Created attachment 34942 [details] Core dump backtrace OS: CentOS 7.3.1611 Package: mod_fcgid-2.3.9-4.el7.x86_64 Error: [ 8677.328169] Out of memory: Kill process 3314 (httpd) score 844 or sacrifice child [ 8677.333848] Killed process 3314 (httpd) total-vm:836236kB, anon-rss:421320kB, file-rss:0kB, shmem-rss:12kB # httpd -V Server version: Apache/2.4.6 (CentOS) Server built: Apr 12 2017 21:03:28 Server's Module Magic Number: 20120211:24 Server loaded: APR 1.4.8, APR-UTIL 1.5.2 Compiled using: APR 1.4.8, APR-UTIL 1.5.2 Architecture: 64-bit Server MPM: event threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="/run/httpd/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" Also affected: Apache/2.2.15 (CentOS 6.9), package: mod_fcgid-2.3.9-1.el6.x86_64 Apache/2.4.18 (Ubuntu 16.04.1), package: libapache2-mod-fcgid 2.3.9-1 Debug with memory limit (LimitAS=768M): error.log: [Sun Apr 23 13:11:19.986041 2017] [core:notice] [pid 3581:tid 139686508890240] AH00051: child pid 3584 exit signal Segmentation fault (11), possible coredump in /tmp Core dump backtrace attached.
Likely a duplicate of bug 51747. *** This bug has been marked as a duplicate of bug 51747 ***
I don't know if this is a duplicate bug. I tested the package mod_fcgid-2.3.9-4.el7_4.1.x86_64.rpm (CentOS 7) that contains the patch from bug 51747 (https://git.centos.org/commitdiff/rpms!mod_fcgid.git/76b3cbd1a9886d1f5297cf40df6da61fd9d84f7d), but the problem persists. I have a PoC script to demonstrate the issue, but it's dangerous to be publicly visible.