httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Stoddard" <b...@wstoddard.com>
Subject segfault in 2.1 head
Date Thu, 19 Dec 2002 19:41:57 GMT
Hitting a segfault running traffic through proxy gateway
(ProxyPass/ProxyPassReverse) while reading the response from the backend. The
backend page has a few dozen components. Last time I checked, we do not have
this problem in 2.0 HEAD.

Preliminary analysis:
At line 801 in proxy_http.c (in ap_proxy_http_process_response()) we call bb =
apr_brigade_create(p, c->bucket_alloc). This brigade is getting stomped on which
is causing the segfault.  The stopmage is happening during a call to
apr_bucket_read() from core.c line 3595 (in core_input_filter). Drilling down
into apr_bucket_read, we are doing a read of a socket bucket. From
socket_bucket_read we call apr_bucket_heap_make. apr_bucket_heap_make calls
apr_bucket_alloc which is returning the same storage as returned by
apr_brigade_create().

Here is the callback.

core_input_filter(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line
3635 + 65 bytes
ap_get_brigade(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line 514
+ 32 bytes
ap_http_filter(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line 1017
+ 32 bytes
ap_get_brigade(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line 514
+ 32 bytes
net_time_filter(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line
3431
ap_get_brigade(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line 514
+ 32 bytes
ap_proxy_http_process_response(apr_pool_t *, request_rec *, proxy_http_conn_t *,
conn_rec *, proxy_conn_rec *, proxy_server_conf *, char *) line 1027 + 37 bytes
ap_proxy_http_handler(request_rec *, proxy_server_conf *, char *, const char *,
unsigned short) line 1219 + 33 bytes
proxy_run_scheme_handler(request_rec *, proxy_server_conf *, char *, const char
*, unsigned short) line 1146 + 95 bytes
proxy_handler(request_rec *) line 461 + 21 bytes
ap_run_handler(request_rec *) line 195 + 78 bytes
ap_invoke_handler(request_rec *) line 401 + 9 bytes
ap_process_request(request_rec *) line 288 + 9 bytes
ap_process_http_connection(conn_rec *) line 293 + 9 bytes
ap_run_process_connection(conn_rec *) line 85 + 78 bytes
ap_process_connection(conn_rec *, void *) line 209
worker_main(long) line 707
_threadstartex(void *) line 212 + 13 bytes
KERNEL32! 77e96523()


Bill


Mime
View raw message