Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#995961: libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1
89 views
Skip to first unread message
Cool Fire
Oct 8, 2021, 9:00:03 PM10/8/21
to
Package: libapache2-mpm-itk
Version: 2.4.7-04-1+b1
Severity: important
Dear Maintainer,
After installing the 2.4.51-1~deb11u1 security update the error log
starts to get flilled with lines like:
[core:notice] [pid 3115298] AH00052: child pid 3133160 exit signal
Segmentation fault (11)
Downgrading back to 2.4.48-3.1 made the errors disappear again.
Disabling mpm_itk on 2.4.51-1~deb11u1 also stops the errors.
The issue normally does not prevent pages from being loaded and they
are still assigned the correct uid/gid.
The problematic part lies in that it seems to cause issues with properly
closing the connections. This lead to mod_qos limits being hit in my
case, but I suspect it may also lead to hitting worker or thread pool
limits in other cases.
-- System Information:
Debian Release: 11.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/24 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libapache2-mpm-itk depends on:
ii apache2-bin [apache2-api-20120211] 2.4.48-3.1
ii libc6 2.31-13
ii libcap2 1:2.44-1
libapache2-mpm-itk recommends no packages.
libapache2-mpm-itk suggests no packages.
-- no debconf information
Version: 2.4.7-04-1+b1
Severity: important
Dear Maintainer,
After installing the 2.4.51-1~deb11u1 security update the error log
starts to get flilled with lines like:
[core:notice] [pid 3115298] AH00052: child pid 3133160 exit signal
Segmentation fault (11)
Downgrading back to 2.4.48-3.1 made the errors disappear again.
Disabling mpm_itk on 2.4.51-1~deb11u1 also stops the errors.
The issue normally does not prevent pages from being loaded and they
are still assigned the correct uid/gid.
The problematic part lies in that it seems to cause issues with properly
closing the connections. This lead to mod_qos limits being hit in my
case, but I suspect it may also lead to hitting worker or thread pool
limits in other cases.
-- System Information:
Debian Release: 11.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/24 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libapache2-mpm-itk depends on:
ii apache2-bin [apache2-api-20120211] 2.4.48-3.1
ii libc6 2.31-13
ii libcap2 1:2.44-1
libapache2-mpm-itk recommends no packages.
libapache2-mpm-itk suggests no packages.
-- no debconf information
Jochen Pawletta
Oct 11, 2021, 3:00:02 AM10/11/21
to
Hello
I only want to add a "me too" for my two servers.
Jochen
--
ZX81 - C64 - Amiga - x86-Linux - iMac (MacOS)
I only want to add a "me too" for my two servers.
Jochen
--
ZX81 - C64 - Amiga - x86-Linux - iMac (MacOS)
Jean Weisbuch
Oct 11, 2021, 11:40:03 AM10/11/21
to
I also have the issue on a custom compiled HTTPD and ITK, it's not a
Debian specific bug ; it appeared between 2.4.48 and 2.4.49.
Here is a basic patch for 2.4.51 that comments the line that provokes
the segfaults but it might break other things :
--- server/connection.c 2021-09-26 16:11:22.000000000 +0200
+++ server/connection.c 2021-10-11 17:00:17.868463811 +0200
@@ -156,7 +156,7 @@
apr_socket_t *csd = ap_get_conn_socket(c);
if (ap_start_lingering_close(c)) {
- apr_socket_close(csd);
+// apr_socket_close(csd);
return;
}
A "cleaner" patch, also for 2.4.51, that reverts the changes between
2.4.48 and 2.4.49 on connection.c but keep the other changes ; i don't
know what those changes could imply so i advise against using it on a
production platform :
--- ./server/connection.c 2021-09-26 16:11:22.000000000 +0200
+++ ./server/connection.c 2021-10-11 17:15:04.232960328 +0200
@@ -139,12 +139,18 @@
ap_flush_conn(c);
#ifdef NO_LINGCLOSE
+ apr_socket_close(csd);
return 1;
#else
/* Shut down the socket for write, which will send a FIN
* to the peer.
*/
- return (c->aborted || apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE));
+ if (c->aborted
+ || apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE) !=
APR_SUCCESS) {
+ apr_socket_close(csd);
+ return 1;
+ }
+ return 0;
#endif
}
@@ -156,7 +162,6 @@
apr_socket_t *csd = ap_get_conn_socket(c);
if (ap_start_lingering_close(c)) {
- apr_socket_close(csd);
return;
}
Debian specific bug ; it appeared between 2.4.48 and 2.4.49.
Here is a basic patch for 2.4.51 that comments the line that provokes
the segfaults but it might break other things :
--- server/connection.c 2021-09-26 16:11:22.000000000 +0200
+++ server/connection.c 2021-10-11 17:00:17.868463811 +0200
@@ -156,7 +156,7 @@
apr_socket_t *csd = ap_get_conn_socket(c);
if (ap_start_lingering_close(c)) {
- apr_socket_close(csd);
+// apr_socket_close(csd);
return;
}
A "cleaner" patch, also for 2.4.51, that reverts the changes between
2.4.48 and 2.4.49 on connection.c but keep the other changes ; i don't
know what those changes could imply so i advise against using it on a
production platform :
--- ./server/connection.c 2021-09-26 16:11:22.000000000 +0200
+++ ./server/connection.c 2021-10-11 17:15:04.232960328 +0200
@@ -139,12 +139,18 @@
ap_flush_conn(c);
#ifdef NO_LINGCLOSE
+ apr_socket_close(csd);
return 1;
#else
/* Shut down the socket for write, which will send a FIN
* to the peer.
*/
- return (c->aborted || apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE));
+ if (c->aborted
+ || apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE) !=
APR_SUCCESS) {
+ apr_socket_close(csd);
+ return 1;
+ }
+ return 0;
#endif
}
@@ -156,7 +162,6 @@
apr_socket_t *csd = ap_get_conn_socket(c);
if (ap_start_lingering_close(c)) {
- apr_socket_close(csd);
return;
}
Jean Weisbuch
Oct 11, 2021, 12:10:03 PM10/11/21
to
Seems like re-compiling mpm-itk (using the exact same sourcecode as the
previous time i compiled it) and even without any patch applied to HTTPD
2.4.51 did also fix the issue for me.
previous time i compiled it) and even without any patch applied to HTTPD
2.4.51 did also fix the issue for me.
Steinar H. Gunderson
Oct 11, 2021, 3:00:02 PM10/11/21
to
security update yet? If it breaks mpm-itk and nobody really knows why,
I would say that's a good reason to stop the proposal process of the package.
/* Steinar */
--
Homepage: https://www.sesse.net/
Cool Fire
Oct 11, 2021, 5:50:03 PM10/11/21
to
On Mon, 11 Oct 2021 20:54:38 +0200 "Steinar H. Gunderson"
<se...@debian.org> wrote:
> It seems to me that this is only in bullseye-proposed-updates, not
actually a
> security update yet? If it breaks mpm-itk and nobody really knows why,
> I would say that's a good reason to stop the proposal process of the
package.
It is already a security update:
<se...@debian.org> wrote:
> It seems to me that this is only in bullseye-proposed-updates, not
actually a
> security update yet? If it breaks mpm-itk and nobody really knows why,
> I would say that's a good reason to stop the proposal process of the
package.
https://www.debian.org/security/2021/dsa-4982
For some reason it's not showing up in the listing on
packages.debian.org, but that might be expected behavior. I don't know
the packages site well enough to say for sure.
Just to double-confirm I'm getting it from stable-security repos:
$ apt list --upgradable
Listing... Done
apache2-bin/stable-security 2.4.51-1~deb11u1 amd64 [upgradable from:
2.4.48-3.1]
apache2-data/stable-security 2.4.51-1~deb11u1 all [upgradable from:
2.4.48-3.1]
apache2-utils/stable-security 2.4.51-1~deb11u1 amd64 [upgradable from:
2.4.48-3.1]
apache2/stable-security 2.4.51-1~deb11u1 amd64 [upgradable from: 2.4.48-3.1]
Jean Weisbuch
Oct 12, 2021, 6:10:02 AM10/12/21
to
back the original older connection.c or did not fully restart httpd), i
re-checked today and re-compiling mpm-itk does not fix the issue.
It has also been reported on the HTTPD bugtracker :
https://bz.apache.org/bugzilla/show_bug.cgi?id=65627
Steinar H. Gunderson
Oct 13, 2021, 5:00:02 PM10/13/21
to
reassign 995961 apache2
found 995961 2.4.51-1~deb11u1
found 995961 2.4.51-1
thanks
On Tue, Oct 12, 2021 at 11:56:20AM +0200, Jean Weisbuch wrote:
> It has also been reported on the HTTPD bugtracker :
> https://bz.apache.org/bugzilla/show_bug.cgi?id=65627
Given the analysis there, it doesn't really look like there's anything
mpm-itk can do, so I'm reassigning this to apache2.
found 995961 2.4.51-1~deb11u1
found 995961 2.4.51-1
thanks
On Tue, Oct 12, 2021 at 11:56:20AM +0200, Jean Weisbuch wrote:
> It has also been reported on the HTTPD bugtracker :
> https://bz.apache.org/bugzilla/show_bug.cgi?id=65627
mpm-itk can do, so I'm reassigning this to apache2.
Jochen Pawletta
Dec 15, 2021, 1:40:03 AM12/15/21
to
Hello
https://bz.apache.org/bugzilla/show_bug.cgi?id=65627
> Graham Leggett 2021-12-10 13:04:44 UTC
> Backported to 2.4.52.
Backport is available, are you now able to build a debian package out of
it?
https://bz.apache.org/bugzilla/show_bug.cgi?id=65627
> Graham Leggett 2021-12-10 13:04:44 UTC
> Backported to 2.4.52.
Backport is available, are you now able to build a debian package out of
it?
Mirek Skoczek
Jan 5, 2022, 4:20:03 AM1/5/22
to
This bug is really annoying, I am being flooded with segmentation fault
results (each Apache request ends in segmentation fault).
I wonder if there's any timeframe for backport being available...
results (each Apache request ends in segmentation fault).
I wonder if there's any timeframe for backport being available...
Cool Fire
Jan 17, 2022, 2:40:04 AM1/17/22
to
The 2.4.52-1~deb11u2 package has solved the issue for me so the bug
report can be closed as far as I'm concerned.
Thanks for everyone's time and effort put into getting a fix released.
report can be closed as far as I'm concerned.
Thanks for everyone's time and effort put into getting a fix released.
Remon Moyede
Nov 2, 2022, 1:30:03 PM11/2/22
to
0 new messages