You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2016/08/05 06:16:13 UTC
[Bug 59947] New: Crash under mod_cache_socache in run_cleanups
https://bz.apache.org/bugzilla/show_bug.cgi?id=59947
Bug ID: 59947
Summary: Crash under mod_cache_socache in run_cleanups
Product: Apache httpd-2
Version: 2.4.23
Hardware: PC
OS: FreeBSD
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: bugs@httpd.apache.org
Reporter: astrange@ithinksw.com
Found this crash on a web server.
# httpd -V
Server version: Apache/2.4.23 (Unix)
Server built: Aug 4 2016 02:49:24
Server's Module Magic Number: 20120211:61
Server loaded: APR 1.5.2, APR-UTIL 1.5.4
Compiled using: APR 1.5.2, APR-UTIL 1.5.4
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses disabled)
-D APR_USE_FLOCK_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D BUFFERED_LOGS
-D PIPE_BUF=512
-D DYNAMIC_MODULE_LIMIT=256
(gdb) bt full
#0 0x0000000801c653b4 in run_cleanups (cref=0x70) at
memory/unix/apr_pools.c:2348
c = 0x802dbe238
#1 0x0000000801c642a5 in apr_pool_destroy (pool=0x0) at
memory/unix/apr_pools.c:804
active = 0x4a3d8b <invalidate_entity+155>
allocator = 0x80cc2e550
#2 0x00000000004a3e5f in commit_entity (r=0x80cc25bb0, h=<optimized out>) at
mod_cache_socache.c:1126
conf = 0x802db28e8
obj = 0x80cc2e380
sobj = 0x80cc2e3e8
rv = 0
#3 invalidate_entity (h=<optimized out>, r=0x80cc25bb0) at
mod_cache_socache.c:1165
No locals.
#4 0x0000000000498fb7 in cache_invalidate (cache=cache@entry=0x80cc25828,
r=r@entry=0x80cc25bb0) at cache_storage.c:748
list = 0x80cc25810
rv = <optimized out>
status = <optimized out>
h = 0x80cc2e368
location_uri = {scheme = 0x7ffff43a1930 "p\031:\364\377\177",
hostinfo = 0x8017e6bbd <apr_bucket_heap_make+253>
"H\211E\350H\213E\350H\213\025\224]\"", user = 0x43c170 <ap...@plt>
"\377%\252\276=",
password = 0x1f40 <error: Cannot access memory at address 0x1f40>,
hostname = 0x80cc2f048 "HTTP/1.1 200 OK\r\nDate: Fri, 05 Aug 2016
03:05:15 GMT\r\nServer: Apache\r\nCache-Control: public, max-age=120,
s-maxage=120\r\nVary: Cookie,Accept-Encoding\r\nContent-Encoding:
gzip\r\nX-Frame-Options: SAMEORIGI"..., port_str = 0x80cc1e4c8
"\320\340\302\f\b",
path = 0x80cc1e548 "\240", query = 0x80cc1e568 "\001", fragment =
0x7ffff43a1970 " \032:\364\377\177",
hostent = 0x8017e6c4d <apr_bucket_heap_create+119>, port = 57384,
is_initialized = 1, dns_looked_up = 0, dns_resolved = 0}
content_location_uri = {scheme = 0x1f40 <error: Cannot access memory at
address 0x1f40>,
hostinfo = 0x80cc2f048 "HTTP/1.1 200 OK\r\nDate: Fri, 05 Aug 2016
03:05:15 GMT\r\nServer: Apache\r\nCache-Control: public, max-age=120,
s-maxage=120\r\nVary: Cookie,Accept-Encoding\r\nContent-Encoding:
gzip\r\nX-Frame-Options: SAMEORIGI"..., user = 0x80cc2dbf0 "text/html;
charset=UTF-8",
password = 0x80cc1e4c8 "\320\340\302\f\b", hostname = 0x7ffff43a1a20
"\310\340\302\f\b",
port_str = 0x8017e5880 <apr_brigade_writev+805>
"H\213E\330H\001E\250H\203E\240\001H\213E\240H;\205h\377\377\377r\236H\213E\270H\213P\030H\213E\230H\001\302H\213E\270H\211P\030\270",
path = 0x1000266eafc <error: Cannot access memory at address 0x1000266eafc>,
query = 0x20 <error: Cannot access memory at address 0x20>, fragment
= 0x80cc2e128 "\250\333\302\f\b", hostent = 0x0, port = 0,
is_initialized = 0, dns_looked_up = 0, dns_resolved = 0}
location = <optimized out>
location_key = 0x0
content_location = <optimized out>
content_location_key = 0x0
---Type <return> to continue, or q <return> to quit---
#5 0x0000000000493d9b in cache_invalidate_filter (f=0x80cc25930,
in=0x80cc2e0c8) at mod_cache.c:1682
r = 0x80cc25bb0
cache = 0x80cc25828
#6 0x00000000004cd9b3 in ap_http_header_filter (f=<optimized out>,
b=0x80cc2dd48) at http_filters.c:1354
r = 0x80cc25bb0
c = <optimized out>
clheader = <optimized out>
protocol = 0x5c0ae5 "HTTP/1.1"
e = <optimized out>
b2 = 0x80cc2e0c8
h = {pool = 0x80cc20028, bb = 0x80cc2e0c8}
ctx = 0x0
ctype = <optimized out>
eb = <optimized out>
#7 0x0000000000454528 in ap_content_length_filter (f=0x80cc21710,
b=0x80cc2dd48) at protocol.c:1443
r = 0x80cc25bb0
ctx = 0x80cc2de00
e = 0x80cc1e248
eos = <optimized out>
eblock = <optimized out>
#8 0x00000000004cfceb in ap_byterange_filter (f=0x80cc216e8, bb=<optimized
out>) at byterange_filter.c:494
r = 0x80cc25bb0
c = 0x80b0e0338
e = <optimized out>
bsend = <optimized out>
tmpbb = <optimized out>
range_start = <optimized out>
range_end = <optimized out>
clength = <optimized out>
rv = <optimized out>
found = 0
bound_head = 0x0
indexes = <optimized out>
idx = <optimized out>
i = <optimized out>
original_status = <optimized out>
---Type <return> to continue, or q <return> to quit---
max_ranges = <optimized out>
max_overlaps = <optimized out>
max_reversals = 20
overlaps = <optimized out>
reversals = <optimized out>
core_conf = <optimized out>
#9 0x000000000050a957 in session_output_filter (f=0x80cc2a160, in=0x80cc2dd48)
at mod_session.c:478
r = 0x0
#10 0x00000000004c2c97 in deflate_out_filter (f=0x80cc2a138, bb=<optimized
out>) at mod_deflate.c:893
buf = <optimized out>
b = <optimized out>
e = 0x80cc1e248
r = 0x80cc25bb0
ctx = 0x80cc2dc60
zRC = <optimized out>
len = 0
blen = 34359738368
data = 0x20 <error: Cannot access memory at address 0x20>
c = 0x802c99738
#11 0x00000000004b9c1d in filter_harness (f=0x80cc2a138, bb=0x80cc2dda8) at
mod_filter.c:323
ret = <optimized out>
cachecontrol = <optimized out>
ctx = 0x80cc2a1c8
filter = <optimized out>
#12 0x0000000000574196 in action_handler (r=0x80cc200a0) at mod_actions.c:205
conf = <optimized out>
t = <optimized out>
action = <optimized out>
script = 0x802daf741
i = <optimized out>
#13 0x000000000046e60a in ap_run_handler (r=0x80cc200a0) at config.c:170
pHook = <optimized out>
n = 15
rv = -1
#14 ap_invoke_handler (r=r@entry=0x80cc200a0) at config.c:434
handler = <optimized out>
---Type <return> to continue, or q <return> to quit---
p = <optimized out>
result = <optimized out>
old_handler = 0x802daf240 "php-fcgi"
ignore = <optimized out>
#15 0x00000000004ca8db in ap_process_async_request (r=r@entry=0x80cc200a0) at
http_request.c:410
c = 0x80b0e0338
access_status = 0
#16 0x00000000004c6181 in ap_process_http_async_connection (c=0x80b0e0338) at
http_core.c:154
r = 0x80cc200a0
cs = 0x80b0e0310
#17 ap_process_http_connection (c=0x80b0e0338) at http_core.c:248
No locals.
#18 0x0000000000478e6a in ap_run_process_connection (c=c@entry=0x80b0e0338) at
connection.c:42
pHook = <optimized out>
n = 4
rv = -1
#19 0x0000000000583b40 in process_socket (my_thread_num=42, my_child_num=2,
cs=0x80b0e02a8, sock=0x80b0e00a0, p=0x80b0e0028, thd=0x80b0119d8) at
event.c:1102
c = 0x80b0e0338
sbh = 0x80b0e0290
conn_id = <optimized out>
rc = <optimized out>
#20 worker_thread (thd=0x80b0119d8, dummy=<optimized out>) at event.c:1963
ti = <optimized out>
process_slot = 2
thread_slot = 42
csd = 0x80b0e00a0
cs = 0x0
ptrans = 0x80b0e0028
rv = <optimized out>
is_idle = 0
te = 0x0
#21 0x0000000801c73125 in dummy_worker (opaque=0x80b0119d8) at
threadproc/unix/thread.c:142
thread = 0x80b0119d8
#22 0x00000008020a8585 in thread_start (curthread=0x80b020c00) at
/usr/src/lib/libthr/thread/thr_create.c:284
set = {__bits = {0, 0, 0, 0}}
#23 0x0000000000000000 in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7ffff43a2000
(gdb)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 59947] Crash under mod_cache_socache in run_cleanups
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59947
Alexander Strange <as...@ithinksw.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|All |mod_cache
--- Comment #1 from Alexander Strange <as...@ithinksw.com> ---
The server is using cache/socache/proxy_fcgi/event mpm.
New backtrace:
(gdb) info locals
c = 0x802dbe238
(gdb) info registers
rax 0x70 112
rbx 0x81081bbd8 34636676056
rcx 0x19319 103193
rdx 0x0 0
rsi 0x16 22
rdi 0x70 112
rbp 0x7ffff43a1850 0x7ffff43a1850
rsp 0x7ffff43a1830 0x7ffff43a1830
r8 0x0 0
r9 0xfffffe0000444010 -2199018782704
r10 0xb5c1f 744479
r11 0x202 514
r12 0x810824968 34636712296
r13 0x81081bb70 34636675952
r14 0x802db28e8 34407655656
r15 0x0 0
rip 0x801c63372 0x801c63372 <run_cleanups+16>
eflags 0x10206 [ PF IF RF ]
cs 0x43 67
ss 0x3b 59
ds <unavailable>
es <unavailable>
fs <unavailable>
gs <unavailable>
(gdb) print *c
$1 = {next = 0x802c21028, data = 0x802c1c330, plain_cleanup_fn = 0x802dbe218,
child_cleanup_fn = 0x802dbe238}
(gdb) x/i $pc
=> 0x801c63372 <run_cleanups+16>: mov (%rax),%rax
(gdb) bt full
#0 0x0000000801c63372 in run_cleanups (cref=0x70) at
memory/unix/apr_pools.c:2348
c = 0x802dbe238
#1 0x0000000801c6225d in apr_pool_destroy (pool=0x0) at
memory/unix/apr_pools.c:804
active = 0x4a2bae <invalidate_entity+158>
allocator = 0x81081bd40
#2 0x00000000004a2c7c in commit_entity (r=0x810824968, h=<optimized out>) at
mod_cache_socache.c:1155
conf = <optimized out>
obj = <optimized out>
sobj = <optimized out>
rv = <optimized out>
#3 invalidate_entity (h=<optimized out>, r=0x810824968) at
mod_cache_socache.c:1165
No locals.
#4 0x0000000000498503 in cache_invalidate (cache=cache@entry=0x8108245e0,
r=r@entry=0x810824968) at cache_storage.c:748
list = 0x8108245c8
rv = <optimized out>
status = <optimized out>
h = 0x81081bb58
location_uri = {scheme = 0x7ffff43a1980 "\260\031:\364\377\177",
hostinfo = 0x801c7194f <explode_time+274>
"\211\302H\213E\250\211P(\220\311\303UH\211\345H\203\354
H\211}\370H\211u\360\211U\354\213U\354H\213u\360H\213E\370\271", user =
0x43c170 <ap...@plt> "\377%\252\233=", password = 0x0,
hostname = 0x5398268793c1c <error: Cannot access memory at address
0x5398268793c1c>, port_str = 0x7ffff43a19e0 "\340E\202\020\b",
path = 0x1f60 <error: Cannot access memory at address 0x1f60>, query
= 0x57a7af28 <error: Cannot access memory at address 0x57a7af28>,
fragment = 0x3b00000004 <error: Cannot access memory at address
0x3b00000004>, hostent = 0x700000015, port = 7, is_initialized = 0,
dns_looked_up = 0, dns_resolved = 0}
content_location_uri = {scheme = 0x0, hostinfo = 0x0, user =
0x802668710 "UTC", password = 0x81080e4c8 "\300\270\201\020\b",
hostname = 0x7ffff43a19b0 "",
port_str = 0x8017e388b <apr_brigade_writev+805>
"H\213E\330H\001E\250H\203E\240\001H\213E\240H;\205h\377\377\377r\236H\213E\270H\213P\030H\213E\230H\001\302H\213E\270H\211P\030\270",
path = 0x1000266cafc <error: Cannot access memory at address 0x1000266cafc>,
query = 0x20 <error: Cannot access memory at address 0x20>, fragment
= 0x81081b918 "\230\263\201\020\b", hostent = 0x0, port = 0,
is_initialized = 0, dns_looked_up = 0, dns_resolved = 0}
location = <optimized out>
location_key = 0x0
content_location = <optimized out>
content_location_key = 0x0
#5 0x0000000000493c7a in cache_invalidate_filter (f=0x8108246e8,
in=0x81081b8b8) at mod_cache.c:1682
r = 0x810824968
---Type <return> to continue, or q <return> to quit---
cache = 0x8108245e0
#6 0x00000000004cc857 in ap_http_header_filter (f=<optimized out>,
b=0x81081b538) at http_filters.c:1354
r = 0x810824968
c = <optimized out>
clheader = <optimized out>
protocol = 0x5bf58d "HTTP/1.1"
e = <optimized out>
b2 = <optimized out>
h = {pool = 0x810816028, bb = 0x81081b8b8}
ctx = 0x0
ctype = <optimized out>
eb = <optimized out>
#7 0x0000000000454248 in ap_content_length_filter (f=0x810817710,
b=0x81081b538) at protocol.c:1443
r = 0x810824968
ctx = 0x81081b5f0
e = 0x81080e1a8
eos = <optimized out>
eblock = <optimized out>
#8 0x00000000004ce936 in ap_byterange_filter (f=0x8108176e8, bb=0x81081b538)
at byterange_filter.c:494
r = 0x810824968
c = <optimized out>
e = <optimized out>
bsend = <optimized out>
tmpbb = <optimized out>
range_start = <optimized out>
range_end = <optimized out>
clength = <optimized out>
rv = <optimized out>
found = 0
bound_head = 0x0
indexes = <optimized out>
idx = <optimized out>
i = <optimized out>
original_status = <optimized out>
max_ranges = <optimized out>
max_overlaps = <optimized out>
---Type <return> to continue, or q <return> to quit---
max_reversals = <optimized out>
overlaps = <optimized out>
reversals = <optimized out>
core_conf = <optimized out>
#9 0x0000000000508d04 in session_output_filter (f=0x810810e08, in=0x81081b538)
at mod_session.c:478
r = 0x0
#10 0x00000000004c21ab in deflate_out_filter (f=0x810810de0, bb=<optimized
out>) at mod_deflate.c:893
buf = <optimized out>
b = <optimized out>
e = 0x81080e1a8
r = 0x810824968
ctx = 0x81081b450
zRC = <optimized out>
len = 0
blen = 5025667
data = 0x0
c = 0x802c99738
#11 0x00000000004b8c55 in filter_harness (f=0x810810de0, bb=0x81081b598) at
mod_filter.c:323
ret = <optimized out>
cachecontrol = <optimized out>
ctx = 0x810810e70
filter = <optimized out>
#12 0x0000000000572f52 in action_handler (r=0x8108160a0) at mod_actions.c:205
conf = <optimized out>
t = <optimized out>
action = <optimized out>
script = 0x802daf741 "/php-www"
i = <optimized out>
#13 0x000000000046d9d9 in ap_run_handler (r=0x8108160a0) at config.c:170
pHook = <optimized out>
n = <optimized out>
rv = <optimized out>
#14 ap_invoke_handler (r=r@entry=0x8108160a0) at config.c:434
handler = <optimized out>
p = <optimized out>
result = <optimized out>
---Type <return> to continue, or q <return> to quit---
old_handler = 0x802daf240 "php-fcgi"
ignore = <optimized out>
#15 0x00000000004c9b23 in ap_process_async_request (r=r@entry=0x8108160a0) at
http_request.c:410
access_status = 0
#16 0x00000000004c52f1 in ap_process_http_async_connection (c=0x80b0b2338) at
http_core.c:154
r = 0x8108160a0
cs = 0x80b0b2310
#17 ap_process_http_connection (c=0x80b0b2338) at http_core.c:248
No locals.
#18 0x0000000000478ac3 in ap_run_process_connection (c=c@entry=0x80b0b2338) at
connection.c:42
pHook = <optimized out>
n = 4
rv = -1
#19 0x0000000000583c9d in process_socket (my_thread_num=42, my_child_num=15,
cs=0x80b0b22a8, sock=0x80b0b20a0, p=0x80b0b2028, thd=0x80b0119d8)
at event.c:1102
c = 0x80b0b2338
sbh = 0x80b0b2dc0
conn_id = <optimized out>
rc = <optimized out>
#20 worker_thread (thd=0x80b0119d8, dummy=<optimized out>) at event.c:1963
ti = <optimized out>
process_slot = 15
thread_slot = 42
csd = 0x80b0b20a0
cs = 0x80b0b22a8
ptrans = 0x80b0b2028
rv = <optimized out>
is_idle = 0
te = 0x0
#21 0x0000000801c711f8 in dummy_worker (opaque=0x80b0119d8) at
threadproc/unix/thread.c:142
thread = 0x80b0119d8
#22 0x00000008020a6585 in thread_start (curthread=0x80b020c00) at
/usr/src/lib/libthr/thread/thr_create.c:284
set = {__bits = {0, 0, 0, 0}}
#23 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7ffff43a2000
(gdb)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 59947] Crash under mod_cache_socache in run_cleanups
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59947
--- Comment #2 from Jim Jagielski <ji...@apache.org> ---
What socache provider are you using?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org