[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Segfault with Apache -HEAD

From: Scott Lamb <slamb_at_slamb.org>
Date: 2002-12-20 06:59:20 CET

I'm getting segfaults with Apache HEAD. I'm wondering if Cliff's
suggestion that modules are using apr_brigade_destroy() instead of
apr_brigade_cleanup() applies to Subversion.

Thanks,
Scott

attached mail follows:


On Thu, 19 Dec 2002, Cliff Woolley wrote:

> > HEAD (as of sometime yesterday) is segfaulting on me. Stack trace below.
> > This happens on all SSL requests; others seem fine. This on Linux with
> > RedHat's openssl-0.9.6b-28.
>
> Sigh. Wonder if this is related to what FirstBill saw earlier today with
> the proxy? Seeing as nothing has changed in the buckets code any time
> recently... OHHHHHHHH WAIT, yes it has. Brian apparently committed a
> change to allocate the apr_bucket_brigade itself out of the brigade
> allocator. I'm not yet convinced whether that's valid or not, but
> regardless, that change (either a bug in it or a flaw elsewhere that it
> triggered) is almost certain to be what's triggered these segfaults.

I'm not sure yet, but it's quite likely that what's happening is that the
modules that are now broken are destroying a brigade and then reusing it
anyway. Those modules should be using apr_brigade_cleanup() rather than
apr_brigade_destroy(). [This would have been considered a bug in those
modules all along, but it wouldn't necessarily have caused a segfault
before, whereas it definitely would now.]

I don't see any particular problems in Brian's patch itself. Though
having b->p be potentially NULL worries me... I can't find anything that
that would break yet, but I'll keep my eyes open.

--Cliff

attached mail follows:


Cliff Woolley wrote:
> Sigh. Wonder if this is related to what FirstBill saw earlier today with
> the proxy? Seeing as nothing has changed in the buckets code any time
> recently... OHHHHHHHH WAIT, yes it has. Brian apparently committed a
> change to allocate the apr_bucket_brigade itself out of the brigade
> allocator. I'm not yet convinced whether that's valid or not, but
> regardless, that change (either a bug in it or a flaw elsewhere that it
> triggered) is almost certain to be what's triggered these segfaults.

I'm also seeing a bunch of Subversion crashes now. Since it's also an
APR consumer, I did a backtrace to see if it crashed in a similar place.
And it does seem to:

#0 apr_bucket_alloc (size=8000, list=0x36) at apr_buckets_alloc.c:120
#1 0x4011293b in apr_brigade_write (b=0x813f7a8,
     flush=0x806ed0c <ap_filter_flush>, ctx=0x81423b0,
     str=0xbfffd120 "</S:prop>\n", nbyte=10) at apr_brigade.c:441
#2 0x40112e13 in apr_brigade_vprintf (b=0x813f7a8,
     flush=0x806ed0c <ap_filter_flush>, ctx=0x81423b0,
     fmt=0x403ed572 "</S:prop>\n", va=0xbffff0d8) at apr_brigade.c:697
#3 0x403e8452 in send_xml (uc=0xbffff610, fmt=0x403ed572 "</S:prop>\n")
     at subversion/mod_dav_svn/update.c:178
...

> apr_brigade.c r1.55 is the one I'm referring to.

Same one I have.

Thanks,
Scott

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Dec 20 07:00:00 2002

This is an archived mail posted to the Subversion Dev mailing list.