On 02/02/2017 11:04 AM, Yann Ylavic wrote: > Hi Niklas, > > On Wed, Feb 1, 2017 at 7:02 PM, Niklas Edmundsson <[email protected]> wrote: >> >> We've started to see spurious segfaults with httpd 2.4.25, mpm_event, ssl on >> Ubuntu 14.04LTS. Not frequent, but none the less happening. >> >> #4 ssl_io_filter_output (f=0x7f507013cfe0, bb=0x7f4f840be168) at >> ssl_engine_io.c:1746 >> data = 0x7f5075518000 <error: Cannot access memory at address >> 0x7f5075518000> >> len = 4194304 >> bucket = 0x7f4f840b1ba8 >> status = <optimized out> >> filter_ctx = 0x7f507013cf88 >> inctx = <optimized out> >> outctx = 0x7f507013d008 >> rblock = APR_NONBLOCK_READ > > I suspect some cleanup ordering issue happening in > ssl_io_filter_output(), when the EOC bucket is found. > >> >> Are we hitting a corner case of process cleanup that plays merry hell with >> https/ssl, or are we just having bad luck? Ideas? Suggestions? > > 2.4.25 is eager to terminate/shutdown keepalive connections more > quickly (than previous versions) on graceful shutdown (e.g. > MaxConnectionsPerChild reached). > > What might happen in ssl_io_filter_output() is that buffered output > data (already deleted but not cleared) end up being reused on > shutdown. > > Could you please try the attached patch?
Why would we need to handle filter_ctx->pssl == NULL the same way we handle META_BUCKETS? filter_ctx->pssl == NULL already causes ssl_filter_write to fail. Do I miss any code before that could crash in the data case with filter_ctx->pssl == NULL? Regards RĂ¼diger
