Some times apache 2.2.6 segfault on url wich not in cache (for example): http:// web/manual/mod/mod_mime.html#removeoutputfilter <root@web:/usr/local/sbin> gdb httpd httpd.core GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Core was generated by `httpd'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/local/lib/libpcre.so.0...done. Loaded symbols for /usr/local/lib/libpcre.so.0 Reading symbols from /usr/local/lib/libaprutil-1.so.2...done. Loaded symbols for /usr/local/lib/libaprutil-1.so.2 Reading symbols from /usr/local/lib/mysql/libmysqlclient_r.so.15...done. Loaded symbols for /usr/local/lib/mysql/libmysqlclient_r.so.15 Reading symbols from /lib/libm.so.4...done. Loaded symbols for /lib/libm.so.4 Reading symbols from /lib/libz.so.3...done. Loaded symbols for /lib/libz.so.3 Reading symbols from /usr/local/lib/libexpat.so.6...done. Loaded symbols for /usr/local/lib/libexpat.so.6 Reading symbols from /usr/local/lib/libiconv.so.3...done. Loaded symbols for /usr/local/lib/libiconv.so.3 Reading symbols from /usr/local/lib/libapr-1.so.2...done. Loaded symbols for /usr/local/lib/libapr-1.so.2 Reading symbols from /lib/libcrypt.so.3...done. Loaded symbols for /lib/libcrypt.so.3 Reading symbols from /lib/libpthread.so.2...done. Loaded symbols for /lib/libpthread.so.2 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /usr/local/libexec/apache22/mod_dbd.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_dbd.so Reading symbols from /usr/local/libexec/apache22/mod_authn_file.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authn_file.so Reading symbols from /usr/local/libexec/apache22/mod_authn_dbd.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authn_dbd.so Reading symbols from /usr/local/libexec/apache22/mod_authn_default.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authn_default.so Reading symbols from /usr/local/libexec/apache22/mod_authz_host.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authz_host.so Reading symbols from /usr/local/libexec/apache22/mod_authz_user.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authz_user.so Reading symbols from /usr/local/libexec/apache22/mod_authz_owner.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authz_owner.so Reading symbols from /usr/local/libexec/apache22/mod_authz_default.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authz_default.so Reading symbols from /usr/local/libexec/apache22/mod_auth_basic.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_auth_basic.so Reading symbols from /usr/local/libexec/apache22/mod_file_cache.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_file_cache.so Reading symbols from /usr/local/libexec/apache22/mod_cache.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_cache.so Reading symbols from /usr/local/libexec/apache22/mod_disk_cache.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_disk_cache.so Reading symbols from /usr/local/libexec/apache22/mod_mem_cache.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_mem_cache.so Reading symbols from /usr/local/libexec/apache22/mod_include.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_include.so Reading symbols from /usr/local/libexec/apache22/mod_filter.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_filter.so Reading symbols from /usr/local/libexec/apache22/mod_charset_lite.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_charset_lite.so Reading symbols from /usr/local/libexec/apache22/mod_deflate.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_deflate.so Reading symbols from /usr/local/libexec/apache22/mod_log_config.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_log_config.so Reading symbols from /usr/local/libexec/apache22/mod_env.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_env.so Reading symbols from /usr/local/libexec/apache22/mod_mime_magic.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_mime_magic.so Reading symbols from /usr/local/libexec/apache22/mod_cern_meta.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_cern_meta.so Reading symbols from /usr/local/libexec/apache22/mod_expires.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_expires.so Reading symbols from /usr/local/libexec/apache22/mod_headers.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_headers.so Reading symbols from /usr/local/libexec/apache22/mod_unique_id.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_unique_id.so Reading symbols from /usr/local/libexec/apache22/mod_setenvif.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_setenvif.so Reading symbols from /usr/local/libexec/apache22/mod_ssl.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_ssl.so Reading symbols from /usr/lib/libssl.so.4...done. Loaded symbols for /usr/lib/libssl.so.4 Reading symbols from /lib/libcrypto.so.4...done. Loaded symbols for /lib/libcrypto.so.4 Reading symbols from /usr/local/libexec/apache22/mod_mime.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_mime.so Reading symbols from /usr/local/libexec/apache22/mod_autoindex.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_autoindex.so Reading symbols from /usr/local/libexec/apache22/mod_suexec.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_suexec.so Reading symbols from /usr/local/libexec/apache22/mod_cgi.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_cgi.so Reading symbols from /usr/local/libexec/apache22/mod_negotiation.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_negotiation.so Reading symbols from /usr/local/libexec/apache22/mod_dir.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_dir.so Reading symbols from /usr/local/libexec/apache22/mod_actions.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_actions.so Reading symbols from /usr/local/libexec/apache22/mod_speling.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_speling.so Reading symbols from /usr/local/libexec/apache22/mod_alias.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_alias.so Reading symbols from /usr/local/libexec/apache22/mod_rewrite.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_rewrite.so Reading symbols from /usr/local/libexec/apache22/mod_fastcgi.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_fastcgi.so Reading symbols from /usr/local/libexec/apache22/mod_rpaf.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_rpaf.so Reading symbols from /libexec/ld-elf.so.1...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x2852bad7 in cache_pq_remove (q=0x809d680, d=0x81f4d28) at cache_pqueue.c:185 185 cache_pqueue.c: No such file or directory. in cache_pqueue.c [New LWP 100211] httpd-error.log: [Mon Oct 29 19:14:12 2007] [debug] mod_cache.c(131): Adding CACHE_SAVE filter for /manual/mod/mod_mime.html [Mon Oct 29 19:14:12 2007] [debug] mod_cache.c(138): Adding CACHE_REMOVE_URL filter for /manual/mod/mod_mime.html [Mon Oct 29 19:14:12 2007] [debug] mod_disk_cache.c(473): disk_cache: Recalled cached URL info header http://web:80/manual/mod/mod_mime.html.en? [Mon Oct 29 19:14:12 2007] [debug] mod_disk_cache.c(746): disk_cache: Recalled headers for URL http://web:80/manual/mod/mod_mime.html.en? [Mon Oct 29 19:14:12 2007] [debug] cache_storage.c(272): Cached response for / manual/mod/mod_mime.html.en isn't fresh. Adding/replacing conditional request headers. [Mon Oct 29 19:14:12 2007] [debug] mod_cache.c(131): Adding CACHE_SAVE filter for /manual/mod/mod_mime.html.en [Mon Oct 29 19:14:12 2007] [debug] mod_cache.c(138): Adding CACHE_REMOVE_URL filter for /manual/mod/mod_mime.html.en [Mon Oct 29 19:14:12 2007] [debug] mod_cache.c(528): cache: /manual/mod/ mod_mime.html.en not cached. Reason: r->no_cache present [Mon Oct 29 19:14:13 2007] [notice] child pid 17428 exit signal Segmentation fault (11), possible coredump in /tmp/apache2-core httpd-manual.conf: # # Provide access to the documentation on your server as # http://yourserver.example.com/manual/ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ # # Required modules: mod_alias, mod_setenvif, mod_negotiation # AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru))?(/.*)?$ "/usr/local/ share/doc/apache22$1" <Directory "/usr/local/share/doc/apache22"> Options Indexes AllowOverride None Order allow,deny Allow from all <Files *.html> SetHandler type-map </Files> SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru)/ prefer- language=$1 RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru)){2,}(/.*)?$ / manual/$1$2 LanguagePriority en de es fr ja ko pt-br ru ForceLanguagePriority Prefer Fallback </Directory> httpd-cache.conf # # Sample Cache Configuration # <IfModule mod_cache.c> #LoadModule disk_cache_module modules/mod_disk_cache.so # If you want to use mod_disk_cache instead of mod_mem_cache, # uncomment the line above and comment out the LoadModule line below. <IfModule mod_disk_cache.c> CacheRoot /var/cache CacheEnable disk / CacheDirLevels 5 CacheDirLength 3 </IfModule> <IfModule mod_mem_cache.c> CacheEnable mem / MCacheSize 2048 MCacheMaxObjectCount 100 MCacheMinObjectSize 1 MCacheMaxObjectSize 1024 </IfModule> # When acting as a proxy, don't cache the list of security updates # CacheDisable http://security.update.server/update-list/ </IfModule> httpd-vhost.conf: NameVirtualHost 192.168.1.3:8000 # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for all requests that do not # match a ServerName or ServerAlias in any <VirtualHost> block. # <VirtualHost 192.168.1.3:8000> DocumentRoot "/usr/local/www/apache22/data" ServerName web <Directory /usr/local/www/apache22/data> Options +IncludesNoExec SymLinksIfOwnerMatch AllowOverride All Order allow,deny Allow from all </Directory> # Local access to the Apache HTTP Server Manual Include etc/apache22/extra/httpd-manual.conf </VirtualHost> uname -a: FreeBSD web.server 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #19: Sun Oct 28 19:48:55 YEKT 2007 root@home.bsd:/usr/obj/usr/src/sys/CUSTOM i386
Can you please compile with --enable-debug and provide a full backtrace? (gdb -- bt full)
Sorry for core dump for other url than at first report, but this segfault is appeared from time to time. gdb httpd httpd.core GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Core was generated by `httpd'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/local/lib/libpcre.so.0...done. Loaded symbols for /usr/local/lib/libpcre.so.0 Reading symbols from /usr/local/lib/libaprutil-1.so.2...done. Loaded symbols for /usr/local/lib/libaprutil-1.so.2 Reading symbols from /usr/local/lib/mysql/libmysqlclient_r.so.15...done. Loaded symbols for /usr/local/lib/mysql/libmysqlclient_r.so.15 Reading symbols from /lib/libm.so.4...done. Loaded symbols for /lib/libm.so.4 Reading symbols from /lib/libz.so.3...done. Loaded symbols for /lib/libz.so.3 Reading symbols from /usr/local/lib/libexpat.so.6...done. Loaded symbols for /usr/local/lib/libexpat.so.6 Reading symbols from /usr/local/lib/libiconv.so.3...done. Loaded symbols for /usr/local/lib/libiconv.so.3 Reading symbols from /usr/local/lib/libapr-1.so.2...done. Loaded symbols for /usr/local/lib/libapr-1.so.2 Reading symbols from /lib/libcrypt.so.3...done. Loaded symbols for /lib/libcrypt.so.3 Reading symbols from /lib/libpthread.so.2...done. Loaded symbols for /lib/libpthread.so.2 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /usr/local/libexec/apache22/mod_dbd.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_dbd.so Reading symbols from /usr/local/libexec/apache22/mod_authn_file.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authn_file.so Reading symbols from /usr/local/libexec/apache22/mod_authn_dbd.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authn_dbd.so Reading symbols from /usr/local/libexec/apache22/mod_authn_default.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authn_default.so Reading symbols from /usr/local/libexec/apache22/mod_authz_host.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authz_host.so Reading symbols from /usr/local/libexec/apache22/mod_authz_user.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authz_user.so Reading symbols from /usr/local/libexec/apache22/mod_authz_owner.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authz_owner.so Reading symbols from /usr/local/libexec/apache22/mod_authz_default.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_authz_default.so Reading symbols from /usr/local/libexec/apache22/mod_auth_basic.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_auth_basic.so Reading symbols from /usr/local/libexec/apache22/mod_file_cache.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_file_cache.so Reading symbols from /usr/local/libexec/apache22/mod_cache.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_cache.so Reading symbols from /usr/local/libexec/apache22/mod_disk_cache.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_disk_cache.so Reading symbols from /usr/local/libexec/apache22/mod_mem_cache.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_mem_cache.so Reading symbols from /usr/local/libexec/apache22/mod_include.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_include.so Reading symbols from /usr/local/libexec/apache22/mod_filter.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_filter.so Reading symbols from /usr/local/libexec/apache22/mod_charset_lite.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_charset_lite.so Reading symbols from /usr/local/libexec/apache22/mod_deflate.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_deflate.so Reading symbols from /usr/local/libexec/apache22/mod_log_config.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_log_config.so Reading symbols from /usr/local/libexec/apache22/mod_env.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_env.so Reading symbols from /usr/local/libexec/apache22/mod_mime_magic.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_mime_magic.so Reading symbols from /usr/local/libexec/apache22/mod_cern_meta.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_cern_meta.so Reading symbols from /usr/local/libexec/apache22/mod_expires.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_expires.so Reading symbols from /usr/local/libexec/apache22/mod_headers.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_headers.so Reading symbols from /usr/local/libexec/apache22/mod_unique_id.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_unique_id.so Reading symbols from /usr/local/libexec/apache22/mod_setenvif.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_setenvif.so Reading symbols from /usr/local/libexec/apache22/mod_ssl.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_ssl.so Reading symbols from /usr/lib/libssl.so.4...done. Loaded symbols for /usr/lib/libssl.so.4 Reading symbols from /lib/libcrypto.so.4...done. Loaded symbols for /lib/libcrypto.so.4 Reading symbols from /usr/local/libexec/apache22/mod_mime.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_mime.so Reading symbols from /usr/local/libexec/apache22/mod_autoindex.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_autoindex.so Reading symbols from /usr/local/libexec/apache22/mod_suexec.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_suexec.so Reading symbols from /usr/local/libexec/apache22/mod_cgi.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_cgi.so Reading symbols from /usr/local/libexec/apache22/mod_negotiation.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_negotiation.so Reading symbols from /usr/local/libexec/apache22/mod_dir.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_dir.so Reading symbols from /usr/local/libexec/apache22/mod_actions.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_actions.so Reading symbols from /usr/local/libexec/apache22/mod_speling.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_speling.so Reading symbols from /usr/local/libexec/apache22/mod_alias.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_alias.so Reading symbols from /usr/local/libexec/apache22/mod_rewrite.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_rewrite.so Reading symbols from /usr/local/libexec/apache22/mod_fastcgi.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_fastcgi.so Reading symbols from /usr/local/libexec/apache22/mod_rpaf.so...done. Loaded symbols for /usr/local/libexec/apache22/mod_rpaf.so Reading symbols from /libexec/ld-elf.so.1...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x28537ad7 in cache_pq_remove (q=0x809d680, d=0x81fbd10) at cache_pqueue.c:185 185 cache_pqueue.c: No such file or directory. in cache_pqueue.c [New LWP 100180] (gdb) bt full #0 0x28537ad7 in cache_pq_remove (q=0x809d680, d=0x81fbd10) at cache_pqueue.c:185 posn = 136298008 #1 0x285375ac in cache_remove (c=0x80ea600, entry=0x81fbd10) at cache_cache.c:157 entry_size = 136302632 rc = 676532916 #2 0x285363b2 in remove_url (h=0x81fbd00, p=0x8208018) at mod_mem_cache.c:527 obj = (cache_object_t *) 0x81fbd10 cleanup = 0 #3 0x2852add9 in cache_remove_url (cache=0x81fbc48, p=0x8208018) at cache_storage.c:51 list = (cache_provider_list *) 0x81fbc38 h = (cache_handle_t *) 0x81fbd00 #4 0x2852a33a in cache_remove_url_filter (f=0x81fdb00, in=0x81fe1e0) at mod_cache.c:882 r = (request_rec *) 0x81fb200 cache = (cache_request_rec *) 0x81fbc48 #5 0x0808281a in ap_pass_brigade (next=0x81fdb00, bb=0x81fe1e0) at util_filter.c:526 e = (apr_bucket *) 0x81f2198 #6 0x2852a35c in cache_remove_url_filter (f=0x82095b8, in=0x81fe1e0) at mod_cache.c:886 r = (request_rec *) 0x81fb200 cache = (cache_request_rec *) 0x82093f0 #7 0x0808281a in ap_pass_brigade (next=0x82095b8, bb=0x81fe1e0) at util_filter.c:526 e = (apr_bucket *) 0x81f2198 #8 0x08088c54 in ap_http_outerror_filter (f=0x8208e30, b=0x81fe1e0) at http_filters.c:1391 r = (request_rec *) 0x81fb200 e = (apr_bucket *) 0x81fe1e4 #9 0x0808281a in ap_pass_brigade (next=0x8208e30, bb=0x81fe1e0) at util_filter.c:526 e = (apr_bucket *) 0x81f2198 #10 0x08088513 in ap_http_header_filter (f=0x8208e18, b=0x81fdf40) at http_filters.c:1076 r = (request_rec *) 0x81fb200 c = (conn_rec *) 0x81ee108 clheader = 0x0 protocol = 0x80953a4 "HTTP/1.1" e = (apr_bucket *) 0x81fdf44 b2 = (apr_bucket_brigade *) 0x81fe1e0 h = {pool = 0x8208018, bb = 0x81fe1e0} ctx = (header_filter_ctx *) 0x0 #11 0x0808281a in ap_pass_brigade (next=0x8208e18, bb=0x81fdf40) at util_filter.c:526 e = (apr_bucket *) 0x81f2038 #12 0x0806a490 in ap_content_length_filter (f=0x8208e00, b=0x81fdf40) at protocol.c:1338 r = (request_rec *) 0x81fb200 ctx = (struct content_length_ctx *) 0x81fdf60 e = (apr_bucket *) 0x81f2038 eos = 1 eblock = APR_NONBLOCK_READ #13 0x0808281a in ap_pass_brigade (next=0x8208e00, bb=0x81fdf40) at util_filter.c:526 e = (apr_bucket *) 0x81f2038 #14 0x08089305 in ap_byterange_filter (f=0x8208de8, bb=0x81fdf40) at byterange_filter.c:169 r = (request_rec *) 0x81fb200 c = (conn_rec *) 0x81ee108 ctx = (byterange_ctx *) 0x210 e = (apr_bucket *) 0x81f2038 bsend = (apr_bucket_brigade *) 0x807bdc3 range_start = 579150020440857252 range_end = 134843984 current = 0x0 clength = 0 ---Type <return> to continue, or q <return> to quit--- rv = -1077942576 found = 0 num_ranges = 672148632 #15 0x0808281a in ap_pass_brigade (next=0x8208de8, bb=0x81fdf40) at util_filter.c:526 e = (apr_bucket *) 0x81f2038 #16 0x2852997a in cache_save_filter (f=0x81fdae8, in=0x81fdf40) at mod_cache.c:536 rv = 1 r = (request_rec *) 0x81fb200 cache = (cache_request_rec *) 0x81fbc48 conf = (cache_server_conf *) 0x80eeda8 cc_out = 0x0 cl = 0xf3c76180 <Address 0xf3c76180 out of bounds> exps = 0x0 lastmods = 0x81fdeb0 "Sat, 01 Sep 2007 12:19:34 GMT" dates = 0x283ce16c "\210@\002" etag = 0x81fdef0 "\"b6470f-f87-f3c76180;b64719-ac-4c23b600\"" exp = 0 date = 2899440114092474368 lastmod = 1188649174000000 now = 1194954391027742 size = 2899113957493041048 info = (cache_info *) 0x0 reason = 0x2852d3fa "r->no_cache present" p = (apr_pool_t *) 0x8208018 #17 0x0808281a in ap_pass_brigade (next=0x81fdae8, bb=0x81fdf40) at util_filter.c:526 e = (apr_bucket *) 0x81f2038 #18 0x0807112f in default_handler (r=0x81fb200) at core.c:3740 c = (conn_rec *) 0x81ee108 bb = (apr_bucket_brigade *) 0x81fdf40 e = (apr_bucket *) 0x81f2038 d = (core_dir_config *) 0x8209a88 errstatus = 304 fd = (apr_file_t *) 0x81fde28 status = 0 bld_content_md5 = 0 #19 0x0807751a in ap_run_handler (r=0x81fb200) at config.c:157 pHook = (ap_LINK_handler_t *) 0x81ae508 n = 7 rv = -1 #20 0x08077c99 in ap_invoke_handler (r=0x81fb200) at config.c:372 handler = 0x81834c0 "text/html" p = 0x0 result = 0 old_handler = 0x0 ignore = 0x0 #21 0x08086229 in ap_internal_redirect (new_uri=0x81fb1e0 "/manual/ko/ssl/ index.html.en", r=0x8208050) at http_request.c:477 new = (request_rec *) 0x81fb200 access_status = 0 #22 0x286f320d in handle_map_file (r=0x8208050) at mod_negotiation.c:3080 neg = (negotiation_state *) 0x820d168 map = (apr_file_t *) 0x820eb30 best = (var_rec *) 0x820dd70 res = 0 udir = 0x81fb1b0 "/manual/ko/ssl/" new_req = 0x81fb1e0 "/manual/ko/ssl/index.html.en" ---Type <return> to continue, or q <return> to quit--- #23 0x0807751a in ap_run_handler (r=0x8208050) at config.c:157 pHook = (ap_LINK_handler_t *) 0x81ae508 n = 2 rv = -1 #24 0x08077c99 in ap_invoke_handler (r=0x8208050) at config.c:372 handler = 0x0 p = 0x0 result = 0 old_handler = 0x8159788 "type-map" ignore = 0x0 #25 0x080859ec in ap_process_request (r=0x8208050) at http_request.c:258 access_status = 0 #26 0x08082dfc in ap_process_http_connection (c=0x81ee108) at http_core.c:184 r = (request_rec *) 0x8208050 csd = (apr_socket_t *) 0x0 #27 0x0807ecce in ap_run_process_connection (c=0x81ee108) at connection.c:43 pHook = (ap_LINK_process_connection_t *) 0x81ae980 n = 0 rv = -2 #28 0x0807f10c in ap_process_connection (c=0x81ee108, csd=0x81ee050) at connection.c:178 rc = -2 #29 0x0808afba in child_main (child_num_arg=1) at prefork.c:640 current_conn = (conn_rec *) 0x81ee108 csd = (void *) 0x81ee050 ptrans = (apr_pool_t *) 0x81ee018 allocator = (apr_allocator_t *) 0x81e9a80 status = 0 i = -1 lr = (ap_listen_rec *) 0x80ad998 pollset = (apr_pollset_t *) 0x81ec250 sbh = (ap_sb_handle_t *) 0x81ec248 bucket_alloc = (apr_bucket_alloc_t *) 0x81f2018 last_poll_idx = 1 #30 0x0808b15a in make_child (s=0x80b0eb8, slot=1) at prefork.c:736 pid = 0 #31 0x0808b1cd in startup_children (number_to_start=4) at prefork.c:754 i = 1 #32 0x0808b5f5 in ap_mpm_run (_pconf=0x80af018, plog=0x80dd018, s=0x80b0eb8) at prefork.c:975 index = 134866176 remaining_children_to_start = 5 rv = 0 #33 0x080623b7 in main (argc=2, argv=0xbfbfec20) at main.c:730 c = 68 'D' configtestonly = 0 confname = 0x808d77d "etc/apache22/httpd.conf" def_server_root = 0x808d795 "/usr/local" temp_error_log = 0x0 error = 0x0 process = (process_rec *) 0x80ad098 server_conf = (server_rec *) 0x80b0eb8 pglobal = (apr_pool_t *) 0x80ad018 pconf = (apr_pool_t *) 0x80af018 plog = (apr_pool_t *) 0x80dd018 ptemp = (apr_pool_t *) 0x80e2018 pcommands = (apr_pool_t *) 0x80b1018 ---Type <return> to continue, or q <return> to quit--- opt = (apr_getopt_t *) 0x80b10b0 rv = 0 mod = (module **) 0x8097030 optarg = 0xbfbfed2c "SSL" signal_server = (apr_OFN_ap_signal_server_t *) 0
CC myself on FreeBSD related bugs
One of our customer see very similar problem with Apache 2.2.24 (64bit/intel/Worker-MPM). ffff80ffbdb78a40 mod_mem_cache.so`cache_pq_remove+0x36() ffff80ffbdb78a70 mod_mem_cache.so`cache_remove+0x2e() ffff80ffbdb78aa0 mod_mem_cache.so`remove_url+0x5a() ffff80ffbdb78ad0 mod_cache.so`cache_remove_url+0x87() ffff80ffbdb78af0 mod_cache.so`cache_remove_url_filter+0x24() ffff80ffbdb78d20 ap_http_header_filter+0xc71() ffff80ffbdb78d90 ap_content_length_filter+0x204() ffff80ffbdb78e40 ap_byterange_filter+0x692() ffff80ffbdb78e70 ap_finalize_request_protocol+0x6d() ffff80ffbdb78ec0 ap_process_request+0x334() ffff80ffbdb78ef0 ap_process_http_connection+0x66() ffff80ffbdb78f20 ap_process_connection+0xad() ffff80ffbdb78fb0 worker_thread+0x1df() ffff80ffbdb78fc0 libapr-1.so.0.3.9`dummy_worker+0xe() ffff80ffbdb78fe0 libc.so.1`_thrp_setup+0xa5() ffff80ffbdb78ff0 libc.so.1`_lwp_start() Workaround is according them to disable mod_mem_cache.
While looking closely at core file I see it's throwing segmentation fault at 185 q->d[posn] = q->d[--q->size]; cache_pq_remove+0x23: movq (%rbx),%rcx cache_pq_remove+0x26: leaq -0x1(%rcx),%rax cache_pq_remove+0x2a: movq %rax,(%rbx) cache_pq_remove+0x2d: movq 0x30(%rbx),%rax cache_pq_remove+0x31: movq -0x8(%rax,%rcx,8),%rcx cache_pq_remove+0x36: movq %rcx,(%rax,%r12,8) <===== here
MCacheMaxObjectCount was set to 10099. But from core it seems that 'posn = q->get(d)' sets posn to 15151592. I can see also: q->size = 0 q->avail = 10100 q->step = 10100 size is zero. So shouldn't cache_pq_remove() start with something like: if (!q || q->size == 1) return NULL; ? BTW this might be related to 2.2 only as cache_pqueue.c doesn't seem to be present in 2.4.
Created attachment 33995 [details] Don't try to remove a replaced/missing entry Please try this patch, cache_remove() shouldn't be called unconditionally here.
I won't be able to test proposed fix as I cannot reproduce the issue. And since the customer is moving to version 2.4 I'm not sure he will do.
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd. As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd. If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question. If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with. Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.