From Tupshin Harper <>
Subject [mp2] frequent segfaults in APR::Table
Date Mon, 29 Dec 2008 23:56:22 GMT
1. Problem Description:

I'm attempting to upgrade one of the largest (measured both by users and 
lines of code, I suspect) mod_perl sites from mod_perl 1 to mod_perl 2, 
and also from 32 bit OS to 64 bit at the same time. I converted our 
calls to use the new API, and basic functionality started working. 
However, I am experiencing frequent segfaults in APR::Table (stack trace 
below) when loading pages. Somewhere betwen 1 out of every 2-4 page 
loads will cause it. Identical problem occurs on:
64 bit Debian Lenny with stock mod_perl 2.0.4
64 bit Debian Lenny with hand-built mod_perl 2.0.5-dev from latest source.
64 bit Centos 5.2 with stock mod_perl 2.0.2.

Let me know if there is any other information you need. I have not yet 
tried it with mod_perl 2 on a 32-bit OS.

2. Used Components and their Configuration:

*** mod_perl version 2.000004

*** using /root/modperl-2.0/lib/Apache2/

*** Makefile.PL options:
  MP_APR_LIB     => aprext
  MP_APXS        => /usr/bin/apxs
  MP_COMPAT_1X   => 1
  MP_DEBUG       => 1
  MP_LIBNAME     => mod_perl
  MP_TRACE       => 1
  MP_USE_DSO     => 1

*** The httpd binary was not found

*** (apr|apu)-config linking info

 -L/usr/lib -laprutil-1  
 -L/usr/lib -lapr-1 -luuid -lrt -lcrypt  -lpthread -ldl

*** /usr/bin/perl -V
Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
    osname=linux, osvers=2.6.26-1-vserver-amd64, 
    uname='linux excelsior 2.6.26-1-vserver-amd64 #1 smp sat nov 8 
20:24:14 utc 2008 x86_64 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN 
-Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr 
-Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 
-Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 
-Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local 
-Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 
-Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 
-Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl 
-Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio 
-Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN 
-fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE 
    optimize='-O2 -g',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing 
-pipe -I/usr/local/include'
    ccversion='', gccversion='4.3.2', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', 
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/, so=so, useshrplib=true,
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib'

Characteristics of this binary (from libperl):
                        USE_64_BIT_INT USE_ITHREADS USE_LARGE_FILES
                        USE_PERLIO USE_REENTRANT_API
  Built under linux
  Compiled at Nov 27 2008 21:47:49

*** Packages of interest status:

Apache2            : -
Apache2::Request   : 2.08
CGI                : 3.29
ExtUtils::MakeMaker: 6.42, 6.48
LWP                : 5.813
mod_perl           : -
mod_perl2          : 2.000004

3. This is the core dump trace: (if you get a core dump):

#0  XS_APR__Table_FETCH (my_perl=0x1c04370, cv=<value optimized out>) at /root/.cpan/build/mod_perl-2.0.4-rIfY74/xs/APR/Table/APR__Table.h:186
#1  0x00007feb01ffde80 in Perl_pp_entersub (my_perl=0x1c04370) at pp_hot.c:2850
#2  0x00007feb01ffc362 in Perl_runops_standard (my_perl=0x1c04370) at run.c:38
#3  0x00007feb01ff67d8 in Perl_call_sv (my_perl=0x1c04370, sv=0x94a2bd0, flags=<value optimized
out>) at perl.c:2638
#4  0x00007feb01fe638c in S_magic_methpack (my_perl=0x1c04370, sv=0x94a2ba0, mg=0x415b5a0,
meth=0x7feb02097079 "FETCH") at mg.c:1635
#5  0x00007feb01fe651b in Perl_magic_getpack (my_perl=0x200000002, sv=0x94a2b88, mg=0x1) at
#6  0x00007feb01fe9815 in Perl_mg_get (my_perl=0x1c04370, sv=0x94a2ba0) at mg.c:207
#7  0x00007feb0200f95b in Perl_sv_setsv_flags (my_perl=0x1c04370, dstr=0x94a2bb8, sstr=0x94a2ba0,
flags=<value optimized out>) at sv.c:3507
#8  0x00007feb02010102 in Perl_sv_mortalcopy (my_perl=0x1c04370, oldstr=0x94a2ba0) at sv.c:6914
#9  0x00007feb02001a08 in Perl_pp_helem (my_perl=0x1c04370) at pp_hot.c:1823
#10 0x00007feb01ffc362 in Perl_runops_standard (my_perl=0x1c04370) at run.c:38
#11 0x00007feb01ff6b18 in Perl_call_sv (my_perl=0x1c04370, sv=0x72ed808, flags=4) at perl.c:2653
#12 0x00007feb022d8154 in modperl_callback () from /usr/lib/apache2/modules/
#13 0x00007feb022d8864 in modperl_callback_run_handlers () from /usr/lib/apache2/modules/
#14 0x00007feb022d8e5f in modperl_callback_per_dir () from /usr/lib/apache2/modules/
#15 0x00007feb022d2900 in ?? () from /usr/lib/apache2/modules/
#16 0x00007feb022d2ab9 in modperl_response_handler_cgi () from /usr/lib/apache2/modules/
#17 0x0000000000438eb3 in ap_run_handler (r=0x934beb8) at /build/buildd/apache2-2.2.9/server/config.c:159
#18 0x000000000043c47f in ap_invoke_handler (r=0x934beb8) at /build/buildd/apache2-2.2.9/server/config.c:373
#19 0x000000000044962e in ap_process_request (r=0x934beb8) at /build/buildd/apache2-2.2.9/modules/http/http_request.c:258
#20 0x0000000000446748 in ap_process_http_connection (c=0x933e038) at /build/buildd/apache2-2.2.9/modules/http/http_core.c:190
#21 0x00000000004403d3 in ap_run_process_connection (c=0x933e038) at /build/buildd/apache2-2.2.9/server/connection.c:43
#22 0x000000000044dc20 in child_main (child_num_arg=<value optimized out>) at /build/buildd/apache2-2.2.9/server/mpm/prefork/prefork.c:672
#23 0x000000000044def8 in make_child (s=0x1b64968, slot=0) at /build/buildd/apache2-2.2.9/server/mpm/prefork/prefork.c:713
#24 0x000000000044e510 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized
out>, s=0x1b64968)
    at /build/buildd/apache2-2.2.9/server/mpm/prefork/prefork.c:989
#25 0x0000000000425be5 in main (argc=2, argv=0x7fff116fa098) at /build/buildd/apache2-2.2.9/server/main.c:732

Method it crashes in:

/* Try to shortcut apr_table_get by fetching the key using the current
 * iterator (unless it's inactive or points at different key).
static MP_INLINE const char *mpxs_APR__Table_FETCH(pTHX_ SV *tsv,
                                                   const char *key)
    SV* rv = modperl_hash_tied_object_rv(aTHX_ "APR::Table", tsv);
    const int i = mpxs_apr_table_iterix(rv);
    apr_table_t *t = INT2PTR(apr_table_t *, SvIVX(SvRV(rv)));
    const apr_array_header_t *arr = apr_table_elts(t);
    apr_table_entry_t *elts = (apr_table_entry_t *)arr->elts; <---crashing line 186

    if (i > 0 && i <= arr->nelts && !strcasecmp(key, elts[i-1].key))
        return elts[i-1].val;
    else {
        return apr_table_get(t, key);

This report was generated by ./t/REPORT on Mon Dec 29 23:20:20 2008 GMT.

-------------8<---------- End Bug Report --------------8<----------

