52282 – Apache2 exit signal Segmentation fault (11) apr_bucket_free

Bug 52282 - Apache2 exit signal Segmentation fault (11) apr_bucket_free

Summary: Apache2 exit signal Segmentation fault (11) apr_bucket_free

Status:	RESOLVED DUPLICATE of bug 51747

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_fcgid (show other bugs)
Version:	2.2.20
Hardware:	PC Linux

Importance:	P2 blocker with 3 votes (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-12-04 04:22 UTC by Nick
Modified:	2012-10-30 21:23 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nick 2011-12-04 04:22:29 UTC

I am running Apache2 with mod_fcgid and am trying to upload a 700MB file. By the end of the upload proccess Apache dies with:

exit signal Segmentation fault (11)

however I am able to upload smaller files (around 200MB). PHP settings allow me to upload up to 2GB files as well as the mod_fcgid directive MaxRequestLen.

I have tried to backtrack the error and this is what I have on a gdb command:

Program terminated with signal 11, Segmentation fault.
#0  0xb76bb8f3 in apr_bucket_free () from /usr/lib/libaprutil-1.so.0

...

#0  0xb76bb8f3 in apr_bucket_free () from /usr/lib/libaprutil-1.so.0
#1  0xb76bbd1c in ?? () from /usr/lib/libaprutil-1.so.0
#2  0xb6ff5e1c in proc_write_ipc () from /usr/lib/apache2/modules/mod_fcgid.so
#3  0xb6fed2a2 in ?? () from /usr/lib/apache2/modules/mod_fcgid.so
#4  0xb6fed87a in ?? () from /usr/lib/apache2/modules/mod_fcgid.so
#5  0xb6fee273 in bridge_request () from /usr/lib/apache2/modules/mod_fcgid.so
#6  0xb6feb13a in ?? () from /usr/lib/apache2/modules/mod_fcgid.so
#7  0xb7779c2e in ap_run_handler (r=0xa966b918)
    at /build/buildd/apache2-2.2.20/server/config.c:159
#8  0xb777a0a6 in ap_invoke_handler (r=0xa966b918)
    at /build/buildd/apache2-2.2.20/server/config.c:377
#9  0xb778b15c in ap_internal_redirect (new_uri=0xa966b908 "/index.php", r=0xb734d058)
    at /build/buildd/apache2-2.2.20/modules/http/http_request.c:554
#10 0xb7330981 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
#11 0xb7779c2e in ap_run_handler (r=0xb734d058)
    at /build/buildd/apache2-2.2.20/server/config.c:159
#12 0xb777a0a6 in ap_invoke_handler (r=0xb734d058)
    at /build/buildd/apache2-2.2.20/server/config.c:377
#13 0xb778bae8 in ap_process_request (r=0xb734d058)
    at /build/buildd/apache2-2.2.20/modules/http/http_request.c:282
#14 0xb7788600 in ap_process_http_connection (c=0xb73ad208)
    at /build/buildd/apache2-2.2.20/modules/http/http_core.c:190
#15 0xb77811fe in ap_run_process_connection (c=0xb73ad208)
    at /build/buildd/apache2-2.2.20/server/connection.c:43
#16 0xb7792e26 in process_socket (bucket_alloc=<optimized out>, my_thread_num=0, 
    my_child_num=0, sock=0xb73ad058, p=<optimized out>)
    at /build/buildd/apache2-2.2.20/server/mpm/worker/worker.c:544
#17 worker_thread (thd=0xb7108428, dummy=0xb90403c8)
    at /build/buildd/apache2-2.2.20/server/mpm/worker/worker.c:894
#18 0xb76a651f in ?? () from /usr/lib/libapr-1.so.0
#19 0xb7669d31 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#20 0xb75b90ce in clone () from /lib/i386-linux-gnu/libc.so.6
Backtrace stopped: Not enough registers or memory available to unwind further

The generated core file is around 3GB ...

Any help would be appreciated. 

Thank you.

Comment 1 Nick 2011-12-07 11:39:26 UTC

Could I get an answer on this one please? I can't upload any large files without crashing Apache2.2.20.

Thank you.

Comment 2 William A. Rowe Jr. 2012-01-18 20:11:32 UTC

Nick.

What version of apr, and apr-util?

Comment 3 Nick 2012-01-19 12:46:59 UTC

libapr1 Version: 1.4.5-1
libaprutil1 Version: 1.3.12+dfsg-2

Comment 4 Tim 2012-04-14 15:27:25 UTC

I have the exact same problem. I can upload files of around 500MB without problems. But when I come close to or over 1GB apache dies as soon as the upload is at ~99% with a segmentation fault. When this happens a new apache process is taking over the upload and a new temp file is created (filling up again to ~99% of the original file). I could let it run forever until my /tmp dir is full of those almost finished uploads.

My system:
Gentoo Linux x86_64 with kernel 3.2.12
apache-2.2.22 with worker mpm
apr-1.4.5
aprutil.1.3.12
mod_fcgid-2.3.6
php-5.3.10

Comment 5 Dominic Benson 2012-08-15 09:04:35 UTC

This sounds very similar to what I found in bug 51747 (especially if combined with bug 51749, which exacerbates it) - that the memory usage shoots up at the end of the client data transfer, as the request is read back and handed off to the backend. 

The comment 'The generated core file is around 3GB ...' would support this as the cause, as on 32-bit, the process will run out of addressable memory around this point.

Comment 6 William A. Rowe Jr. 2012-10-30 21:23:25 UTC

Have to agree with Dominic here that this is simply a symptom of the larger issue already reported.  What could help was a stack trace with mod_fcgid built with the -g option (building mod_fcgid against httpd built with maintainer mode should automatically set those flags using that maintainer mode apxs command).

*** This bug has been marked as a duplicate of bug 51747 ***