[Bug 2156034] [NEW] Regression in Ubuntu Noble nginx 1.24.0-2ubuntu7.10: worker crashes with huge malloc / heap corruption after package upgrade

EC Tue, 09 Jun 2026 03:45:37 -0700

Public bug reported:

Regression in Ubuntu Noble nginx 1.24.0-2ubuntu7.10: worker crashes with
huge malloc / heap corruption after package upgrade


Ubuntu release:
Ubuntu 24.04 Noble

Affected package:
nginx

Affected version:
1.24.0-2ubuntu7.10

Working rollback version:
1.24.0-2ubuntu7

Summary:
After upgrading Ubuntu Noble nginx packages to 1.24.0-2ubuntu7.10, nginx 
workers started crashing at runtime under normal reverse-proxy traffic. Rolling 
back nginx and related libnginx-mod packages to 1.24.0-2ubuntu7 stopped the 
crashes.

The issue appears to be a runtime regression introduced by the
1.24.0-2ubuntu7.10 package update.

Observed errors:

* malloc(107271074882785) failed (12: Cannot allocate memory)
* worker process exited on signal 11 (core dumped)
* worker process exited on signal 6 (core dumped)
* corrupted double-linked list
* double free or corruption
* corrupted size vs. prev_size

Example log:
2026/06/09 08:28:41 [emerg] nginx: malloc(107271074882785) failed (12: Cannot 
allocate memory), request: "POST /api/v1/Dashboard HTTP/1.1"

Why this looks like a regression:
The malloc allocation size is approximately 100 TB, so this does not look like 
normal memory exhaustion. It looks like heap corruption or an invalid size 
calculation.

The issue started after the nginx package upgrade to 1.24.0-2ubuntu7.10.
The dpkg log shows nginx-related packages upgraded to 1.24.0-2ubuntu7.10
on 2026-06-09 around 06:24.

Rollback to 1.24.0-2ubuntu7 stopped the crashes.

Current apt-cache policy:
The configured Ubuntu Noble repositories currently offer:

* Installed: 1.24.0-2ubuntu7
* Candidate: 1.24.0-2ubuntu7.10
* Available versions:

  * 1.24.0-2ubuntu7.10 from noble-updates / noble-security
  * 1.24.0-2ubuntu7 from noble base

Version 1.24.0-2ubuntu7.9 is not available from the configured
repositories.

Expected result:
nginx 1.24.0-2ubuntu7.10 should not crash workers or attempt huge malloc 
allocations during normal proxied HTTP requests.

Actual result:
nginx workers crash at runtime with heap corruption symptoms and huge malloc 
allocation attempts.

Impact:
This affects production reverse-proxy traffic. The only currently available 
non-crashing package version in the configured repositories is 1.24.0-2ubuntu7, 
but that version lacks later security fixes. The security/update candidate 
1.24.0-2ubuntu7.10 appears to introduce this runtime regression.

Attached information:

* nginx -V
root@ae-aenduo-uptrace:/home/ae-system# nginx -V
nginx version: nginx/1.24.0 (Ubuntu)
built with OpenSSL 3.0.10 1 Aug 2023 (running with OpenSSL 3.0.13 30 Jan 2024)
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fno-omit-frame-pointer 
-mno-omit-leaf-frame-pointer 
-ffile-prefix-map=/build/nginx-uqDps2/nginx-1.24.0=. -flto=auto 
-ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection 
-fdebug-prefix-map=/build/nginx-uqDps2/nginx-1.24.0=/usr/src/nginx-1.24.0-2ubuntu7
 -fPIC -Wdate-time -D_FORTIFY_SOURCE=3' --with-ld-opt='-Wl,-Bsymbolic-functions 
-flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now -fPIC' 
--prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf 
--http-log-path=/var/log/nginx/access.log --error-log-path=stderr 
--lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid 
--modules-path=/usr/lib/nginx/modules 
--http-client-body-temp-path=/var/lib/nginx/body 
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi 
--http-proxy-temp-path=/var/lib/nginx/proxy 
--http-scgi-temp-path=/var/lib/nginx/scgi 
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug 
--with-pcre-jit --with-http_ssl_module --with-http_stub_status_module 
--with-http_realip_module --with-http_auth_request_module --with-http_v2_module 
--with-http_dav_module --with-http_slice_module --with-threads 
--with-http_addition_module --with-http_flv_module --with-http_gunzip_module 
--with-http_gzip_static_module --with-http_mp4_module 
--with-http_random_index_module --with-http_secure_link_module 
--with-http_sub_module --with-mail_ssl_module --with-stream_ssl_module 
--with-stream_ssl_preread_module --with-stream_realip_module 
--with-http_geoip_module=dynamic --with-http_image_filter_module=dynamic 
--with-http_perl_module=dynamic --with-http_xslt_module=dynamic 
--with-mail=dynamic --with-stream=dynamic --with-stream_geoip_module=dynamic


* loaded module list / relevant redacted nginx configuration
* dpkg package list for nginx/libnginx-mod packages
* apt-cache policy output
* dpkg.log showing upgrade timing
* redacted nginx crash/error logs

Request:
Please investigate whether Ubuntu Noble nginx 1.24.0-2ubuntu7.10 introduced a 
regression, possibly in one of the security patches or in the interaction 
between nginx-extras and dynamic modules.

If possible, please provide a fixed package version newer than
1.24.0-2ubuntu7.10, or make a known-good security-fixed version
available.

ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: nginx 1.24.0-2ubuntu7
ProcVersionSignature: Ubuntu 6.17.0-1018.18~24.04.1-azure 6.17.13
Uname: Linux 6.17.0-1018-azure x86_64
ApportVersion: 2.28.1-0ubuntu3.8
Architecture: amd64
AzureImageoffer: 0001-com-ubuntu-server-jammy
AzureImagepublisher: canonical
AzureImagesku: 22_04-lts-gen2
AzureImageversion: 22.04.202304280
AzureVmsize: Standard_D4ads_v5
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudBuildName: server
CloudID: azure
CloudName: azure
CloudPlatform: azure
CloudRegion: westeurope
CloudSerial: 20230428
CloudSubPlatform: seed-dir (/var/lib/waagent)
Date: Tue Jun  9 10:24:36 2026
ProcEnviron:
 LANG=C.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/bash
 TERM=xterm
SourcePackage: nginx
UpgradeStatus: Upgraded to noble on 2025-09-17 (265 days ago)

** Affects: nginx (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug cloud-image noble

** Attachment added: "nginx-bug-report-public.tar.gz"
   
https://bugs.launchpad.net/bugs/2156034/+attachment/5976385/+files/nginx-bug-report-public.tar.gz

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2156034

Title:
  Regression in Ubuntu Noble nginx 1.24.0-2ubuntu7.10: worker crashes
  with huge malloc / heap corruption after package upgrade

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/2156034/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2156034] [NEW] Regression in Ubuntu Noble nginx 1.24.0-2ubuntu7.10: worker crashes with huge malloc / heap corruption after package upgrade

Reply via email to