httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: Seg fault: Possible race conditions in mod_mem_cache.c
Date Wed, 08 Sep 2004 17:32:09 GMT
On Wed, 08 Sep 2004 09:14:56 -0600, Jean-Jacques Clar <jjclar@novell.com> wrote:
>  
> >It should not be possibe for two threads to atomically decrement the refcount on
the same object to 0.  
> I think there is a small window in there where it is possible to have the decs 
> happening on both CPUs one after the other making that bug possible in 
> decrement_refcount() and memcache_cache_free(). 
>   
> >Sounds 
> >like a bug in netware's apr_atomic_dec() function. 
>   
> Sorry but when running the same test on SLES9 with 2.0.51rc1, 
> my error_log is full of threads segfaulting. 

I loaded the latest APACHE_2_0_BRANCH cache code into a 2.0.47-based
server on SLES8/PPC.  Not hard to make segfault.  I changed
MCacheMaxObjectCount to 1 from what you posted and had clients iterate
through a list of 20 or so /index.html.LANGUAGE files.  I changed the
worker MPM configuration to use exactly 1 child process with 800
threads.

My backtrace was (sorry, no line numbers):

pthread_mutex_lock()
free()
mod_mem_cache.so
mod_mem_cache.so
libapr-0.so.0
apr_pool_destroy()
httpd
ap_run_process_connection()

Next I'll try to replicate with 2.0.51 rc2 on the same box.

Mime
View raw message