You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/03/20 16:33:34 UTC
DO NOT REPLY [Bug 39035] New: - Child httpd process dumps core in apr_allocator_destroy
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39035>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39035
Summary: Child httpd process dumps core in apr_allocator_destroy
Product: APR
Version: 1.2.2
Platform: Macintosh
OS/Version: Mac OS X 10.4
Status: NEW
Severity: normal
Priority: P2
Component: APR
AssignedTo: bugs@httpd.apache.org
ReportedBy: distler@golem.ph.utexas.edu
Apache 2.3.0dev, compiled with APR 1.2.2 on MacOSX 10.4.5.
Child httpd processes intermittently dump core with
---------------------------------------------------
httpd(15950) malloc: *** Deallocation of a pointer not malloced: 0x1929000;
This could be a double free(), or free() called with the middle of an allocated
block; Try setting environment variable MallocHelp to see tools to help debug
httpd(15950) malloc: *** Deallocation of a pointer not malloced: 0x357b; This
could be a double free(), or free() called with the middle of an allocated block;
Try setting environment variable MallocHelp to see tools to help debug
[Mon Mar 20 05:11:09 2006] [notice] child pid 15950 exit signal Segmentation
fault (11)
---------------------------------------------------
appearing in the httpd error_log.
The crash-reporter log reveals that the problem lies in libapr-1.0's
apr_allocator_destroy():
---------------------------------------------------
**********
Host Name: Jacques-Distlers-Computer
Date/Time: 2006-03-20 05:11:08.122 -0600
OS Version: 10.4.5 (Build 8H14)
Report Version: 4
Command: httpd
Path: /usr/local/apache2/bin/httpd
Parent: httpd [13312]
Version: ??? (???)
PID: 15950
Thread: 0
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_INVALID_ADDRESS (0x0001) at 0x78809b00
Thread 0 Crashed:
0 libapr-1.0.dylib 0x003c2260 apr_allocator_destroy + 44 (apr_pools.c:110)
1 httpd 0x00027ee4 clean_child_exit + 64 (prefork.c:198)
2 httpd 0x00028610 child_main + 1308 (prefork.c:661)
3 httpd 0x00028764 make_child + 320 (prefork.c:739)
4 httpd 0x00029070 ap_mpm_run + 2096 (prefork.c:861)
5 httpd 0x000031e0 main + 3200 (main.c:712)
6 httpd 0x00001a28 _start + 340 (crt.c:272)
7 httpd 0x000018d0 start + 60
Thread 0 crashed with PPC Thread State 64:
srr0: 0x00000000003c2260 srr1: 0x100000000000f030
vrsave: 0x0000000000000000
cr: 0x42004424 xer: 0x0000000020000000 lr: 0x00000000003c226c
ctr: 0x0000000090014500
r0: 0x00000000003c226c r1: 0x00000000bffff460 r2: 0x0000000000000000
r3: 0x0000000078809b00
r4: 0x0000000000000000 r5: 0x0000000000000013 r6: 0xfffffffffffffffa
r7: 0x0000000000000003
r8: 0x0000000035376200 r9: 0x00000000bffff294 r10: 0x0000000000000000
r11: 0x00000000a00062d4
r12: 0x0000000090014500 r13: 0x00000000000480fc r14: 0x00000000000380fc
r15: 0x000000000191b018
r16: 0x00000000000380fc r17: 0x000000000003f0b4 r18: 0x00000000000480fc
r19: 0x00000000000480fc
r20: 0x00000000000480fc r21: 0x00000000000380fc r22: 0x000000000003f108
r23: 0x0000000000000001
r24: 0x00000000000480fc r25: 0x00000000000480fc r26: 0x000000000003f114
r27: 0x00000000005a4300
r28: 0x00000000005a4314 r29: 0x0000000000000004 r30: 0x00000000005a4318
r31: 0x0000000000027eac
Binary Images Description:
0x1000 - 0x3dfff httpd /usr/local/apache2/bin/httpd
0x122000 - 0x132fff libaprutil-1.0.dylib
/usr/local/apr/lib/libaprutil-1.0.dylib
0x172000 - 0x18bfff libexpat.0.dylib /usr/local/apr/lib/libexpat.0.dylib
0x1b7000 - 0x1b8fff mod_access_compat.so
/usr/local/apache2/modules/mod_access_compat.so
0x1c0000 - 0x1c0fff mod_actions.so /usr/local/apache2/modules/mod_actions.so
0x1c7000 - 0x1c8fff mod_alias.so /usr/local/apache2/modules/mod_alias.so
0x1d1000 - 0x1d1fff mod_asis.so /usr/local/apache2/modules/mod_asis.so
0x1d8000 - 0x1d8fff mod_auth_basic.so
/usr/local/apache2/modules/mod_auth_basic.so
0x1e0000 - 0x1e4fff mod_auth_digest.so
/usr/local/apache2/modules/mod_auth_digest.so
0x1f0000 - 0x1f0fff mod_authn_anon.so
/usr/local/apache2/modules/mod_authn_anon.so
0x1f7000 - 0x1f7fff mod_authn_core.so
/usr/local/apache2/modules/mod_authn_core.so
0x305000 - 0x39efff libdb-4.1.dylib
/usr/local/BerkeleyDB.4.1/lib/libdb-4.1.dylib
0x3b7000 - 0x3d1fff libapr-1.0.dylib /usr/local/apr/lib/libapr-1.0.dylib
0x431000 - 0x431fff mod_authn_dbd.so
/usr/local/apache2/modules/mod_authn_dbd.so
0x439000 - 0x439fff mod_authn_dbm.so
/usr/local/apache2/modules/mod_authn_dbm.so
0x441000 - 0x441fff mod_authn_default.so
/usr/local/apache2/modules/mod_authn_default.so
0x448000 - 0x448fff mod_authn_file.so
/usr/local/apache2/modules/mod_authn_file.so
0x44f000 - 0x450fff mod_authz_core.so
/usr/local/apache2/modules/mod_authz_core.so
0x459000 - 0x45afff mod_authz_dbd.so
/usr/local/apache2/modules/mod_authz_dbd.so
0x462000 - 0x462fff mod_authz_dbm.so
/usr/local/apache2/modules/mod_authz_dbm.so
0x469000 - 0x469fff mod_authz_default.so
/usr/local/apache2/modules/mod_authz_default.so
0x470000 - 0x471fff mod_authz_groupfile.so
/usr/local/apache2/modules/mod_authz_groupfile.so
0x479000 - 0x479fff mod_authz_host.so
/usr/local/apache2/modules/mod_authz_host.so
0x480000 - 0x480fff mod_authz_owner.so
/usr/local/apache2/modules/mod_authz_owner.so
0x487000 - 0x487fff mod_authz_user.so
/usr/local/apache2/modules/mod_authz_user.so
0x48e000 - 0x493fff mod_autoindex.so
/usr/local/apache2/modules/mod_autoindex.so
0x4a0000 - 0x4a0fff mod_cern_meta.so
/usr/local/apache2/modules/mod_cern_meta.so
0x4a8000 - 0x4abfff mod_cgi.so /usr/local/apache2/modules/mod_cgi.so
0x4b8000 - 0x4bffff mod_dav_fs.so /usr/local/apache2/modules/mod_dav_fs.so
0x4e1000 - 0x4e3fff mod_deflate.so /usr/local/apache2/modules/mod_deflate.so
0x4ee000 - 0x4eefff mod_dir.so /usr/local/apache2/modules/mod_dir.so
0x4f5000 - 0x4f5fff mod_dumpio.so /usr/local/apache2/modules/mod_dumpio.so
0x605000 - 0x616fff mod_dav.so /usr/local/apache2/modules/mod_dav.so
0x64f000 - 0x64ffff mod_env.so /usr/local/apache2/modules/mod_env.so
0x656000 - 0x657fff mod_expires.so /usr/local/apache2/modules/mod_expires.so
0x65f000 - 0x661fff mod_ext_filter.so
/usr/local/apache2/modules/mod_ext_filter.so
0x66c000 - 0x66dfff mod_filter.so /usr/local/apache2/modules/mod_filter.so
0x677000 - 0x678fff mod_headers.so /usr/local/apache2/modules/mod_headers.so
0x682000 - 0x683fff mod_ident.so /usr/local/apache2/modules/mod_ident.so
0x68b000 - 0x68dfff mod_imagemap.so
/usr/local/apache2/modules/mod_imagemap.so
0x696000 - 0x69dfff mod_include.so /usr/local/apache2/modules/mod_include.so
0x6af000 - 0x6b1fff mod_info.so /usr/local/apache2/modules/mod_info.so
0x6ba000 - 0x6bdfff mod_log_config.so
/usr/local/apache2/modules/mod_log_config.so
0x6cb000 - 0x6ccfff mod_log_forensic.so
/usr/local/apache2/modules/mod_log_forensic.so
0x6d4000 - 0x6d4fff mod_logio.so /usr/local/apache2/modules/mod_logio.so
0x6dc000 - 0x6defff mod_mime.so /usr/local/apache2/modules/mod_mime.so
0x6e8000 - 0x6ebfff mod_mime_magic.so
/usr/local/apache2/modules/mod_mime_magic.so
0x6f8000 - 0x6fdfff mod_negotiation.so
/usr/local/apache2/modules/mod_negotiation.so
0x70c000 - 0x716fff mod_rewrite.so /usr/local/apache2/modules/mod_rewrite.so
0x72a000 - 0x72bfff mod_setenvif.so
/usr/local/apache2/modules/mod_setenvif.so
0x734000 - 0x735fff mod_speling.so /usr/local/apache2/modules/mod_speling.so
0x73d000 - 0x759fff mod_ssl.so /usr/local/apache2/modules/mod_ssl.so
0x7f3000 - 0x7f6fff mod_status.so /usr/local/apache2/modules/mod_status.so
0x1008000 - 0x1035fff libssl.0.9.7.dylib /sw/lib/libssl.0.9.7.dylib
0x1047000 - 0x1117fff libcrypto.0.9.7.dylib /sw/lib/libcrypto.0.9.7.dylib
0x1177000 - 0x1178fff mod_unique_id.so
/usr/local/apache2/modules/mod_unique_id.so
0x117f000 - 0x117ffff mod_userdir.so /usr/local/apache2/modules/mod_userdir.so
0x1187000 - 0x1188fff mod_usertrack.so
/usr/local/apache2/modules/mod_usertrack.so
0x1190000 - 0x1190fff mod_version.so /usr/local/apache2/modules/mod_version.so
0x1195000 - 0x1196fff mod_vhost_alias.so
/usr/local/apache2/modules/mod_vhost_alias.so
0x119e000 - 0x1274fff libiconv.2.dylib /usr/local/lib/libiconv.2.dylib
0x12ac000 - 0x12e7fff libmysqlclient.14.dylib
/Library/MySQL/lib/mysql/libmysqlclient.14.dylib
0x13d5000 - 0x14cdfff libxml2.2.dylib /usr/local/lib/libxml2.2.dylib
0x2008000 - 0x228cfff libphp5.so /usr/local/apache2/modules/libphp5.so
0x8fe00000 - 0x8fe54fff dyld 44.2 /usr/lib/dyld
0x90000000 - 0x901b3fff libSystem.B.dylib /usr/lib/libSystem.B.dylib
0x9020b000 - 0x9020ffff libmathCommon.A.dylib
/usr/lib/system/libmathCommon.A.dylib
0x9108e000 - 0x9109cfff libz.1.dylib /usr/lib/libz.1.dylib
0x913af000 - 0x913b7fff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib
0x913bc000 - 0x913dcfff libmx.A.dylib /usr/lib/libmx.A.dylib
0x92d08000 - 0x92df6fff libiconv.2.dylib /usr/lib/libiconv.2.dylib
0x943d0000 - 0x9440dfff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib
---------------------------------------------------
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39035] - Child httpd process dumps core in apr_allocator_destroy
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39035>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39035
------- Additional Comments From wrowe@apache.org 2006-03-21 19:02 -------
You may want to -try- setting maxrequestsperchild to a much smaller number, even
squeezing it down to 1, to help identify the type of requests which corrupt your
server's environment (it's clearly corruption from the info you provided.)
You should also look at mod_log_forensic which will catch a worker when the
request comes in, log the request, and note a corresponding log entry when the
request completes. Any request which causes a segfault ends up with only one
entry in the forensic log.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39035] - Child httpd process dumps core in apr_allocator_destroy
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39035>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39035
------- Additional Comments From distler@golem.ph.utexas.edu 2006-03-21 16:03 -------
(In reply to comment #1)
> Note that it's equally likely that corruption elsewhere was the problem, and
> this is just the evidence of the corruption.
That may be. The "malloc" message in the httpd error_log is specific to this
crash in apr_allocator_destroy(). But, looking at the crash logs, I see also
crashes in apr_bucket_free(), apr_palloc() and apr_brigade_writev().
I can attach sample crash-reporter logs for those as well.
> Can you please describe the
> reproduction details? Frequency?
I don't know how to reproduce the crashes. They happen sporadically, maybe a
dozen or two times a day:
% grep 2006-03-13 /Library/Logs/CrashReporter/httpd.crash.log | wc -l
20
% grep 2006-03-14 /Library/Logs/CrashReporter/httpd.crash.log | wc -l
16
% grep 2006-03-15 /Library/Logs/CrashReporter/httpd.crash.log | wc -l
20
% grep 2006-03-16 /Library/Logs/CrashReporter/httpd.crash.log | wc -l
19
% grep 2006-03-17 /Library/Logs/CrashReporter/httpd.crash.log | wc -l
17
% grep 2006-03-18 /Library/Logs/CrashReporter/httpd.crash.log | wc -l
10
% grep 2006-03-19 /Library/Logs/CrashReporter/httpd.crash.log | wc -l
12
% grep 2006-03-20 /Library/Logs/CrashReporter/httpd.crash.log |wc -l
46
> Are specific types of requests, proxy, ssl,
> or otherwise, required before a shutdown will cause this fault?
Looking at the access logs, I don't see any sort of pattern in the requests
immediately preceding a crash.
Of course, since there are several child processes servicing requests, I'm
mostly staring at entries produced by children that *didn't* crash. Buried among
them is the child process that did.
I can probably rule out SSL requests, as there are very few of those/day and
probably none coinciding with the crashes. Maybe mod_deflate or mod_include ... ?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39035] - Child httpd process dumps core in apr_allocator_destroy
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39035>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39035
------- Additional Comments From wrowe@apache.org 2006-03-21 10:21 -------
Please try changing your loglevel to warn instead of debug.
I've noticed some very odd post-destruction behavior coming from the hooks
in mod_ssl, and although I've fixed the crash-on-shutdown that occurs on Win32
due to an invalid criticial section lock that was already destroyed, this might
be a similar issue.
Note that it's equally likely that corruption elsewhere was the problem, and
this is just the evidence of the corruption. Can you please describe the
reproduction details? Frequency? Are specific types of requests, proxy, ssl,
or otherwise, required before a shutdown will cause this fault?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39035] - Child httpd process dumps core in apr_allocator_destroy
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39035>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39035
wrowe@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From wrowe@apache.org 2006-03-21 21:06 -------
I'm invalidating this bug since it appears to be a flaw in httpd or one of the
many loaded modules, and there are enough hints here to start a bug in httpd
once a reproduction case is identified.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org