assertion failed: store.cc "EBIT_TEST(flags, ENTRY_ABORTED)"

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

assertion failed: store.cc "EBIT_TEST(flags, ENTRY_ABORTED)"

alexander lunev
Hello everyone!
I have two almost identical cache servers, both FreeBSD 10.3, both
running latest squid-3.2.25 from ports in transparent mode, one runs OK
and another is throwing this error:


2017/06/04 10:19:08 kid1| storeLateRelease: released 0 objects
2017/06/04 10:19:19 kid1| assertion failed: store.cc:1086:
"EBIT_TEST(flags, ENTRY_ABORTED)"

After this squid is exiting.

Beside some default configuration config contains:

http_port 127.0.0.1:3127
http_port  127.0.0.1:3128 intercept
https_port 127.0.0.1:3129 intercept ssl-bump
options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/usr/local/etc/squid/squid.pem key=/usr/local/etc/squid/squid.key

sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s
/usr/local/etc/squid/ssl_db -M 4MB
sslcrtd_children 35

cache deny all
url_rewrite_program /usr/local/bin/squidGuard -c
/usr/local/etc/squid/squidGuard.conf


# Leave coredumps in the first cache dir
coredump_dir /var/squid/cache
#ssl_bump client-first all

always_direct allow all

acl step1 at_step SslBump1
acl ssldomains ssl::server_name "/usr/local/etc/squid/ssldomains.txt"
ssl_bump peek step1
ssl_bump bump ssldomains
ssl_bump splice all

sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER


Why is this and how it can be fixed?

--
Best regards
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: assertion failed: store.cc "EBIT_TEST(flags, ENTRY_ABORTED)"

Amos Jeffries
Administrator
On 04/06/17 19:27, alexander lunev wrote:
> Hello everyone!
> I have two almost identical cache servers, both FreeBSD 10.3, both
> running latest squid-3.2.25 from ports in transparent mode, one runs
> OK and another is throwing this error:

Do you mean 3.5.25?  (3.2 series ended at 3.2.14)

>
>
> 2017/06/04 10:19:08 kid1| storeLateRelease: released 0 objects
> 2017/06/04 10:19:19 kid1| assertion failed: store.cc:1086:
> "EBIT_TEST(flags, ENTRY_ABORTED)"
>

If you can obtain an updated stack/back-trace from that assertion it
would be a help in identifying how it is happening.
<http://wiki.squid-cache.org/SquidFaq/BugReporting> has info on how to
report this type of bug, and how to obtain traces from production
proxies with minimal service impact if you need it.



> After this squid is exiting.
>
> Beside some default configuration config contains:
>
> http_port 127.0.0.1:3127
> http_port  127.0.0.1:3128 intercept
> https_port 127.0.0.1:3129 intercept ssl-bump
> options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> cert=/usr/local/etc/squid/squid.pem key=/usr/local/etc/squid/squid.key
>
> sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s
> /usr/local/etc/squid/ssl_db -M 4MB
> sslcrtd_children 35
>
> cache deny all
> url_rewrite_program /usr/local/bin/squidGuard -c
> /usr/local/etc/squid/squidGuard.conf
>
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/squid/cache
> #ssl_bump client-first all
>
> always_direct allow all

You can/should remove that above line. It is unnecessary for bumping
since 3.1 series.

>
> acl step1 at_step SslBump1
> acl ssldomains ssl::server_name "/usr/local/etc/squid/ssldomains.txt"
> ssl_bump peek step1
> ssl_bump bump ssldomains
> ssl_bump splice all
>
> sslproxy_cert_error allow all
> sslproxy_flags DONT_VERIFY_PEER
>

You should definitely remove both the above lines. They are hiding many
potential TLS/SSL problems from *you* (not your users). The errors which
may appear are real security problems with potentially major impacts on
your users. They should usually be solved in ways other than simply
hiding ones head in the sand.


>
> Why is this and how it can be fixed?
>

Something being cached is not being aborted when it was supposed to have
been. More details are needed, please follow the instructions above.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...