Hitting a segfault running traffic through proxy gateway (ProxyPass/ProxyPassReverse) while reading the response from the backend. The backend page has a few dozen components. Last time I checked, we do not have this problem in 2.0 HEAD.
Preliminary analysis: At line 801 in proxy_http.c (in ap_proxy_http_process_response()) we call bb = apr_brigade_create(p, c->bucket_alloc). This brigade is getting stomped on which is causing the segfault. The stopmage is happening during a call to apr_bucket_read() from core.c line 3595 (in core_input_filter). Drilling down into apr_bucket_read, we are doing a read of a socket bucket. From socket_bucket_read we call apr_bucket_heap_make. apr_bucket_heap_make calls apr_bucket_alloc which is returning the same storage as returned by apr_brigade_create(). Here is the callback. core_input_filter(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line 3635 + 65 bytes ap_get_brigade(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line 514 + 32 bytes ap_http_filter(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line 1017 + 32 bytes ap_get_brigade(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line 514 + 32 bytes net_time_filter(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line 3431 ap_get_brigade(ap_filter_t *, apr_bucket_brigade *, int, int, __int64) line 514 + 32 bytes ap_proxy_http_process_response(apr_pool_t *, request_rec *, proxy_http_conn_t *, conn_rec *, proxy_conn_rec *, proxy_server_conf *, char *) line 1027 + 37 bytes ap_proxy_http_handler(request_rec *, proxy_server_conf *, char *, const char *, unsigned short) line 1219 + 33 bytes proxy_run_scheme_handler(request_rec *, proxy_server_conf *, char *, const char *, unsigned short) line 1146 + 95 bytes proxy_handler(request_rec *) line 461 + 21 bytes ap_run_handler(request_rec *) line 195 + 78 bytes ap_invoke_handler(request_rec *) line 401 + 9 bytes ap_process_request(request_rec *) line 288 + 9 bytes ap_process_http_connection(conn_rec *) line 293 + 9 bytes ap_run_process_connection(conn_rec *) line 85 + 78 bytes ap_process_connection(conn_rec *, void *) line 209 worker_main(long) line 707 _threadstartex(void *) line 212 + 13 bytes KERNEL32! 77e96523() Bill
