php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57539 APC crashes on high loads with zend_mm_heap corruption
Submitted: 2007-02-21 07:32 UTC Modified: 2007-12-26 18:04 UTC
From: stojmir at on dot net dot mk Assigned:
Status: Closed Package: APC (PECL)
PHP Version: 5_2 CVS-2007-02-21 OS: Redhat Linux 2.6.9 x86_64
Private report: No CVE-ID: None
 [2007-02-21 07:32 UTC] stojmir at on dot net dot mk
Description:
------------
Description:
------------
My apache crashes on random intervals (usually 10 hours):
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
[Tue Feb 13 17:28:01 2007] [notice] child pid 14881 exit signal
Segmentation fault (11), possible coredump in /var/apache-dump

Im guessing its related with the zend memory menager, but who nows, im
not really into it so i cant be sure.

PHP version 5.2.1, Apache 2.0.55, RedHat Enterprise Linux with
2.6.9-42.0.8.ELsmp on a x86_64 machine with dual core Xeon.

The site is hosting a Drupal installation with about 3000 users at a
time.

Reproduce code:
---------------
Im not sure what code produces the crash.

Actual result:
--------------
PHP is configured with:

'./configure' '--build=x86_64-redhat-linux' '--host=x86_64-redhat-linux'
'--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var'
'--sharedstatedir=/usr/com' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--cache-file=../config.cache'
'--with-libdir=lib64' '--with-config-file-path=/etc'
'--with-config-file-scan-dir=/etc/php.d' '--with-imap-ssl'
'--enable-ftp' '--with-gd' '--enable-gd-native-ttf'
'--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-freetype-dir=/usr'
'--with-gmp' '--with-mysql=shared,/usr/lib64' '--with-xml'
'--enable-trans-sid' '--enable-shmop' '--enable-sockets'
'--with-regex=php' '--enable-sysvsem' '--enable-sysvshm'
'--enable-sysvmsg' '--enable-memory-limit' '--with-tsrm-pthreads'
'--enable-shared' '--disable-debug' '--with-zlib' '--with-gettext'
'--with-xsl' '--with-iconv' '--enable-inline-optimization'
'--disable-static' '--with-curl' '--enable-exif' '--enable-magic-quotes'
'--with-inifile' '--with-flatfile' '--enable-dio' '--with-mbstring'
'--with-mime-magic=/etc/httpd/mime.magic' '--enable-soap'
'--enable-wddx' '--with-pear' '--enable-pic' '--disable-rpath'
'--enable-track-vars' '--enable-mcal' '--enable-mbstring'
'--enable-mbstr-enc-trans' '--enable-mbregex' '--enable-memory-limit'
'--enable-zend-multibyte' '--with-mysqli=shared'
'--enable-force-cgi-redirect' '--enable-fastcgi' '--enable-pcntl'
'--enable-sigchild' '--with-apxs2=/usr/sbin/apxs' '--with-bz2'
'--with-sqllite=shared' '--enable-sqlite-utf8'

Here is a gdb backtrace of the thrown core dump from apache:

GNU gdb Red Hat Linux (6.3.0.0-1.132.EL4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib64/tls/libthread_db.so.1".

Core was generated by `/usr/sbin/httpd'.
Program terminated with signal 11, Segmentation fault.
(no debugging symbols found)
Loaded symbols for /usr/sbin/httpd
Reading symbols from /lib64/libpcre.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libpcre.so.0
Reading symbols from /usr/lib64/libpcreposix.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libpcreposix.so.0
Reading symbols from /usr/lib64/libaprutil-0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libaprutil-0.so.0
Reading symbols from /usr/lib64/libldap-2.2.so.7...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libldap-2.2.so.7
Reading symbols from /usr/lib64/liblber-2.2.so.7...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/liblber-2.2.so.7
Reading symbols from /lib64/tls/libdb-4.2.so...(no debugging symbols found)...done.
Loaded symbols for /lib64/tls/libdb-4.2.so
Reading symbols from /usr/lib64/libexpat.so.0...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libexpat.so.0
Reading symbols from /usr/lib64/libapr-0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libapr-0.so.0
Reading symbols from /lib64/tls/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/tls/librt.so.1
Reading symbols from /lib64/tls/libm.so.6...
(no debugging symbols found)...done.
Loaded symbols for /lib64/tls/libm.so.6
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/tls/libpthread.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/tls/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/tls/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/tls/libc.so.6
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /usr/lib64/libsasl2.so.2...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libsasl2.so.2
Reading symbols from /lib64/libssl.so.4...(no debugging symbols found)...done.
Loaded symbols for /lib64/libssl.so.4
Reading symbols from /lib64/libcrypto.so.4...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypto.so.4
Reading symbols from /lib64/ld-linux-x86-64.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libgssapi_krb5.so.2
Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libkrb5.so.3
Reading symbols from /lib64/libcom_err.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib64/libcom_err.so.2
Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libk5crypto.so.3
Reading symbols from /usr/lib64/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libz.so.1
Reading symbols from /lib64/libnss_files.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /usr/lib64/httpd/modules/mod_access.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_access.so
Reading symbols from /usr/lib64/httpd/modules/mod_auth.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_auth.so
Reading symbols from /usr/lib64/httpd/modules/mod_auth_anon.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_auth_anon.so
Reading symbols from /usr/lib64/httpd/modules/mod_auth_dbm.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_auth_dbm.so
Reading symbols from /usr/lib64/httpd/modules/mod_auth_digest.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_auth_digest.so
Reading symbols from /usr/lib64/httpd/modules/mod_ext_filter.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_ext_filter.so
Reading symbols from /usr/lib64/httpd/modules/mod_include.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_include.so
Reading symbols from /usr/lib64/httpd/modules/mod_deflate.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_deflate.so
Reading symbols from /usr/lib64/httpd/modules/mod_log_config.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_log_config.so
Reading symbols from /usr/lib64/httpd/modules/mod_log_forensic.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_log_forensic.so
Reading symbols from /usr/lib64/httpd/modules/mod_env.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_env.so
Reading symbols from /usr/lib64/httpd/modules/mod_mime_magic.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_mime_magic.so
Reading symbols from /usr/lib64/httpd/modules/mod_cern_meta.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_cern_meta.so
Reading symbols from /usr/lib64/httpd/modules/mod_expires.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_expires.so
Reading symbols from /usr/lib64/httpd/modules/mod_headers.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_headers.so
Reading symbols from /usr/lib64/httpd/modules/mod_usertrack.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_usertrack.so
Reading symbols from /usr/lib64/httpd/modules/mod_unique_id.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_unique_id.so
Reading symbols from /usr/lib64/httpd/modules/mod_setenvif.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_setenvif.so
Reading symbols from /usr/lib64/httpd/modules/mod_proxy.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_proxy.so
Reading symbols from /usr/lib64/httpd/modules/mod_proxy_connect.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_proxy_connect.so
Reading symbols from /usr/lib64/httpd/modules/mod_proxy_ftp.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_proxy_ftp.so
Reading symbols from /usr/lib64/httpd/modules/mod_proxy_http.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_proxy_http.so
Reading symbols from /usr/lib64/httpd/modules/mod_mime.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_mime.so
Reading symbols from /usr/lib64/httpd/modules/mod_dav.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_dav.so
Reading symbols from /usr/lib64/httpd/modules/mod_status.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_status.so
Reading symbols from /usr/lib64/httpd/modules/mod_autoindex.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_autoindex.so
Reading symbols from /usr/lib64/httpd/modules/mod_asis.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_asis.so
Reading symbols from /usr/lib64/httpd/modules/mod_info.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_info.so
Reading symbols from /usr/lib64/httpd/modules/mod_cgi.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_cgi.so
Reading symbols from /usr/lib64/httpd/modules/mod_dav_fs.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_dav_fs.so
Reading symbols from /usr/lib64/httpd/modules/mod_vhost_alias.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_vhost_alias.so
Reading symbols from /usr/lib64/httpd/modules/mod_negotiation.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_negotiation.so
Reading symbols from /usr/lib64/httpd/modules/mod_dir.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_dir.so
Reading symbols from /usr/lib64/httpd/modules/mod_actions.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_actions.so
Reading symbols from /usr/lib64/httpd/modules/mod_speling.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_speling.so
Reading symbols from /usr/lib64/httpd/modules/mod_alias.so...
(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_alias.so
Reading symbols from /usr/lib64/httpd/modules/mod_rewrite.so...(no debugging symbols found)...done.
Loaded symbols for /etc/httpd/modules/mod_rewrite.so
Reading symbols from /usr/lib64/httpd/modules/libphp5.so...done.
Loaded symbols for /usr/lib64/httpd/modules/libphp5.so
Reading symbols from /usr/lib64/libexslt.so.0...done.
Loaded symbols for /usr/lib64/libexslt.so.0
Reading symbols from /usr/lib64/libgmp.so.3...done.
Loaded symbols for /usr/lib64/libgmp.so.3
Reading symbols from /usr/lib64/libfreetype.so.6...done.
Loaded symbols for /usr/lib64/libfreetype.so.6
Reading symbols from /usr/lib64/libpng12.so.0...done.
Loaded symbols for /usr/lib64/libpng12.so.0
Reading symbols from /usr/lib64/libjpeg.so.62...done.
Loaded symbols for /usr/lib64/libjpeg.so.62
Reading symbols from /usr/lib64/libcurl.so.3...done.
Loaded symbols for /usr/lib64/libcurl.so.3
Reading symbols from /usr/lib64/libbz2.so.1...done.
Loaded symbols for /usr/lib64/libbz2.so.1
Reading symbols from /lib64/libnsl.so.1...done.
Loaded symbols for /lib64/libnsl.so.1
Reading symbols from /usr/lib64/libidn.so.11...done.
Loaded symbols for /usr/lib64/libidn.so.11
Reading symbols from /usr/lib64/libxslt.so.1...done.
Loaded symbols for /usr/lib64/libxslt.so.1
Reading symbols from /usr/lib64/libxml2.so.2...done.
Loaded symbols for /usr/lib64/libxml2.so.2
Reading symbols from /usr/lib64/libgcrypt.so.11...done.
Loaded symbols for /usr/lib64/libgcrypt.so.11
Reading symbols from /usr/lib64/libgpg-error.so.0...done.
Loaded symbols for /usr/lib64/libgpg-error.so.0
Reading symbols from /usr/lib64/httpd/modules/mod_perl.so...done.
Loaded symbols for /etc/httpd/modules/mod_perl.so
Reading symbols from /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so...done.
Loaded symbols for /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so
Reading symbols from /lib64/libutil.so.1...done.
Loaded symbols for /lib64/libutil.so.1
Reading symbols from /usr/lib64/httpd/modules/mod_python.so...done.
Loaded symbols for /etc/httpd/modules/mod_python.so
Reading symbols from /usr/lib64/httpd/modules/mod_ssl.so...done.
Loaded symbols for /etc/httpd/modules/mod_ssl.so
Reading symbols from /usr/lib64/libdistcache.so.1...done.
Loaded symbols for /usr/lib64/libdistcache.so.1
Reading symbols from /usr/lib64/libnal.so.1...done.
Loaded symbols for /usr/lib64/libnal.so.1
Reading symbols from /usr/lib64/php/modules/mysql.so...done.
Loaded symbols for /usr/lib64/php/modules/mysql.so
Reading symbols from /usr/lib64/mysql/libmysqlclient.so.15...done.
Loaded symbols for /usr/lib64/mysql/libmysqlclient.so.15
Reading symbols from /usr/lib64/php/modules/apc.so...done.
Loaded symbols for /usr/lib64/php/modules/apc.so
Reading symbols from /usr/lib64/gconv/CP1251.so...done.
Loaded symbols for /usr/lib64/gconv/CP1251.so
Reading symbols from /lib64/libnss_dns.so.2...done.
Loaded symbols for /lib64/libnss_dns.so.2
#0  _zend_mm_free_int (heap=0x552ad6cc70, p=Variable "p" is not available.
)
    at /root/php5.2-200702131930/Zend/zend_alloc.c:616
---Type <return> to continue, or q <return> to quit---
616             if (UNEXPECTED(prev->next_free_block != mm_block) || UNEXPECTED(next->prev_free_block != mm_block)) {

APC is configured with default options.

http://www.blog.com.mk/php.php
http://www.blog.com.mk/apc.php


Reproduce code:
---------------
I dont have any. :-( 
It is something from the many moduled and scripts in Drupal.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-02-21 14:52 UTC] shire@php.net
Could you please try out the latest APC CVS version and let us know if it fixes this issue?
 [2007-02-22 02:23 UTC] gopalv82 at yahoo dot com
Please let me know if there are any crashes after 

apc.filters = block.module

I have a vague suspicion about function static variables, which needs more investigation.
 [2007-02-23 04:01 UTC] stojmir at on dot net dot mk
Filtering the block.module helped. Apache has not crashed for 2 days now.

So was this happening because a bad code in the module, or is it still possible to be a bug in APC or PHP?
 [2007-02-23 05:14 UTC] gopalv82 at yahoo dot com
You shouldn't be able to make APC crash with any php code (excluding recursive includes ...).

So, the bug stands.
 [2007-03-08 20:50 UTC] gopalv82 at yahoo dot com
Do you have the cores still lying around ? 

If you still have them,

(gdb)f 1 
(gdb) p *q
(gdb) printf "%s\n", q->arKey

will help.
 [2007-12-26 18:04 UTC] rasmus@php.net
Please try APC-3.0.16 and re-open if you can still reproduce this problem.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 14:01:29 2024 UTC