61028 – mod_fcgid extensive memory allocations causes OOM

Bug 61028 - mod_fcgid extensive memory allocations causes OOM

Summary: mod_fcgid extensive memory allocations causes OOM

Status:	RESOLVED DUPLICATE of bug 51747

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_fcgid (show other bugs)
Version:	2.4.6
Hardware:	PC Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-04-23 11:37 UTC by koumes
Modified:	2018-12-12 19:32 UTC (History)
CC List:	1 user (show)

Attachments
Core dump backtrace (5.34 KB, text/plain) 2017-04-23 11:37 UTC, koumes	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description koumes 2017-04-23 11:37:12 UTC

Created attachment 34942 [details]
Core dump backtrace

OS: CentOS 7.3.1611
Package: mod_fcgid-2.3.9-4.el7.x86_64
Error: 
[ 8677.328169] Out of memory: Kill process 3314 (httpd) score 844 or sacrifice child
[ 8677.333848] Killed process 3314 (httpd) total-vm:836236kB, anon-rss:421320kB, file-rss:0kB, shmem-rss:12kB

# httpd -V
Server version: Apache/2.4.6 (CentOS)
Server built:   Apr 12 2017 21:03:28
Server's Module Magic Number: 20120211:24
Server loaded:  APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture:   64-bit
Server MPM:     event
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="/run/httpd/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"


Also affected:
  Apache/2.2.15 (CentOS 6.9), package: mod_fcgid-2.3.9-1.el6.x86_64
  Apache/2.4.18 (Ubuntu 16.04.1), package: libapache2-mod-fcgid 2.3.9-1



Debug with memory limit (LimitAS=768M):

error.log:
[Sun Apr 23 13:11:19.986041 2017] [core:notice] [pid 3581:tid 139686508890240] AH00051: child pid 3584 exit signal Segmentation fault (11), possible coredump in /tmp

Core dump backtrace attached.

Comment 1 Joe Orton 2018-11-28 08:58:43 UTC

Likely a duplicate of bug 51747.

*** This bug has been marked as a duplicate of bug 51747 ***

Comment 2 koumes 2018-12-12 19:32:22 UTC

I don't know if this is a duplicate bug. I tested the package mod_fcgid-2.3.9-4.el7_4.1.x86_64.rpm (CentOS 7) that contains the patch from bug 51747 (https://git.centos.org/commitdiff/rpms!mod_fcgid.git/76b3cbd1a9886d1f5297cf40df6da61fd9d84f7d), but the problem persists.

I have a PoC script to demonstrate the issue, but it's dangerous to be publicly visible.