = 3221206392, ss = 43, __ssh = 0, fpstate = 0xbfffb2f8,
oldmask = 2147483648, cr2 = 0}) at signals.c:97
#3 <signal handler called>
#4 0x401867b4 in __libc_write () at __libc_write:-1
#5 0x40032efc in __DTOR_END__ () from /lib/libpthread.so.0
#6 0x0810aff9 in sock_write (b=0x82e9990,
in=0x82f7858 "\027\003\001 \030b¹W{ýø¾\016?èÁ\016³\217d)\027ýèP\b
ñÉ\002°\eѪ¸\237\003\205G>\b
Ð\231\031w³\027ÈW\rÈ\006ÔL!uL+$\177EKõ]ÓL/»ÖæÉû\022¨\217^\235ÝýI\232\002η\035]Ùô\212ê\017\004B¬LÇ\200\t=8ã-)É\232»{\025ß÷\023ZN]Ú¶ú\227T\034\210h\037k\237:¾È\234à\177\237í\2209Ü\220Å\210ÎBÞ\177bg\234ø¾F¡èª+\201é\203:Ýf>[EMAIL
PROTECTED])AÚµNËí\225,®"..., inl=8221)
at bss_sock.c:157
#7 0x08109326 in BIO_write (b=0x82e9990, in=0x82f7858, inl=8221)
at bio_lib.c:201
#8 0x080fd855 in ssl3_write_pending (s=0x82e7530, type=23,
buf=0xbfffb8b0 "-Datei äquivalent ist; zusätzliche Treiber \nkönnten weiterhin
erforderlich sein.\n\n", '=' <repeats 76 times>, "\nHILFE ANFORNDERN\n\nZugriff über
das Web ht"..., len=8192) at s3_pkt.c:740
#9 0x080fd769 in do_ssl3_write (s=0x82e7530, type=23,
buf=0xbfffb8b0 "-Datei äquivalent ist; zusätzliche Treiber \nkönnten weiterhin
erforderlich sein.\n\n", '=' <repeats 76 times>, "\nHILFE ANFORNDERN\n\nZugriff über
das Web ht"..., len=8192, create_empty_fragment=0) at s3_pkt.c:713
#10 0x080fd362 in ssl3_write_bytes (s=0x82e7530, type=23, buf_=0xbfffb8b0,
len=8192) at s3_pkt.c:542
#11 0x080fb186 in ssl3_write (s=0x82e7530, buf=0xbfffb8b0, len=8192)
at s3_lib.c:1718
#12 0x080e4e0d in SSL_write (s=0x82e7530, buf=0xbfffb8b0, num=8192)
at ssl_lib.c:873
#13 0x08085181 in ssl_io_hook_write (fb=0x824f8c0,
buf=0xbfffb8b0 "-Datei äquivalent ist; zusätzliche Treiber \nkönnten weiterhin
erforderlich sein.\n\n", '=' <repeats 76 times>, "\nHILFE ANFORNDERN\n\nZugriff über
das Web ht"..., len=8192) at ssl_engine_io.c:384
#14 0x080d3521 in ap_hook_call_func (ap=0xbfffb774, he=0x8234a38, hf=0x8237c40)
at ap_hook.c:649
#15 0x080d312c in ap_hook_call (hook=0x81ec1d5 "ap::buff::write")
at ap_hook.c:382
#16 0x080b35d0 in ap_write (fb=0x824f8c0, buf=0xbfffb8b0, nbyte=8192)
at buff.c:361
#17 0x080b4269 in write_with_errors (fb=0x824f8c0, buf=0xbfffb8b0, nbyte=8192)
at buff.c:408
#18 0x080b4313 in bcwrite (fb=0x824f8c0, buf=0xbfffb8b0, nbyte=8192)
#19 0x080b4687 in ap_bwrite (fb=0x824f8c0, buf=0xbfffb8b0, nbyte=8192)
at buff.c:1427
#20 0x080c513b in ap_send_fd_length (f=0x82fe798, r=0x82fc1a0, length=-1)
at http_protocol.c:2403
#21 0x080c5011 in ap_send_fd (f=0x82fe798, r=0x82fc1a0) at http_protocol.c:2373
#22 0x080bbe14 in default_handler (r=0x82fc1a0) at http_core.c:3930
#23 0x080b535d in ap_invoke_handler (r=0x82fc1a0) at http_config.c:530
#24 0x080c81dc in process_request_internal (r=0x82fc1a0) at http_request.c:1308
#25 0x080c8253 in ap_process_request (r=0x82fc1a0) at http_request.c:1324
#26 0x080c03a7 in child_main (child_num_arg=0) at http_main.c:4689
#27 0x080c054a in make_child (s=0x822bfc8, slot=0, now=1057678679)
at http_main.c:4813
#28 0x080c068d in startup_children (number_to_start=1) at http_main.c:4895
#29 0x080c0ce0 in standalone_main (argc=18, argv=0xbfffdbf4)
at http_main.c:5203
#30 0x080c15e3 in main (argc=18, argv=0xbfffdbf4) at http_main.c:5566
#31 0x400c9336 in __libc_start_main (main=0x80c1150 <main>, argc=18,
ubp_av=0xbfffdbf4, init=0x807c714 <_init>, fini=0x81c7060 <_fini>,
rtld_fini=0x4000d2fc <_dl_fini>, stack_end=0xbfffdbec)
at ../sysdeps/generic/libc-start.c:129
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x080fd891 in ssl3_write_pending (s=0x82e7530, type=23,
buf=0xbfffb8b0 "-Datei äquivalent ist; zusätzliche Treiber \nkönnten weiterhin
erforderlich sein.\n\n", '=' <repeats 76 times>, "\nHILFE ANFORNDERN\n\nZugriff über
das Web ht"..., len=8192) at s3_pkt.c:749
749 if (i == s->s3->wbuf.left)
(gdb) quit
The program is running. Exit anyway? (y or n) y
[EMAIL PROTECTED] ~]#
