You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2018/08/28 15:03:42 UTC
[Bug 62658] New: Child process crashes with segfault signal during
graceful
https://bz.apache.org/bugzilla/show_bug.cgi?id=62658
Bug ID: 62658
Summary: Child process crashes with segfault signal during
graceful
Product: Apache httpd-2
Version: 2.4.34
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mpm_event
Assignee: bugs@httpd.apache.org
Reporter: jurcpdo@gmail.com
Target Milestone: ---
Created attachment 36113
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36113&action=edit
Fix httpd child process crash with segfault signal
When two or more graceful reloads are requested in a small period of time, the
child process that was under initialization crashes with segmentation fault.
# httpd -k graceful && httpd -k graceful
gdb backtrace:
#0 impl_pollset_remove (pollset=0xb8e0ba78, descriptor=0x0) at
poll/unix/epoll.c:214
#1 0xb742e479 in apr_pollset_remove (pollset=0xb8e0ba78, descriptor=0x0)
at poll/unix/pollset.c:343
#2 0xb6ebf7f0 in disable_listensocks () at event.c:470
#3 0xb6ebf841 in wakeup_listener () at event.c:578
#4 0xb6ebfc32 in signal_threads (mode=1) at event.c:627
#5 0xb6ec2e4f in child_main (child_num_arg=2, child_bucket=<optimized
out>) at event.c:2581
#6 0xb6ec378f in make_child (s=0xb8dcbe28, slot=2, bucket=0) at
event.c:2665
#7 0xb6ec428c in perform_idle_server_maintenance (num_buckets=<optimized
out>,
child_bucket=<optimized out>) at event.c:2848
#8 server_main_loop (num_buckets=1, remaining_children_to_start=0) at
event.c:2976
#9 event_run (_pconf=0xb8da70a8, plog=0xb8dcd9a0, s=0xb8dcbe28) at
event.c:3053
#10 0xb76dbb47 in ap_run_mpm (pconf=0xb8da70a8, plog=0xb8dcd9a0,
s=0xb8dcbe28)
at mpm_common.c:96
#11 0xb76d4607 in main (argc=1, argv=0xbf9e5824) at main.c:819
Error log:
[Fri Aug 24 13:22:50.695032 2018] [mpm_event:notice] [pid 5852:tid 3071530752]
AH00489: Apache/2.4.34 (Unix) OpenSSL/1.0.2p configured -- resuming normal
operations
[Fri Aug 24 13:22:50.695045 2018] [core:notice] [pid 5852:tid 3071530752]
AH00094: Command line: '/usr/sbin/httpd'
[Fri Aug 24 13:22:50.695752 2018] [core:notice] [pid 5852:tid 3071530752]
AH00051: child pid 6502 exit signal Segmentation fault (11), possible coredump
in /CORE
[Fri Aug 24 13:22:50.695767 2018] [core:error] [pid 5852:tid 3071530752]
AH00546: no record of generation 2 of exiting child 6502
Apparently, the method disable_listensocks() runs before init_pollset(), so
listener_pollfd will still be unallocated, hence the segfault. It happens only
for the child that was being created when the second graceful reload was
issued.
It might not be so easily reproducible. From several almost identical systems,
only some showed this behaviour.
My suggestion, as the patch attached shows, is to check if the file descriptor
is valid before running apr_pollset_remove(). This does not seem to disrupt the
rest of the flow.
In my tests with the patch, the affected process then continues and eventually
runs init_pollset() then disable_listensocks() and finishes.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62658] Child process crashes with segfault signal during
graceful
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62658
Yann Ylavic <yl...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #36115|0 |1
is obsolete| |
--- Comment #3 from Yann Ylavic <yl...@gmail.com> ---
Created attachment 36121
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36121&action=edit
MPM(s) runtime objects' lifetime (v2)
This new patch is the same one plus r1839571, which should address AH00546.
Does it work for you?
Thanks for testing Julie.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62658] Child process crashes with segfault signal during
graceful
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62658
--- Comment #2 from Julie Rodrigueiro <ju...@intra2net.com> ---
Thank you for the reply.
I'm sure your patch addresses the issue in a broad way. Mine is more of a
workaround.
I tried and it works ok, I don't have a segfault any more, but I still get a
AH00546 error in between gracefuls.
[Wed Aug 29 09:29:23.298239 2018] [core:notice] [pid 16071:tid 3072272128]
AH00094: Command line: '/usr/sbin/httpd'
[Wed Aug 29 09:29:23.298413 2018] [core:error] [pid 16071:tid 3072272128]
AH00546: no record of generation 69 of exiting child 6979
[Wed Aug 29 09:29:32.572345 2018] [mpm_event:notice] [pid 16071:tid 3072272128]
AH00493: SIGUSR1 received. Doing graceful restart
What do you think? Would it be unrelated?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62658] Child process crashes with segfault signal during
graceful
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62658
Graham Leggett <mi...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #5 from Graham Leggett <mi...@apache.org> ---
Backported to v2.4.36.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62658] Child process crashes with segfault signal during
graceful
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62658
--- Comment #1 from Yann Ylavic <yl...@gmail.com> ---
Created attachment 36115
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36115&action=edit
MPM(s) runtime objects' lifetime
This patch backports r1835845, r1835846, r1837354 and r1837356 from trunk.
It addresses this PR by creating/initializing objects used by signal_threads()
before it's possibly called, and also makes sure their lifetime is correct on
(un)graceful restarts (though more complex than attachment 36113, it's also
more complete IMO).
Could you please try it?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62658] Child process crashes with segfault signal during
graceful
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62658
--- Comment #4 from Julie Rodrigueiro <ju...@intra2net.com> ---
Yes, it works for me!
The error is not reproducible any more.
Thanks a lot, Yann.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62658] Child process crashes with segfault signal during
graceful
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62658
Thomas Jarosch <th...@intra2net.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |thomas.jarosch@intra2net.co
| |m
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org