php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57329 pconnect: (apache crashes) incorrect memory freeing handling
Submitted: 2006-10-27 17:48 UTC Modified: 2006-10-27 18:36 UTC
From: selecter at gmail dot com Assigned:
Status: Closed Package: memcache (PECL)
PHP Version: 5.1.6 OS: Linux Gentoo 2006.1 x86_64
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: selecter at gmail dot com
New email:
PHP Version: OS:

 

 [2006-10-27 17:48 UTC] selecter at gmail dot com
Description:
------------
In case when pconnect fails to connect, memcache incorrectly frees memory sometimes.

"connect" is fine

To reproduce, memcached must be disabled. And try to run a script several times.

Reproduce code:
---------------
<?php
	$cache = new Memcache;
	$cache->pconnect('localhost', 11211);
?>

Actual result:
--------------
error_log:
[Sat Oct 28 00:24:31 2006] [notice] child pid 13185 exit signal Segmentation fault (11)
*** glibc detected *** /usr/sbin/apache2: corrupted double-linked list: 0x00002ba5b28669f0 ***
*** glibc detected *** /usr/sbin/apache2: double free or corruption (!prev): 0x0000000000963850 ***

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-27 18:00 UTC] tony2001 at phpclub dot net
What memcache version do you use?
Please provide GDB backtrace also.
 [2006-10-27 18:06 UTC] selecter at gmail dot com
pecl-memcache-2.0.4
memcached-1.2.0

Backtrace was generated by pecl-xdebug(I think) in another script that uses pconnect.

*** glibc detected *** /usr/sbin/apache2: munmap_chunk(): invalid pointer: 0x000000000086b3a8 ***
======= Backtrace: =========
/lib/libc.so.6(__libc_free+0x174)[0x2ba5b2698474]
/usr/lib64/php5/lib/php/extensions/no-debug-non-zts-20050922/memcache.so[0x2ba5b7334d0d]
/usr/lib64/php5/lib/php/extensions/no-debug-non-zts-20050922/memcache.so[0x2ba5b733648a]
/usr/lib64/php5/lib/php/extensions/no-debug-non-zts-20050922/xdebug.so(xdebug_execute_internal+0x154)[0x2ba5b7208a0b]
/usr/lib64/apache2/modules/libphp5.so[0x2ba5b45b1498]
/usr/lib64/apache2/modules/libphp5.so(execute+0x173)[0x2ba5b45a1673]
/usr/lib64/php5/lib/php/extensions/no-debug-non-zts-20050922/xdebug.so(xdebug_execute+0xac7)[0x2ba5b72086cd]
/usr/lib64/apache2/modules/libphp5.so[0x2ba5b45a7216]
/usr/lib64/apache2/modules/libphp5.so(execute+0x173)[0x2ba5b45a1673]
/usr/lib64/php5/lib/php/extensions/no-debug-non-zts-20050922/xdebug.so(xdebug_execute+0xac7)[0x2ba5b72086cd]
/usr/lib64/apache2/modules/libphp5.so(zend_execute_scripts+0x16f)[0x2ba5b4584c3f]
/usr/lib64/apache2/modules/libphp5.so(php_execute_script+0x229)[0x2ba5b45481f9]
/usr/lib64/apache2/modules/libphp5.so[0x2ba5b460117d]
/usr/sbin/apache2(ap_run_handler+0x79)[0x425c89]
/usr/sbin/apache2(ap_invoke_handler+0x72)[0x428b52]
/usr/sbin/apache2(ap_process_request+0x158)[0x423c58]
/usr/sbin/apache2(apr_vformatter+0x9c0)[0x41ec60]
/usr/sbin/apache2(ap_run_process_connection+0x71)[0x42fb91]
/usr/sbin/apache2[0x424973]
/usr/sbin/apache2[0x424b94]
/usr/sbin/apache2(ap_mpm_run+0x647)[0x425297]
/usr/sbin/apache2(main+0x5ed)[0x42b2ed]
/lib/libc.so.6(__libc_start_main+0xf4)[0x2ba5b2647134]
/usr/sbin/apache2(apr_bucket_mmap_make+0x59)[0x41e5b9]
 [2006-10-27 18:10 UTC] tony2001 at phpclub dot net
Please update to the latest stable version first (2.1.0) and if you still can replicate it, provide a backtrace as described here: 
http://bugs.php.net/bugs-generating-backtrace.php
 [2006-10-27 18:30 UTC] selecter at gmail dot com
>To get a backtrace with correct information you must have PHP configured with --enable-debug

I am sorry, can't do that. I have no time for that. And there is no ebuild in gentoo for 2.1.0 :(
 [2006-10-27 18:36 UTC] tony2001 at phpclub dot net
I can't reproduce it too, so I guess it's fixed.
Feel free to reopen the report when/if you have more information to tell.
 [2008-10-13 16:59 UTC] andre at roaldseth dot net
I do believe I experience this or an similar bug with 3.0.2 and memcached 1.2.6.

I have an job that runs as an CLI-job. This job multi-gets about 45.000-50.000 keys and loops through all of them and does some delete and some sets depending on the information but mostly it does nothing. This multi-get normally takes nothing more then a few tenths of a second.

The problem occurs sometimes when the memcached-cluster is under pretty high load(~10000 request per second per server(14 servers)). Now the multi-get suddenly take 4-8 minutes to complete and all the following deletes and sets Memcached is supposed to have done isn't successfully.

The job finishes(I have an echo on the last line) and after that I get this:

*** glibc detected *** corrupted double-linked list: 0x0000000002a09260 ***
Aborted

All sets and deletes returns FALSE. The servers are added to the connection pool using addServer().
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 03:01:28 2024 UTC