Bug 60189 - httpd with worker/event mpm segfaults after multiple successive graceful reloads
Summary: httpd with worker/event mpm segfaults after multiple successive graceful reloads
Status: RESOLVED DUPLICATE of bug 60487
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.4.23
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: PatchAvailable
Depends on:
Blocks:
 
Reported: 2016-09-29 13:45 UTC by Lubos Uhliarik
Modified: 2017-06-25 12:41 UTC (History)
0 users



Attachments
Patch fixing the issue (439 bytes, patch)
2016-09-29 13:45 UTC, Lubos Uhliarik
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Lubos Uhliarik 2016-09-29 13:45:18 UTC
Created attachment 34314 [details]
Patch fixing the issue

Apache httpd in the latest version (2.4.23) configured with worker/event mpm segfaults after receiving multiple successive graceful reloads (SIGHUP).


Reproducer:
  1. Install httpd
  2. Ensure using worker or event
     (e.g.: sed -i -e '/^Load/s/^/#/' -e '/#Load.*event/s/^#//' /etc/httpd/conf.modules.d/00-mpm.conf)
  3. systemctl restart httpd
  4. systemctl start httpd; n=0; while :; do ((n++)); systemctl reload httpd || break; done 2>/dev/null; echo reload failed after count=$n


This causes that httpd segfaults after many consequent httpd's reloads. This can be very unpleasant, if someone has multiple custom files in /etc/logrotate.d/ with httpd reload inside it.


BT from the core:

(gdb) bt
#0  0x00007fb40864c900 in ?? ()
#1  <signal handler called>
#2  0x00007fb4144561a3 in __select_nocancel () at ../sysdeps/unix/syscall-template.S:84
#3  0x00007fb414b66975 in apr_sleep (t=t@entry=46875) at time/unix/time.c:246
#4  0x00007fb414b5a833 in free_proc_chain (procs=0x555d904709b8) at memory/unix/apr_pools.c:2483
#5  0x00007fb414b5b7c3 in apr_pool_clear (pool=0x555d903b4188) at memory/unix/apr_pools.c:777
#6  0x0000555d90044d5f in main (argc=<optimized out>, argv=<optimized out>) at main.c:713

I'm proposing following change:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/server/mpm/event/event.c b/server/mpm/event/event.c
index c64b08f..5852685 100644
--- a/server/mpm/event/event.c
+++ b/server/mpm/event/event.c
@@ -2735,6 +2735,7 @@ static int event_run(apr_pool_t * _pconf, apr_pool_t * plog, server_rec * s)
 
     /* we've been told to restart */
     apr_signal(SIGHUP, SIG_IGN);
+    apr_signal(AP_SIG_GRACEFUL, SIG_IGN);
 
     if (one_process) {
         /* not worth thinking about */
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I think, AP_SIG_GRACEFUL should be ignored, after we announced to httpd, we are going to restart, because otherwise, it can cause RACE when AP_SIG_GRACEFUL is received and httpd is just in apr_pool_clear function. 

If you need any further info, feel free to ask.
Comment 1 Luca Toscano 2017-06-25 12:25:43 UTC
Hi Lubos,

would it be possible for you to provide a stack trace with symbols and the output of "thread apply all bt" rather than only "bt" ?

Thanks!

Luca
Comment 2 Eric Covener 2017-06-25 12:41:23 UTC
until we hear back, looks like PR60487

*** This bug has been marked as a duplicate of bug 60487 ***