mod-gnutls FTBFS: test failure: apache2 seg fault

Bug #1597450 reported by Jeremy Bicha on 2016-06-29
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Undecided
Unassigned
mod-gnutls (Ubuntu)
High
Unassigned

Bug Description

mod-gnutls 0.7.5-2 in yakkety fails to build on all architectures except amd64:

https://launchpad.net/ubuntu/+source/mod-gnutls/0.7.5-2/

FAIL: test-24_pkcs11_cert.bash
==============================

Generated temporary SoftHSM config mod_gnutls_test-BtVH7L.conf:
objectstore.backend = file
directories.tokendir = /«PKGBUILDDIR»/test/server/softhsm2.db
checking /usr/lib64/pkcs11/libsofthsm2.so ...
checking /usr/lib/softhsm/libsofthsm2.so ...
found!
TESTING: 24_pkcs11_cert
./runtests failed at line 188!
FAILURE: 24_pkcs11_cert
httpd (no pid file) not running

Apache error logs:
[Wed Jun 29 17:23:26.375898 2016] [core:notice] [pid 12681:tid 4148214336] AH00060: seg fault or similar nasty error detected in the parent process
FAIL test-24_pkcs11_cert.bash (exit status: 1)

Jeremy Bicha (jbicha) on 2016-06-29
description: updated
Changed in mod-gnutls (Ubuntu):
importance: Undecided → High
tags: added: ftbfs
tags: added: yakkety
tags: added: zesty
Brian Morton (rokclimb15) wrote :

0.7.5 was removed from yakkety-proposed, but the FTBFS continues in Zesty. Here's a backtrace and disassembly on i386. If anyone has ideas, I'd appreciate them.

Brian Morton (rokclimb15) wrote :
Download full text (3.3 KiB)

Zesty 0.8.0-1 is the current FTBFS. I was able to progress the debugging a bit and something is scribbling on the stack. The problem I'm experiencing is gdb disables breakpoints in the shared lib I need to examine the stack canary address.

Starting program: /usr/sbin/apache2 -X -f /home/bmorton/mod-gnutls-0.8.0/test/tests/24_pkcs11_cert/apache.conf -k start
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
warning: Temporarily disabling breakpoints for unloaded shared library "/usr/lib/i386-linux-gnu/libp11-kit.so.0"
*** stack smashing detected ***: /usr/sbin/apache2 terminated

Program received signal SIGABRT, Aborted.
0xb7fd9cf9 in __kernel_vsyscall ()
(gdb) bt
#0 0xb7fd9cf9 in __kernel_vsyscall ()
#1 0xb7d47050 in __libc_signal_restore_set (set=0xbfffe5cc) at ../sysdeps/unix/sysv/linux/nptl-signals.h:79
#2 __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#3 0xb7d48577 in __GI_abort () at abort.c:89
#4 0xb7d82f4f in __libc_message (do_abort=<optimized out>, fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:175
#5 0xb7e14c78 in __GI___fortify_fail (msg=<optimized out>) at fortify_fail.c:37
#6 0xb7e14c18 in __stack_chk_fail () at stack_chk_fail.c:28
#7 0xb79c95e4 in __stack_chk_fail_local () from /usr/lib/i386-linux-gnu/libp11-kit.so.0
#8 0xb79a57e6 in proxy_C_GenerateKey (self=0xb6d3a9f0 <std::unique_ptr<MutexFactory, std::default_delete<MutexFactory> >::get() const+28>, handle=2148314568, mechanism=0xb79c95e4 <_fini>, template=0xb7e14c05 <__stack_chk_fail+5>,
    count=3221220068, key=0x0) at p11-kit/proxy.c:1470
#9 0xb6d3a53d in Mutex::lock (this=0x800b9840) at MutexFactory.cpp:60
#10 0xb6d3a5cd in MutexLocker::MutexLocker (this=0xbfffea48, inMutex=0x800b9840) at MutexFactory.cpp:81
#11 0xb6d7f31f in Token::getTokenInfo (this=0x800cc198, info=0xbfffec20) at Token.cpp:410
#12 0xb6d0a384 in SoftHSM::C_GetTokenInfo (this=0x800c4310, slotID=1566642341, pInfo=0xbfffec20) at SoftHSM.cpp:601
#13 0xb6ceca45 in C_GetTokenInfo (slotID=1566642341, pInfo=0xbfffec20) at main.cpp:220
#14 0xb7b1367c in pkcs11_get_token_info (module=0x800bc470, slot_id=1566642341, info=0xbfffec20) at pkcs11_int.c:65
#15 0xb7b02f1f in _pkcs11_traverse_tokens (find_func=0xb7b0490f <find_obj_url_cb>, input=0xbfffef04, info=0x800bd8c0, pin_info=0x800b4f04, flags=2) at pkcs11.c:1342
#16 0xb7b04eb8 in gnutls_pkcs11_obj_import_url (obj=0x800b4ec0,
    url=0xb7c39c48 "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=230076e3dd6110a5;token=mod_gnutls-test;id=%d5%32%8e%a4%57%da%03%cf%84%2a%51%14%69%c9%9d%50%d2%8a%6b%12;object=certificate;type=cert", flags=1)
    at pkcs11.c:2068
#17 0xb7c4aa14 in mgs_load_files (pconf=<optimized out>, ptemp=<optimized out>, s=<optimized out>) at gnutls_config.c:332
#18 0xb7c4f7ea in mgs_hook_post_config (pconf=0xb7fcc018, plog=0xb7c8a018, ptemp=0xb7c86018, base_server=0xb7c8cf18) at gnutls_hooks.c:405
#19 0x80046370 in ap_run_post_config (pconf=0xb7fcc018, plog=0xb7c8a018,...

Read more...

Brian Morton (rokclimb15) wrote :

Using latest deps in proposed Apache no longer segfaults on i386. FTBFS persists due to -Werror=format in the build and a few format/type issues that are easily fixed. Beyond that, test 24 still fails now with an error about the PKCS11 URL format which needs further investigation. 0.8.1 fixes the format string type issues for a clean build. Will request sync with upstream or I can submit the build fix as a patch.

Brian Morton (rokclimb15) wrote :

Correction, it still segfaults on test 24 after the string format issues are fixed.

ChristianEhrhardt (paelzer) wrote :
Changed in mod-gnutls (Ubuntu):
status: New → Confirmed
Brian Morton (rokclimb15) wrote :

According to the Debian maintainer this does not occur in unstable on i386. Both apache2 and libgnutls30 are newer in unstable, so that could be related.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apache2 (Ubuntu):
status: New → Confirmed
Brian Morton (rokclimb15) wrote :

Tried building openssl 1.1 to match Debian sid, as well as latest apache2 and gnutls. All still segfault on i386 during this test. Out of ideas at this point.

Thomas Klute (thomas2-klute) wrote :

Another package work looking at might be p11-kit. The last function call above kernel and libc in the stack trace above is in libp11-kit, and so are the memory issues I see using Valgrind on amd64.

Hi Thomas,

Good info, thanks. It's definitely a possibility, but I'm having a hard
time explaining how that package could be responsible when it is synced
with Sid as well and the configure strings in the build logs appear to be
the same. I also tried a build from upstream source with the same result.

Is there anything unusual about the way Debian builds gnutls vs Ubuntu? I
can't find or think of anything relevant.

On Sat, Jan 14, 2017 at 7:23 AM, Thomas Klute <email address hidden>
wrote:

> Another package work looking at might be p11-kit. The last function call
> above kernel and libc in the stack trace above is in libp11-kit, and so
> are the memory issues I see using Valgrind on amd64.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1597450
>
> Title:
> mod-gnutls FTBFS: test failure: apache2 seg fault
>
> Status in apache2 package in Ubuntu:
> Confirmed
> Status in mod-gnutls package in Ubuntu:
> Confirmed
>
> Bug description:
> mod-gnutls 0.7.5-2 in yakkety fails to build on all architectures
> except amd64:
>
> https://launchpad.net/ubuntu/+source/mod-gnutls/0.7.5-2/
>
> FAIL: test-24_pkcs11_cert.bash
> ==============================
>
> Generated temporary SoftHSM config mod_gnutls_test-BtVH7L.conf:
> objectstore.backend = file
> directories.tokendir = /«PKGBUILDDIR»/test/server/softhsm2.db
> checking /usr/lib64/pkcs11/libsofthsm2.so ...
> checking /usr/lib/softhsm/libsofthsm2.so ...
> found!
> TESTING: 24_pkcs11_cert
> ./runtests failed at line 188!
> FAILURE: 24_pkcs11_cert
> httpd (no pid file) not running
>
> Apache error logs:
> [Wed Jun 29 17:23:26.375898 2016] [core:notice] [pid 12681:tid
> 4148214336] AH00060: seg fault or similar nasty error detected in the
> parent process
> FAIL test-24_pkcs11_cert.bash (exit status: 1)
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/
> 1597450/+subscriptions
>

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers