I hit this recently too. I finally had some time to track it down and it's a
use-after-free bug in Apache that looks like it's been there since at least
2016.
It's only triggered if you load a non-standard module like mod_perl that
inserts its own config defines into the server's global
ap_server_config_defines array:
void modperl_register_hooks(apr_pool_t *p)
{
/* for <IfDefine MODPERL2> and Apache2->define("MODPERL2") */
*(char **)apr_array_push(ap_server_config_defines) =
apr_pstrdup(p, "MODPERL2");
Apache later clears out and frees that particular memory pool, and after
that it walks the ap_server_config_defines and segfaults.
Bug report here: https://bz.apache.org/bugzilla/show_bug.cgi?id=63516
--
Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
