After apache changes in core_input_filter (see changelog http://www.apache.org/dist/httpd/CHANGES_2.0.54) apache (peruser-mpm) segfaults when trying to connect by webdav. I know that peruser-mpm is not supported, but may be it is necessary to wait official patch for apache-2.0.54 ? Reproducible: Always Steps to Reproduce: 1. 2. 3. Actual Results: === apache configs ========== <IfModule peruser.c> MinSpareServers 2 MaxProcessors 1 MaxClients 150 MaxRequestsPerChild 0 ExpireTimeout 1800 Multiplexer apache apache Processor user users </IfModule> <VirtualHost *> .............. Alias /webdav "/var/www/domain.tld" <Location /webdav> Dav filesystem ForceType application/octet-stream </Location> ServerEnvironment user users </VirtualHost> ================================ (gdb) cont Continuing. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1212716192 (LWP 31678)] 0x0808298f in brigade_move (b=0x8310910, a=0x0, e=0x8310968) at core.c:3691 3691 APR_RING_SPLICE_HEAD(&a->list, e, f, apr_bucket, link); (gdb) bt #0 0x0808298f in brigade_move (b=0x8310910, a=0x0, e=0x8310968) at core.c:3691 #1 0x08082da9 in core_input_filter (f=0x830a978, b=0x83184d8, mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=489) at core.c:3881 #2 0x0807a95a in ap_get_brigade (next=0x830a978, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 #3 0x08062c8a in ap_http_filter (f=0x8317a58, b=0x83184d8, mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=489) at http_protocol.c:980 #4 0x0807a95a in ap_get_brigade (next=0x8317a58, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 #5 0x08082955 in net_time_filter (f=0x83175c8, b=0x4, mode=AP_MODE_READBYTES, block=4, readbytes=2048) at core.c:3657 #6 0x0807a95a in ap_get_brigade (next=0x83175c8, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 #7 0x08088681 in ap_xml_parse_input (r=0x8316940, pdoc=0xbfffdd78) at util_xml.c:52 #8 0xb7add11b in dav_add_response () from /usr/lib/apache2/modules/mod_dav.so #9 0x081adfa8 in ?? () #10 0x081bb800 in ?? () (gdb) bt full #0 0x0808298f in brigade_move (b=0x8310910, a=0x0, e=0x8310968) at core.c:3691 f = (apr_bucket *) 0x8310910 #1 0x08082da9 in core_input_filter (f=0x830a978, b=0x83184d8, mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=489) at core.c:3881 e = (apr_bucket *) 0x8310968 e = (apr_bucket *) 0x4 rv = 137431312 net = (core_net_rec *) 0x83109c0 ctx = (core_ctx_t *) 0x830a9a8 str = 0x8312908 "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<a:propfind xmlns:a=\"DAV:\" xmlns:b=\"urn:schemas-microsoft-com:datatypes\">\r\n<a:prop>\r\n<a:name/>\r\n<a:parentname/>\r\n<a:href/>\r\n<a:ishidden/>\r\n<a:isreadonly/>\r\n<a:"... len = 489 #2 0x0807a95a in ap_get_brigade (next=0x830a978, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 No locals. #3 0x08062c8a in ap_http_filter (f=0x8317a58, b=0x83184d8, mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=489) at http_protocol.c:980 e = (apr_bucket *) 0x8310910 ctx = (http_ctx_t *) 0x83184f8 rv = -1212716224 totalread = 3084154324 #4 0x0807a95a in ap_get_brigade (next=0x8317a58, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 No locals. #5 0x08082955 in net_time_filter (f=0x83175c8, b=0x4, mode=AP_MODE_READBYTES, block=4, readbytes=2048) at core.c:3657 ctx = (net_time_filter_ctx_t *) 0x8317648 keptalive = 0 #6 0x0807a95a in ap_get_brigade (next=0x83175c8, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 No locals. #7 0x08088681 in ap_xml_parse_input (r=0x8316940, pdoc=0xbfffdd78) at util_xml.c:52 bucket = (apr_bucket *) 0xb7aec5ec parser = (apr_xml_parser *) 0x8318478 brigade = (apr_bucket_brigade *) 0x83184d8 seen_eos = 0 status = 4 errbuf = "|j1\bхэnB0j1\b╛Dс╥╗ъ\032\b(\005\e\b\000\000\000\000\220Eс╥\000\000\000\000B~1\b!\000\000\000L0с╥I\2041\bA~1\b\000\000\000\000\000\000\000\000ТэЪ
After apache changes in core_input_filter (see changelog http://www.apache.org/dist/httpd/CHANGES_2.0.54) apache (peruser-mpm) segfaults when trying to connect by webdav. I know that peruser-mpm is not supported, but may be it is necessary to wait official patch for apache-2.0.54 ? Reproducible: Always Steps to Reproduce: 1. 2. 3. Actual Results: === apache configs ========== <IfModule peruser.c> MinSpareServers 2 MaxProcessors 1 MaxClients 150 MaxRequestsPerChild 0 ExpireTimeout 1800 Multiplexer apache apache Processor user users </IfModule> <VirtualHost *> .............. Alias /webdav "/var/www/domain.tld" <Location /webdav> Dav filesystem ForceType application/octet-stream </Location> ServerEnvironment user users </VirtualHost> ================================ (gdb) cont Continuing. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1212716192 (LWP 31678)] 0x0808298f in brigade_move (b=0x8310910, a=0x0, e=0x8310968) at core.c:3691 3691 APR_RING_SPLICE_HEAD(&a->list, e, f, apr_bucket, link); (gdb) bt #0 0x0808298f in brigade_move (b=0x8310910, a=0x0, e=0x8310968) at core.c:3691 #1 0x08082da9 in core_input_filter (f=0x830a978, b=0x83184d8, mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=489) at core.c:3881 #2 0x0807a95a in ap_get_brigade (next=0x830a978, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 #3 0x08062c8a in ap_http_filter (f=0x8317a58, b=0x83184d8, mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=489) at http_protocol.c:980 #4 0x0807a95a in ap_get_brigade (next=0x8317a58, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 #5 0x08082955 in net_time_filter (f=0x83175c8, b=0x4, mode=AP_MODE_READBYTES, block=4, readbytes=2048) at core.c:3657 #6 0x0807a95a in ap_get_brigade (next=0x83175c8, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 #7 0x08088681 in ap_xml_parse_input (r=0x8316940, pdoc=0xbfffdd78) at util_xml.c:52 #8 0xb7add11b in dav_add_response () from /usr/lib/apache2/modules/mod_dav.so #9 0x081adfa8 in ?? () #10 0x081bb800 in ?? () (gdb) bt full #0 0x0808298f in brigade_move (b=0x8310910, a=0x0, e=0x8310968) at core.c:3691 f = (apr_bucket *) 0x8310910 #1 0x08082da9 in core_input_filter (f=0x830a978, b=0x83184d8, mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=489) at core.c:3881 e = (apr_bucket *) 0x8310968 e = (apr_bucket *) 0x4 rv = 137431312 net = (core_net_rec *) 0x83109c0 ctx = (core_ctx_t *) 0x830a9a8 str = 0x8312908 "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<a:propfind xmlns:a=\"DAV:\" xmlns:b=\"urn:schemas-microsoft-com:datatypes\">\r\n<a:prop>\r\n<a:name/>\r\n<a:parentname/>\r\n<a:href/>\r\n<a:ishidden/>\r\n<a:isreadonly/>\r\n<a:"... len = 489 #2 0x0807a95a in ap_get_brigade (next=0x830a978, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 No locals. #3 0x08062c8a in ap_http_filter (f=0x8317a58, b=0x83184d8, mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=489) at http_protocol.c:980 e = (apr_bucket *) 0x8310910 ctx = (http_ctx_t *) 0x83184f8 rv = -1212716224 totalread = 3084154324 #4 0x0807a95a in ap_get_brigade (next=0x8317a58, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 No locals. #5 0x08082955 in net_time_filter (f=0x83175c8, b=0x4, mode=AP_MODE_READBYTES, block=4, readbytes=2048) at core.c:3657 ctx = (net_time_filter_ctx_t *) 0x8317648 keptalive = 0 #6 0x0807a95a in ap_get_brigade (next=0x83175c8, bb=0x4, mode=AP_MODE_EXHAUSTIVE, block=4, readbytes=137431488) at util_filter.c:475 No locals. #7 0x08088681 in ap_xml_parse_input (r=0x8316940, pdoc=0xbfffdd78) at util_xml.c:52 bucket = (apr_bucket *) 0xb7aec5ec parser = (apr_xml_parser *) 0x8318478 brigade = (apr_bucket_brigade *) 0x83184d8 seen_eos = 0 status = 4 errbuf = "|j1\bхэnB0j1\b╛Dс╥╗ъ\032\b(\005\e\b\000\000\000\000\220Eс╥\000\000\000\000B~1\b!\000\000\000L0с╥I\2041\bA~1\b\000\000\000\000\000\000\000\000ТэЪ©\000щЪ©\002\000\000\000(\2041\b!\000\000\000\000\000\000\000ЪЪЪЪ\000\000\000\000ЪЪЪЪ\000\000\000\000\000\000\000\000y║╜╥\200\2011\b`х╝╥Ле╝╥©║╜╥@i1\bJ\2041\bD\000\000\000`Zт╥Xl1\bTPEDXl1\b╢Iс╥\030x1\bпk╝╥1\000\000\000Ле╝╥\037x1\b@i1\b@i1\bТ╚╜╥\037x1\bжk╝╥" total_read = 0 limit_xml_body = 1000000 result = 400 #8 0xb7add11b in dav_add_response () from /usr/lib/apache2/modules/mod_dav.so No symbol table info available. #9 0x081adfa8 in ?? () No symbol table info available. #10 0x081bb800 in ?? () No symbol table info available. (gdb)
I took a look at the code, and it is a peruser problem. In the peruser_process_connection() function, they wrongly fill the core_input_fitler's context. This context is a private structure and should not be created with the method they used. Yes, this structure was changed in 2.0.54, to fix a bug. Peruser needs to fix this UPSTREAM.