Apache daemon is starting fine, but when accessing a web page, the browser says it cannot be reached. No error message in apache log, but in Pax.log I can see : Dec 6 17:40:49 gentoo kernel: [ 303.223896] PAX: terminating task: /usr/sbin/apache2(apache2):1848, uid/euid: 81/81, PC: 13b86918, SP: 5a7f693c Dec 6 17:40:49 gentoo kernel: [ 303.223906] PAX: bytes at PC: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 a0 6a b8 13 Dec 6 17:40:49 gentoo kernel: [ 303.223933] PAX: bytes at SP-4: 5060d670 51e6f40b 51caa83b 00000087 13b8aa08 488eb49d 139caf48 13829cc8 1367f5d0 488eb49d 13829cc8 00000087 5a7f69b8 505edf6a 13b98140 13b9b030 5a7f6998 00000000 00000087 00000000 00000000 Dec 6 17:40:56 gentoo kernel: [ 310.216714] PAX: From 192.168.1.66: execution attempt in: (null), 00000000-00000000 00000000 Dec 6 17:40:56 gentoo kernel: [ 310.216724] PAX: terminating task: /usr/sbin/apache2(apache2):1849, uid/euid: 81/81, PC: 00000058, SP: 5a7f77dc Dec 6 17:40:56 gentoo kernel: [ 310.216734] PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? Dec 6 17:40:56 gentoo kernel: [ 310.216789] PAX: bytes at SP-4: 00000000 519fcbe9 13b8dfec 5a7f7848 5a7f7844 00000000 51c3cfc5 13b806d0 51c3e300 488eb49d 00000000 00000000 00000739 488eb49d 00000001 00000006 00000000 51983980 13b8df74 00000000 13b9652e Reproducible: Always
# emerge --info apache Portage 2.1.9.25 (hardened/linux/x86, gcc-4.5.1, glibc-2.12.1-r3, 2.6.36-hardened-r4 i686) ================================================================= System Settings ================================================================= System uname: Linux-2.6.36-hardened-r4-i686-Intel-R-_Xeon-TM-_CPU_2.66GHz-with-gentoo-2.0.1 Timestamp of tree: Mon, 06 Dec 2010 16:00:01 +0000 app-shells/bash: 4.1_p9 dev-lang/python: 2.7.1, 3.1.3 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 2.0.1-r1 sys-apps/openrc: 0.6.7 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.68 sys-devel/automake: 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.5.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82 virtual/os-headers: 2.6.36.1 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="x86 ~x86" ACCEPT_LICENSE="* -@EULA PUEL" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=native -mtune=native -pipe -fomit-frame-pointer -floop-interchange -floop-strip-mine -floop-block -floop-parallelize-all -fgraphite-identity" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -march=native -mtune=native -pipe -fomit-frame-pointer -floop-interchange -floop-strip-mine -floop-block -floop-parallelize-all -fgraphite-identity" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://ftp.free.fr/mirrors/ftp.gentoo.org/ ftp://gentoo.imj.fr/pub/gentoo/ http://mirrors.linuxant.fr/distfiles.gentoo.org/ ftp://mirrors.linuxant.fr/distfiles.gentoo.org/ http://gentoo.modulix.net/gentoo/ ftp://mirror.ovh.net/gentoo-distfiles/ http://de-mirror.org/distro/gentoo/ ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="fr" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl acpi ads apache2 audit bash-completion bcmath berkdb bzip2 calendar caps cgi chdir cli colordiff contentcache cracklib crypt ctype cups curl cxx dri expat extensions filter fontconfig ftp gd gdbm gmp gpm graphite hardened headless iconv idn imap innodb ipv6 ithreads jpeg json kerberos latin1 ldap lsb memlimit mhash mktemp mmx modules mudflap mysql ncurses network-cron nls nptl nptlonly openmp openssl pam pcre perl php pic png posix pppd python readline session snmp soap sockets sse sse2 ssl suhosin svg symlink sysfs tcpd threads truetype unicode urandom vboxwebsrv x86 xml xorg xsl zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="prefork" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="fr" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 intel mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa via vmware nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY ================================================================= Package Settings ================================================================= www-servers/apache-2.2.16-r1 was built with the following: USE="ldap ssl -debug -doc (-selinux) -static -suexec -threads" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias -asis -auth_digest -authn_dbd -cern_meta -charset_lite -dbd -dumpio -ident -imagemap -log_forensic -proxy -proxy_ajp -proxy_balancer -proxy_connect -proxy_ftp -proxy_http -proxy_scgi -reqtimeout -substitute -version" APACHE2_MPMS="prefork -event -itk -peruser -worker" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--no-as-needed"
Is this occurring when you load a static web page or something served via PHP, etc? Also, there are some stability issues known/suspected on hardened with USE="graphite". Here are some questions: You have some CFLAGS that might cause issues as well, like -fgraphite-identity. What happens when you compile with just -march=native -pipe ? What is up with your LDFLAGS for apache only? LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--no-as-needed", seems odd that you have both --as-needed AND --no-as-needed. (noted at the bottom of comment #2) Please note that -fomit-frame-pointer will make this hard to debug, which would be a necessary next step. That is, build in debugging symbols. Lets see what other hardened team members say too, this is an important package.
This occurs when loading a php page (I use roundcube and ocsreports on this server). I 've recompiled with only -march=native -pipe, same issue. The --no-as-needed is odd, because I didn't specify any LDFLAGS in my make.conf. The only which should apply is from my profile ( hardened/linux/x86 ). I don't know where these LDFLAGS comes from.
Same here, but not with PHP but with SSL pages. i thought it be related to the openssl 1.0.0 upgrade. PAX: From 137.226.12.54: execution attempt in: (null), 00000000-00000000 00000000 PAX: terminating task: /usr/sbin/apache2(apache2):26563, uid/euid: 81/81, PC: 00000058, SP: 498a9cac PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? PAX: bytes at SP-4: 00000000 4d0dbff4 088c0ea4 498a9d0c 498a9d08 00000000 00000001 4d04bc3f 000001d5 4cf42070 0000000a 00000001 4d04bc3f 088c0e28 00000000 4cfb7ea6 4d0f3ff4 088c0e2c 00000000 498a9d08 498a9d0 emerge --info Portage 2.1.9.24 (hardened/linux/x86, gcc-4.5.1, glibc-2.12.1-r3, 2.6.33-gentoo-r1-grsec i686) ================================================================= System uname: Linux-2.6.33-gentoo-r1-grsec-i686-Intel-R-_Celeron-R-_CPU_2.80GHz-with-gentoo-1.12.14 Timestamp of tree: Sat, 04 Dec 2010 17:30:23 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.1_p7 dev-lang/python: 2.6.5-r3, 3.1.2-r4 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 1.12.14-r1 sys-apps/sandbox: 2.3-r1 sys-devel/autoconf: 2.65-r1 sys-devel/automake: 1.9.6-r2, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.5.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.81-r2 virtual/os-headers: 2.6.36.1 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA as-is PUEL dlj-1.1" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -mtune=generic -march=native -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -mtune=generic -march=native -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs ccache distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv" GENTOO_MIRRORS="http://distfiles.gentoo.org" LDFLAGS="-Wl,--as-needed" LINGUAS="en de" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/self" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="abyss acl acpi admin aim aio amavis apache2 ares aspnet2 async authdaemond authlib bash-completion bcmath berkdb bzip2 calendar caps ccache cgi charconv chroot clamav clamd clamdtop cli community contentcache corefonts courier cpio cracklib crypt ctype curl curlwrappers cxx deflate deprecated dkim edit exif expat extensions faillog fam fileinfo filter fontconfig ftp fts3 gd gd-external gdbm geoip gif git gmp gnutls gocr gpg gphoto2 graphite gs highlight history http hunspell iconv icq idn imagemagick imap innodb inode inotify intl ipv6 jabber java-external java5 java6 jpeg json kpathsea latex3 latin1 libedit lm_sensors logrotate logwatch lua lzma lzo maildir math md5sum mhash mime mmap mod_python mode-paranoid modperl mp3 mysql mysqli mysqlnd ncurses net netpbm network-cron nls nptl ntp offensive openssl optimization pam pcntl pcre pdo perl perlsuid php png policykit poppler-data posix postfix postgres procmail python quota quotas readline rss rsync samba sasl screen server session sftp sha512 sharedmem simplexml slang snmp soap sockets spamassassin spell spf spl sqlite sqlite3 ssh ssl subversion suexec suhosin svg symlink sysfs syslog sysvipc threads threadsafe tiff tools trashquota truetype unicode urandom userlocales vda vhosts vim vim-pager vim-syntax web webdav webdav-neon webphoto x264 x86 xml xmlreader xmlrpc xmlwriter zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_alias authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta charset_lite dav dav_fs dav_lock dbd deflate dir dumpio env expires ext_filter file_cache filter headers include info log_config log_forensic logio mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http rewrite setenvif speling status substitute unique_id userdir usertrack version cgi cgid" APACHE2_MPMS="worker" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en de" PHP_TARGETS="php5-2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 intel mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa via vmware voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, MAKEOPTS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS i guess i'm going back to 2.2.16 for now.
(In reply to comment #4) > Same here, but not with PHP but with SSL pages. i thought it be related to the > openssl 1.0.0 upgrade. > after some more investigation i found out my initial idea was right. MY problem was fixed by revdep-rebuild --library libssl.so.0.9.8 revdep-rebuild --library libcrypto.so.0.9.8 rm /usr/lib/libssl.so.0.9.8 /usr/lib/libcrypto.so.0.9.8 reboot
I've done the revdep-rebuild --library libssl.so.0.9.8 a long time ago... But to be sure having something stable, I dropped the graphite CFLAGS and made a emerge -DNeva world, and reboot. Still the same issue...
(In reply to comment #6) > I've done the revdep-rebuild --library libssl.so.0.9.8 a long time ago... > > But to be sure having something stable, I dropped the graphite CFLAGS and made > a emerge -DNeva world, and reboot. > > Still the same issue... I did some more research, maybe this issue: http://bugs.gentoo.org/show_bug.cgi?id=347785?
Seems to be a dupe of 347782
(In reply to comment #8) > Seems to be a dupe of 347782 > Can you test it with gcc-4.4.5 if it still segfault?
I confirm it works with gcc-4.4.5.
*** This bug has been marked as a duplicate of bug 347782 ***
