https://bz.apache.org/bugzilla/show_bug.cgi?id=70128
Bug ID: 70128
Summary: Segmentation fault in mod_http2 during SSL output
(ssl_io_filter_coalesce)
Product: Apache httpd-2
Version: 2.4.68
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_http2
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Server version: Apache/2.4.68 (Unix)
Server built: Jun 10 2026 15:05:58
Server's Module Magic Number: 20120211:142
Server loaded: APR 1.7.6, APR-UTIL 1.6.3, PCRE 10.32 2018-09-10
Compiled using: APR 1.7.6, APR-UTIL 1.6.3, PCRE 10.32 2018-09-10
Patches: 09f7c77ef6fc
-------
OpenSSL 1.1.1k - openssl-1.1.1k-15.el8_6.x86_64
------
Coredump:
bt
#0 __memmove_evex_unaligned_erms () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:467
#1 0x0000000000513d98 in ssl_io_filter_coalesce (f=0x7fee18038d40,
bb=0x7fee5801c098) at ssl_engine_io.c:1900
#2 0x0000000000549465 in pass_output (io=0x7fee58013690, flush=flush@entry=0)
at h2_c1_io.c:284
#3 0x00000000005497c8 in h2_c1_io_pass (io=io@entry=0x7fee58013690) at
h2_c1_io.c:333
#4 0x000000000053a4c2 in h2_session_send
(session=session@entry=0x7fee58013650) at h2_session.c:1373
#5 0x000000000053a6a8 in h2_session_process (session=0x7fee58013650, async=0,
pkeepalive=pkeepalive@entry=0x7fef01ffabec) at h2_session.c:1902
#6 0x0000000000527df8 in h2_c1_run (c=c@entry=0x7fee18038698) at h2_c1.c:135
#7 0x00000000005280c5 in h2_c1_hook_process_connection (c=0x7fee18038698) at
h2_c1.c:309
#8 0x0000000000474f60 in ap_run_process_connection (c=c@entry=0x7fee18038698)
at connection.c:42
#9 0x000000000047548e in ap_process_connection (c=c@entry=0x7fee18038698,
csd=csd@entry=0x7fee18038480)
at connection.c:217
#10 0x00007fef27c16cff in process_socket (bucket_alloc=0x7fee58000b88,
my_thread_num=6, my_child_num=1,
sock=0x7fee18038480, p=0x7fee180383f8, thd=0x1b3ed68) at worker.c:491
#11 worker_thread (thd=0x1b3ed68, dummy=<optimized out>) at worker.c:820
#12 0x00007fef299d21ca in start_thread (arg=<optimized out>) at
pthread_create.c:479
#13 0x00007fef29429953 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
bt full
#0 __memmove_evex_unaligned_erms () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:467
No locals.
#1 0x0000000000513d98 in ssl_io_filter_coalesce (f=0x7fee18038d40,
bb=0x7fee5801c098) at ssl_engine_io.c:1900
rv = <optimized out>
len = 272
data = 0x7fef2bd330f3 <error: Cannot access memory at address
0x7fef2bd330f3>
next = <optimized out>
e = 0x7fee58000da8
upto = 0x7fee58000ee8
bytes = <optimized out>
ctx = <optimized out>
buffered = <optimized out>
count = <optimized out>
#2 0x0000000000549465 in pass_output (io=0x7fee58013690, flush=flush@entry=0)
at h2_c1_io.c:284
c = 0x7fee18038698
bblen = 294
rv = <optimized out>
#3 0x00000000005497c8 in h2_c1_io_pass (io=io@entry=0x7fee58013690) at
h2_c1_io.c:333
No locals.
#4 0x000000000053a4c2 in h2_session_send
(session=session@entry=0x7fee58013650) at h2_session.c:1373
ngrv = <optimized out>
pending = 1
rv = 0
#5 0x000000000053a6a8 in h2_session_process (session=0x7fee58013650, async=0,
pkeepalive=pkeepalive@entry=0x7fef01ffabec) at h2_session.c:1902
status = <optimized out>
c = 0x7fee18038698
rv = <optimized out>
mpm_state = 1
trace = 0
#6 0x0000000000527df8 in h2_c1_run (c=c@entry=0x7fee18038698) at h2_c1.c:135
status = <optimized out>
mpm_state = 0
keepalive = 0
conn_ctx = 0x7fee5801be68
#7 0x00000000005280c5 in h2_c1_hook_process_connection (c=0x7fee18038698) at
h2_c1.c:309
status = <optimized out>
ctx = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--
#8 0x0000000000474f60 in ap_run_process_connection (c=c@entry=0x7fee18038698)
at connection.c:42
pHook = <optimized out>
n = 4
rv = -1
#9 0x000000000047548e in ap_process_connection (c=c@entry=0x7fee18038698,
csd=csd@entry=0x7fee18038480)
at connection.c:217
No locals.
#10 0x00007fef27c16cff in process_socket (bucket_alloc=0x7fee58000b88,
my_thread_num=6, my_child_num=1,
sock=0x7fee18038480, p=0x7fee180383f8, thd=0x1b3ed68) at worker.c:491
current_conn = 0x7fee18038698
conn_id = <optimized out>
sbh = 0x7fee18038690
current_conn = <optimized out>
conn_id = <optimized out>
sbh = <optimized out>
#11 worker_thread (thd=0x1b3ed68, dummy=<optimized out>) at worker.c:820
ti = <optimized out>
process_slot = 1
thread_slot = 6
csd = 0x7fee18038480
bucket_alloc = 0x7fee58000b88
last_ptrans = 0x0
ptrans = 0x7fee180383f8
rv = <optimized out>
is_idle = 0
#12 0x00007fef299d21ca in start_thread (arg=<optimized out>) at
pthread_create.c:479
ret = <optimized out>
pd = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140664507447040,
-7053686998012700517, 140664641461246,
140664641461247, 26580632, 140664507444672,
7044270777803823259, 7044217189896509595},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data =
{prev = 0x0, cleanup = 0x0,
canceltype = 0}}}
not_first_call = <optimized out>
#13 0x00007fef29429953 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
