lucid server: mod_mem_cache with mod_dav_svn crashes apache for certain files

Bug #568468 reported by Axel
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Apache2 Web Server
Unknown
Medium
apache2 (Ubuntu)
Fix Committed
Medium
Unassigned

Bug Description

Binary package hint: apache2

On a lucid server we see apache segmentation faulting at a high rate. This causes svn checkouts to fail depending on the client (e.g. on Ubunut 9.10 subversion with neon as dav lib is okay, serf is not). I was able to reproduce it with a minimal setup:

Using lucid from today, i.e. with
apache2.2-bin: 2.2.14-5ubuntu8
libapache2-svn: 1.6.6dfsg-2ubuntu1

with mods-enabled:
alias auth_basic authz_default authz_host cache dav dav_svn deflate info mem_cache mime

dav_svn.conf:
<Location /svn>
  DAV svn
  SVNParentPath /var/lib/svn
  SVNListParentPath on
  SVNPathAuthz off
</Location>

mem_cache.conf is untouched. I created an svn repo /var/lib/svn/svn_memcache (see attachment). With some clients I cannot check it out, it fails for bad.root segfaulting apache. wget http://localhost/svn/svn_memcache/bad.root never succeeds.

If I disable mem_cache it works. (Yes, I know that we shouldn't have it enabled for serving svn to begin with and I am thankful for mem_cache pointing this out but that's not the point here :-)

Cheers, Axel.

Revision history for this message
Chuck Short (zulcss) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please try to obtain a backtrace following the instructions at http://wiki.ubuntu.com/DebuggingProgramCrash and upload the backtrace (as an attachment) to the bug report. This will greatly help us in tracking down your problem.

Changed in apache2 (Ubuntu):
importance: Undecided → Medium
status: New → Incomplete
Revision history for this message
Axel (naxel) wrote :

Sure, here it is.

#0 0x00007ffff5cc613e in ?? () from /usr/lib/apache2/modules/mod_cache.so
#1 0x00007ffff589c1ed in ?? () from /usr/lib/apache2/modules/mod_dav_svn.so
#2 0x00007ffff5ab694a in ?? () from /usr/lib/apache2/modules/mod_dav.so
#3 0x00007ffff7fd6140 in ap_run_handler (r=0x7ffff834eeb8) at /build/buildd/apache2-2.2.14/server/config.c:159
#4 0x00007ffff7fd9aa8 in ap_invoke_handler (r=0x7ffff834eeb8) at /build/buildd/apache2-2.2.14/server/config.c:373
#5 0x00007ffff7fe7678 in ap_process_request (r=0x7ffff834eeb8) at /build/buildd/apache2-2.2.14/modules/http/http_request.c:282
#6 0x00007ffff7fe4528 in ap_process_http_connection (c=0x7ffff834af28) at /build/buildd/apache2-2.2.14/modules/http/http_core.c:190
#7 0x00007ffff7fddcf8 in ap_run_process_connection (c=0x7ffff834af28) at /build/buildd/apache2-2.2.14/server/connection.c:43
#8 0x00007ffff7fec037 in child_main (child_num_arg=<value optimized out>)
    at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:662
#9 0x00007ffff7fec306 in make_child (s=0x7ffff8214938, slot=0) at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:702
#10 0x00007ffff7fec953 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>)
    at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:978
#11 0x00007ffff7fc2350 in main (argc=2, argv=0x7fffffffe758) at /build/buildd/apache2-2.2.14/server/main.c:742

Looks like the modules don't have debug info - that's really unfortunate... Let me know if I can help with providing them somehow (i.e. whether I should build the modules from source).

Revision history for this message
In , Chuck Short (zulcss) wrote :

Hi,

This was originally reported in http://bugs.launchpad.net/bugs/568468. I have attached the information that the user has provided below. If you have any questions please let me know.

===================

Binary package hint: apache2

On a lucid server we see apache segmentation faulting at a high rate. This causes svn checkouts to fail depending on the client (e.g. on Ubunut 9.10 subversion with neon as dav lib is okay, serf is not). I was able to reproduce it with a minimal setup:

Using lucid from today, i.e. with

with mods-enabled:
alias auth_basic authz_default authz_host cache dav dav_svn deflate info mem_cache mime

dav_svn.conf:
<Location /svn>
  DAV svn
  SVNParentPath /var/lib/svn
  SVNListParentPath on
  SVNPathAuthz off
</Location>

mem_cache.conf is untouched. I created an svn repo /var/lib/svn/svn_memcache (see attachment). With some clients I cannot check it out, it fails for bad.root segfaulting apache. wget http://localhost/svn/svn_memcache/bad.root never succeeds.

If I disable mem_cache it works. (Yes, I know that we shouldn't have it enabled for serving svn to begin with and I am thankful for mem_cache pointing this out but that's not the point here :-)

Cheers, Axel.

================

Sure, here it is.

#0 0x00007ffff5cc613e in ?? () from /usr/lib/apache2/modules/mod_cache.so
#1 0x00007ffff589c1ed in ?? () from /usr/lib/apache2/modules/mod_dav_svn.so
#2 0x00007ffff5ab694a in ?? () from /usr/lib/apache2/modules/mod_dav.so
#3 0x00007ffff7fd6140 in ap_run_handler (r=0x7ffff834eeb8) at /build/buildd/apache2-2.2.14/server/config.c:159
#4 0x00007ffff7fd9aa8 in ap_invoke_handler (r=0x7ffff834eeb8) at /build/buildd/apache2-2.2.14/server/config.c:373
#5 0x00007ffff7fe7678 in ap_process_request (r=0x7ffff834eeb8) at /build/buildd/apache2-2.2.14/modules/http/http_request.c:282
#6 0x00007ffff7fe4528 in ap_process_http_connection (c=0x7ffff834af28) at /build/buildd/apache2-2.2.14/modules/http/http_core.c:190
#7 0x00007ffff7fddcf8 in ap_run_process_connection (c=0x7ffff834af28) at /build/buildd/apache2-2.2.14/server/connection.c:43
#8 0x00007ffff7fec037 in child_main (child_num_arg=<value optimized out>)
    at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:662
#9 0x00007ffff7fec306 in make_child (s=0x7ffff8214938, slot=0) at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:702
#10 0x00007ffff7fec953 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>)
    at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:978
#11 0x00007ffff7fc2350 in main (argc=2, argv=0x7fffffffe758) at /build/buildd/apache2-2.2.14/server/main.c:742

Looks like the modules don't have debug info - that's really unfortunate... Let me know if I can help with providing them somehow (i.e. whether I should build the modules from source).

Revision history for this message
Chuck Short (zulcss) wrote :

Thank you for your bug report. This bug has been reported to the developers of the software. You can track it and make comments at:

https://issues.apache.org/bugzilla/show_bug.cgi?id=49187

Changed in apache2 (Ubuntu):
status: Incomplete → Triaged
Changed in apache2:
importance: Unknown → Medium
status: Unknown → Confirmed
Revision history for this message
In , Wrowe (wrowe) wrote :

Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.

Changed in apache2:
status: Confirmed → Unknown
Changed in apache2 (Ubuntu):
status: Triaged → Incomplete
brony4410 (brony44)
Changed in apache2 (Ubuntu):
status: Incomplete → Fix Committed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.