https://issues.apache.org/bugzilla/show_bug.cgi?id=50335
--- Comment #28 from Joe Orton <[email protected]> --- I have not managed to reproduce the segfaults, but I think I now understand the problem expressed in comment 7 with bucket allocator mismatches. Specifically, I think this is possible: a) ap_proxy_http_request allocates header brigade in the proxy worker pool "scpool" b) buckets are inserted into that brigade, allocated from the bucket allocator from "ptrans" c) <something happens> d) header brigade is NOT CLEANED UP e) ptrans allocator gets destroyed, bucket memory are invalidated f) later... scpool is cleared/destroyed, header brigade gets cleaned up but has a corrupt bucket list -> boom I confirmed (a) and (b) by hacking ap_pass_brigade() to compare e->list against bb->bucket_alloc for every bucket in the passed-in brigade. I don't know precisely how to trigger (c) thru (f) but it is consistent with reported symptoms, of a crash in running the brigade pool cleanup. *IF* this is all correct then a simple fix is just to avoid (a) & (b). Any other thoughts? - header_brigade = apr_brigade_create(p, origin->bucket_alloc); + header_brigade = apr_brigade_create(p, bucket_alloc); -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
