[squid-users] Squid 3.0 Segmentation Fault with ESI

I'm trying to use Squid 3 with ESI enabled, and while it works fine for
a few pages as soon as we put it under load it just crashes. I've tried
a variety of squid 3.0 versions: from STABLE6 (which is the one we used
on our development system) up to 3.0.STABLE13-20090212 and they all
behave the same.

The system is:
Linux 0074-0412-WB05 2.6.9-55.ELsmp #1 SMP Fri Apr 20 17:03:35 EDT 2007
i686 i686 i386 GNU/Linux

and the stacktrace below is from this version of squid:
Squid Cache: Version 3.0.STABLE6
configure options: '--prefix=/u02/squid3' '--enable-esi'
'--enable-useragent-log' '--enable-referer-log' '--enable-stacktraces'

Can anyone offer suggestions of what I can try to fix this or track the
problem down?
Thanks.

Stack trace:

(gdb) where
#0 0x0806d68c in ~cbdata (this=0xb7cfc128) at cbdata.cc:219
#1 0x0806d991 in cbdataInternalFree(void*) (p=0x21) at cbdata.cc:376
#2 0x080a676a in ESISegment::operator delete(void*)
(address=0xc7aaef31) at ESISegment.cc:166
#3 0x08094979 in ESIContext::parseOneBuffer() (this=0x88999a4) at
RefCount.h:106
#4 0x08094c25 in ESIContext::parse() (this=0x88999a4) at ESI.cc:1309
#5 0x0809510d in ESIContext::process() (this=0x88999a4) at ESI.cc:1340
#6 0x0808eae9 in ESIContext::kick() (this=0x88999a4) at ESI.cc:387
#7 0x08090213 in esiProcessStream(clientStreamNode*,
ClientHttpRequest*, HttpReply*, StoreIOBuffer) (
    thisNode=0x8830890, http=0x88293c0, rep=0x0, receivedData=
      {flags = {error = 0}, length = 4096, offset = 64946, data =
0xb7cfc13c
"ê\v#\205`\017\206La\221a\"\vôªßò¾öJ\eÍ]c\035Ö\024©ûÎL`=K\004ò\017Êí\tx\233«\213«¶\035C?\020~\201\223\030\"¶Ï4Í2ÏG²\207O°\213ѵ\200\021\034u­+¿S\226\200"})
at ESI.cc:853
#8 0x080853e5 in clientStreamCallback (thisObject=0xbfef8ee0,
http=0x88293c0, rep=0xc7aaef31, replyBuffer=
      {flags = {error = 0}, length = 4096, offset = 64946, data =
0xb7cfc13c
"ê\v#\205`\017\206La\221a\"\vôªßò¾öJ\eÍ]c\035Ö\024©ûÎL`=K\004ò\017Êí\tx\233«\213«¶\035C?\020~\201\223\030\"¶Ï4Í2ÏG²\207O°\213ѵ\200\021\034u­+¿S\226\200"})
at clientStream.cc:181
#9 0x0807e087 in clientReplyContext::pushStreamData(StoreIOBuffer
const&, char*) (this=0xb7d9b018,
    result=@0xbfef8ee0, source=0xc7aaef31 <Address 0xc7aaef31 out of
bounds>) at client_side_reply.cc:1629
#10 0x0807ee2a in clientReplyContext::sendMoreData(StoreIOBuffer)
(this=0xb7d9b018, result=
      {flags = {error = 0}, length = 4096, offset = 65381, data =
0xb7cfc13c
"ê\v#\205`\017\206La\221a\"\vôªßò¾öJ\eÍ]c\035Ö\024©ûÎL`=K\004ò\017Êí\tx\233«\213«¶\035C?\020~\201\223\030\"¶Ï4Í2ÏG²\207O°\213ѵ\200\021\034u­+¿S\226\200"})
at client_side_reply.cc:1870
#11 0x0807de5a in clientReplyContext::SendMoreData(void*, StoreIOBuffer)
(data=0xc7aaef31, result=
      {flags = {error = 0}, length = 4096, offset = 65381, data =
0xb7cfc13c
"ê\v#\205`\017\206La\221a\"\vôªßò¾öJ\eÍ]c\035Ö\024©ûÎL`=K\004ò\017Êí\tx\233«\213«¶\035C?\020~\201\223\030\"¶Ï4Í2ÏG²\207O°\213ѵ\200\021\034u­+¿S\226\200"})
at client_side_reply.cc:1577
#12 0x08104600 in store_client::callback(int, bool) (this=0xbfef8ff4,
sz=-1210470376, error=40)
    at store_client.cc:164
#13 0x0812d57b in UFSStoreState::readCompleted(char const*, int, int,
RefCount<ReadRequest>) (this=0x88439b0,
    buf=0xb7cfc13c
"ê\v#\205`\017\206La\221a\"\vôªßò¾öJ\eÍ]c\035Ö\024©ûÎL`=K\004ò\017Êí\tx\233«\213«¶\035C?\020~\201\223\030\"¶Ï4Í2ÏG²\207O°\213ѵ\200\021\034u­+¿S\226\200",
len=4096, errflag=0, result=Cannot access memory at address 0xc7aaef31
) at RefCount.h:132
#14 0x0813284a in BlockingFile::readDone(int, char const*, int, int)
(this=0x8847a20, rvfd=4096,
    buf=0xb7cfc13c
"ê\v#\205`\017\206La\221a\"\vôªßò¾öJ\eÍ]c\035Ö\024©ûÎL`=K\004ò\017Êí\tx\233«\213«¶\035C?\020~\201\223\030\"¶Ï4Í2ÏG²\207O°\213ѵ\200\021\034u­+¿S\226\200",
len=4096, errflag=0) at RefCount.h:75
#15 0x08088b0d in diskHandleRead (fd=13, data=0x884faa8) at disk.cc:478
#16 0x081324e4 in BlockingFile::read(ReadRequest*) (this=0x8847a20,
aRequest=0x884ba90)
    at DiskIO/Blocking/BlockingFile.cc:145
#17 0x0812cab8 in UFSStoreState::read_(char*, unsigned, long, void
(*)(void*, char const*, int, RefCount<StoreIOState>), void*)
(this=0x88439b0,
    buf=0xb7cfc13c
"ê\v#\205`\017\206La\221a\"\vôªßò¾öJ\eÍ]c\035Ö\024©ûÎL`=K\004ò\017Êí\tx\233«\213«¶\035C?\020~\201\223\030\"¶Ï4Í2ÏG²\207O°\213ѵ\200\021\034u­+¿S\226\200",
size=4096, offset=65536, callback=0x884ba90,
    callback_data=0x0) at RefCount.h:75
#18 0x08103ff4 in storeRead (sio=Cannot access memory at address 0xc7aaef31
) at RefCount.h:75
#19 0x0810534b in store_client::fileRead() (this=0x883f9c4) at
RefCount.h:132
#20 0x081051fe in store_client::scheduleDiskRead() (this=0x883f9c4) at
store_client.cc:436
#21 0x08104f95 in store_client::doCopy(StoreEntry*) (this=0x883f9c4,
anEntry=0x88439b0) at store_client.cc:377
#22 0x08104dae in storeClientCopy2 (e=0xb7ecb464, sc=0x883f9c4) at
store_client.cc:331
#23 0x08104690 in storeClientCopyEvent (data=0x883f9c4) at
store_client.cc:180
#24 0x080ac7b6 in EventDispatcher::dispatch() (this=0x81cd9e4) at
event.cc:131
#25 0x080ad712 in EventLoop::runOnce() (this=0xbfef93e0) at Array.h:57
#26 0x080ad5a5 in EventLoop::run() (this=0xbfef93e0) at EventLoop.cc:100
#27 0x080e3adb in main (argc=2, argv=0xbfef93b0) at main.cc:1331
#28 0x00148de3 in ?? ()
Received on Fri Feb 13 2009 - 08:17:34 MST