Menu
▾
▴
Re: [Devil-Linux-discuss] Squid trouble in DL 1.8.0-rc2
|
From: Heiko Z. <he...@zu...> - 2016-08-13 13:04:59
|
Udo & Frank, I just tested squid and it seems to work fine on the latest build (haven't done any changes). Do you use your own build? Is it using the standard config or did you customize? (maybe we're missing a lib). I'm uploading the exact version I'm testing with to ftp.devil-linux.org/pub/devel/testing right now. It should be complete about 45 minutes from writing this email. Try it with that and let me know if it behaves any different. Heiko Quoting Udo Lembke <ul...@po...>: > Hi, > I tried to do an simple "squid -v" and the process died also with > Illegal Instruction. > And, like Frank allready wrote, the config file isn't open at this time. > > strace shows at last the reading of /dev/urandom: > getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 > futex(0x70a4a82614e8, FUTEX_WAKE_PRIVATE, 2147483647) = 0 > brk(0) = 0xfd7480 > brk(0xff8480) = 0xff8480 > brk(0xff9000) = 0xff9000 > open("/dev/urandom", O_RDONLY) = 3 > fcntl(3, F_GETFD) = 0 > fcntl(3, F_SETFD, FD_CLOEXEC) = 0 > fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 > getrusage(0x1 /* RUSAGE_??? */, {ru_utime={0, 39999}, ru_stime={0, > 79999}, ...}) = 0 > read(3, > "pu\17\2559L\0017O\221\354\241\363!{\222\370\353d\314S\216\242ND}\26\300Y\37Jp", > 32) = 32 > read(3, > ".\375\267\247IG.\3266+L\26\36\313\30_\225\2055\211\33\201\257\251.\26\26;\347\0215\366", > 32) = 32 > read(3, "\245m#\314=@**", 8) = 8 > futex(0x70a4aa316480, FUTEX_WAKE_PRIVATE, 2147483647) = 0 > futex(0x70a4aa316470, FUTEX_WAKE_PRIVATE, 2147483647) = 0 > brk(0x101a000) = 0x101a000 > mmap(NULL, 266240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) = 0x70a4abfb0000 > --- SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPN, si_addr=0x793b78} --- > +++ killed by SIGILL +++ > At this time also network isn't in use (which is on Franks strace output). > > Udo > > On 09.08.2016 08:58, Frank Weis wrote: >> Hi Heiko, >> >> it doesn't get to the point where it logs anything. >> >> I have copied in the /etc/squid.conf supplied with the source (or even >> started without conf file). >> >> When I strace it, I see that it opens some libs, and /dev/urandom, but >> not /etc/squid.conf. It calls uname and gets the name of the host. >> >> The last 20 lines from strace: >> >> fcntl64(3, F_GETFD) = 0 >> fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 >> fstat64(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 >> getrusage(0x1 /* RUSAGE_??? */, {ru_utime={0, 29999}, ru_stime={0, >> 6666}, ...}) = 0 >> read(3, >> "\337\3617\312X\270\340\203\244\376\25+\0316\201\246\205\23\354\245\227\321\23\275l\357\345Ff\324\177\345", >> 32) = 32 >> read(3, >> "W\247\352\227\254\v\303\221Pi\362\22Dw\6\24\201\200\232\263\252K\331\237o\337\332\372!\347\31[", >> 32) = 32 >> read(3, "\16\250\0240\334\360\333\272", 8) = 8 >> futex(0xbcd810, FUTEX_WAKE_PRIVATE, 2147483647) = 0 >> futex(0xbcd808, FUTEX_WAKE_PRIVATE, 2147483647) = 0 >> brk(0xb2a6000) = 0xb2a6000 >> mmap2(NULL, 266240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, >> 0) = 0xb538d000 >> brk(0xb2c9000) = 0xb2c9000 >> brk(0xb2ed000) = 0xb2ed000 >> brk(0xb311000) = 0xb311000 >> brk(0xb335000) = 0xb335000 >> socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 4 >> setsockopt(4, SOL_IPV6, IPV6_V6ONLY, [0], 4) = 0 >> close(4) = 0 >> --- SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPN, si_addr=0x8251e40} --- >> +++ killed by SIGILL +++ >> >> When I start squid from inside the lfssystem (chrooted), it complains >> about missing /etc/squid.conf >> >> On a booted DL, it makes no difference if the conf file is present or not. >> >> Thanks >> >> On 2016-08-08 21:00, Heiko Zuerker wrote: >>> Frank, >>> >>> Try increasing the log level and see if it spits anything else out in >>> the squid log, before it crashes. >>> Are you using an existing configuration? If yes, try with a clean one. >>> You can also try the server version to see if it's related to any of >>> our security enhancements. >>> >>> Heiko >>> >>> Quoting Frank Weis <Fra...@cg... <mailto:Fra...@cg...>>: >>> >>>> Hi Heiko, >>>> >>>> I got the latest squid installed, it still crashes: >>>> >>>> squid -version >>>> Squid Cache: Version 3.5.20-20160805-r14070 >>>> Service Name: squid >>>> configure options: '--prefix=/usr' '--sysconfdir=/etc' >>>> '--bindir=/usr/sbin' '--libexecdir=/usr/sbin' >>>> '--datadir=/usr/share/squid' '--localstatedir=/var/squid' >>>> '--sharedstatedir=/var/squid' '--enable-delay-pools >>>> ' '--enable-useragent-log' '--enable-referer-log' '--enable-arp-acl' >>>> '--enable-ssl' '--with-openssl' '--enable-htcp' >>>> '--enable-linux-netfilter' '--enable-auth' '--disable-auth-negotiate' >>>> '--enable-auth-basic' '- >>>> -enable-auth-ntlm' '--disable-auth-digest' >>>> '--enable-log-daemon-helpers' '--enable-external-acl-helpers' >>>> '--enable-url-rewrite-helpers' '--enable-delay-icmp' '--enable-esi' >>>> '--enable-ecap' '--enable-follow-x-for >>>> warded-for' '--enable-default-err-language=English' >>>> '--enable-err-languages=English' 'CFLAGS=-mtune=i686 -march=i686' >>>> 'CXXFLAGS=-mtune=i686 -march=i686' >>>> Illegal instruction >>>> >>>> Any other ideas? >>>> >>>> Thanks >>>> >>>> On 2016-08-03 17:48, Heiko Zuerker wrote: >>>>> Frank, >>>>> >>>>> It's core dumping, but that could be for a million reasons. >>>>> Can you try updating squid and see if it makes a difference? >>>>> >>>>> Heiko >>>>> >>>>> Quoting Frank Weis <Fra...@cg... <mailto:Fra...@cg...>>: >>>>> >>>>>> Hi all, >>>>>> >>>>>> squid exits immediately and I have the following log messages. This >>>>>> happens in rc1 and rc2. Any hints? >>>>>> >>>>>> [10504.225825] grsec: Illegal instruction occurred at 083a5893 in >>>>>> /usr/sbin/squid[squid:2504] uid/euid:0/0 gid/egid:0/0, parent >>>>>> /etc/init.d/squid[squid:2497] uid/euid:0/0 gid/egid:0/0 >>>>>> [10504.225868] grsec: denied resource overstep by requesting 4096 >>>>>> for RLIMIT_CORE against limit 0 for /usr/sbin/squid[squid:2504] >>>>>> uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/squid[squid:2497] >>>>>> uid/euid:0/0 gid/ >>>>>> egid:0/0 >>>>>> >>>>>> Thanks a lot >>>>>> >>>>>> Frank >>>>>> -- >>>>>> >>>>>> *Frank Weis* >>>>>> Conseiller informaticien >>>>>> >>>>>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG >>>>>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse >>>>>> Centre de gestion informatique de l’éducation >>>>>> >>>>>> eduPôle - Walferdange >>>>>> Route de Diekirch, L-7220 Walferdange >>>>>> _Adresse postale_ : B.P. 98, L-7201 Bereldange >>>>>> >>>>>> Tél. : (+352) 247-85973 . Fax : (+352) 247-85174 >>>>>> E-mail : Fra...@cg... <mailto:Fra...@cg...> >>>>>> www.cgie.lu[1] <http://www.cgie.lu/> >>>>>> www.men.lu[2] <http://www.men.lu/> >>>>>> www.gouvernement.lu[3] <http://www.gouvernement.lu> >>>>>> >>>>>> Ce message et toutes pièces jointes sont établis à l'intention >>>>>> exclusive de ses destinataires. Ils peuvent contenir des >>>>>> informations confidentielles. Si vous recevez ce message par >>>>>> erreur, merci de le détruire et d'en avertir immédiatement >>>>>> l'expéditeur. Toute utilisation de ce message non conforme à sa >>>>>> destination, toute diffusion ou toute publication, totale ou >>>>>> partielle, est interdite, sauf autorisation expresse. Ce message a >>>>>> fait l'objet d'un traitement anti-virus. >>>>>> >>>>>> Le contenu de ce message et des pièces jointes ne pourrait engager >>>>>> la responsabilité du ministère que s'il a été émis par une personne >>>>>> dûment habilitée agissant dans le strict cadre des fonctions >>>>>> auxquelles elle est employée et à des fins non étrangères à ses >>>>>> attributions. >>>>> >>>>> -- >>>>> >>>>> Regards >>>>> Heiko Zuerker >>>> >>>> -- >>>> >>>> *Frank Weis* >>>> Conseiller informaticien >>>> >>>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG >>>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse >>>> Centre de gestion informatique de l’éducation >>>> >>>> eduPôle - Walferdange >>>> Route de Diekirch, L-7220 Walferdange >>>> _Adresse postale_ : B.P. 98, L-7201 Bereldange >>>> >>>> Tél. : (+352) 247-85973 . Fax : (+352) 247-85174 >>>> E-mail : Fra...@cg... <mailto:Fra...@cg...> >>>> www.cgie.lu[1] <http://www.cgie.lu/> >>>> www.men.lu[2] <http://www.men.lu/> >>>> www.gouvernement.lu[3] <http://www.gouvernement.lu> >>>> >>>> Ce message et toutes pièces jointes sont établis à l'intention >>>> exclusive de ses destinataires. Ils peuvent contenir des informations >>>> confidentielles. Si vous recevez ce message par erreur, merci de le >>>> détruire et d'en avertir immédiatement l'expéditeur. Toute >>>> utilisation de ce message non conforme à sa destination, toute >>>> diffusion ou toute publication, totale ou partielle, est interdite, >>>> sauf autorisation expresse. Ce message a fait l'objet d'un traitement >>>> anti-virus. >>>> >>>> Le contenu de ce message et des pièces jointes ne pourrait engager la >>>> responsabilité du ministère que s'il a été émis par une personne >>>> dûment habilitée agissant dans le strict cadre des fonctions >>>> auxquelles elle est employée et à des fins non étrangères à ses >>>> attributions. >>> >>> -- >>> >>> Regards >>> Heiko Zuerker >> >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning reports. http://sdm.link/zohodev2dev >> >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. http://sdm.link/zohodev2dev > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss Links: ------ [1] http://www.cgie.lu [2] http://www.men.lu [3] http://www.gouvernement.lu -- Regards Heiko Zuerker |
