Bug#779077: apache2-bin: crash with segmentation fault if gracefully reloaded twice too quickly
Package: apache2-bin
Version: 2.4.10-9
Severity: important
Dear maintainers,
When reloading apache2 gracefully (/etc/init.d/apache2 reload) twice in
quick succession, the parent process can crash. Below are the
backtraces from 3 core dumps several days in a row that happened during
logrotate.
We had set up two logrotate jobs for Apache, one was the default one as
shipped with the package, the other was to rotate some additional
per-virtual-host logs that are not kept under /var/log. With both
rotation jobs reloading Apache, the process would crash and leave the
web server inaccessible.
It appears as though this may be caused by the following chain of
events:
1. apache2 is reloaded and signals children to stop to be cycled
2. a request comes in for a PHP script, which is run via mod_fcgid on
this server; a subprocess spawns
3. before all the children for the previous generation have been
stopped, the server is reloaded again
I have unfortunately not managed to replicate this on any other Apache
server that we maintain. This server is running Jessie and is using the
worker MPM (not event).
Regards,
Chris
-- Package-specific info:
*** apache2.core.20150221-0045.txt
[New LWP 1218]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fbd2b1f8e10 in ?? ()
#0 0x00007fbd2b1f8e10 in ?? ()
No symbol table info available.
#1 <signal handler called>
No locals.
#2 0x00007fbd2e6b147c in __libc_waitpid (pid=1222,
stat_loc=stat_loc@entry=0x7fff79f676ac, options=options@entry=2) at
../sysdeps/unix/sysv/linux/waitpid.c:31
resultvar = 18446744073709551612
oldtype = 2046195392
#3 0x00007fbd2e8e620b in apr_proc_wait (proc=0x7fbd2f046318,
exitcode=0x7fff79f676b0, exitcode@entry=0x0, exitwhy=0x7fff79f676b4,
exitwhy@entry=0x0, waithow=waithow@entry=APR_WAIT) at
/tmp/buildd/apr-1.5.1/threadproc/unix/proc.c:633
pstatus = <optimized out>
waitpid_options = 2
exit_int = 15
ignore = 15
ignorewhy = APR_PROC_SIGNAL
#4 0x00007fbd2e8dac6e in free_proc_chain (procs=<optimized out>) at
/tmp/buildd/apr-1.5.1/memory/unix/apr_pools.c:2519
pc = 0x7fbd2f046338
need_timeout = <optimized out>
timeout_interval = <optimized out>
#5 0x00007fbd2e8dbca0 in apr_pool_clear (pool=0x7fbd2f19a028) at
/tmp/buildd/apr-1.5.1/memory/unix/apr_pools.c:777
active = <optimized out>
#6 0x00007fbd2f1e5068 in main (argc=3, argv=0x7fff79f67908) at main.c:707
c = 0 '\000'
error = 0xfffffffffffffffc <error: Cannot access memory at
address 0xfffffffffffffffc>
process = 0x7fbd2f1a3118
pconf = 0x7fbd2f19a028
plog = 0x7fbd2f16e028
ptemp = 0x7fbd2f170028
pcommands = 0x7fbd2f178028
opt = 0x7fbd2f178118
mod = 0x7fbd2f44a1c0 <ap_prelinked_modules+64>
opt_arg = 0x7fbd2f1a3028 "(p\032/\275\177"
signal_server = 0xfffffffffffffffc
*** apache2.core.20150222-0035.txt
[New LWP 12542]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f2513947e10 in ?? ()
#0 0x00007f2513947e10 in ?? ()
No symbol table info available.
#1 <signal handler called>
No locals.
#2 0x00007f2516e0047c in __libc_waitpid (pid=12548,
stat_loc=stat_loc@entry=0x7fff56c434dc, options=options@entry=2) at
../sysdeps/unix/sysv/linux/waitpid.c:31
resultvar = 18446744073709551612
oldtype = 1455699184
#3 0x00007f251703520b in apr_proc_wait (proc=0x7f2517795318,
exitcode=0x7fff56c434e0, exitcode@entry=0x0, exitwhy=0x7fff56c434e4,
exitwhy@entry=0x0, waithow=waithow@entry=APR_WAIT) at
/tmp/buildd/apr-1.5.1/threadproc/unix/proc.c:633
pstatus = <optimized out>
waitpid_options = 2
exit_int = 15
ignore = 15
ignorewhy = APR_PROC_SIGNAL
#4 0x00007f2517029c6e in free_proc_chain (procs=<optimized out>) at
/tmp/buildd/apr-1.5.1/memory/unix/apr_pools.c:2519
pc = 0x7f2517795338
need_timeout = <optimized out>
timeout_interval = <optimized out>
#5 0x00007f251702aca0 in apr_pool_clear (pool=0x7f25178e9028) at
/tmp/buildd/apr-1.5.1/memory/unix/apr_pools.c:777
active = <optimized out>
#6 0x00007f2517934068 in main (argc=3, argv=0x7fff56c43738) at main.c:707
c = 0 '\000'
error = 0xfffffffffffffffc <error: Cannot access memory at
address 0xfffffffffffffffc>
process = 0x7f25178f2118
pconf = 0x7f25178e9028
plog = 0x7f25178bd028
ptemp = 0x7f25178bf028
pcommands = 0x7f25178c7028
opt = 0x7f25178c7118
mod = 0x7f2517b991c0 <ap_prelinked_modules+64>
opt_arg = 0x7f25178f2028 "(`\217\027%\177"
signal_server = 0xfffffffffffffffc
*** apache2.core.20150223-0040.txt
[New LWP 23405]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f094169ee10 in ?? ()
#0 0x00007f094169ee10 in ?? ()
No symbol table info available.
#1 <signal handler called>
No locals.
#2 0x00007f0944b5747c in __libc_waitpid (pid=23410,
stat_loc=stat_loc@entry=0x7fff0433987c, options=options@entry=2) at
../sysdeps/unix/sysv/linux/waitpid.c:31
resultvar = 18446744073709551612
oldtype = 70490256
#3 0x00007f0944d8c20b in apr_proc_wait (proc=0x7f09454ec318,
exitcode=0x7fff04339880, exitcode@entry=0x0, exitwhy=0x7fff04339884,
exitwhy@entry=0x0, waithow=waithow@entry=APR_WAIT) at
/tmp/buildd/apr-1.5.1/threadproc/unix/proc.c:633
pstatus = <optimized out>
waitpid_options = 2
exit_int = 32521
ignore = -4
ignorewhy = (unknown: 0)
#4 0x00007f0944d80c6e in free_proc_chain (procs=<optimized out>) at
/tmp/buildd/apr-1.5.1/memory/unix/apr_pools.c:2519
pc = 0x7f09454ec338
need_timeout = <optimized out>
timeout_interval = <optimized out>
#5 0x00007f0944d81ca0 in apr_pool_clear (pool=0x7f0945640028) at
/tmp/buildd/apr-1.5.1/memory/unix/apr_pools.c:777
active = <optimized out>
#6 0x00007f094568b068 in main (argc=3, argv=0x7fff04339ad8) at main.c:707
c = 0 '\000'
error = 0xfffffffffffffffc <error: Cannot access memory at
address 0xfffffffffffffffc>
process = 0x7f0945649118
pconf = 0x7f0945640028
plog = 0x7f0945614028
ptemp = 0x7f0945616028
pcommands = 0x7f094561e028
opt = 0x7f094561e118
mod = 0x7f09458f01c0 <ap_prelinked_modules+64>
opt_arg = 0x7f0945649028 "(\320dE\t\177"
signal_server = 0xfffffffffffffffc
-- System Information:
Debian Release: 8.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apache2-bin depends on:
ii libapr1 1.5.1-3
ii libaprutil1 1.5.4-1
ii libaprutil1-dbd-sqlite3 1.5.4-1
ii libaprutil1-ldap 1.5.4-1
ii libc6 2.19-13
ii libldap-2.4-2 2.4.40-4
ii liblua5.1-0 5.1.5-7.1
ii libpcre3 2:8.35-3.3
ii libssl1.0.0 1.0.1k-1
ii libxml2 2.9.1+dfsg1-4
ii perl 5.20.1-5
ii zlib1g 1:1.2.8.dfsg-2+b1
apache2-bin recommends no packages.
Versions of packages apache2-bin suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
ii w3m [www-browser] 0.5.3-19
Versions of packages apache2 depends on:
ii apache2-data 2.4.10-9
ii apache2-utils 2.4.10-9
ii dpkg 1.17.23
ii lsb-base 4.1+Debian13+nmu1
ii mime-support 3.58
ii perl 5.20.1-5
ii procps 2:3.3.9-8
Versions of packages apache2 recommends:
ii ssl-cert 1.0.35
Versions of packages apache2 suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
ii w3m [www-browser] 0.5.3-19
Versions of packages apache2-bin is related to:
ii apache2 2.4.10-9
ii apache2-bin 2.4.10-9
-- no debconf information
Reply to: