--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2: Apache child is segfaulting due to a call to memcpy().
- From: Etch amd64 Apache2/mod_proxy_ajp/mod_cache segfault <mathieu.rozieres@gmail.com>
- Date: Thu, 23 Oct 2008 19:53:08 +0200
- Message-id: <20081023175308.6967.32047.reportbug@apachetest.etaponline.fr>
Package: apache2
Version: 2.2.3-4+etch5
Severity: important
Configuration needed for this issue:
Apache2 MPM Worker installed
mod_disk_ache activated on the Host/VirtualHost URI
mod_proxy_ajp serving this URI with ProxyPass
mod_deflate compressing the resource served from this URI
Configuration snipet:
ProxyPass /uri ajp://tomcat-host:8009/uri
ProxyPassReverse /uri ajp://tomcat-host:8009/uri
<Location /uri>
AddOutpFilterByType DEDEFLATE text/html
Header append Vary User-Agent env=!dont-vary
</Location>
CacheEnable disk /uri
To reproduce the bug, run the following wget pattern :
wget -d http://myapache/uri \
--header=Accept-Encoding:gzip,deflate \
--header=User-Agent:Mozilla/5 \
--header=Cache-Control: max-age=0
The HTTP header that trigger the bug is the Cache-Control: max-age=0. A workaround is to tell the cache to ignore CacheControl statement, but it is far from an optimal solution.
I've attached the stack trace produced by running :
user@host# gdb /usr/sbin/apache2
[...]
(gdb) run -X
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1493375328 (LWP 11202)]
0x00002afba65c7fa0 in memcpy () from /lib/libc.so.6
(gdb) bt
#0 0x00002afba65c7fa0 in memcpy () from /lib/libc.so.6
#1 0x00002afba5ee4655 in apr_file_read () from /usr/lib/libapr-1.so.0
#2 0x00002afba5ee6ed5 in apr_file_read_full () from /usr/lib/libapr-1.so.0
#3 0x00002afba7e5135b in ?? () from /usr/lib/apache2/modules/mod_disk_cache.so
#4 0x00002afba7b462e2 in cache_select () from /usr/lib/apache2/modules/mod_cache.so
#5 0x00002afba7b457bb in ?? () from /usr/lib/apache2/modules/mod_cache.so
#6 0x0000000000432f72 in ap_run_quick_handler ()
#7 0x0000000000441df1 in ap_process_request ()
#8 0x000000000043f40c in ap_register_input_filter ()
#9 0x0000000000439a21 in ap_run_process_connection ()
#10 0x0000000000446346 in ap_graceful_stop_signalled ()
#11 0x00002afba6340f1a in start_thread () from /lib/libpthread.so.0
#12 0x00002afba661d5d2 in clone () from /lib/libc.so.6
#13 0x0000000000000000 in ?? ()
(gdb) exit
This bug appears when using AJP13/Compression/Caching with Apache2 on Debian Etch amd64.
It can't be reproduce on the i386 package.
--System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: x86_64 (amd64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages apache2 depends on:
ii apache2-mpm-worker 2.2.3-4+etch5 High speed threaded model for Apac
apache2 recommends no packages.
-- no debconf information
--- End Message ---