logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Segmentation Fault on Custom 413
Author
balia



Joined: 19 Jan 2015
Posts: 12

PostPosted: Fri 20 Feb '15 5:53    Post subject: Segmentation Fault on Custom 413 Reply with quote

First, I added the following lines to my .htaccess file:
Code:
ErrorDocument 413 /413.php
# Limit Transfers from client 1MB
LimitRequestBody 1048576


The content of 413.php is:
Code:
$sBody="The requested resource does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.";
$sHtm="<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<html><head>
<title>413 Request Entity Too Large</title>
</head><body>
<h1>413 Request Entity Too Large</h1>
$sBody</body></html>";
echo $sHtm;


When I try to upload a 2.3MB image, the following setup works and 413.php is displayed.

Then, I modify my 413.php by adding just one line at the top:
Code:
if(!defined('_HttpERR_')) define('_HttpERR_',413);
$sBody="The requested resource does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.";
$sHtm="<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<html><head>
<title>413 Request Entity Too Large</title>
</head><body>
<h1>413 Request Entity Too Large</h1>
$sBody</body></html>";
echo $sHtm;


I get a "Connection reset" notification instead of my custom 413.php and /var/log/apache2/error.log contains
Code:

[core:notice] [pid 1951] AH00051: child pid 24179 exit signal Segmentation fault (11), possible coredump in /etc/apache2



How do I resolve this?
Thank you.

PS: I am running Apache 2.4 with PHP 5.6 on Ubuntu 12.04 LTS
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Sat 21 Feb '15 9:59    Post subject: Reply with quote

Enable the PHP error log in your php.ini and see what causes PHP to crash.
Back to top
balia



Joined: 19 Jan 2015
Posts: 12

PostPosted: Sun 22 Feb '15 3:06    Post subject: Reply with quote

I do have log_errors=On and error_log=logFile both in php.ini and in the php code itself using the ini_set() function.
However, in this case there are no errors logged by PHP, jut the segmentation error in the Apache log.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Tue 24 Feb '15 11:12    Post subject: Reply with quote

Do you have the core dump?
Back to top
balia



Joined: 19 Jan 2015
Posts: 12

PostPosted: Wed 25 Feb '15 0:23    Post subject: Reply with quote

No I don't. I've seen several forums explaining how to generate it. Many say I need to recompile apache to get the dump.
Would you be able to point the best resource explaining how to do this?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Thu 26 Feb '15 19:27    Post subject: Reply with quote

As far as I know you don't need to recompile apache.

Just configure the path like

Code:
CoreDumpDirectory /tmp/mycoredump

mkdir -p /tmp/mycoredump
chmod the permission to 0777 for that folder.

restart apache.

However: For such reasons on windows most / many apacheloung user use PHP over fcgid. I use that on Linux,too. So PHP does not crash my apache Wink
Back to top
balia



Joined: 19 Jan 2015
Posts: 12

PostPosted: Thu 05 Mar '15 18:10    Post subject: Reply with quote

Sorry for the late reply.

Did the following:
- Added CoreDumpDirectory /tmp/apacheDump to apache2.conf
- mkdir -p /tmp/apacheDump
- chmod 777 /tmp/apacheDump
- Restarted apache

Reproduced the error.

In error.log, I have the following line:
Code:
AH00051: child pid 11245 exit signal Segmentation fault (11), possible coredump in /tmp/apacheDump

But /tmp/apacheDump is empty
Back to top
balia



Joined: 19 Jan 2015
Posts: 12

PostPosted: Thu 05 Mar '15 19:23    Post subject: Reply with quote

Tried to follow the instructions in the following post:
http://sysadmin.carlusgg.com/?p=197

Installed apache2-dbg and php5-dbg

But still no dump ...
Back to top
balia



Joined: 19 Jan 2015
Posts: 12

PostPosted: Thu 05 Mar '15 19:29    Post subject: Reply with quote

Also tried the following post:
https://stackoverflow.com/questions/7745578/notice-child-pid-xxxx-exit-signal-segmentation-fault-11-in-apache-error-lo

Code:

# ps aux | egrep 'apache2|PID'
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root     16651  0.0  0.7 152164 18356 ?        Ss   11:51   0:00 /usr/sbin/apache2 -k start
www-data 16659  0.0  0.0  24260  2536 ?        S    11:51   0:00 /usr/sbin/apache2 -k start
www-data 16676  0.0  0.2 152268  6492 ?        S    11:51   0:00 /usr/sbin/apache2 -k start
www-data 16677  0.0  0.2 152268  6492 ?        S    11:51   0:00 /usr/sbin/apache2 -k start
www-data 16678  0.0  0.2 152196  5364 ?        S    11:51   0:00 /usr/sbin/apache2 -k start
www-data 16679  0.0  0.2 152196  5364 ?        S    11:51   0:00 /usr/sbin/apache2 -k start
www-data 17380  0.0  0.2 152196  5364 ?        S    11:52   0:00 /usr/sbin/apache2 -k start
root     26349  0.0  0.0   4384   748 pts/2    S+   12:02   0:00 egrep apache2|PID



Code:
# gdb
GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.

(gdb) attach 16651
Attaching to process 16651



Reproduced the error and ran:

Code:
(gdb) backtrace full
#0  0x00b4d416 in __kernel_vsyscall ()
No symbol table info available.
#1  0x0022b8e1 in select () from /lib/i386-linux-gnu/libc.so.6
No symbol table info available.
#2  0x00136cce in apr_sleep () from /usr/lib/i386-linux-gnu/libapr-1.so.0
No symbol table info available.
#3  0x007f37aa in ap_wait_or_timeout (status=0xbfed8548, exitcode=0xbfed854c, ret=0xbfed8538, p=0xb7797018,
    s=0xb776fbb0) at mpm_common.c:199
        rv = <optimized out>
#4  0x00c06a02 in prefork_run (_pconf=0xb7797018, plog=0xb776b018, s=0xb776fbb0) at prefork.c:1006
        status = 11
        pid = {pid = -1, in = 0x12a01e, out = 0x22293008, err = 0x83f958}
        child_slot = <optimized out>
        exitwhy = 6
        processed_status = <optimized out>
        index = <optimized out>
        remaining_children_to_start = 0
        rv = <optimized out>
#5  0x007f2bbe in ap_run_mpm (pconf=0xb7797018, plog=0xb776b018, s=0xb776fbb0) at mpm_common.c:96
        pHook = <optimized out>
        n = <optimized out>
        rv = -1
#6  0x007eb57d in main (argc=3, argv=0xbfed86f4) at main.c:777
        c = 0 '\000'
        showcompile = 0
        showdirectives = 0
        confname = 0x8357d8 "apache2.conf"
        def_server_root = 0x8357cb "/etc/apache2"
        temp_error_log = 0x0
        error = <optimized out># gdb
GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>.
(gdb) attach 16651
Attaching to process 16651

        process = 0xb7797018
        pconf = 0xb7797018
        plog = 0xb776b018
---Type <return> to continue, or q <return> to quit---
        ptemp = 0xb7767018
        pcommands = 0xb7771018
        opt = 0xb77710b8
        rv = <optimized out>
        mod = <optimized out>
        opt_arg = 0x835430 "UWVS\350\316c\373\377\201\303\177\335\001"
        signal_server = <optimized out>


What is the best way to make sense of this?
Thank you.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Mon 16 Mar '15 12:24    Post subject: Reply with quote

For having the correct data, you need to reduce apache to a single process

Code:
StartServers 1
MinSpareServers 1
MaxSpareServers 1
Back to top
balia



Joined: 19 Jan 2015
Posts: 12

PostPosted: Sat 21 Mar '15 1:12    Post subject: Reply with quote

I added the following to apache2.conf

StartServers 1
MinSpareServers 1
MaxSpareServers 1
MaxClients 1

After restarting apache, when I run ps aux, I still get 6 apache processes running, one owned by root and 5 by www-data

I only found one post with a similar problem:
https://stackoverflow.com/questions/25651659/how-do-i-configure-apache-to-only-fork-one-child-process-worker
But it doesn't have a good answer.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Sat 21 Mar '15 12:06    Post subject: Reply with quote

Sorry I forgot about this, but there is a command line option -X

example
Code:

/usr/sbin/httpd -X



--- EDIT ---

Also see http://httpd.apache.org/dev/debugging.html
Back to top
gmoniker



Joined: 22 Mar 2015
Posts: 3
Location: Netherlands

PostPosted: Sun 22 Mar '15 23:11    Post subject: Coredumps Ubuntu and segfault PHP Reply with quote

Hello Balia,

Coredumps on Ubuntu 12.04 can get intercepted by the apport program. You can see if something like apport is set by doing:

Code:
cat /proc/sys/kernel/core_pattern


If there is something like this:
Code:
|/usr/share/apport/apport %p %s %c %P


Then the dumps will be stored in /var/crash in apport format. You can unpack those with
Code:
apport-unpack

You can also use
Code:
sysctl -a
and check these:
Code:
kernel.core_uses_pid = 1
kernel.core_pattern = /tmp/core-%e-%s-%u-%g-%p-%t
fs.suid_dumpable = 2
Back to top
gmoniker



Joined: 22 Mar 2015
Posts: 3
Location: Netherlands

PostPosted: Sun 22 Mar '15 23:47    Post subject: Segfault on 413 Reply with quote

It just so happens that I have been looking into the Apache handler for PHP after having some segfaults in a different situation, see https://bugs.php.net/bug.php?id=68486 for that.

Basically what happens, is the PHP handler in the case of 413 errors that happened when you called a PHP script tries to reuse the execution engine that was started for that first script. The reasoning will have been that it was needed to avoid throwing a 413 error all over again and ending up with a precooked Apache error message. And maybe this was true sometime in the past.

But the script that you install as the ErrorDocument for 413 is then starting in an improper environment. Adding symbols just about succeeds and calling echo, but anything that introspects the symbol table like your call to defined() will crash the execution environment.

You will see that it does function if you call some static html and cause a 413.

The patch that is available at the bug report I mentioned will solve the segfault for this case also.

However there still is another thing which makes Entity too large in Apache 2.4 very strange if PHP is active. If you call a php script with too large a request body for example, it will show the ErrorDocument whatever it is, but then goes on to happily run your PHP script. Even though the request body is unset, this seems unwanted behaviour to me and it doesn't happen if you call a static html file or in any of those cases with Apache 2.2. Nor does it happen with a header that is too long.

So, in short with Apache 2.4 and PHP you cannot depend on a LimitRequestBody to stop PHP from running, and you can experience segfaults when you call a PHP script and set a PHP script as 413 handler (In Apache 2.2 as well).
Back to top
Jan-E



Joined: 09 Mar 2012
Posts: 1266
Location: Amsterdam, NL, EU

PostPosted: Mon 23 Mar '15 12:31    Post subject: Reply with quote

In case some of you experience segfaults on Windows: all my builds are patched with this oneliner:
https://bugs.php.net/patch-display.php?bug_id=68486&patch=sapi_apache2.gmoniker.patch&revision=latest

I applied the patch last Friday. See http://www.apachelounge.com/viewtopic.php?t=6359 for my builds
Back to top
balia



Joined: 19 Jan 2015
Posts: 12

PostPosted: Fri 17 Apr '15 18:40    Post subject: Reply with quote

Thank you for all the responses and very sorry for the delay in processing them.

[James Blond]
I stopped apache2 : service apache2 stop

Code:
# /usr/sbin/apache2 -X
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_PID_FILE} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_RUN_USER} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_RUN_GROUP} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
AH00543: apache2: bad user name ${APACHE_RUN_USER}


Apache fails to start
The same happens if I remove -X BTW
How do I start apache with the -X option?

[gmoniker]

Code:
# cat /etc/default/apport
# set this to 0 to disable apport, or to 1 to enable it
# you can temporarily override this with
# sudo service apport start force_start=1
enabled=1

# cat /proc/sys/kernell/core_pattern
cat: /proc/sys/kernell/core_pattern: No such file or directory

core_pattern is missing

I went to http://wiki.ubuntu.com/Apport for further instructions.
Added a hash symbol # in the beginning of the following line:
'problem_types': ['Bug', 'Package'],

Code:
# ls /var/crash
total 0


Tried to reproduce the crash, but still no dump.
What's next?

https://bugs.php.net/bug.php?id=68486
I get the message: "This bug report is marked as private."

[Jan-E]
https://bugs.php.net/patch-display.php?bug_id=68486&patch=sapi_apache2.gmoniker.patch&revision=latest
ERROR: You have no access to bug #68486

Went to: http://www.apachelounge.com/viewtopic.php?t=6359
Not sure I fully understand what the builds are for...
Back to top
Jan-E



Joined: 09 Mar 2012
Posts: 1266
Location: Amsterdam, NL, EU

PostPosted: Fri 17 Apr '15 20:00    Post subject: Reply with quote

Try upgrading to PHP 5.6.8. This version has gmoniker's patch
https://github.com/php/php-src/commit/809610f5ea38a83b284e1125d1fff129bdd615e7
Back to top
balia



Joined: 19 Jan 2015
Posts: 12

PostPosted: Tue 21 Jul '15 6:04    Post subject: Reply with quote

Sorry; this issue on the back burner for a while.
Looking at it again, I updated PHP from v5.6.6 to v5.6.10.
This did not resolve anything: the segmentation fault didn't disappear.

I resolved the issue as follows:
Reading through the Apache documentation gave me some clues.
http://httpd.apache.org/docs/2.2/custom-error.html

Unlike 404, 413.php was not a replacement script for the original script (in the case of a 404 error, there is obviously no original script).
When 413.php ends, execution doesn't stop there.
The original uploading script is called again (when no segmentation fault occurs).
$_POST and $_FILE are empty, and there is no obvious ways for the original script to know that an error occurred.
In addition nothing in the environment variables points to an error.

413.php is just provided as a replacement for the built-in 413 error message.
It allows to echo a different 413 error message at the top of the HTML page, but not much more.
Any non "elementary" code in 413.php generates a segmentation fault.
For example, 413.php doesn't accept any function call.
Calling any function such as define() or any text function results in a segmentation fault.
Only echos and basic assignment operators seem acceptable.

Fortunately, global variables can be defined in 413.php. These global variables can be picked up by the original uploading script.

Another important consideration, is that 413.php must echo something before exiting.
If there are no echos and 413.php ends with exit(); or exit(integer); then a segmentation fault will occur.
I chose to end 413.php with exit(' ');
The blank space seems so far to be a good compromise to prevent the browser from getting in quirk mode.

Obviously, segmentation faults are not the best way to communicate with developers and maybe this can be addressed in the future by the Apache team.
It is not clear why you would restrict non "elementary" PHP code in 413.php and this is not explained in the documentation.

On a last note, for very large files, Firefox keeps trying to upload the file and never returns a 413 error.
See https://github.com/freedomofpress/securedrop/issues/992
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Wed 22 Jul '15 11:56    Post subject: Reply with quote

balia wrote:


[James Blond]
I stopped apache2 : service apache2 stop

Code:
# /usr/sbin/apache2 -X
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_PID_FILE} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_RUN_USER} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_RUN_GROUP} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[core:warn] [pid 12838] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
AH00543: apache2: bad user name ${APACHE_RUN_USER}



You need to edit /etc/apache2/envvars

e.g.
Code:

APACHE_RUN_USER=www-data
APACHE_RUN_GROUP=www-data


the same for the other variables.
Back to top


Reply to topic   Topic: Segmentation Fault on Custom 413 View previous topic :: View next topic
Post new topic   Forum Index -> Apache