[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#916375: Fwd: Bug#916375: apache2: Segmentation fault when mod_perl.so is loaded

Cc: libapache2-mod-perl2


-------- Message --------
Subject : Bug#916375: apache2: Segmentation fault when mod_perl.so is loaded
Date : Thu, 13 Dec 2018 19:09:02 +0000
>From : h.thien <h.thien@callassoftware.com>
To : debian-bugs-dist@lists.debian.org
Cc : team@security.debian.org, Debian Apache Maintainers
<debian-apache@lists.debian.org>

Package: apache2
Version: 2.4.25-3+deb9u6
Severity: grave
Tags: patch
Justification: renders package unusable

Dear Maintainer,

	For communication with our customers we use the OTRS Ticket System.

	The server was reinstalled about a year ago and worked fine until it
was rebooted three days ago.

	Since then the Apache web server crashes reproducibly as soon as it has
to process a request. Here is a stacktrace:

		cd /etc/apache2
		. envvars
		gdb /usr/sbin/apache2
		gdb> set args -X
		gdb> run

		# ... now use the webbrowser to send an http request to the apache2
server: http://otrs-testing/otrs/index.pl?Action=Admin

		gdb> Thread 1 "/opt/otrs/bin/cgi-bi" received signal SIGSEGV,
Segmentation fault.
		gdb> bt
		    #0  0x00007fffdcd290c7 in free_defaults () from
/usr/lib/x86_64-linux-gnu/libmariadbclient.so.18
		    #1  0x00007fffdcd29422 in free_defaults () from
/usr/lib/x86_64-linux-gnu/libmariadbclient.so.18
		    #2  0x00007fffdcd29461 in free_defaults () from
/usr/lib/x86_64-linux-gnu/libmariadbclient.so.18
		    #3  0x00007fffdcd29637 in free_defaults () from
/usr/lib/x86_64-linux-gnu/libmariadbclient.so.18
		    #4  0x00007fffdccf5868 in mysql_options4 () from
/usr/lib/x86_64-linux-gnu/libmariadbclient.so.18
		    #5  0x00007fffdd2cabc8 in mysql_dr_connect () from
/usr/lib/x86_64-linux-gnu/perl5/5.24/auto/DBD/mysql/mysql.so
		    #6  0x00007fffdd2ccc69 in ?? () from
/usr/lib/x86_64-linux-gnu/perl5/5.24/auto/DBD/mysql/mysql.so
		    #7  0x00007fffdd2ccd71 in mysql_db_login () from
/usr/lib/x86_64-linux-gnu/perl5/5.24/auto/DBD/mysql/mysql.so
		    #8  0x00007fffdd2d9651 in ?? () from
/usr/lib/x86_64-linux-gnu/perl5/5.24/auto/DBD/mysql/mysql.so
		    #9  0x00007ffff3901950 in Perl_pp_entersub () from
/usr/lib/x86_64-linux-gnu/libperl.so.5.24
		    #10 0x00007ffff38f9e96 in Perl_runops_standard () from
/usr/lib/x86_64-linux-gnu/libperl.so.5.24
		    #11 0x00007ffff3879d5b in Perl_call_sv () from
/usr/lib/x86_64-linux-gnu/libperl.so.5.24
		    #12 0x00007fffea84c2e9 in XS_DBI_dispatch () from
/usr/lib/x86_64-linux-gnu/perl5/5.24/auto/DBI/DBI.so
		    #13 0x00007ffff3901950 in Perl_pp_entersub () from
/usr/lib/x86_64-linux-gnu/libperl.so.5.24
		    #14 0x00007ffff38f9e96 in Perl_runops_standard () from
/usr/lib/x86_64-linux-gnu/libperl.so.5.24
		    #15 0x00007ffff387a10e in Perl_call_sv () from
/usr/lib/x86_64-linux-gnu/libperl.so.5.24
		    #16 0x00007ffff3c32c68 in modperl_callback () from
/usr/lib/apache2/modules/mod_perl.so
		    #17 0x00007ffff3c33606 in modperl_callback_run_handlers () from
/usr/lib/apache2/modules/mod_perl.so
		    #18 0x00007ffff3c33d9f in modperl_callback_per_dir () from
/usr/lib/apache2/modules/mod_perl.so
		    #19 0x00007ffff3c2e0fb in ?? () from
/usr/lib/apache2/modules/mod_perl.so
		    #20 0x00007ffff3c2e32c in modperl_response_handler_cgi () from
/usr/lib/apache2/modules/mod_perl.so
		    #21 0x00005555555abc40 in ap_run_handler ()
		    #22 0x00005555555ac1d6 in ap_invoke_handler ()
		    #23 0x00005555555c3e13 in ap_process_async_request ()
		    #24 0x00005555555c3f20 in ap_process_request ()
		    #25 0x00005555555bffdd in ?? ()
		    #26 0x00005555555b5ab0 in ap_run_process_connection ()
		    #27 0x00007ffff40686bf in ?? () from
/usr/lib/apache2/modules/mod_mpm_prefork.so
		    #28 0x00007ffff40688f2 in ?? () from
/usr/lib/apache2/modules/mod_mpm_prefork.so
		    #29 0x00007ffff4069e37 in ?? () from
/usr/lib/apache2/modules/mod_mpm_prefork.so
		    #30 0x000055555558f00e in ap_run_mpm ()
		    #31 0x0000555555587c4d in main ()

	We are using unattended upgrades (security only), and we suspect that
an automatic system update has installed a new Perl version that now
causes these problems.

	We have a second OTRS fallback system that hasn't been restarted for 94
days, and everything is still working fine there.

	If we compare the shared libraries loaded by apache on these two
systems (/proc/<apache pid>/maps) we can see that the following .so
files have been renewed.

		  484 -rw-r--r-- 1 root root   489960 Nov 29 20:45
/usr/lib/x86_64-linux-gnu/libtiff.so.5.2.6
		 2008 -rw-r--r-- 1 root root  2049312 Nov 29 12:11
/usr/lib/x86_64-linux-gnu/libperl.so.5.24.1
		   92 -rw-r--r-- 1 root root    88760 Nov 29 12:11
/usr/lib/x86_64-linux-gnu/perl/5.24.1/auto/B/B.so
		   20 -rw-r--r-- 1 root root    18704 Nov 29 12:11
/usr/lib/x86_64-linux-gnu/perl/5.24.1/auto/Cwd/Cwd.so
		   40 -rw-r--r-- 1 root root    39424 Nov 29 12:11
/usr/lib/x86_64-linux-gnu/perl/5.24.1/auto/Encode/Encode.so
		   20 -rw-r--r-- 1 root root    18688 Nov 29 12:11
/usr/lib/x86_64-linux-gnu/perl/5.24.1/auto/Fcntl/Fcntl.so
		   20 -rw-r--r-- 1 root root    18768 Nov 29 12:11
/usr/lib/x86_64-linux-gnu/perl/5.24.1/auto/IO/IO.so
		   20 -rw-r--r-- 1 root root    18880 Nov 29 12:11
/usr/lib/x86_64-linux-gnu/perl/5.24.1/auto/mro/mro.so
		  108 -rw-r--r-- 1 root root   106128 Nov 29 12:11
/usr/lib/x86_64-linux-gnu/perl/5.24.1/auto/POSIX/POSIX.so
		  488 -rw-r--r-- 1 root root   495120 Nov 29 12:11
/usr/lib/x86_64-linux-gnu/perl/5.24.1/auto/re/re.so
		   96 -rw-r--r-- 1 root root    93072 Nov 29 12:11
/usr/lib/x86_64-linux-gnu/perl/5.24.1/auto/Storable/Storable.so

	we have already tried many things to remedy the situation, but the only
solution that really worked was to remove the mod_perl.so plugin:

		sudo /etc/init.d/apache stop
		sudo rm /etc/apache2/mods-available/perl.load
		sudo /etc/init.d/apache start


-- Package-specific info:

-- System Information:
Debian Release: 9.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apache2 depends on:
ii  apache2-bin          2.4.25-3+deb9u6
ii  apache2-data         2.4.25-3+deb9u6
ii  apache2-utils        2.4.25-3+deb9u6
ii  dpkg                 1.18.25
ii  init-system-helpers  1.48
ii  lsb-base             9.20161125
ii  mime-support         3.60
ii  perl                 5.24.1-3+deb9u5
ii  procps               2:3.3.12-3+deb9u1

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.39

Versions of packages apache2 suggests:
pn  apache2-doc              <none>
ii  apache2-suexec-pristine  2.4.25-3+deb9u6
pn  www-browser              <none>

Versions of packages apache2-bin depends on:
ii  libapr1                  1.5.2-5
ii  libaprutil1              1.5.4-3
ii  libaprutil1-dbd-sqlite3  1.5.4-3
ii  libaprutil1-ldap         1.5.4-3
ii  libc6                    2.24-11+deb9u3
ii  libldap-2.4-2            2.4.44+dfsg-5+deb9u2
ii  liblua5.2-0              5.2.4-1.1+b2
ii  libnghttp2-14            1.18.1-1
ii  libpcre3                 2:8.39-3
ii  libssl1.0.2              1.0.2l-2+deb9u3
ii  libxml2                  2.9.4+dfsg1-2.2+deb9u2
ii  perl                     5.24.1-3+deb9u5
ii  zlib1g                   1:1.2.8.dfsg-5

Versions of packages apache2-bin suggests:
pn  apache2-doc              <none>
ii  apache2-suexec-pristine  2.4.25-3+deb9u6
pn  www-browser              <none>

Versions of packages apache2 is related to:
ii  apache2      2.4.25-3+deb9u6
ii  apache2-bin  2.4.25-3+deb9u6

-- no debconf information
Reply to: