https://bz.apache.org/bugzilla/show_bug.cgi?id=69899
Bug ID: 69899
Summary: Double free / invalid free crash in mod_http2 on
Apache 2.4.66 with MPM event
Product: Apache httpd-2
Version: 2.4.66
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_http2
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
After upgrading Apache from 2.4.65 to 2.4.66, several worker processes crash
with the following error in the logs:
double free or corruption (out)
free(): invalid size
child pid XXXX exit signal Aborted (6)
Environment:
Apache: 2.4.66, built from source, installed in /usr/local/sbin/httpd
MPM: event (mod_mpm_event)
Modules loaded: mod_http2, mod_ssl, mod_proxy_fcgi, etc.
OS: Linux x86_64 (RHEL/CentOS/Alma/Rocky)
APR version: libapr-1.so.0
PHP / Python / other dynamic modules may be loaded, but crash occurs in
mod_http2
Steps to reproduce:
Start Apache 2.4.66 with mod_http2 enabled and MPM event.
Handle any HTTP/2 request (simple GET is sufficient).
Apache worker crashes, producing SIGABRT.
Stack trace from core dump:
#0 raise () from /lib64/libc.so.6
#1 abort () from /lib64/libc.so.6
#2 __libc_message () from /lib64/libc.so.6
#3 malloc_printerr () from /lib64/libc.so.6
#4 _int_free () from /lib64/libc.so.6
#5 apr_pool_destroy () from /usr/local/lib64/libapr-1.so.0
#6 c1_purge_streams ()
#7 h2_mplx_c1_poll ()
#8 h2_session_process ()
#9 h2_c1_run ()
#10 h2_c1_hook_process_connection ()
#11 ap_run_process_connection ()
#12 process_socket () from mod_mpm_event.so
#13 worker_thread () from mod_mpm_event.so
#14 start_thread () from /lib64/libpthread.so.0
#15 clone () from /lib64/libc.so.6
Disabling mod_http2 prevents the crash.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
