Bug 60510 - Apache segrafults after reload when using HTTP2
Summary: Apache segrafults after reload when using HTTP2
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_http2 (show other bugs)
Version: 2.5-HEAD
Hardware: PC Linux
: P2 blocker (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-22 12:13 UTC by Pavel Mateja
Modified: 2016-12-23 12:44 UTC (History)
0 users


Attachments
patch to fix segfault in mod_http2 (736 bytes, patch)
2016-12-22 14:20 UTC, Pavel Mateja 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Mateja 2016-12-22 12:13:53 UTC 
Hi,
after Apache update from 2.4.23 to 2.4.25 we suddenly got apache segfaults.

Steps to reproduce:
1. start httpd
2. GET some pages using HTTP2
3. reload apache (kill -USR1)
4. goto 2

After one iteration I got:
[Thu Dec 22 12:02:29.022628 2016] [core:notice] [pid 20447:tid 140060432906112] AH00052: child pid 21963 exit signal Segmentation fault (11)

Backtrace:
Core was generated by `/apache/bin/httpd'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00000000005890c7 in h2_beam_bucket ()
(gdb) bt
#0  0x00000000005890c7 in h2_beam_bucket ()
#1  0x000000000058b008 in h2_beam_receive ()
#2  0x000000000057cbf0 in fill_buffer ()
#3  0x000000000057d103 in h2_stream_out_prepare ()
#4  0x000000000057576b in on_stream_resume ()
#5  0x0000000000566c7b in h2_mplx_dispatch_master_events ()
#6  0x0000000000578e43 in h2_session_process ()
#7  0x000000000055af91 in h2_conn_run ()
#8  0x000000000055f9cd in h2_h2_process_conn ()
#9  0x00000000004764d9 in ap_run_process_connection ()
#10 0x0000000000476b73 in ap_process_connection ()
#11 0x00000000005c9808 in process_socket ()
#12 0x00000000005ca632 in worker_thread ()
#13 0x00007f07fb9338de in ?? ()
#14 0x0000000000000000 in ?? ()


After two iterations I got:
[Thu Dec 22 12:03:10.191242 2016] [mpm_worker:notice] [pid 20447:tid 140060432906112] AH00297: SIGUSR1 received.  Doing graceful restart
[Thu Dec 22 12:03:10.192828 2016] [core:notice] [pid 20447] AH00060: seg fault or similar nasty error detected in the parent process

Backtrace:
Core was generated by `/apache/bin/httpd'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000000589079 in h2_register_bucket_beamer ()
(gdb) bt
#0  0x0000000000589079 in h2_register_bucket_beamer ()
#1  0x000000000055ea67 in h2_h2_register_hooks ()
#2  0x000000000055896a in h2_hooks ()
#3  0x0000000000468b08 in ap_register_hooks ()
#4  0x00000000004373ac in main ()

Other SW: debian oldstable, nghttp2-1.17.0

Does anybody has same problem?
Comment 1 Pavel Mateja 2016-12-22 14:20:24 UTC 
Created attachment 34549 [details]
patch to fix segfault in mod_http2

I think the problem is caused by static variable "beamers".
I tried to add cleanup function which seems to fix the problem for me.

Can anybody confirm I'm on the right track please?

Pavel
Comment 2 Stefan Eissing 2016-12-23 09:39:17 UTC 
Pavel,

that looks like a good fix. If that solves the problem in your setup, I'll adopt that change into trunk+2.4.x.
Comment 3 Stefan Eissing 2016-12-23 12:44:28 UTC 
Fixed by r1775833 in trunk. Currently backporting to 2.4.x.