Segmentation faults in processing of 'oauth2_apache_request_context_free'

[studersi]

We are encountering segmentation faults that might be linked to mod_oauth2.

• The backtrace lists the oauth2_apache_request_context_free function.
• Disabling the module prevents the segmentation faults.
• Enabling the module causes the segmentation faults to reappear.

Any tips on how to debug this or any idea what the issue might be?

Let me know if you need any more information!

Versions

• mod_oauth2: 3.3.1
• liboauth2: 1.6.0

Backtrace

Core was generated by `/path/to/bin/httpd -f /path/to/conf/httpd.conf -k start'.
  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x0123456789ab12c0 in __memset_avx2_unaligned_erms () from /lib64/libc.so.6
  [Current thread is 1 (Thread 0x0123456789ab (LWP 37962))]
  (gdb) bt
  #0  0x0123456789abcdef in __memset_avx2_unaligned_erms () from /lib64/libc.so.6
  #1  0x0123456789abcdef in hook_error_log () from /path/to/modules/mod_security2.so
  #2  0x0123456789abcdef in ap_run_error_log (errstr=0x0123456789ab "oauth2_apache_request_context_free: dispose request context: 0x0123456789ab", info=0x0123456789ab) at log.c:1994
  #3  log_error_core (file=0x0123456789ab "src/server/apache.c", line=335, module_index=43, level=level@entry=7, status=0, s=<optimized out>, c=<optimized out>, r=0x0123456789ab, pool=0x0, fmt=0x0123456789ab "%s: %s", args=0x0123456789ab) at log.c:1344
  #4  0x0123456789abcdef in ap_log_rerror_ (file=file@entry=0x0123456789ab "src/server/apache.c", line=line@entry=335, module_index=<optimized out>, level=7, status=status@entry=0, r=0x0123456789ab, fmt=0x0123456789ab "%s: %s") at log.c:1397
  #5  0x0123456789abcdef in oauth2_log_request (sink=0x0123456789ab, filename=0x0123456789ab "src/server/apache.c", line=335, function=0x0123456789ab "oauth2_apache_request_context_free", level=OAUTH2_LOG_DEBUG, msg=0x0123456789ab "dispose request context: 0x0123456789ab") at src/mod_oauth2.c:40
  #6  0x0123456789abcdef in oauth2_log () from /path/to/lib/liboauth2.so.0
  #7  0x0123456789abcdef in oauth2_apache_request_context_free () from /path/to/lib/liboauth2_apache.so.0
  #8  0x0123456789abcdef in run_cleanups (cref=<optimized out>) at memory/unix/apr_pools.c:2666
  #9  apr_pool_destroy (pool=0x0123456789ab) at memory/unix/apr_pools.c:991
  #10 0x0123456789abcdef in eor_bucket_destroy (data=0x0123456789ab) at eor_bucket.c:101
  #11 0x0123456789abcdef in send_brigade_nonblocking (c=0x0123456789ab, ctx=0x0123456789ab, bb=0x0123456789ab, s=0x0123456789ab) at core_filters.c:720
  #12 ap_core_output_filter (f=0x0123456789ab, new_bb=0x0123456789ab) at core_filters.c:506
  #13 0x0123456789abcdef in ssl_io_filter_output (f=0x0123456789ab, bb=0x0123456789ab) at ssl_engine_io.c:1977
  #14 0x0123456789abcdef in ssl_io_filter_coalesce (f=0x0123456789ab, bb=0x0123456789ab) at ssl_engine_io.c:1924
  #15 0x0123456789abcdef in ap_process_request_after_handler (r=0x0123456789ab) at http_request.c:374
  #16 0x0123456789abcdef in ap_process_http_async_connection (c=0x0123456789ab) at http_core.c:155
  #17 ap_process_http_connection (c=0x0123456789ab) at http_core.c:246
  #18 0x0123456789abcdef in ap_run_process_connection (c=c@entry=0x0123456789ab) at connection.c:42
  #19 0x0123456789abcdef in process_socket (thd=<optimized out>, p=<optimized out>, sock=<optimized out>, cs=<optimized out>, my_child_num=<optimized out>, my_thread_num=<optimized out>) at event.c:1086

[zandbelt]

it looks like an interference issue with mod_security2; could you try and run it without that?