I'm seeing a repeatable crash with the current CVS head.
Test case:
* Prefork mpm on Linux
* Run ab -c1 -n {some large number} {url}
* While ab is running, kill it to cause a SIGPIPE
in the httpd.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 30860)]
0x4003cc96 in apr_pool_clear (a=0x80fea44) at apr_pools.c:957
957 free_blocks(a->first->h.next);
(gdb) where
#0 0x4003cc96 in apr_pool_clear (a=0x80fea44) at apr_pools.c:957
#1 0x0808c3c8 in core_output_filter (f=0x80f8d4c, b=0x0) at core.c:3220
#2 0x08085654 in ap_pass_brigade (next=0x80f8d4c, bb=0x80f909c)
at util_filter.c:276
#3 0x08084083 in ap_flush_conn (c=0x80f8b24) at connection.c:142
#4 0x080840d5 in ap_lingering_close (dummy=0x80f8b14) at connection.c:179
#5 0x4003cb24 in run_cleanups (c=0x80f908c) at apr_pools.c:833
#6 0x4003cc7c in apr_pool_clear (a=0x80f8a14) at apr_pools.c:949
#7 0x080799df in child_main (child_num_arg=0) at prefork.c:598
#8 0x08079cc5 in make_child (s=0x80b0a2c, slot=0) at prefork.c:770
#9 0x08079f6a in perform_idle_server_maintenance (p=0x80af7cc)
at prefork.c:911
#10 0x0807a27e in ap_mpm_run (_pconf=0x80af7cc, plog=0x80e396c, s=0x80b0a2c)
at prefork.c:1069
#11 0x0807f21c in main (argc=1, argv=0xbffffa1c) at main.c:432
#12 0x40114177 in __libc_start_main (main=0x807ecdc <main>, argc=1,
ubp_av=0xbffffa1c, init=0x805c950 <_init>, fini=0x8096440 <_fini>,
rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffffa0c)
at ../sysdeps/generic/libc-start.c:129
(gdb) print *a
$1 = {first = 0x0, last = 0x80fea38, cleanups = 0x0, subprocesses = 0x0,
sub_pools = 0x0, sub_next = 0x813bb94, sub_prev = 0x0, parent =
0x80f8a14,
free_first_avail = 0x80fea74 "D�\017\bx�\017\bx�\017\b", apr_abort = 0,
prog_data = 0x0}
(gdb) print *a->parent
$2 = {first = 0x80f8a08, last = 0x80f8a08, cleanups = 0x80f908c,
subprocesses = 0x0, sub_pools = 0x0, sub_next = 0x0, sub_prev = 0x0,
parent = 0x80e798c, free_first_avail = 0x80f8a44 "\024\212\017\b\t",
apr_abort = 0, prog_data = 0x0}
(gdb)
