You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/01/29 10:49:21 UTC

DO NOT REPLY [Bug 16533] New: - child segfaults when servicing a request, in apr_pool_cleanup_kill

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16533>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16533

child segfaults when servicing a request, in apr_pool_cleanup_kill

           Summary: child segfaults when servicing a request, in
                    apr_pool_cleanup_kill
           Product: Apache httpd-2.0
           Version: 2.0.44
          Platform: Other
        OS/Version: AIX
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: geviston@bigpond.net.au


Apologies if this has already been reported / fixed.

[Wed Jan 29 15:11:09 2003] [notice] child pid 44946 exit signal Segmentation
fault (11)
[Wed Jan 29 15:11:12 2003] [notice] child pid 52174 exit signal Segmentation
fault (11)

(dbx) where
apr_pool_cleanup_kill(p = 0x3c68746d6c3e0a3c, data = 0x00000001102e5880,
cleanup_fn = 0x09001000a02074c8), line 1926 in "apr_pools.c"
mmap_bucket_destroy(data = 0x00000001102e5880), line 99 in "apr_buckets_mmap.c"
mmap_bucket_setaside(b = 0x00000001102dea18, p = 0x00000001102ea8b8), line 167
in "apr_buckets_mmap.c"
ap_save_brigade(f = 0x00000001102dcfe8, saveto = 0x00000001102dd058, b =
0x0ffffffffffff1d8, p = 0x00000001102ea8b8), line 560 in "util_filter.c"
unnamed block $b319, line 3932 in "core.c"
core_output_filter(f = 0x00000001102dcfe8, b = 0x00000001102ea920), line 3932 in
"core.c"
unnamed block $b263, line 540 in "util_filter.c"
ap_pass_brigade(next = 0x00000001102dcfe8, bb = 0x00000001102e54b8), line 540 in
"util_filter.c"
ap_http_header_filter(f = 0x00000001102e1bc8, b = 0x00000001102e54b8), line 1716
in "http_protocol.c"
unnamed block $b263, line 540 in "util_filter.c"
ap_pass_brigade(next = 0x00000001102e1bc8, bb = 0x00000001102e54b8), line 540 in
"util_filter.c"
ap_content_length_filter(0x1, 0x78280), line 1299 in "protocol.c"
unnamed block $b263, line 540 in "util_filter.c"
ap_pass_brigade(next = 0x00000001102e1ba0, bb = 0x00000001102e54b8), line 540 in
"util_filter.c"
unnamed block $b125, line 2881 in "http_protocol.c"
ap_byterange_filter(f = 0x00000001102e1b78, bb = 0x00000001102e54b8), line 2881
in "http_protocol.c"
unnamed block $b263, line 540 in "util_filter.c"
ap_pass_brigade(next = 0x00000001102e1b78, bb = 0x00000001102e54b8), line 540 in
"util_filter.c"
default_handler(r = 0x00000001102e0880), line 3384 in "core.c"
ap_run_handler(0x0), line 194 in "config.c"
ap_invoke_handler(0x0), line 401 in "config.c"
ap_process_request(0x0), line 288 in "http_request.c"
ap_process_http_connection(0x1), line 293 in "http_core.c"
ap_run_process_connection(0x1), line 85 in "connection.c"
ap_process_connection(0x0, 0x0), line 207 in "connection.c"
child_main(child_num_arg = 2), line 696 in "prefork.c"
make_child(s = 0x000000011022a168, slot = 2), line 790 in "prefork.c"
perform_idle_server_maintenance(p = 0x00000001102263b8), line 925 in "prefork.c"
ap_mpm_run(_pconf = 0x00000001102263b8, plog = 0x0000000110252678, s =
0x000000011022a168), line 1120 in "prefork.c"
main(argc = 3, argv = 0x00000000200fe8d0), line 651 in "main.c"
(dbx)

Interesting argument p = 0x3c68746d6c3e0a3c = "<html>\n<" :-)

I managed to fix the coredumps by patching like so, but it does seem a little
too simple to be correct.

*** apr_buckets_mmap.c  Wed Jan 29 17:59:09 2003
--- apr_buckets_mmap.c.orig     Wed Jan 29 17:58:50 2003
***************
*** 164,170 ****
      }

      /* decrement refcount on old apr_bucket_mmap */
!     mmap_bucket_destroy(m);

      /* create new apr_bucket_mmap pointing to new apr_mmap_t */
      apr_bucket_mmap_make(b, new_mm, b->start, b->length);
--- 164,170 ----
      }

      /* decrement refcount on old apr_bucket_mmap */
!     mmap_bucket_destroy(mm);

      /* create new apr_bucket_mmap pointing to new apr_mmap_t */
      apr_bucket_mmap_make(b, new_mm, b->start, b->length);

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org