[Bug 60071] Child httpd processes crash with Segmentation fault when enabling more than 1 healthcheck

bugzilla Fri, 21 Oct 2016 01:23:48 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=60071


[email protected] changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #4 from [email protected] ---
apache debug log:
[Fri Oct 21 15:34:18.030981 2016] [proxy_balancer:debug] [pid 8773:tid
140072177952512] mod_proxy_balancer.c(132): AH01158: Looking at
balancer://xxx.xxx.com -> http://x.x.x.x:8080 initialized?
[Fri Oct 21 15:34:18.031014 2016] [proxy_balancer:debug] [pid 8774:tid
140072177952512] mod_proxy_balancer.c(132): AH01158: Looking at
balancer://xxx.xxx.com -> http://x.x.x.x:8080 initialized?
[Fri Oct 21 15:34:18.031056 2016] [proxy_balancer:debug] [pid 8775:tid
140072177952512] mod_proxy_balancer.c(132): AH01158: Looking at
balancer://xxx.xxx.com -> http://x.x.x.x:8080 initialized?
[Fri Oct 21 15:34:18.031212 2016] [proxy_balancer:debug] [pid 8773:tid
140072177952512] mod_proxy_balancer.c(132): AH01158: Looking at
balancer://xxx.xxx.com -> http://x.x.x.x:8080 initialized?
[Fri Oct 21 15:34:18.031236 2016] [proxy_balancer:debug] [pid 8774:tid
140072177952512] mod_proxy_balancer.c(132): AH01158: Looking at
balancer://xxx.xxx.com -> http://x.x.x.x:8080 initialized?
[Fri Oct 21 15:34:18.031262 2016] [proxy_balancer:debug] [pid 8775:tid
140072177952512] mod_proxy_balancer.c(132): AH01158: Looking at
balancer://xxx.xxx.com -> http://x.x.x.x:8080 initialized?
[Fri Oct 21 15:34:49.075240 2016] [core:notice] [pid 8439:tid 140072177952512]
AH00051: child pid 8775 exit signal Segmentation fault (11), possible coredump
in /tmp/test

strace:
8439  <... clone resumed> child_stack=0,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7f651868e9d0) = 8775
8775  set_robust_list(0x7f651868e9e0, 24 <unfinished ...>
8775  <... set_robust_list resumed> )   = 0
8775  rt_sigaction(SIGTERM, {0x46fb10, [], SA_RESTORER|SA_INTERRUPT,
0x7f65175707e0}, {0x46b620, [], SA_RESTORER, 0x7f65175707e0}, 8) = 0
8775  geteuid( <unfinished ...>
8775  <... geteuid resumed> )           = 0
8775  setgid(2 <unfinished ...>
8775  <... setgid resumed> )            = 0
8775  open("/proc/sys/kernel/ngroups_max", O_RDONLY <unfinished ...>
8775  <... open resumed> )              = 11
8775  read(11,  <unfinished ...>
8775  <... read resumed> "65536\n", 31) = 6
8775  close(11 <unfinished ...>
8775  <... close resumed> )             = 0
8775  open("/etc/group", O_RDONLY|O_CLOEXEC <unfinished ...>
8775  <... open resumed> )              = 11
8775  fstat(11,  <unfinished ...>
8775  <... fstat resumed> {st_mode=S_IFREG|0644, st_size=529, ...}) = 0
8775  mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0
<unfinished ...>
8775  <... mmap resumed> )              = 0x7f6518697000
8775  lseek(11, 0, SEEK_CUR <unfinished ...>
8775  <... lseek resumed> )             = 0
8775  read(11,  <unfinished ...>
8775  <... read resumed> "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 4096) = 529
8775  read(11,  <unfinished ...>
8775  <... read resumed> "", 4096)      = 0
8775  close(11 <unfinished ...>
8775  <... close resumed> )             = 0
8775  munmap(0x7f6518697000, 4096 <unfinished ...>
8775  <... munmap resumed> )            = 0
8775  setgroups(4, [2, 1, 4, 7] <unfinished ...>
8775  <... setgroups resumed> )         = 0
8775  geteuid( <unfinished ...>
8775  <... geteuid resumed> )           = 0
8775  setuid(2 <unfinished ...>
8775  <... setuid resumed> )            = 0
8775  prctl(PR_SET_DUMPABLE, 1 <unfinished ...>
8775  <... prctl resumed> )             = 0
8775  futex(0x7f6516dc5a80, FUTEX_WAKE_PRIVATE, 2147483647 <unfinished ...>
8775  <... futex resumed> )             = 0
8775  semop(3702787, {{0, -1, SEM_UNDO}}, 1 <unfinished ...>
8775  <... semop resumed> )             = 0
8775  semop(3702787, {{0, 1, SEM_UNDO}}, 1 <unfinished ...>
8775  <... semop resumed> )             = 0
8775  semop(3702787, {{0, -1, SEM_UNDO}}, 1 <unfinished ...>
8775  <... semop resumed> )             = 0
8775  semop(3702787, {{0, 1, SEM_UNDO}}, 1) = 0
8775  write(8, "[Fri Oct 21 15:34:18.031056 2016"..., 210 <unfinished ...>
8775  <... write resumed> )             = 210
8775  write(8, "[Fri Oct 21 15:34:18.031262 2016"..., 210 <unfinished ...>
8775  <... write resumed> )             = 210
8775  semop(3702787, {{0, -1, SEM_UNDO}}, 1 <unfinished ...>
8775  <... semop resumed> )             = 0
8775  semop(3702787, {{0, 1, SEM_UNDO}}, 1) = 0
8775  mmap(NULL, 10489856, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6512935000
8775  mprotect(0x7f6512935000, 4096, PROT_NONE <unfinished ...>
8775  <... mprotect resumed> )          = 0
8775  clone( <unfinished ...>
8775  <... clone resumed> child_stack=0x7f6513334ff0,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
parent_tidptr=0x7f65133359d0, tls=0x7f6513335700, child_tidptr=0x7f65133359d0)
= 8776
8775  futex(0x23d46d8, FUTEX_WAIT_PRIVATE, 2, NULL <unfinished ...>
8775  <... futex resumed> )             = -1 EAGAIN (Resource temporarily
unavailable)
8775  futex(0x23d46d8, FUTEX_WAKE_PRIVATE, 1 <unfinished ...>
8775  <... futex resumed> )             = 0
8775  rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV USR2 PIPE SYS
RTMIN RT_1],  <unfinished ...>
8775  <... rt_sigprocmask resumed> NULL, 8) = 0
8775  mmap(NULL, 10489856, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
8775  <... mmap resumed> )              = 0x7f6511f34000
8775  mprotect(0x7f6511f34000, 4096, PROT_NONE <unfinished ...>
8775  <... mprotect resumed> )          = 0
8775  clone( <unfinished ...>
8775  <... clone resumed> child_stack=0x7f6512933ff0,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
parent_tidptr=0x7f65129349d0, tls=0x7f6512934700, child_tidptr=0x7f65129349d0)
= 8781
8775  rt_sigprocmask(SIG_UNBLOCK, [TERM],  <unfinished ...>
8775  <... rt_sigprocmask resumed> NULL, 8) = 0
8775  rt_sigaction(SIGTERM, {0x46b710, [], SA_RESTORER|SA_INTERRUPT,
0x7f65175707e0},  <unfinished ...>
8775  <... rt_sigaction resumed> {0x46fb10, [], SA_RESTORER|SA_INTERRUPT,
0x7f65175707e0}, 8) = 0
8775  read(6,  <unfinished ...>
8786  <... getsockname resumed> {sa_family=AF_NETLINK, pid=8775,
groups=00000000}, [12]) = 0
8782  <... getsockname resumed> {sa_family=AF_NETLINK, pid=8775,
groups=00000000}, [12]) = 0
8843  --- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=8775, si_uid=2}
---
8775  +++ killed by SIGSEGV (core dumped) +++
8439  --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8775,
si_status=SIGSEGV, si_utime=402, si_stime=7} ---
8439  wait4(-1, [{WIFSIGNALED(s) && WTERMSIG(s) == SIGSEGV && WCOREDUMP(s)}],
WNOHANG|WSTOPPED, NULL) = 8775

gdb:
(gdb) thread 21
[Switching to thread 21 (Thread 0x7f651868e700 (LWP 8775))]#0 
0x00007f651756f82d in read () from /lib64/libpthread.so.0
(gdb) print wptr
No symbol "wptr" in current context.

I don't know how to use gdb.
Environment:
centos 6.7 x64
apache 2.4.23 compiled with APR 1.5.2 and APR-UTIL 1.5.4
openssl 1.0.1u
pcre 8.39
modsecurity-2.9.1 compiled with yajl 2.1.0

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 60071] Child httpd processes crash with Segmentation fault when enabling more than 1 healthcheck

Reply via email to