Bug 237925

Summary:	www/squid: Segmentation fault
Product:	Ports & Packages	Reporter:	Sergey Anokhin <admin>
Component:	Individual Port(s)	Assignee:	Eugene Grosbein <eugen>
Status:	Closed Overcome By Events
Severity:	Affects Only Me	CC:	emz, eugen, timp87
Priority:	---	Keywords:	crash, needs-qa
Version:	Latest	Flags:	eugen: maintainer-feedback+
Hardware:	Any
OS:	Any

Description Sergey Anokhin 2019-05-16 12:41:07 UTC

Hi All,

The bug was reproduced on 4.6 and 4.7 Squid versions 

OS:
12.0-STABLE FreeBSD 12.0-STABLE r344923 SERVER

Port version:
TIMESTAMP = 1557845771
SHA256 (squid4/squid-4.7.tar.xz) = a29cf65f77ab70a8b1cf47e6fe1d2975ec9d04d2446d54669a5afd2aee5e354e
SIZE (squid4/squid-4.7.tar.xz) = 2440884

Squid config (me tried with blank config too):

cache_mem 32 MB
maximum_object_size 15000 KB
cache_dir ufs /var/squid/cache/squid/ 1000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
acl lan src 192.168.1.0/24
acl lan2 src 192.168.42.0/24
acl lan3 src 192.168.46.0/24
acl lan4 src 10.1.200.0/24
acl server dst 192.168.1.1/32
acl server dst 85.113.221.175/32
http_access allow lan
http_access allow lan2
http_access allow lan3
http_access allow lan4
http_access deny all

http_port 192.168.1.1:3128
http_port 127.0.0.1:3128 intercept
https_port 127.0.1:3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/usr/local/etc/squid/squidCA.pem key=/usr/local/etc/squid/squidCA.pem

sslcrtd_program /usr/local/libexec/squid/security_file_certgen -s /var/squid/ssl_db -M 8MB
sslcrtd_children 1

always_direct allow all
ssl_bump none localhost
ssl_bump server-first all
sslproxy_cert_error allow all

Run squid in debug:
# squid -X
[skipped]
2019/05/16 15:36:34.777| 24,9| MemBlob.cc(56) MemBlob: constructed, this=0x802261930 id=blob546 reserveSize=6
2019/05/16 15:36:34.777| 24,8| MemBlob.cc(101) memAlloc: blob546 memAlloc: requested=6, received=40
2019/05/16 15:36:34.777| 24,9| MemBlob.cc(82) ~MemBlob: destructed, this=0x801bb1ea0 id=blob544 capacity=40 size=6
2019/05/16 15:36:34.777| 24,7| SBuf.cc(865) reAlloc: SBuf47 new store capacity: 40
2019/05/16 15:36:34.777| 24,7| SBuf.cc(160) rawSpace: reserving 1 for SBuf112
2019/05/16 15:36:34.777| 24,8| SBuf.cc(886) cow: SBuf112 new size:6
2019/05/16 15:36:34.777| 24,8| SBuf.cc(857) reAlloc: SBuf112 new size: 6
2019/05/16 15:36:34.777| 24,9| MemBlob.cc(56) MemBlob: constructed, this=0x801bb1ea0 id=blob547 reserveSize=6
2019/05/16 15:36:34.777| 24,8| MemBlob.cc(101) memAlloc: blob547 memAlloc: requested=6, received=40
2019/05/16 15:36:34.778| 24,9| MemBlob.cc(82) ~MemBlob: destructed, this=0x802261990 id=blob545 capacity=40 size=6
2019/05/16 15:36:34.778| 24,7| SBuf.cc(865) reAlloc: SBuf112 new store capacity: 40
2019/05/16 15:36:34.778| 28,3| InnerNode.cc(57) lineParse: looking for ACL all
2019/05/16 15:36:34.778| 28,9| Acl.cc(96) FindByName: ACL::FindByName 'all'
2019/05/16 15:36:34.778| 45,3| cbdata.cc(254) cbdataInternalAlloc: Allocating 0x802286658 ../src/acl/Tree.h:24
Segmentation faut(core dumped)

Debug:
# gdb /usr/local/sbin/squid /usr/local/etc/squid/squid.core
GNU gdb (GDB) 8.2.1 [GDB v8.2.1 for FreeBSD]
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/sbin/squid...done.
[New LWP 101829]
Core was generated by `squid -X'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  strlen (str=0x0) at /usr/src/lib/libc/string/strlen.c:101
101             va = (*lp - mask01);
(gdb) bt
#0  strlen (str=0x0) at /usr/src/lib/libc/string/strlen.c:101
#1  0x00000000004a9fa5 in std::__1::char_traits<char>::length (__s=0x0) at /usr/include/c++/v1/__string:217
#2  0x00000000004a9aac in std::__1::operator<< <std::__1::char_traits<char> > (__os=..., __str=0x0)
    at /usr/include/c++/v1/ostream:864
#3  0x00000000006e3a5b in uniqueHostname () at tools.cc:540
#4  0x00000000004c3b0d in configDoConfigure () at cache_cf.cc:701
#5  0x00000000004ab694 in parseConfigFileOrThrow (file_name=0x801bb0220 "/usr/local/etc/squid/squid.conf") at cache_cf.cc:590
#6  0x00000000004ab435 in parseConfigFile (file_name=0x801bb0220 "/usr/local/etc/squid/squid.conf") at cache_cf.cc:614
#7  0x0000000000640505 in SquidMain (argc=2, argv=0x7fffffffea70) at main.cc:1572
#8  0x000000000064010c in SquidMainSafe (argc=2, argv=0x7fffffffea70) at main.cc:1417
#9  0x00000000006400d2 in main (argc=2, argv=0x7fffffffea70) at main.cc:1405
(gdb) frame 9
#9  0x00000000006400d2 in main (argc=2, argv=0x7fffffffea70) at main.cc:1405
1405        return SquidMainSafe(argc, argv);
(gdb) frame 8
#8  0x000000000064010c in SquidMainSafe (argc=2, argv=0x7fffffffea70) at main.cc:1417
1417            return SquidMain(argc, argv);
(gdb) frame 7
#7  0x0000000000640505 in SquidMain (argc=2, argv=0x7fffffffea70) at main.cc:1572
1572                parse_err = parseConfigFile(ConfigFile);
(gdb) frame 6
#6  0x00000000004ab435 in parseConfigFile (file_name=0x801bb0220 "/usr/local/etc/squid/squid.conf") at cache_cf.cc:614
614             return parseConfigFileOrThrow(file_name);
(gdb) frame 5
#5  0x00000000004ab694 in parseConfigFileOrThrow (file_name=0x801bb0220 "/usr/local/etc/squid/squid.conf") at cache_cf.cc:590
590         configDoConfigure();
(gdb) frame 4
#4  0x00000000004c3b0d in configDoConfigure () at cache_cf.cc:701
701                  uniqueHostname(),
(gdb) frame 3
#3  0x00000000006e3a5b in uniqueHostname () at tools.cc:540
540         debugs(21, 3, HERE << " Config: '" << Config.uniqueHostname << "'");
(gdb) frame 2
#2  0x00000000004a9aac in std::__1::operator<< <std::__1::char_traits<char> > (__os=..., __str=0x0)
    at /usr/include/c++/v1/ostream:864
864         return _VSTD::__put_character_sequence(__os, __str, _Traits::length(__str));
(gdb) frame 1
#1  0x00000000004a9fa5 in std::__1::char_traits<char>::length (__s=0x0) at /usr/include/c++/v1/__string:217
217         length(const char_type* __s)  _NOEXCEPT {return __builtin_strlen(__s);}
(gdb) frame 0
#0  strlen (str=0x0) at /usr/src/lib/libc/string/strlen.c:101
101             va = (*lp - mask01);
(gdb)



Make config options:

x x [ ] ARP_ACL         ARP/MAC/EUI based authentification                   x x 
 x x [ ] BDB             Berkeley DB support required for session and time quox x 
 x x [x] CACHE_DIGESTS   Use cache digests                                    x x 
 x x [ ] DEBUG           Build with extended debugging support                x x 
 x x [ ] DELAY_POOLS     Delay pools (bandwidth limiting)                     x x 
 x x [x] DOCS            Build and/or install documentation                   x x 
 x x [ ] ECAP            Loadable content adaptation modules                  x x 
 x x [x] ESI             ESI support                                          x x 
 x x [x] EXAMPLES        Build and/or install examples                        x x 
 x x [x] FOLLOW_XFF      Support for the X-Following-For header               x x 
 x x [x] FS_AUFS         AUFS (threaded-io) support                           x x 
 x x [x] FS_DISKD        DISKD storage engine controlled by separate service  x x 
 x x [ ] FS_ROCK         ROCK storage engine                                  x x 
 x x [x] HTCP            HTCP support                                         x x 
 x x [ ] ICAP            the ICAP client                                      x x 
 x x [x] ICMP            ICMP pinging and network measurement                 x x 
 x x [x] IDENT           Ident lookups (RFC 931)                              x x 
 x x [x] IPV6            IPv6 protocol support                                x x 
 x x [x] KQUEUE          Kqueue(2) support                                    x x 
 x x [x] LARGEFILE       Support large (>2GB) cache and log files             x x 
 x x [x] LAX_HTTP        Do not enforce strict HTTP compliance                x x 
 x x [ ] NETTLE          Nettle MD5 algorithm support                         x x 
 x x [x] PCRE            Use Perl Compatible Regular Expressions              x x 
 x x [x] SNMP            SNMP support                                         x x 
 x x [x] SSL             SSL gatewaying support                               x x 
 x x [x] SSL_CRTD        Use ssl_crtd to handle SSL cert requests             x x 
 x x [x] STACKTRACES     Enable automatic backtraces on fatal errors          x x 
 x x [ ] VIA_DB          Forward/Via database                                 x x 
 x x [x] WCCP            Web Cache Coordination Protocol                      x x 
 x x [x] WCCPV2          Web Cache Coordination Protocol v2                   x x 
 x xqqqqqqqqqqqqqqqqqqqqqqqqqq Authentication helpers qqqqqqqqqqqqqqqqqqqqqqqqx x 
 x x [ ] AUTH_LDAP       Install LDAP authentication helpers                  x x 
 x x [x] AUTH_NIS        Install NIS/YP authentication helpers                x x 
 x x [ ] AUTH_SASL       Install SASL authentication helpers                  x x 
 x x [ ] AUTH_SMB        Install SMB auth. helpers (req. Samba)               x x 
 x x [ ] AUTH_SQL        Install SQL based auth                               x x 
 x xqqqqqqqqqqqqqqqqqqqqqqq GSSAPI Security API support qqqqqqqqqqqqqqqqqqqqqqx x 
 x x ( ) GSSAPI_NONE     Disable GSSAPI support                               x x 
 x x (*) GSSAPI_BASE     GSSAPI support via base system (needs Kerberos)      x x 
 x x ( ) GSSAPI_HEIMDAL  GSSAPI support via security/heimdal                  x x 
 x x ( ) GSSAPI_MIT      GSSAPI support via security/krb5                     x x 
 x xqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq FW qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqx x 
 x x ( ) TP_IPF          Transparent proxying with IPFilter                   x x 
 x x (*) TP_IPFW         Transparent proxying with IPFW                       x x 
 x x ( ) TP_PF           Transparent proxying with PF                         x x

Comment 1 emz 2019-05-20 06:27:31 UTC

Same stuff here (almost) on 12.0-R with slightly different port flags.
What is more surprising, only one of the two almost identical servers is affected.

On the affected machine squid crashes right after start.

But here's the thing: in my case the basic_pam_auth helper crashes, not the main process.

Comment 2 Pavel Timofeev 2019-07-15 14:23:09 UTC

Any help is appreciated here!

Comment 3 Sergey Anokhin 2019-08-21 21:03:30 UTC

(In reply to timp87 from comment #2)

I've made some researchements, so, it seems that we had two bugs:
1. Unknown cause of core dumped
2. Core dumped with blank variable unique_hostname  and -X parameter. The combination of these two factors gives core dumped (tested on latest port version squid-4.8_1)

I suspect that the bug was dissapear after upgading to squid 4.8

Comment 4 Kubilay Kocak freebsd_committer

2019-08-25 09:46:06 UTC

(In reply to Sergey Anokhin from comment #3)

Is that to say the crash is no longer reproducible with squid 4.8?

Comment 5 Eugene Grosbein freebsd_committer

2019-08-28 04:31:08 UTC

In off-track conversation submitter confirmed that version 4.8 runs without crash unless debugging switch -X is added manually that is not the case for our port.