Mailing List Archive

[Bug 66539] New: Crash in mod_log_config when using the new mod_http2 in httpd-2.4.56
https://bz.apache.org/bugzilla/show_bug.cgi?id=66539

Bug ID: 66539
Summary: Crash in mod_log_config when using the new mod_http2
in httpd-2.4.56
Product: Apache httpd-2
Version: 2.4.56
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_http2
Assignee: bugs@httpd.apache.org
Reporter: tm@del.bg
Target Milestone: ---

After upgrading to httpd 2.4.56 I strted seeing occasional segmentation faults
like this:

[Sun Mar 19 14:22:28 2023] [notice] [pid 2179] mpm_unix.c(433): AH00052: child
pid 60058 exit signal Segmentation fault (11)

I compiled httpd with debug symbols and managed to get code dump. Here's a
backtrace:

#0 __strcasecmp_l_avx () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:199
#1 0x000071c2dd48f5f1 in apr_table_get () from
/usr/lib/x86_64-linux-gnu/libapr-1.so.0
#2 0x000011f829ca9a53 in log_header_in (r=0x71c1b15550a0, a=0x71c2d212cc08
"Referer") at mod_log_config.c:441
#3 0x000011f829cab245 in process_item (r=0x71c1b15550a0, orig=0x71c1b15550a0,
item=0x71c2d212ce80) at mod_log_config.c:1095
#4 0x000011f829cab50f in config_log_transaction (r=0x71c1b15550a0,
cls=0x71c2dad4baf0, default_format=0x71c2dd06b0c0) at mod_log_config.c:1168
#5 0x000011f829cab745 in multi_log_transaction (r=0x71c1b15550a0) at
mod_log_config.c:1206
#6 0x000011f829c368ed in ap_run_log_transaction (r=0x71c1b15550a0) at
protocol.c:2586
#7 0x000011f829c4bd3f in eor_bucket_cleanup (data=0x71c2481af390) at
eor_bucket.c:40
#8 0x000071c2dd49780e in apr_pool_destroy () from
/usr/lib/x86_64-linux-gnu/libapr-1.so.0
#9 0x000071c2dd49782d in apr_pool_destroy () from
/usr/lib/x86_64-linux-gnu/libapr-1.so.0
#10 0x000071c2dd49782d in apr_pool_destroy () from
/usr/lib/x86_64-linux-gnu/libapr-1.so.0
#11 0x000071c2dd49782d in apr_pool_destroy () from
/usr/lib/x86_64-linux-gnu/libapr-1.so.0
#12 0x000071c2dd49782d in apr_pool_destroy () from
/usr/lib/x86_64-linux-gnu/libapr-1.so.0
#13 0x000071c2dd02a605 in ?? () from /apache/modules/mod_http2.so
#14 0x000071c2dd014e85 in ?? () from /apache/modules/mod_http2.so
#15 0x000011f829c626ac in ap_run_pre_close_connection (c=0x71c292e33360) at
connection.c:44
#16 0x000011f829c62840 in ap_prep_lingering_close (c=0x71c292e33360) at
connection.c:101
#17 0x000011f829c628b5 in ap_start_lingering_close (c=0x71c292e33360) at
connection.c:127
#18 0x000011f829d0b34e in process_lingering_close (cs=0x71c292e332b0) at
event.c:1500
#19 0x000011f829d0a997 in process_socket (thd=0x71c2c4c3b068, p=0x71c292e33028,
sock=0x71c292e330b0, cs=0x71c292e332b0, my_child_num=2, my_thread_num=949) at
event.c:1238
#20 0x000011f829d0d7b8 in worker_thread (thd=0x71c2c4c3b068,
dummy=0x71c2c80564b0) at event.c:2199
#21 0x000011f829c26a78 in thread_start (thread=0x71c2c4c3b068,
data=0x71c2c4c3b058) at util.c:3208
#22 0x000071c2dd45aea7 in start_thread (arg=<optimized out>) at
pthread_create.c:477
#23 0x000071c2dd37aa2f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

I've also tried to see what's inside r->headers_in (thanks to
https://github.com/omnigroup/Apache/blob/master/httpd/.gdbinit making my life
easier), but got:

(gdb) dump_table r->headers_in
[0] 'Cannot access memory at address 0x71c268dde410

On the other hand r->headers_out is ok.

Because mod_http2 is the biggest change, we build http-2.4.56 with the older
mod_h2 and it is not crashing anymore.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org