php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #13095 Deadlock in mod_mm (garbage collection)
Submitted: 2001-09-02 13:54 UTC Modified: 2001-12-10 10:06 UTC
From: csaout at w-commerce dot de Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.6 OS: Linux 2.4.4 (i686)
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: csaout at w-commerce dot de
New email:
PHP Version: OS:

 

 [2001-09-02 13:54 UTC] csaout at w-commerce dot de 
Symtom: httpd eats 100% CPU and locks up all other httpds trying to access session data (due to lock_mm)

Reproducable with a script that invokes hundreds (~600) of sessions (while true; do lynx --source ...)

Hash collision problem?

/* should be a prime */
#define HASH_SIZE 577

./configure --with-apxs=/usr/sbin/apxs --with-openssl --enable-sigchild --with-bz2 --with-zlib --enable-dbase --with-dom --enable-ftp --with-gd --with-gettext --with-gmp --with-java=/usr/local/jdk1.3 --with-mcrypt --with-mhash --with-mysql=/usr --with-unixODBC --with-sablot --with-mm --enable-shmop --enable-sockets --enable-sysvsem --enable-sysvshm --enable-wddx --enable-inline-optimization

#0  0x40446cce in ps_gc_mm () at mod_mm.c:205
#1  0x40444475 in php_session_start () at session.c:892
#2  0x4044596c in php_if_session_start () at session.c:1156
#3  0x407d4f84 in zend_reverse_table () from /usr/lib/apache/ZendOptimizer.so
#4  0x407dcb35 in zend_reverse_table () from /usr/lib/apache/ZendOptimizer.so
#5  0x407dcb35 in zend_reverse_table () from /usr/lib/apache/ZendOptimizer.so
#6  0x407e001d in zend_oe () from /usr/lib/apache/ZendOptimizer.so
#7  0x403de60e in zend_execute_scripts () at zend.c:259 
#8  0x403f1634 in php_execute_script () at main.c:1138
#9  0x403ed750 in apache_php_module_main () at sapi_apache.c:98
#10 0x403ee1f1 in send_php (r=0x81614fc, display_source_mode=0, filename=0x0) at mod_php4.c:536
#11 0x403ee233 in send_parsed_php (r=0x81614fc) at mod_php4.c:547
#12 0x8079529 in ap_invoke_handler ()
#13 0x808efbf in process_request_internal ()
#14 0x808f44a in ap_internal_redirect ()
#15 0x806443c in handle_dir ()
#16 0x8079529 in ap_invoke_handler ()
#17 0x808efbf in process_request_internal ()
#18 0x808f032 in ap_process_request ()
#19 0x8085b86 in child_main ()
#20 0x8085e2a in make_child ()
#21 0x8085ee6 in startup_children ()
#22 0x808656c in standalone_main ()
#23 0x8086dbc in main ()
#24 0x40126a8e in __libc_start_main () at ../sysdeps/generic/libc-start.c:93

Some common IP Adresses in loop

0x40446cba in ps_gc_mm () at mod_mm.c:205
0x40446cbf in ps_gc_mm () at mod_mm.c:205
0x40446cce in ps_gc_mm () at mod_mm.c:205
0x40446cd0 in ps_gc_mm () at mod_mm.c:205  

   for (h = 0; h < HASH_SIZE; h++)
 	for (sd = data->hash[h]; sd; sd = next) {
         next = sd->next;
         ps_mm_debug("looking at %s\n", sd->key);
         if ((now - sd->ctime) > maxlifetime) {
            ps_sd_destroy(data, sd);
            *nrdels++;
	 }
      }
What happens when the queue head/tail gets deleted with more than one entry? Seams to produce a deadlock here!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-12-10 10:06 UTC] sas@php.net 
This and several other bugs in this part of the code have been fixed. Please try a snapshot (snaps.php.net) or wait for an upcoming release. Thanks for your detailed report.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jul 06 15:01:35 2025 UTC