httpd-47672

Version:  

httpd 2.2-HEAD

Failure report link:  

https://issues.apache.org/bugzilla/show_bug.cgi?id=47672

How it is diagnosed (reproduced or source analysis)?

We did not reproduce the failure, only rely on source analysis.

How to reproduce?

can produce a seg fault out of mod_mem_cache by setting the cache
expiration very short (1 second), then hitting it with bursts of
requests for the same URL every few seconds.”

Symptom:

Segmentation fault

Root cause:

segfault under load due to pool concurrency problem.

Without protecting mobj->pool, memory allocation from the pool can have contention.

I am not sure exactly how segfault can occur but I can guess some scenarios (two threads may increase the pointer of free pool list or get the same location, or one thread gets a space and the other threads deletes that.. etc)

+    if (threaded_mpm) {
+        apr_thread_mutex_create(&mobj->lock, APR_THREAD_MUTEX_DEFAULT, pool);
+    }
+

+    if (mobj->lock) {
+        apr_thread_mutex_lock(mobj->lock);
+    }
    mobj->req_hdrs =
deep_table_copy(mobj->pool, r->headers_in);
+    if (mobj->lock) {
+        apr_thread_mutex_unlock(mobj->lock);
+    }

(look at 41551 explanation for deep_table_copy).

Fix:

Look at above patch.

Can Errlog anticipate the failure?

Yes. By printing error message and BT in the SIGSEGV handler.