Ubuntu
squid package

squid crashes after update to 4.10-1ubuntu1.10

Bug #2060880 reported by Ale
308
This bug affects 11 people
Affects Status Importance Assigned to Milestone
squid (Ubuntu)
Fix Released
Critical
Marc Deslauriers

Bug Description

On a Ubuntu 20.04 LTS server, after updating Squid with a normal APT upgrade, the squid process regularly crashes under load, creating lots of issues with connected clients.

Dmesg reports this:

traps: squid[1088] general protection fault ip:7f0a02cb36f0 sp:7ffd9af20d10 error:0 in libc-2.31.so[7f0a02c3b000+178000]

traps: squid[5233] general protection fault ip:5565beb59691 sp:7ffea2d96c70 error:0 in squid[5565beace000+455000]

traps: squid[6420] general protection fault ip:5651c4d6369a sp:7ffc9159eeb0 error:0 in squid[5651c4cd8000+455000]

The two crashes (squid+455000 and libc-2.31.so+178000) seem consistent.

CVE References

Revision history for this message
Ale (ale-epfl) wrote :

Fruther log messages from dmesg:

[ 1541.601143] traps: squid[6442] general protection fault ip:556e32429691 sp:7fffc8cdd2f0 error:0 in squid[556e3239e000+455000]
[ 1546.316442] squid[7332]: segfault at 66170483 ip 000055c000624691 sp 00007ffda1b40ca0 error 4 in squid[55c000599000+455000]
[ 1546.316451] Code: eb 0e 0f 1f 80 00 00 00 00 48 8b bb a8 00 00 00 48 8b 83 98 00 00 00 48 89 87 80 00 00 00 48 8b 87 30 04 00 00 48 85 c0 74 14 <48> 8b 40 68 48 85 c0 74 0b 48 8b 40 30 48 89 87 88 00 00 00 48 8b
[ 1552.057908] traps: squid[7354] general protection fault ip:7fe7565d46f0 sp:7ffe482e9420 error:0 in libc-2.31.so[7fe75655c000+178000]
[ 1562.965429] squid[7375]: segfault at 21 ip 000055c5be86f93b sp 00007ffcd012d720 error 4 in squid[55c5be7e4000+455000]
[ 1562.965440] Code: ff 0f 84 20 07 00 00 83 c0 01 41 89 44 24 08 48 83 7b 18 00 0f 84 86 00 00 00 48 8b 85 38 04 00 00 48 85 c0 0f 84 45 06 00 00 <48> 8b 10 48 03 42 e8 49 89 c4 8b 40 08 85 c0 0f 84 40 06 00 00 83
[ 1566.309689] squid[7396]: segfault at 9b9 ip 00007f0ea0d766f0 sp 00007ffe77d45a70 error 4 in libc-2.31.so[7f0ea0cfe000+178000]
[ 1566.309698] Code: ff 49 89 ec e9 76 fd ff ff 90 f3 0f 1e fa 48 83 ec 18 48 8b 05 19 18 15 00 48 8b 00 48 85 c0 0f 85 7d 00 00 00 48 85 ff 74 70 <48> 8b 47 f8 48 8d 77 f0 a8 02 75 34 48 8b 15 75 16 15 00 64 48 83
[ 1568.543242] traps: squid[7418] general protection fault ip:55cfab1e4691 sp:7fff4ba956c0 error:0 in squid[55cfab159000+455000]
[ 1571.521513] traps: squid[7439] general protection fault ip:7efe259b26f0 sp:7ffd2a114770 error:0 in libc-2.31.so[7efe2593a000+178000]
[ 1578.157249] squid[7481]: segfault at 1068 ip 000055f09cf93691 sp 00007ffcbdbd04b0 error 4 in squid[55f09cf08000+455000]
[ 1578.157264] Code: eb 0e 0f 1f 80 00 00 00 00 48 8b bb a8 00 00 00 48 8b 83 98 00 00 00 48 89 87 80 00 00 00 48 8b 87 30 04 00 00 48 85 c0 74 14 <48> 8b 40 68 48 85 c0 74 0b 48 8b 40 30 48 89 87 88 00 00 00 48 8b

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in squid (Ubuntu):
status: New → Confirmed
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for reporting this issue. What configuration is this squid server used in? I would like to reproduce the issue, but I need more details to set up a similar environment.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I have prepared an update with the patches for CVE-2023-5824 backed out as they were extensive and are the most likely cause of this regression. I have uploaded it to the security team PPA here:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

Once the package has finished building, could you please give it a try and see if that is the cause of the frequent crashes?

Thanks!

Marc Deslauriers (mdeslaur)
information type: Public → Public Security
Changed in squid (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Critical
Revision history for this message
David Clarke (a-launchpad-uber-geek-nz) wrote :

Testing the new packages now, and have not yet had any segfaults, whereas the 4.10-1ubuntu1.10 started logging faults with a couple of minutes of starting and very regularly (sub-minute) after that.

Revision history for this message
Ale (ale-epfl) wrote (last edit ):

Just installed the packages from security-proposed, they work fine on our configuration. Same workload triggering the crashes (10 clients doing apt-get update at the same time through the proxy) works fine as it always did before.

Revision history for this message
Alex Brett (alexbrett) wrote :

We also experienced the issue (it was readily reproducible in our case), and the proposed 4.10-1ubuntu1.11 package appears to have resolved it.

Revision history for this message
Ale (ale-epfl) wrote :

Regarding #3 here is the very simple config we use in /etc/squid/conf.d/local. The rest is just the default.

acl localnet src 128.X.0.0/15
acl localnet src 2001:X:X::/48

acl SSL_ports port 8443
acl SSL_ports port 8128
acl SSL_ports port 8090

http_access deny to_localhost
cache_dir aufs /srv/squid 8192 16 256

refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600

append_domain .XXXXX.ch

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid - 4.10-1ubuntu1.11

---------------
squid (4.10-1ubuntu1.11) focal-security; urgency=medium

  * SECURITY REGRESSION: crashing issue (LP: #2060880)
    - debian/patches/CVE-2023-5824-*.patch: disable patches until the
      cause of the crashes has been located.

 -- Marc Deslauriers <email address hidden> Wed, 10 Apr 2024 18:41:23 -0400

Changed in squid (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for testing everyone, and thanks for the configuration details. I will attempt to reproduce this issue so that I can figure out what exactly caused the regression so that we can get CVE-2023-5824 fixed again soon.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

https://ubuntu.com/security/notices/USN-6728-2

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I have located the issue and have prepared an updated package that will reintroduce the fixes for CVE-2023-5824. I have uploaded the updated package to the security team PPA here:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

Once it has finished building, could you please test it in your environment and comment in this bug?

Thanks!

Revision history for this message
Ale (ale-epfl) wrote :

Just tried it over the week-end, no crashes detected. Works fine here, thanks for your work!

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for testing it, it's much appreciated!

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

The regression fix has now been published:

https://ubuntu.com/security/notices/USN-6728-3

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.