Bug 53284 - crash
crash
Status: NEW
Product: Apache httpd-2
Classification: Unclassified
Component: mod_setenvif
2.2.22
PC Linux
: P2 normal (vote)
: ---
Assigned To: Apache HTTPD Bugs Mailing List
: FixedInTrunk
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2012-05-24 00:32 UTC by pioklo
Modified: 2012-05-27 22:12 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description pioklo 2012-05-24 00:32:22 UTC
Hello !
We have some segfaults with apache 2.2.22

here is some debug

Core was generated by `/usr/sbin/httpd -k start -DSSL'.
Program terminated with signal 6, Aborted.
#0  0x00007f5d94c9d165 in raise () from /lib/libc.so.6
(gdb) bt full
#0  0x00007f5d94c9d165 in raise () from /lib/libc.so.6
No symbol table info available.
#1  0x00007f5d94c9ff70 in abort () from /lib/libc.so.6
No symbol table info available.
#2  0x000000000044be0f in ap_log_assert (szExp=0x4d00cf "preg != NULL", szFile=0x4d00c0 "mod_setenvif.c", nLine=176) at log.c:882
        time_str = "Thu May 24 02:14:19 2012"
#3  0x00000000004617c5 in is_header_regex (cmd=0x7f5d5d67fb30, mconfig=<value optimized out>, fname=0x4d00dc "User-Agent", args=
    0x2686ca23 "gzip-only-text/html") at mod_setenvif.c:176
        preg = 0x0
#4  add_setenvif_core (cmd=0x7f5d5d67fb30, mconfig=<value optimized out>, fname=0x4d00dc "User-Agent", args=0x2686ca23 "gzip-only-text/html")
    at mod_setenvif.c:355
        regex = 0x269ba530 "^Mozilla/4"
        simple_pattern = <value optimized out>
        feature = <value optimized out>
        sconf = <value optimized out>
        new = 0x269ba0d0
        var = <value optimized out>
        i = <value optimized out>
        beenhere = <value optimized out>
        icase = 0
#5  0x00000000004482ee in invoke_cmd (cmd=0x4d04b0, parms=0x7f5d5d67fb30, mconfig=0x269ba0a8, args=0x2686ca18 "^Mozilla/4 gzip-only-text/html") at config.c:757
        w = <value optimized out>
        w2 = <value optimized out>
        w3 = <value optimized out>
        errmsg = <value optimized out>
#6  0x00000000004485a2 in ap_walk_config_sub (current=0x2686c9d8, parms=0x7f5d5d67fb30, section_vector=0x26877ce8) at config.c:1163
        dir_config = 0x0
        cmd = 0xe53
        ml = <value optimized out>
        dir = <value optimized out>
#7  ap_walk_config (current=0x2686c9d8, parms=0x7f5d5d67fb30, section_vector=0x26877ce8) at config.c:1196
        errmsg = <value optimized out>
        oldconfig = 0x0
#8  0x0000000000449514 in ap_parse_htaccess (result=<value optimized out>, r=0x26d9d1b0, override=31, override_opts=255, d=<value optimized out>, access_name=
    0x3431359 "") at config.c:1827
        errmsg = 0x0
        temptree = 0x2686c9d8
        f = 0x26868928
        parms = {info = 0x0, override = 31, limited = -1, limited_xmethods = 0x0, xlimited = 0x0, config_file = 0x26868928, directive = 0x2686c9d8, pool =
    0x26d9d138, temp_pool = 0x26d9d138, server = 0x17277920, path = 0x268677e0 "/home/ajsit80/domains/futbolbezbarier.org/public_html/", cmd = 0x4d04b0,
          context = 0x26877ce8, err_directive = 0x2661b0d8, override_opts = 255}
        filename = 0x26867828 "/home/ajsit80/domains/futbolbezbarier.org/public_html/.htaccess"
        cache = <value optimized out>
        dc = 0x26877ce8
        status = <value optimized out>
#9  0x00000000004439de in ap_directory_walk (r=0x26d9d1b0) at request.c:879
        htaccess_conf = 0x0
        res = <value optimized out>
---Type <return> to continue, or q <return> to quit---
        seg_name = 0x26867162 "public_html/"
        temp_slash = 1
        opts = {opts = 98 'b', add = 34 '"', remove = 129 '\201', override = 31 '\037', override_opts = 255 '\377'}
        thisinfo = {pool = 0x26d9d138, valid = 7598960, protection = 1877, filetype = APR_DIR, user = 2047, group = 2049, inode = 78228062, device = 2069,
          nlink = 8, size = 4096, csize = 4096, atime = 1331206990000000, mtime = 1332176119000000, ctime = 1332176119000000, fname =
    0x26867138 "/home/ajsit80/domains/futbolbezbarier.org/public_html/", name = 0x26d9e0a0 "\270\356\331&", filehand = 0x26d9d1b0}
        save_path_info = <value optimized out>
        matches = 0
        last_walk = 0x268670a0
        this_dir = <value optimized out>
        seg = 6
        sec_idx = 8
        filename_len = 54
        now_merged = 0x26867248
        sconf = 0x1d23e710
        num_sec = 9
        cache = <value optimized out>
        entry_dir = 0x268670d0 "/home/ajsit80/domains/futbolbezbarier.org/public_html/test/wp-content/themes/colorway/css/"
        rv = <value optimized out>
#10 0x0000000000440709 in core_map_to_storage (r=0xe53) at core.c:3634
        access_status = <value optimized out>
#11 0x0000000000442090 in ap_run_map_to_storage (r=0x26d9d1b0) at request.c:69
        n = 5
        rv = 0
#12 0x00000000004440e8 in ap_process_request_internal (r=0x26d9d1b0) at request.c:150
        file_req = 0
        access_status = 0
#13 0x0000000000491298 in ap_process_request (r=0x26d9d1b0) at http_request.c:280
        access_status = 0
#14 0x000000000048e210 in ap_process_http_connection (c=0x2685bc78) at http_core.c:190
        r = 0x26d9d1b0
        csd = 0x0
#15 0x000000000044e540 in ap_run_process_connection (c=0x2685bc78) at connection.c:43
        n = 1
        rv = 0
#16 0x00000000004c22c7 in process_socket (thd=<value optimized out>, dummy=<value optimized out>) at worker.c:544
        current_conn = <value optimized out>
        conn_id = <value optimized out>
        csd = 18762
        sbh = 0x2685bc70
#17 worker_thread (thd=<value optimized out>, dummy=<value optimized out>) at worker.c:894
        process_slot = 0
        thread_slot = 101
        csd = 0x2685ba60
        bucket_alloc = <value optimized out>
        last_ptrans = <value optimized out>
        ptrans = 0x2685b9d8
        rv = <value optimized out>
---Type <return> to continue, or q <return> to quit---
        is_idle = <value optimized out>
#18 0x00007f5d951d68ba in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#19 0x00007f5d94d3a02d in clone () from /lib/libc.so.6
No symbol table info available.
#20 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb) x/8i $pc
0x7f5d94c9d165 <raise+53>:      cmp    $0xfffffffffffff000,%rax
0x7f5d94c9d16b <raise+59>:      ja     0x7f5d94c9d182 <raise+82>
0x7f5d94c9d16d <raise+61>:      repz retq
0x7f5d94c9d16f <raise+63>:      nop
0x7f5d94c9d170 <raise+64>:      test   %eax,%eax
0x7f5d94c9d172 <raise+66>:      jg     0x7f5d94c9d155 <raise+37>
0x7f5d94c9d174 <raise+68>:      test   $0x7fffffff,%eax
0x7f5d94c9d179 <raise+73>:      jne    0x7f5d94c9d192 <raise+98>
(gdb) x/8x $sp
0x7f5d5d67f658: 0x94c9ff70      0x00007f5d      0x004d00cf      0x00000000
0x7f5d5d67f668: 0x5d67f7b0      0x00007f5d      0x000000b0      0x00000000
(gdb) info reg
rax            0x0      0
rbx            0x4d00c0 5046464
rcx            0xffffffffffffffff       -1
rdx            0x6      6
rsi            0xfd5    4053
rdi            0xe53    3667
rbp            0x4d00cf 0x4d00cf
rsp            0x7f5d5d67f658   0x7f5d5d67f658
r8             0x0      0
r9             0x0      0
r10            0x8      8
r11            0x206    518
r12            0x7f5d5d67f7b0   140038975780784
r13            0xb0     176
r14            0x0      0
r15            0x269ba530       647734576
rip            0x7f5d94c9d165   0x7f5d94c9d165 <raise+53>
eflags         0x206    [ PF IF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]

I think this is problem also with deflate settings
we have the following settings

<Location />
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# Don't compress images and other uncompressible content
SetEnvIfNoCase Request_URI \
 \.(?:gif|jpe?g|png|rar|zip|exe|mov|tgz|tar.gz|wmv|pdf|mp3|swf|flv|avi|ogg|webm|ogv)$ no-gzip dont-vary

# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</Location>

Regards,
Piotr
Comment 1 Stefan Fritsch 2012-05-27 20:52:01 UTC
Is your system short of memory? I can't imagine how this assertion can be triggered except if out of memory.
Comment 2 pioklo 2012-05-27 21:52:18 UTC
It may be problem with memory because we have ulimit -v 8388608 in start scripts to avoid server crash due to another bug 

https://issues.apache.org/bugzilla/show_bug.cgi?id=53290

This segfault may be related to that bug when apache start using all memory reserverd for it 

Piotr
Comment 3 Stefan Fritsch 2012-05-27 22:12:19 UTC
It is normal and intended behavior for 2.2 to segfault if memory allocation fails. This won't be changed.

2.4 should abort with a logged error message if out of memory. r1343109 adds the error handling for this particular code path (compiling a regular expression).