Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Bugs
[Bug 64533] Http crashes observed during fuzzing testing
bugzilla at apache
Sep 23, 2020, 3:06 AM
Post #1 of 17 (945 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Version|2.4.43 |2.4.46

--- Comment #23 from wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> ---
We have observed the crash for new 2.4.46 version as well.
Server version: Apache/2.4.46 (Fedora) Server

In addition, the crash is seen when https [Port 80] and TLS [port 443]
codenomicon suites are run together which sending malformed packets
continously.
But no crash observed when both the suites are run separately.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Sep 23, 2020, 7:32 AM
Post #2 of 17 (945 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #24 from Ruediger Pluem <rpluem@apache.org> ---
(In reply to wei-mark.zheng@nokia-sbell.com from comment #23)
> We have observed the crash for new 2.4.46 version as well.
> Server version: Apache/2.4.46 (Fedora) Server

Looks like you are now running your fuzzing tests against a Fedora build and
not your Linux MIPS distro. If this is the case can you please provide
stacktraces again. Hopefully they are usable then.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Sep 29, 2020, 2:28 AM
Post #3 of 17 (945 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #25 from wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> ---
Created attachment 37477
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37477&action=edit
backstraces_2909

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Sep 29, 2020, 2:29 AM
Post #4 of 17 (945 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #26 from wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> ---
The backstraces are collected, please check.Thanks.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Sep 29, 2020, 7:21 PM
Post #5 of 17 (942 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #37314|0 |1
is obsolete| |
Attachment #37315|0 |1
is obsolete| |
Attachment #37323|0 |1
is obsolete| |
Attachment #37324|0 |1
is obsolete| |
Attachment #37355|0 |1
is obsolete| |
Attachment #37358|0 |1
is obsolete| |

--- Comment #27 from wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> ---
Created attachment 37478
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37478&action=edit
backtraces_0930

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Sep 30, 2020, 2:00 AM
Post #6 of 17 (941 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #28 from Joe Orton <jorton@redhat.com> ---
It is quite hard to find actual backtraces in that information.

Please attach JUST the backtraces from running "thread apply all bt" from with
gdb.

The one I can find in there looks like:

Stack trace of thread 3411716:
#0 0x00007fcf5a0ae744 __pthread_rwlock_wrlock (libpthread.so.0)
#1 0x00007fcf59be1a49 CRYPTO_THREAD_write_lock (libcrypto.so.1.1)
#2 0x00007fcf59ba4b07 RAND_get_rand_method (libcrypto.so.1.1)
#3 0x00007fcf59ba4d82 RAND_seed (libcrypto.so.1.1)
#4 0x00007fcf59da25ee ssl_rand_seed (mod_ssl.so)
#5 0x00007fcf59d8d831 ssl_init_ssl_connection (mod_ssl.so)
#6 0x0000563ebc834eed n/a (/usr/sbin/httpd)

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Sep 30, 2020, 4:39 AM
Post #7 of 17 (941 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #29 from Ruediger Pluem <rpluem@apache.org> ---
There seem to be further ones:

#0 0x00007fcf591f2664 in __do_global_dtors_aux () from
/lib64/libnss_files.so.2
[Current thread is 1 (Thread 0x7fcf59dc0900 (LWP 3563021))]
(gdb) bt
#0 0x00007fcf591f2664 in __do_global_dtors_aux () from
/lib64/libnss_files.so.2
#1 0x00007fcf5a30d2eb in _dl_fini () at dl-fini.c:138
#2 0x00007fcf59f0ee87 in __run_exit_handlers (status=status@entry=0,
listp=0x7fcf5a092578 <__exit_funcs>,
run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true)
at exit.c:108
#3 0x00007fcf59f0f040 in __GI_exit (status=status@entry=0) at exit.c:139
#4 0x00007fcf5921d716 in clean_child_exit (code=code@entry=0) at event.c:738
#5 0x00007fcf5921d73d in just_die (sig=<optimized out>) at event.c:743
#6 <signal handler called>
#7 pthread_sigmask (how=how@entry=1, newmask=<optimized out>,
newmask@entry=0x7fff02b26230, oldmask=oldmask@entry=0x0)
at ../sysdeps/unix/sysv/linux/pthread_sigmask.c:48
#8 0x00007fcf5921ccd5 in unblock_signal (sig=sig@entry=15) at event.c:1264
#9 0x00007fcf5921e5d4 in child_main (child_num_arg=child_num_arg@entry=14,
child_bucket=child_bucket@entry=0) at event.c:2586
#10 0x00007fcf5921e914 in make_child (s=0x563ebcececf0, slot=slot@entry=14,
bucket=bucket@entry=0) at event.c:2691
#11 0x00007fcf5921f290 in perform_idle_server_maintenance
(num_buckets=<optimized out>, child_bucket=<optimized out>) at event.c:2886
#12 server_main_loop (num_buckets=1, remaining_children_to_start=0) at
event.c:3015
#13 event_run (_pconf=<optimized out>, plog=<optimized out>, s=<optimized out>)
at event.c:3092
#14 0x0000563ebc837ce0 in ap_run_mpm (pconf=0x563ebcea5a48,
plog=0x563ebced2c68, s=0x563ebcececf0) at mpm_common.c:94
#15 0x0000563ebc821eb3 in main (argc=<optimized out>, argv=<optimized out>) at
main.c:819

and

#0 0x00007fcf59e0b5f0 in __do_global_dtors_aux () from /lib64/liblzma.so.5
#1 0x00007fcf5a30d2eb in _dl_fini () from /lib64/ld-linux-x86-64.so.2
#2 0x00007fcf59f0ee87 in __run_exit_handlers () from /lib64/libc.so.6
#3 0x00007fcf59f0f040 in exit () from /lib64/libc.so.6
#4 0x00007fcf5921d716 in clean_child_exit () from
/usr/lib64/httpd/modules/mod_mpm_event.so
#5 0x00007fcf5921d73d in just_die () from
/usr/lib64/httpd/modules/mod_mpm_event.so
#6 <signal handler called>
#7 0x00007fcf5a0b13cb in pthread_sigmask () from /lib64/libpthread.so.0
#8 0x00007fcf5921ccd5 in unblock_signal () from
/usr/lib64/httpd/modules/mod_mpm_event.so
#9 0x00007fcf5921e5d4 in child_main () from
/usr/lib64/httpd/modules/mod_mpm_event.so
#10 0x00007fcf5921e914 in make_child () from
/usr/lib64/httpd/modules/mod_mpm_event.so
#11 0x00007fcf5921f290 in event_run () from
/usr/lib64/httpd/modules/mod_mpm_event.so
#12 0x0000563ebc837ce0 in ap_run_mpm ()
#13 0x0000563ebc821eb3 in main ()

Looks like crashes in library shutdown handlers when httpd is stopped.
Do we ever use liblzma in vanialla httpd?

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Oct 9, 2020, 12:31 AM
Post #8 of 17 (936 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #30 from wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> ---
Hi,
Checked from SW team, in our codes we don’t have anything related to lzma.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Oct 9, 2020, 2:07 AM
Post #9 of 17 (936 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #31 from wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> ---
Attached here backtarces with “thread apply all bt”also

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Oct 9, 2020, 2:10 AM
Post #10 of 17 (936 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #32 from wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> ---
Created attachment 37489
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37489&action=edit
backtraces_0910

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Oct 9, 2020, 2:23 AM
Post #11 of 17 (936 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #33 from Ruediger Pluem <rpluem@apache.org> ---
Which version of openssl do you use? Is it taken from a distribution package or
do you compile it on your own?

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Oct 11, 2020, 10:39 PM
Post #12 of 17 (931 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #34 from wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> ---
Hi,
We are currently using openssl-1.1.1g in platform. We will take the same from
the distribution and compile it locally for FPLD purpose.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Oct 13, 2020, 4:43 AM
Post #13 of 17 (930 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #35 from Ruediger Pluem <rpluem@apache.org> ---
Can you please try the patch from r1882370 :
http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/event/event.c?r1=1882370&r2=1882369&pathrev=1882370&view=patch

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Oct 13, 2020, 6:52 PM
Post #14 of 17 (929 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #36 from wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> ---
Hi,
I am not able to access this link due to permission issue. how can this
permission granted ?
http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/event/event.c?r1=1882370&r2=1882369&pathrev=1882370&view=patch

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Oct 13, 2020, 10:57 PM
Post #15 of 17 (928 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #37 from wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> ---
It was proxy issue, now the link is accessible.
I will share this patch to team and come back later on.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Oct 13, 2020, 11:26 PM
Post #16 of 17 (928 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #38 from wei-mark.zheng@nokia-sbell.com <wei-mark.zheng@nokia-sbell.com> ---
Hi Ruediger Pluem,
Any instruction on how to patch it ?

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64533] Http crashes observed during fuzzing testing [ In reply to ]
bugzilla at apache
Oct 14, 2020, 6:42 AM
Post #17 of 17 (928 views)
Permalink
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #39 from Ruediger Pluem <rpluem@apache.org> ---
(In reply to wei-mark.zheng@nokia-sbell.com from comment #38)
> Hi Ruediger Pluem,
> Any instruction on how to patch it ?

Like any patch it is applied to the source code with the patch command (or
something similar like svn patch or git apply). For the patch command -p3 seems
to be a sensible option when you running this command from the root of the
Apache source. Afterwards you follow just your further build steps.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal