I am getting a very occasional segfault in ap_core_output_filter. By 'very occasional' I mean after watching ten minutes of youtube video over VNC with vnc streamed through websockets through apache. I'm wondering what is the best way to debug this. I'm running apache2-mpm-prefork 2.2.14-5ubuntu8. What seems to happen each time is that the bucket brigade list gets corrupted. Though the prefork mpm is being used, the module (apache websockets) is threaded (in the sense that it does its own apr_thread_create). The module that isn't mine maintains a mutex preventing the each of the input and output brigades being manipulated by both threads, but does not prevent one thread manipulating one bb whilst the other manipulates the other bb. I've seen different sorts of corruption, but it always seems to be in the bb. I take it there is nothing to prevent one using the ap_ functions from more than one thread whilst running the prefork mpm? Any idea how I might debug this? Running with valgrind and -X comprehensively hides the bug. Core dump and some gdb bits below. -- Alex Bligh Core was generated by `/usr/sbin/apache2'. Program terminated with signal 11, Segmentation fault.#0 0x00007f8dd2010414 in ap_core_output_filter (f=<value optimised out>, b=0x7f8dd30308b8) at /build/buildd/apache2-2.2.14/server/core_filters.c:630 630 /build/buildd/apache2-2.2.14/server/core_filters.c: No such file or directory.
in /build/buildd/apache2-2.2.14/server/core_filters.c (gdb) bt#0 0x00007f8dd2010414 in ap_core_output_filter (f=<value optimised out>, b=0x7f8dd30308b8) at /build/buildd/apache2-2.2.14/server/core_filters.c:630 #1 0x00007f8dca185f85 in mod_websocket_plugin_send (server=0x7fff3d9cbe30, type=0, buffer=0x7f8dc0025e81 "3.png,2.14,1.0,4.1186,3.590,3344.iVBORw0KGgoAAAANSUhEUgAAAjwAAAAKCAIAAAA/0RNUAAAABmJLR0QA/wD/AP+gvaeTAAAJf0lEQVR4nO1b247jOA4l5VuSRj3PJ+z/f1YDXQ+NXaDKsUTuw4lpWhenUp1uDGaKD4YiyxJFSTw6lML/+Wsax/F0Oo3jOAy"..., buffer_size=3378) at mod_websocket.c:363 #2 0x00007f8dc9d7b472 in tcp_proxy_run (thread=0x7f8dd3031130, data=0x7f8dd3030d38) at mod_websocket_vnc_proxy.c:980
#3 0x00007f8dd174deb3 in ?? () from /usr/lib/libapr-1.so.0#4 0x00007f8dd150d9ca in start_thread (arg=<value optimised out>) at pthread_create.c:300 #5 0x00007f8dd126acdd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#6 0x0000000000000000 in ?? () (gdb) print *b$29 = {p = 0x7f8dd302ac88, list = {next = 0x7f8dd3028e98, prev = 0x7f8dd3028d58}, bucket_alloc = 0x7f8dd3028c78}
(gdb) print *(b->list->next)$30 = {link = {next = 0x7f8dd3028d58, prev = 0x7f8dd30308c0}, type = 0x7f8dd1b7bc60, length = 3382, start = 0, data = 0x7f8dd3028fd8, free = 0x7f8dd1962d20 <apr_bucket_free>, list = 0x7f8dd3028c78}
(gdb) print *(b->list->next->link->next)$31 = {link = {next = 0x7f8dd30308bf, prev = 0x7f8dd3028e98}, type = 0x1f40, length = 0, start = 0, data = 0x0, free = 0x7f8dd1962d20 <apr_bucket_free>, list = 0x7f8dd3028c78}
Note the final one of these is bogus (e.g. broken type pointer) --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx