[Bug 66669] JVM crash in APR mode
https://bz.apache.org/bugzilla/show_bug.cgi?id=9 --- Comment #7 from DigitalCat --- We found the way to reproduce this issue。 Upgrading Tomcat Native Library 1.2.23 to Tomcat Native Library 1.2.33, we set the tomcat in apr mode, In a high-concurrency scenario, the Tomcat process crashes. When line 476 is commented out in native/src/sslcontext.c, the JVM crash does not occur. We gauss the content in servername is not released in line 192 in native/src/sslcontext.c, causing the JVM to crash. I hope you reply as soon as possible. Here's our analysis, and I hope it's helpful. First, the apr allocates and releases the memory of internal objects through malloc_pool. The allocated objects do not need to be released. When the memory pool is destroyed, all the objects allocated in the memory pool are destroyed and released. At the same time, the cleanup callback function registered in the memory pool is called back. The local invoking method for the Tomcat to create and destroy a memory pool is Pool.create,Pool.destory. When Tomcat functions as an HTTPS server, the SSLContext (org.apache.tomcat.util.net.openssl.OpenSSLContext#OpenSSLContext) is initialized using SSContext.make (native invoking) during startup. During server certificate initialization, an APR memory pool is created, The memory pool will be destroyed when the certificate is released. Check the invoking code. It is found that the memory pool destruction method is invoked in the org.apache.tomcat.util.net.AprEndpoint#unbind method. In normal cases, the memory pool is released when the endpoint is destroyed (destory) or stopped. PR based on GitHub https://github.com/apache/tomcat-native/commit/d1885c202d987f3898ba72b7fc084413f0bdb1f9 In this modification, the callback function ssl_callback_ClientHello is registered when SSLContext.make is used. This function is invoked when the SSL handshake is performed inside SSLSocket.handshake each time the client requests. The memory is allocated on the memory pool for each call, storing the servername, which is not shown here. It is suspected that memory leakage occurs before the apr memory pool destruction or cleanup method is invoked. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66669] JVM crash in APR mode
https://bz.apache.org/bugzilla/show_bug.cgi?id=9 --- Comment #8 from DigitalCat --- log in jvm hs_err_.log --- T H R E A D --- Current thread (0x2b7a41865800): JavaThread "catalina-exec-18000-120" daemon [_thread_in_native, id=16233, stack(0x2b7b724e7000,0x2b7b725e8000)] siginfo: si_signo: 11 (SIGSEGV), si_code: 128 (SI_KERNEL), si_addr: 0x Registers: RAX=0x322e332e372e3632, RBX=0x2b7a8c017ac0, RCX=0x, RDX=0x0030 RSP=0x2b7b725e6580, RBP=0x2b7b725e65f0, RSI=0x, RDI=0x R8 =0xbbb9b201d5303400, R9 =0x2b7a8c0bb940, R10=0x12656c79b7059708, R11=0xb71a9a122dd39dad R12=0x, R13=0x000738591598, R14=0x2b7b725e6820, R15=0x2b7a41865800 RIP=0x2b7aac08aaf3, EFLAGS=0x00010246, CSGSFS=0x0033, ERR=0x TRAPNO=0x000d Top of Stack: (sp=0x2b7b725e6580) 0x2b7b725e6580: 2b7b725e6650 2b7a8c14f330 0x2b7b725e6590: 0030 0x2b7b725e65a0: 2b7a42262a80 0x2b7b725e65b0: 2b7aac8256a0 0030 Instructions: (pc=0x2b7aac08aaf3) 0x2b7aac08aad3: 10 05 00 00 bf 00 00 00 00 e8 17 36 f9 ff 48 89 0x2b7aac08aae3: 83 e0 01 00 00 48 8b 45 98 48 8b 80 a8 00 00 00 0x2b7aac08aaf3: 48 8b 80 e0 03 00 00 48 85 c0 0f 84 ee 00 00 00 0x2b7aac08ab03: 48 8b 45 98 48 8b 80 10 05 00 00 48 8b 80 40 02 Register to memory mapping: RAX=0x322e332e372e3632 is an unknown value RBX=0x2b7a8c017ac0 is an unknown value RCX=0x is an unknown value RDX=0x0030 is an unknown value RSP=0x2b7b725e6580 is pointing into the stack for thread: 0x2b7a41865800 RBP=0x2b7b725e65f0 is pointing into the stack for thread: 0x2b7a41865800 RSI=0x is an unknown value RDI=0x is an unknown value R8 =0xbbb9b201d5303400 is an unknown value R9 =0x2b7a8c0bb940 is an unknown value R10=0x12656c79b7059708 is an unknown value R11=0xb71a9a122dd39dad is an unknown value R12=0x is an unknown value R13=0x000738591598 is an oop java.util.concurrent.locks.ReentrantLock - klass: 'java/util/concurrent/locks/ReentrantLock' - fields (total size 2 words): - private final 'sync' 'Ljava/util/concurrent/locks/ReentrantLock$Sync;' @12 a 'java/util/concurrent/locks/ReentrantLock$NonfairSync' (e70ad38b 385915b0) R14=0x2b7b725e6820 is pointing into the stack for thread: 0x2b7a41865800 R15=0x2b7a41865800 is a thread Stack: [0x2b7b724e7000,0x2b7b725e8000], sp=0x2b7b725e6580, free space=1021k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C [libssl.so.1.1+0x8aaf3] C [libssl.so.1.1+0x6e230] C [libssl.so.1.1+0x6d5f7] C [libssl.so.1.1+0x6d093] C [libssl.so.1.1+0x4ec81] SSL_do_handshake+0xfa C [libtcnative-1.so.0.2.36+0x2b540] Java_org_apache_tomcat_jni_SSLSocket_handshake+0x81 J 14729 org.apache.tomcat.jni.SSLSocket.handshake(J)I (0 bytes) @ 0x2b7a45eebb41 [0x2b7a45eeba80+0xc1] J 15421 C2 org.apache.tomcat.util.net.AprEndpoint.setSocketOptions(Lorg/apache/tomcat/util/net/SocketWrapperBase;)Z (419 bytes) @ 0x2b7a469e46b8 [0x2b7a469e4540+0x178] J 15420 C2 org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run()V (200 bytes) @ 0x2b7a46a2f1a4 [0x2b7a46a2f0e0+0xc4] J 15712% C2 org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(Lorg/apache/tomcat/util/threads/ThreadPoolExecutor$Worker;)V (187 bytes) @ 0x2b7a45e8d014 [0x2b7a45e8ce40+0x1d4] j org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run()V+5 J 10304 C1 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run()V (25 bytes) @ 0x2b7a45a274d4 [0x2b7a45a273c0+0x114] J 10295 C1 java.lang.Thread.run()V (17 bytes) @ 0x2b7a45a2cb14 [0x2b7a45a2c9c0+0x154] v ~StubRoutines::call_stub V [libjvm.so+0x7778a5] JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*)+0xc85 V [libjvm.so+0x77509f] JavaCalls::call_virtual(JavaValue*, KlassHandle, Symbol*, Symbol*, JavaCallArguments*, Thread*)+0x26f V [libjvm.so+0x77564d] JavaCalls::call_virtual(JavaValue*, Handle, KlassHandle, Symbol*, Symbol*, Thread*)+0x5d V [libjvm.so+0x82b1de] thread_entry(JavaThread*, Thread*)+0xae V [libjvm.so+0xc0adf7] JavaThread::thread_main_inner()+0x137 V [libjvm.so+0xa8b730] java_start(Thread*)+0x170 C [libpthread.so.0+0x96b4] start_thread+0xc4 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Remove used property
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b9a8bd4fda Remove used property
b9a8bd4fda is described below
commit b9a8bd4fdaf31b0cc08cc72f95c802d35bb885f2
Author: Michael Osipov
AuthorDate: Fri Jun 30 13:24:02 2023 +0200
Remove used property
---
java/org/apache/catalina/core/LocalStrings.properties | 1 -
1 file changed, 1 deletion(-)
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index aa6e810ba7..fd59aa65dc 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -166,7 +166,6 @@ pushBuilder.noPath=It is illegal to call push() before
setting a path
propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot be
null
propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot be
empty
-propertiesRoleMappingListener.roleMappingFileNotFound=Role mapping file [{0}]
not found
propertiesRoleMappingListener.roleMappingFileFail=Failed to load role mapping
file [{0}]
propertiesRoleMappingListener.linkedRole=Successfully linked application role
[{0}] to technical role [{1}]
propertiesRoleMappingListener.linkedRoleCount=Linked [{0}] application roles
to technical roles
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Remove used property
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 8b1833f75b Remove used property
8b1833f75b is described below
commit 8b1833f75bfce59a05791dede5eb9904b51da3da
Author: Michael Osipov
AuthorDate: Fri Jun 30 13:24:02 2023 +0200
Remove used property
---
java/org/apache/catalina/core/LocalStrings.properties | 1 -
1 file changed, 1 deletion(-)
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index a45cfbff54..44cd9a37a5 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -166,7 +166,6 @@ propertiesRoleMappingListener.linkedRole=Successfully
linked application role [{
propertiesRoleMappingListener.linkedRoleCount=Linked [{0}] application roles
to technical roles
propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot be
empty
propertiesRoleMappingListener.roleMappingFileFail=Failed to load role mapping
file [{0}]
-propertiesRoleMappingListener.roleMappingFileNotFound=Role mapping file [{0}]
not found
propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot be
null
pushBuilder.noPath=It is illegal to call push() before setting a path
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Remove used property
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 0df28a6201 Remove used property
0df28a6201 is described below
commit 0df28a6201defbce8b835e9336d260b4574fc6e3
Author: Michael Osipov
AuthorDate: Fri Jun 30 13:24:02 2023 +0200
Remove used property
---
java/org/apache/catalina/core/LocalStrings.properties | 1 -
1 file changed, 1 deletion(-)
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index 8f71f2d9b6..4d72b24c78 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -172,7 +172,6 @@ propertiesRoleMappingListener.linkedRole=Successfully
linked application role [{
propertiesRoleMappingListener.linkedRoleCount=Linked [{0}] application roles
to technical roles
propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot be
empty
propertiesRoleMappingListener.roleMappingFileFail=Failed to load role mapping
file [{0}]
-propertiesRoleMappingListener.roleMappingFileNotFound=Role mapping file [{0}]
not found
propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot be
null
pushBuilder.noPath=It is illegal to call push() before setting a path
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66676] New: WebSocket session complains about closed state when calling close()
https://bz.apache.org/bugzilla/show_bug.cgi?id=66676 Bug ID: 66676 Summary: WebSocket session complains about closed state when calling close() Product: Tomcat 10 Version: 10.1.8 Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: WebSocket Assignee: dev@tomcat.apache.org Reporter: magicb...@gmx.de Target Milestone: -- Hey, I've found a bug with the following stacktrace: java.lang.IllegalStateException: The WebSocket session [210b] has been closed and no method (apart from close()) may be called on a closed session at org.apache.tomcat.websocket.WsSession.checkState(WsSession.java:974) at org.apache.tomcat.websocket.WsSession.getUserPrincipal(WsSession.java:862) at org.apache.tomcat.websocket.server.WsServerContainer.unregisterSession(WsServerContainer.java:350) at org.apache.tomcat.websocket.WsSession.sendCloseMessage(WsSession.java:730) at org.apache.tomcat.websocket.WsSession.doClose(WsSession.java:597) at org.apache.tomcat.websocket.WsSession.doClose(WsSession.java:554) at org.apache.tomcat.websocket.WsSession.close(WsSession.java:542) >From the message of the exception it is mentioned that it is valid to call close anytime, so I would not expect this exception. What happens here is, that sending the close message fails, so the WebSocket session gets closed in the "sendCloseMessage" method. Later on in the same method the "unregisterSession" is called which is trying to get the userPrincipal, but as the session was just closed this fails and you end up with this exception. I would either expect that either the "apart from close()" is removed from the message, or the call fails with the original IOException, but not that the "unregistering" fails and by that overruling the IOException from sending the closure and showing a rather confusing message. Let me know if you've any questions. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Remove used property
On Fri, Jun 30, 2023 at 1:40 PM wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> michaelo pushed a commit to branch main
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/main by this push:
> new b9a8bd4fda Remove used property
> b9a8bd4fda is described below
>
> commit b9a8bd4fdaf31b0cc08cc72f95c802d35bb885f2
> Author: Michael Osipov
> AuthorDate: Fri Jun 30 13:24:02 2023 +0200
>
> Remove used property
TBH, I left it there on purpose to have it translated for 8.5.
Rémy
> ---
> java/org/apache/catalina/core/LocalStrings.properties | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/java/org/apache/catalina/core/LocalStrings.properties
> b/java/org/apache/catalina/core/LocalStrings.properties
> index aa6e810ba7..fd59aa65dc 100644
> --- a/java/org/apache/catalina/core/LocalStrings.properties
> +++ b/java/org/apache/catalina/core/LocalStrings.properties
> @@ -166,7 +166,6 @@ pushBuilder.noPath=It is illegal to call push() before
> setting a path
>
> propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot
> be null
> propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot
> be empty
> -propertiesRoleMappingListener.roleMappingFileNotFound=Role mapping file
> [{0}] not found
> propertiesRoleMappingListener.roleMappingFileFail=Failed to load role
> mapping file [{0}]
> propertiesRoleMappingListener.linkedRole=Successfully linked application
> role [{0}] to technical role [{1}]
> propertiesRoleMappingListener.linkedRoleCount=Linked [{0}] application roles
> to technical roles
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Remove used property
On 2023/06/30 11:51:40 Rémy Maucherat wrote: > On Fri, Jun 30, 2023 at 1:40 PM wrote: > > > > This is an automated email from the ASF dual-hosted git repository. > > > > michaelo pushed a commit to branch main > > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > > > > The following commit(s) were added to refs/heads/main by this push: > > new b9a8bd4fda Remove used property > > b9a8bd4fda is described below > > > > commit b9a8bd4fdaf31b0cc08cc72f95c802d35bb885f2 > > Author: Michael Osipov > > AuthorDate: Fri Jun 30 13:24:02 2023 +0200 > > > > Remove used property > > TBH, I left it there on purpose to have it translated for 8.5. You mean it is propagated into 8.5? I see your point, but the code in 8.5.x didn't change and Tomcat 8.5.x will be history next year. I wouldn't bother unless something is broken. Is that fine by you? - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Remove used property
On Fri, Jun 30, 2023 at 4:06 PM Michael Osipov wrote: > > On 2023/06/30 11:51:40 Rémy Maucherat wrote: > > On Fri, Jun 30, 2023 at 1:40 PM wrote: > > > > > > This is an automated email from the ASF dual-hosted git repository. > > > > > > michaelo pushed a commit to branch main > > > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > > > > > > > The following commit(s) were added to refs/heads/main by this push: > > > new b9a8bd4fda Remove used property > > > b9a8bd4fda is described below > > > > > > commit b9a8bd4fdaf31b0cc08cc72f95c802d35bb885f2 > > > Author: Michael Osipov > > > AuthorDate: Fri Jun 30 13:24:02 2023 +0200 > > > > > > Remove used property > > > > TBH, I left it there on purpose to have it translated for 8.5. > > You mean it is propagated into 8.5? I see your point, but the code in 8.5.x > didn't change and Tomcat 8.5.x will be history next year. I wouldn't bother > unless something is broken. Yes, letting the translations trickle down is easy. > Is that fine by you? Ok. Rémy > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66669] JVM crash in APR mode
https://bz.apache.org/bugzilla/show_bug.cgi?id=9 --- Comment #9 from Christopher Schultz --- (In reply to DigitalCat from comment #7) > When line 476 is commented out in native/src/sslcontext.c, the JVM crash > does not occur. > We guess the content in servername is not released in line 192 in > native/src/sslcontext.c, causing the JVM to crash. These line numbers do not match the current main branch of Tomcat. Are you able to: 1. Use sources from git/main (1.2.38-dev) 2. Show the patch which resolves the issue 3. Run the process long enough to ensure that you aren't leaking memory from elsewhere -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
