Your message dated Sat, 14 Jun 2008 07:17:05 +0000 with message-id <E1K7Q0X-0005bd-Go@ries.debian.org> and subject line Bug#484800: fixed in apache2 2.2.9-1 has caused the Debian Bug report #484800, regarding apache2 mpm-worker segmentation fault (Launchpad #235294) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 484800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484800 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2 mpm-worker segmentation fault (Launchpad #235294)
- From: Dustin Kirkland <kirkland@canonical.com>
- Date: Fri, 06 Jun 2008 09:59:23 -0500
- Message-id: <[🔎] 1212764363.7857.17.camel@t61p.dustinkirkland.com>
- Reply-to: kirkland@canonical.com
Package: apache2 User: ubuntu-devel@lists.ubuntu.com Usertags: origin-ubuntu hardy ubuntu-patch Version: 2.2.8-4 Severity: important Tags: patch When torture testing an apache2-mpm-worker I get numerous segmentation faults and sigbus errors: [Tue May 27 14:16:40 2008] [notice] child pid 8848 exit signal Segmentation fault (11) [Tue May 27 14:18:35 2008] [notice] child pid 9075 exit signal Segmentation fault (11) [Tue May 27 14:19:37 2008] [notice] child pid 9159 exit signal Segmentation fault (11) [Tue May 27 14:19:37 2008] [notice] child pid 9215 exit signal Segmentation fault (11) [Tue May 27 14:20:19 2008] [notice] child pid 9495 exit signal Segmentation fault (11) [Tue May 27 14:22:52 2008] [notice] child pid 9523 exit signal Segmentation fault (11) See: * https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/235294 Fix is commited in the apache cvs and in Ubuntu, we've applied the attached patch to achieve the following: * debian/patches/100_mpm_wokers_crash.dpatch - Fix for segmentation fault with mpm-worker is under load. Backported from http://svn.apache.org/viewvc?view=rev&revision=631362. (LP: #235294) We thought you might be interested in doing the same. -- System Information: Debian Release: lenny/sid APT prefers hardy-updates APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-18-generic (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- :-Dustin Dustin Kirkland Ubuntu Server Developer Canonical, LTD kirkland@canonical.com GPG: 1024D/83A61194diff -u apache2-2.2.8/debian/patches/00list apache2-2.2.8/debian/patches/00list --- apache2-2.2.8/debian/patches/00list +++ apache2-2.2.8/debian/patches/00list @@ -24,0 +25 @@ +100_mpm_wokers_crash.dpatch only in patch2: unchanged: --- apache2-2.2.8.orig/debian/patches/100_mpm_wokers_crash.dpatch +++ apache2-2.2.8/debian/patches/100_mpm_wokers_crash.dpatch @@ -0,0 +1,46 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +diff -Naur httpd-2.2.8.orig/server/mpm/experimental/event/fdqueue.c httpd-2.2.8/server/mpm/experimental/event/fdqueue.c +--- httpd-2.2.8.orig/server/mpm/experimental/event/fdqueue.c 2007-07-25 09:13:49.000000000 -0400 ++++ httpd-2.2.8/server/mpm/experimental/event/fdqueue.c 2008-05-20 03:18:03.000000000 -0400 +@@ -194,10 +194,16 @@ + (*new_recycle)); + new_recycle->pool = pool_to_recycle; + for (;;) { +- new_recycle->next = queue_info->recycled_pools; ++ /* ++ * Save queue_info->recycled_pool in local varaible next because ++ * new_recycle->next can be changed after apr_atomic_casptr ++ * function call. For gory details see PR 4402. ++ */ ++ struct recycled_pool *next = queue_info->recycled_pools; ++ new_recycle->next = next; + if (apr_atomic_casptr + ((volatile void **) &(queue_info->recycled_pools), +- new_recycle, new_recycle->next) == new_recycle->next) { ++ new_recycle, next) == next) { + break; + } + } +diff -Naur httpd-2.2.8.orig/server/mpm/worker/fdqueue.c httpd-2.2.8/server/mpm/worker/fdqueue.c +--- httpd-2.2.8.orig/server/mpm/worker/fdqueue.c 2007-07-25 09:13:49.000000000 -0400 ++++ httpd-2.2.8/server/mpm/worker/fdqueue.c 2008-05-20 03:12:43.000000000 -0400 +@@ -94,10 +94,14 @@ + sizeof(*new_recycle)); + new_recycle->pool = pool_to_recycle; + for (;;) { +- new_recycle->next = queue_info->recycled_pools; ++ /* Save queue_info->recycled_pool in local variable next because ++ * new_recycle->next can be changed after apr_atomic_casptr ++ * function call. For gory details see PR 44402. ++ */ ++ struct recycled_pool *next = queue_info->recycled_pools; ++ new_recycle->next = next; + if (apr_atomic_casptr((volatile void**)&(queue_info->recycled_pools), +- new_recycle, new_recycle->next) == +- new_recycle->next) { ++ new_recycle, next) == next) { + break; + } + }Attachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: 484800-close@bugs.debian.org
- Subject: Bug#484800: fixed in apache2 2.2.9-1
- From: Stefan Fritsch <sf@debian.org>
- Date: Sat, 14 Jun 2008 07:17:05 +0000
- Message-id: <E1K7Q0X-0005bd-Go@ries.debian.org>
Source: apache2 Source-Version: 2.2.9-1 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-dbg_2.2.9-1_i386.deb to pool/main/a/apache2/apache2-dbg_2.2.9-1_i386.deb apache2-doc_2.2.9-1_all.deb to pool/main/a/apache2/apache2-doc_2.2.9-1_all.deb apache2-mpm-event_2.2.9-1_i386.deb to pool/main/a/apache2/apache2-mpm-event_2.2.9-1_i386.deb apache2-mpm-prefork_2.2.9-1_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.2.9-1_i386.deb apache2-mpm-worker_2.2.9-1_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.2.9-1_i386.deb apache2-prefork-dev_2.2.9-1_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.2.9-1_i386.deb apache2-src_2.2.9-1_all.deb to pool/main/a/apache2/apache2-src_2.2.9-1_all.deb apache2-suexec-custom_2.2.9-1_i386.deb to pool/main/a/apache2/apache2-suexec-custom_2.2.9-1_i386.deb apache2-suexec_2.2.9-1_i386.deb to pool/main/a/apache2/apache2-suexec_2.2.9-1_i386.deb apache2-threaded-dev_2.2.9-1_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.2.9-1_i386.deb apache2-utils_2.2.9-1_i386.deb to pool/main/a/apache2/apache2-utils_2.2.9-1_i386.deb apache2.2-common_2.2.9-1_i386.deb to pool/main/a/apache2/apache2.2-common_2.2.9-1_i386.deb apache2_2.2.9-1.diff.gz to pool/main/a/apache2/apache2_2.2.9-1.diff.gz apache2_2.2.9-1.dsc to pool/main/a/apache2/apache2_2.2.9-1.dsc apache2_2.2.9-1_all.deb to pool/main/a/apache2/apache2_2.2.9-1_all.deb apache2_2.2.9.orig.tar.gz to pool/main/a/apache2/apache2_2.2.9.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 484800@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 14 Jun 2008 08:29:41 +0200 Source: apache2 Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg Architecture: source i386 all Version: 2.2.9-1 Distribution: unstable Urgency: low Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Next generation, scalable, extendable web server apache2-dbg - Apache debugging symbols apache2-doc - documentation for apache2 apache2-mpm-event - Event driven model for Apache HTTPD apache2-mpm-prefork - Traditional model for Apache HTTPD apache2-mpm-worker - High speed threaded model for Apache HTTPD apache2-prefork-dev - development headers for apache2 apache2-src - Apache source code apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - development headers for apache2 apache2-utils - utility programs for webservers apache2.2-common - Next generation, scalable, extendable web server Closes: 479136 484800 Changes: apache2 (2.2.9-1) unstable; urgency=low . * New upstream release. Notable changes: - mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage (CVE-2008-2364). - mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager (CVE-2007-6420). - Worker / Event MPM: Fix race condition in pool recycling that leads to segmentation faults under load. (Closes: #484800) - mod_proxy: Keep connections to the backend persistent in the HTTPS case. - mod_proxy: Support environment variable interpolation in reverse proxying directives. - mod_headers: Add 'merge' option to avoid duplicate values within the same header. - mod_substitute: The default is now flattening the buckets after each substitution. The newly added 'q' flag allows for the quicker, more efficient bucket-splitting. * Shorten the init script's waiting period during 'restart' from 10 to 4 seconds. This should still be plenty to allow the apache processes to close their listening sockets. Make the wait even shorter if apache dies faster. (Closes: #479136) * Fix some lintian warnings: - Add some missing patch descriptions. - Point to /usr/share/common-licenses instead of including the license in the copyright file. Checksums-Sha1: 938f039b678d695beccb0fe9a0b27faf2f3fe698 1643 apache2_2.2.9-1.dsc 504cf39a62c5e62302f7dd9afac4d1933a9441fe 6396996 apache2_2.2.9.orig.tar.gz e2b25312bf5b9a4871b236232fefc3e5ff4d0842 121728 apache2_2.2.9-1.diff.gz 934a6894aefdb33b24831443e2cd19cabf65c4fc 771208 apache2.2-common_2.2.9-1_i386.deb 3c111d00a14cfd566d8973781ee24b3cb99e3c61 237856 apache2-mpm-worker_2.2.9-1_i386.deb 932984624da4fb9e8a0ff8162f1c45dc3554a726 233880 apache2-mpm-prefork_2.2.9-1_i386.deb d22a17e847d3e396598ce6b104565067161445d7 238610 apache2-mpm-event_2.2.9-1_i386.deb 1ab544016e82b8ba257c28c9a1c41077a66259a9 141016 apache2-utils_2.2.9-1_i386.deb 0a50f31925fcbada94e1c97423aa0b2576c18394 79168 apache2-suexec_2.2.9-1_i386.deb 19f95838ac2e630bf631f352e4e090dfe404dc9f 80714 apache2-suexec-custom_2.2.9-1_i386.deb 7757107fbf9536b4be0ef38133892e24f9fb97f2 207832 apache2-prefork-dev_2.2.9-1_i386.deb bf573185362ec2f11f93794f6f278c83e11b3e39 208902 apache2-threaded-dev_2.2.9-1_i386.deb 0cdaddde55f95cd3a68b1988970f0baaa85e9eab 2327096 apache2-dbg_2.2.9-1_i386.deb 4afeca55bd42b836c42bd5b9e4f14e19e26a3d58 42474 apache2_2.2.9-1_all.deb cc726dd398b97c028ab9cbef7b9fdaed2005fd5d 2050802 apache2-doc_2.2.9-1_all.deb 2bd531a463adf6ff91b6f15e9171077641c21bfe 6671840 apache2-src_2.2.9-1_all.deb Checksums-Sha256: ee0b3e64ff0b674601888de47407dbc23fa1fbe6f2a8260dd992d0b9b6a28df2 1643 apache2_2.2.9-1.dsc 74c92f9905a809fb18822f0d98e45712bb17495cefaf2b5315c2ce15840a04a2 6396996 apache2_2.2.9.orig.tar.gz 9507b3dad811e28c442a7bdf99e257378b1da495782b3ab69e80dab5cbf85335 121728 apache2_2.2.9-1.diff.gz 758c78575f08d6bd85a70b139015247ba61e775ca7a3922b05314173e5a78306 771208 apache2.2-common_2.2.9-1_i386.deb 7b775c3af6b0b7a5f9423f7c1310bf7e5ccdea9e35084cfcae0a765ce357b2eb 237856 apache2-mpm-worker_2.2.9-1_i386.deb 59e3836b3eb4cb689acbba06a06a405893a6a832ab7d5cbd4426fc0b30af6322 233880 apache2-mpm-prefork_2.2.9-1_i386.deb 726d163d7dee908afe47d5f0ed279ef93c689c988341084a71c2b2c397663474 238610 apache2-mpm-event_2.2.9-1_i386.deb 825ef4010686db0fe0c96a1006446c7162c622ce824997cabfcf799d31c22842 141016 apache2-utils_2.2.9-1_i386.deb 1b8d2432f767e299205c47e57f37a62cadea7fd05d05168c728185cfd2f8f5c8 79168 apache2-suexec_2.2.9-1_i386.deb ac2812579a1d1fae8c26ae3fe6a6ea0a80d654708ed13d832322d4e2aec0c8ca 80714 apache2-suexec-custom_2.2.9-1_i386.deb f71e21bed0cd19a5b287d38b29e8c9a51e83586cfa243ae543f97bec65cb052d 207832 apache2-prefork-dev_2.2.9-1_i386.deb fff7deff81e631e5253be40106ccf92d777324f7d05b19546e0ebf1edc497843 208902 apache2-threaded-dev_2.2.9-1_i386.deb 643971534bc74bdf33a8865a88f93fbce9eb6a2fcbd2625dbe89cee36c2d24f4 2327096 apache2-dbg_2.2.9-1_i386.deb 75f4c26cbb593a2e5181de6ece961e7c4d93188743c845ae6f54d70232430ef1 42474 apache2_2.2.9-1_all.deb 49689ec6efd076dc124a5705832f70971e6cc7f677a4eaa3757a97fd7aa6c930 2050802 apache2-doc_2.2.9-1_all.deb 0188878b382c7aa8f1c9104148e49ca3ed1ac446f44149364e73e248425483b0 6671840 apache2-src_2.2.9-1_all.deb Files: ce7532ba9776ed4e11083b5ae6a2b8f7 1643 web optional apache2_2.2.9-1.dsc 80d3754fc278338033296f0d41ef2c04 6396996 web optional apache2_2.2.9.orig.tar.gz e8f213cc8a800abdf076379d4370fffe 121728 web optional apache2_2.2.9-1.diff.gz fa7ec5e45b15a77ed9ed74cbd778b0d9 771208 web optional apache2.2-common_2.2.9-1_i386.deb 62f739cae19ecf78674e750df0b40455 237856 web optional apache2-mpm-worker_2.2.9-1_i386.deb edc8678bcd37f41d1cdf99701a573f70 233880 web optional apache2-mpm-prefork_2.2.9-1_i386.deb 453d4cac21bb756c88a730301ebb10af 238610 web optional apache2-mpm-event_2.2.9-1_i386.deb 75ed349068e1ad8e790bb6cc14cfddc9 141016 web optional apache2-utils_2.2.9-1_i386.deb db13b131182d77f5a4c3a1162cf956d5 79168 web optional apache2-suexec_2.2.9-1_i386.deb da0e04a5798aab209b72e9f7cfe153bb 80714 web extra apache2-suexec-custom_2.2.9-1_i386.deb 7d21c1899bf232d9fc9d8491035de57e 207832 devel extra apache2-prefork-dev_2.2.9-1_i386.deb d773216f651e41d94fef41a308bd261b 208902 devel extra apache2-threaded-dev_2.2.9-1_i386.deb a4caecdf15da5216ce094ff0a18812ef 2327096 libdevel extra apache2-dbg_2.2.9-1_i386.deb 7b954ab3b7d13cf7222d5347a2603943 42474 web optional apache2_2.2.9-1_all.deb 509a61c75a80aae2ad9873441dc26f6a 2050802 doc optional apache2-doc_2.2.9-1_all.deb f4e01f99fee2cd6c94f67eb760cc593c 6671840 devel extra apache2-src_2.2.9-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIU2rJbxelr8HyTqQRAn/hAKC0Ua4DKSRohPH0VmaGQxfU8x/1MgCghSf+ 019xWH0G8iTuNmd3Q5VsFeM= =ROGt -----END PGP SIGNATURE-----
--- End Message ---