segfaults in passenger 5.0.9

[codekitchen]

We upgraded one application from 5.0.8 to 5.0.9 last week, and we've been seeing about 6 segfaults per day per server since then. We rolled back all but one server, and built the debug version on that one server and captured some detailed crash logs.

All the segfaults have the same active thread stack trace. Here is an example: https://gist.github.com/codekitchen/84199c1f85e8abed39f1

The active thread is always on this line https://github.com/phusion/passenger/blob/release-5.0.9/ext/oxt/system_calls.cpp#L463 , at first glance it looks like bad params are being passed to the select syscall.

I will continue to try and get further information.

[OnixGH]

@codekitchen thanks for the report. It's easiest to search for "raise" in the stacktrace to find the offending thread.

In this case Thread 15 at "ext/common/ServerKit/HttpServer.h:1038" is trying to free a string that we added in 5.0.9 to support leaving headers in the original case. We'll investigate.

[codekitchen]

Ah, I see what you mean. Thanks!

[OnixGH]

@FooBarWidget have a look at this, maybe you have a quick solution.

[OnixGH]

Upon first glance at the code it looks to me like a missing psg_lstr_init(&header->origKey); in BufferBody.cpp

[FooBarWidget]

Yes, that appears to be the case. I have committed a preliminary fix to the GH-1530 branch, but haven't tested it yet. Could you take a look @OnixGH?

[OnixGH]

@FooBarWidget crash reproduced with Apache, and fixed after the commit.

@codekitchen I don't think this particular bit of code is reached with Nginx, can you confirm you are using Apache?

[codekitchen]

Yep, we are using Apache.

[OnixGH]

OK, then this is solved for 5.0.10!

[codekitchen]

Beautiful, thanks all.