Package: apache2
Version: 2.4.33-3+b1
Severity: grave
Tags: a11y
Justification: renders package unusable
Dear Maintainer,
when i do an "apachectl graceful" or "apachectl restart", i get
segfaults.
[Fri Jun 29 10:22:38.726688 2018] [mpm_prefork:notice] [pid 31097] AH00163:
Apache/2.4.33 (Debian) mpm-itk/2.4.7-04 OpenSSL/1.1.0h mod_perl/2.0.10
Perl/v5.26.2 configured -- resuming normal operations
[Fri Jun 29 10:22:38.726720 2018] [core:notice] [pid 31097] AH00094: Command
line: '/usr/sbin/apache2'
[Fri Jun 29 10:22:49.076807 2018] [mpm_prefork:notice] [pid 31097] AH00171:
Graceful restart requested, doing restart
[Fri Jun 29 10:22:49.168509 2018] [mpm_prefork:notice] [pid 31097] AH00163:
Apache/2.4.33 (Debian) mpm-itk/2.4.7-04 OpenSSL/1.1.0h mod_perl/2.0.10
Perl/v5.26.2 configured -- resuming normal operations
[Fri Jun 29 10:22:49.168527 2018] [core:notice] [pid 31097] AH00094: Command
line: '/usr/sbin/apache2'
[Fri Jun 29 10:22:50.172451 2018] [core:notice] [pid 31097] AH00051: child pid
32163 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Fri Jun 29 10:22:50.176057 2018] [mpm_prefork:warn] [pid 31097] AH00167: long
lost child came home! (pid 32163)
[Fri Jun 29 10:22:50.176139 2018] [core:notice] [pid 31097] AH00051: child pid
32165 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Fri Jun 29 10:22:50.176158 2018] [core:error] [pid 31097] AH00546: no record
of generation 0 of exiting child 32165
[Fri Jun 29 10:22:50.176214 2018] [core:notice] [pid 31097] AH00051: child pid
32167 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Fri Jun 29 10:22:50.176225 2018] [core:error] [pid 31097] AH00546: no record
of generation 0 of exiting child 32167
[Fri Jun 29 10:22:50.176272 2018] [core:notice] [pid 31097] AH00051: child pid
32169 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Fri Jun 29 10:22:50.176304 2018] [core:error] [pid 31097] AH00546: no record
of generation 0 of exiting child 32169
[Fri Jun 29 10:22:50.176362 2018] [core:notice] [pid 31097] AH00051: child pid
32171 exit signal Segmentation fault (11), possible coredump in /etc/apache2
if i then do a /etc/init.d/apache2 restart, it works normally
/etc/init.d/apache2 restart and systemctl restart apache2 do NOT result in a
segfault.
here's a backtrace of a coredump:
coredumpctl gdb 20261
PID: 20261 (/usr/sbin/apach)
UID: 0 (root)
GID: 0 (root)
Signal: 11 (SEGV)
Timestamp: Thu 2018-06-28 19:47:53 CEST (4min 18s ago)
Command Line: /usr/sbin/apache2 -k start
Executable: /usr/sbin/apache2
Control Group: /system.slice/apache2.service
Unit: apache2.service
Slice: system.slice
Boot ID: fb5bb58db2c4417db6cce49bb7b04435
Machine ID: 6eb9f0854f630f342494ccf20000000a
Hostname: sunnyserver
Storage:
/var/lib/systemd/coredump/core.\x2fusr\x2fsbin\x2fapach.0.fb5bb58db2c4417db6cce49bb7b04435.20261.1530208073000000.lz4
Message: Process 20261 (/usr/sbin/apach) of user 0 dumped core.
Stack trace of thread 20261:
#0 0x00007fa235131677 n/a (libcap-ng.so.0)
#1 0x00007fa2429e2a25 n/a (mod_mpm_prefork.so)
#2 0x00007fa2429e3a0e n/a (mod_mpm_prefork.so)
#3 0x0000561918c4cb7e ap_run_mpm (apache2)
#4 0x0000561918c4546b main (apache2)
#5 0x00007fa247386a87 __libc_start_main (libc.so.6)
#6 0x0000561918c4556a _start (apache2)
GNU gdb (Debian 7.12-6+b2) 7.12.0.20161007-git
Copyright © 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type “show copying”
and “show warranty” for details.
This GDB was configured as “x86_64-linux-gnu”.
Type “show configuration” for configuration details.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.
For help, type “help”.
Type “apropos word” to search for commands related to “word”…
Reading symbols from /usr/sbin/apache2…(no debugging symbols found)…done.
warning: core file may not match specified executable file.
[New LWP 20261]
[Thread debugging using libthread_db enabled]
Using host libthread_db library “/lib/x86_64-linux-gnu/libthread_db.so.1”.
Core was generated by `/usr/sbin/apache2 -k start’.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fa235131677 in ?? () from /lib/x86_64-linux-gnu/libcap-ng.so.0
(gdb) bt
#0 0x00007fa235131677 in ?? () from /lib/x86_64-linux-gnu/libcap-ng.so.0
#1 0x00007fa24742962e in __libc_fork () at …/sysdeps/nptl/fork.c:204
#2 0x00007fa2429e2a25 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#3 0x00007fa2429e3a0e in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#4 0x0000561918c4cb7e in ap_run_mpm ()
#5 0x0000561918c4546b in main ()
(gdb)
-- Package-specific info:
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.16.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apache2 depends on:
ii apache2-bin 2.4.33-3+b1
ii apache2-data 2.4.33-3
ii apache2-utils 2.4.33-3+b1
ii dpkg 1.19.0.5+b1
ii lsb-base 9.20170808
ii mime-support 3.61
ii perl 5.26.2-6
ii procps 2:3.3.15-2
Versions of packages apache2 recommends:
ii ssl-cert 1.0.39
Versions of packages apache2 suggests:
ii apache2-doc 2.4.33-3
pn apache2-suexec-pristine | apache2-suexec-custom <none>
ii epiphany-browser [www-browser] 3.28.2.1-1
ii google-chrome-stable [www-browser] 67.0.3396.99-1
ii links2 [www-browser] 2.14-5
ii midori [www-browser] 0.5.11-ds1-4+b1
ii w3m [www-browser] 0.5.3-36+b1
Versions of packages apache2-bin depends on:
ii libapr1 1.6.3-2
ii libaprutil1 1.6.1-2
ii libaprutil1-dbd-sqlite3 1.6.1-2
ii libaprutil1-ldap 1.6.1-2
ii libbrotli1 1.0.4-1
ii libc6 2.27-3
ii libcurl4 7.60.0-2
ii libjansson4 2.11-1
ii libldap-2.4-2 2.4.46+dfsg-5
ii liblua5.2-0 5.2.4-1.1+b2
ii libnghttp2-14 1.32.0-1
ii libpcre3 2:8.39-9
ii libssl1.1 1.1.0h-4
ii libxml2 2.9.4+dfsg1-7
ii perl 5.26.2-6
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages apache2-bin suggests:
ii apache2-doc 2.4.33-3
pn apache2-suexec-pristine | apache2-suexec-custom <none>
ii epiphany-browser [www-browser] 3.28.2.1-1
ii google-chrome-stable [www-browser] 67.0.3396.99-1
ii links2 [www-browser] 2.14-5
ii midori [www-browser] 0.5.11-ds1-4+b1
ii w3m [www-browser] 0.5.3-36+b1
Versions of packages apache2 is related to:
ii apache2 2.4.33-3+b1
ii apache2-bin 2.4.33-3+b1
-- Configuration Files:
/etc/apache2/apache2.conf changed:
DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
/etc/apache2/ports.conf changed:
Listen 443
/etc/apache2/sites-available/default-ssl.conf changed:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName sunnydale.russenmafia.at
ServerAdmin webmaster@localhost
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000;
includeSubDomains; preload"
</IfModule>
DocumentRoot /var/www
<Directory />
Options -Indexes +FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options -Indexes +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLStrictSNIVHostCheck on
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4
!aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
SSLCertificateFile
/etc/letsencrypt/live/sunnydale.russenmafia.at/cert.pem
SSLCertificateChainFile
/etc/letsencrypt/live/sunnydale.russenmafia.at/fullchain.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/sunnydale.russenmafia.at/privkey.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
-- no debconf information
