48957 – Core dumps when file changed [apr/linux mmap]

Bug 48957 - Core dumps when file changed [apr/linux mmap]

Summary: Core dumps when file changed [apr/linux mmap]

Status:	RESOLVED INVALID

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	Core (show other bugs)
Version:	2.5-HEAD
Hardware:	PC Linux

Importance:	P2 major (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-03-22 13:17 UTC by duchuanying
Modified:	2010-03-22 13:23 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description duchuanying 2010-03-22 13:17:48 UTC

apache httpd crash in mod_deflate when static file changed frequently. 

Steps to Reproduce: 
1. enable mod_deflate in httpd.conf 
SetOutputFilter DEFLATE 

2.  in anthor shell, change the index.html frenquently with mv command. eg: 

c=1
while [ $c -le 1 ]  
do
cp -r big/index.html tmp/
mv tmp/* ../htdocs/
cp -r small/index.html  tmp/
mv tmp/* ../htdocs/
done

the small/index.html size is 67086 bytes, and the  big/index.html size is 45139 bytes

3.  Stress test with apache ab
./ab -n 1000000 -c 10  -H 'Accept-Encoding: gzip'  http://localhost:8080/

Actual Results: 

Apache httpd v2.2.13 crashed, core dump stack: 

Core was generated by `/home/work/duchuanying/apache2/bin/httpd -d /home/work/duchuanying/apache2 -k'.
Program terminated with signal 7, Bus error.

(gdb) bt
#0  0x000000302b6022d6 in crc32 () from /usr/lib64/libz.so.1
#1  0x0000002a959f012b in deflate_out_filter (f=0x6faf38, bb=0x6fb430) at mod_deflate.c:681
#2  0x0000000000432ecd in default_handler (r=0x6f6648) at core.c:3757
#3  0x0000000000438963 in ap_run_handler (r=0x6f6648) at config.c:157
#4  0x0000000000438e01 in ap_invoke_handler (r=0x6f6648) at config.c:372
#5  0x0000000000474390 in ap_process_request (r=0x6f6648) at http_request.c:282
#6  0x0000000000471add in ap_process_http_connection (c=0x6ea7d8) at http_core.c:190
#7  0x000000000043f423 in ap_run_process_connection (c=0x6ea7d8) at connection.c:43
#8  0x00000000004a0de0 in child_main (child_num_arg=Variable "child_num_arg" is not available.
) at prefork.c:662
#9  0x00000000004a1034 in make_child (s=0x601e60, slot=3) at prefork.c:758
#10 0x00000000004a10ce in startup_children (number_to_start=2) at prefork.c:776
#11 0x00000000004a18dd in ap_mpm_run (_pconf=Variable "_pconf" is not available.
) at prefork.c:997
#12 0x0000000000426345 in main (argc=Variable "argc" is not available.
) at main.c:740
(gdb) bt full
#0  0x000000302b6022d6 in crc32 () from /usr/lib64/libz.so.1
No symbol table info available.
#1  0x0000002a959f012b in deflate_out_filter (f=0x6faf38, bb=0x6fb430) at mod_deflate.c:681
        data = 0x2a95d6f000 <Address 0x2a95d6f000 out of bounds>
        b = Variable "b" is not available.


This bug is related to apr/linux mmap , mod_deflate, file changes.

Comment 1 Jeff Trawick 2010-03-22 13:23:07 UTC

"Deleting or truncating a file while httpd  has it memory-mapped can cause httpd to crash with a segmentation fault. "

at

http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap