apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47519] New: APR segfaults in apr_pollset_add()
Date Mon, 13 Jul 2009 15:10:52 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47519

           Summary: APR segfaults in apr_pollset_add()
           Product: APR
           Version: HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: APR
        AssignedTo: bugs@apr.apache.org
        ReportedBy: klausman@gentoo.org


Here's the gdb backtrace:

Starting program: /usr/sbin/apache2 -D DEFAULT_VHOST -D NAGIOS -D SSL -D
SSL_DEFAULT_VHOST -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -X
[Thread debugging using libthread_db enabled]
[New Thread 0x7fe603c03740 (LWP 6379)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fe603c03740 (LWP 6379)]
0x00007fe602982c5d in apr_pollset_add (pollset=0x0, descriptor=0x7fff0bc1bd30)
at poll/unix/epoll.c:170
170        if (pollset->flags & APR_POLLSET_NOCOPY) {
gdb> where
#0  0x00007fe602982c5d in apr_pollset_add (pollset=0x0,
descriptor=0x7fff0bc1bd30) at poll/unix/epoll.c:170
#1  0x0000000000456788 in child_main (child_num_arg=0) at prefork.c:532
#2  0x0000000000456abc in make_child (s=0x21a1590, slot=0) at prefork.c:698
#3  0x0000000000457044 in ap_mpm_run (_pconf=0x2069c00, plog=0x207b900,
s=0x21a1590) at prefork.c:974
#4  0x0000000000426555 in main (argc=16, argv=0x7fff0bc1c048) at main.c:740
gdb> bt full
#0  0x00007fe602982c5d in apr_pollset_add (pollset=0x0,
descriptor=0x7fff0bc1bd30) at poll/unix/epoll.c:170
    ev = {events = 1, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}
    ret = -1
    elem = (pfd_elem_t *) 0x0
    rv = 0
#1  0x0000000000456788 in child_main (child_num_arg=0) at prefork.c:532
    pfd = {p = 0x0, desc_type = APR_POLL_SOCKET, reqevents = 1, rtnevents = 0,
desc = {f = 0x21a0b80, s = 0x21a0b80}, client_data = 0x21a0b40}
    ptrans = (apr_pool_t *) 0x2113220
    allocator = (apr_allocator_t *) 0x2113cc0
    status = 0
    i = 1
    lr = (ap_listen_rec *) 0x21a0b40
    pollset = (apr_pollset_t *) 0x0
    sbh = (ap_sb_handle_t *) 0x20afde0
    bucket_alloc = (apr_bucket_alloc_t *) 0x7fff20000000
    last_poll_idx = 0
#2  0x0000000000456abc in make_child (s=0x21a1590, slot=0) at prefork.c:698
    pid = 0
#3  0x0000000000457044 in ap_mpm_run (_pconf=0x2069c00, plog=0x207b900,
s=0x21a1590) at prefork.c:974
    index = 0
    remaining_children_to_start = 197246576
    rv = 0
#4  0x0000000000426555 in main (argc=16, argv=0x7fff0bc1c048) at main.c:740
    c = 88 'X'
    configtestonly = 0
    confname = 0x7fff0bc1c762 "/etc/apache2/httpd.conf"
    def_server_root = 0x7fff0bc1c74c "/usr/lib64/apache2"
    temp_error_log = 0x0
    error = 0x0
    process = (process_rec *) 0x2069bd0
    server_conf = (server_rec *) 0x21a1590
    pglobal = (apr_pool_t *) 0x2069680
    pconf = (apr_pool_t *) 0x2069c00
    plog = (apr_pool_t *) 0x207b900
    ptemp = (apr_pool_t *) 0x21a14e0
    pcommands = (apr_pool_t *) 0x2069cb0
    opt = (apr_getopt_t *) 0x207b6e0
    rv = 0
    mod = (module **) 0x66d6e0
    optarg = 0x0
    signal_server = (apr_OFN_ap_signal_server_t *) 0

In strace, just before the SEGV happens, I see weird calls like this:

syscall_291(0x80000, 0x2, 0x17ae0b8, 0x7ffffe557600, 0x1d0, 0, 0x2, 0x2, 0x2,
0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2,
0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2 <unfinished ...>

The syscall then resumes and a SEGV is triggered.

At first I suspected this to be a dupe of bug 46467 since I ran 2.6.25.4, but
an update to 2.6.29.5 didn't help. CONFIG_EPOLL is "y".

So I backdated from apr-1.3.6 to -1.3.5 and the problem went away.

Versions involved:
apache 2.2.11-r2
apr 1.3.6 (1.3.5 does not have this problem)
apr-util 1.3.8
kernel 2.6.29.5 (2.6.25.4 behaves likewise)
glibc 2.9_p20081201

ulimits:
# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 38911
max locked memory       (kbytes, -l) 32
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 38911
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org


Mime
View raw message