php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60561 zend_hash_index_find crash due to memory leak
Submitted: 2011-12-19 10:59 UTC Modified: 2013-02-18 00:35 UTC
Votes:4
Avg. Score:4.2 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:3 (75.0%)
Same OS:2 (50.0%)
From: dylan at opifer dot nl Assigned:
Status: No Feedback Package: APC (PECL)
PHP Version: 5.3.8 OS: FreeBSD 8.1
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-12-19 10:59 UTC] dylan at opifer dot nl
Description:
------------
FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jan 31 19:12:30 CET 2011 amd64
PHP 5.3.8
APC 3.1.9

'./configure' '--with-apxs2' '--with-curl=/usr/local/lib' '--with-gd' '--with-
ttf' '--with-gettext' '--with-jpeg-
dir=/usr/local/lib' '--with-freetype-dir=/usr/local/lib' '--with-kerberos' '--
with-openssl' '--with-mcrypt' '--with-mhash' 
'--with-mysql=/usr/local/mysql' '--with-mysqli=/usr/local/bin/mysql_config' '--
with-pdo-mysql=/usr/local/mysql' '--with-
pcre-regex=/usr/local' '--with-pear' '--with-png-dir=/usr/local/lib' '--with-
zlib' '--with-zlib-dir=/usr/local/lib' '--
with-iconv=/usr/local' '--enable-bcmath' '--enable-calendar' '--enable-exif' '--
enable-ftp' '--enable-gd-native-ttf' '--
enable-magic-quotes' '--enable-safe-mode' '--enable-soap' '--enable-sockets' '--
enable-mbstring' '--enable-zip' '--with-
xsl' '--enable-wddx'


We're running PHP 5.3.8 with APC 3.1.9 and are using opcode cache as well as the 
user cache. Currently we are experiencing 
regular crashes when cache size increases. It looks like some kind of memory 
leak in APC, because the values in Cached 
Files en Cached Variables in size don't add up to the total cache size. The 
total cache size is much larger, like 1GB 
while the values added up make something like 400MB.

This is what the message log states:
Dec 19 10:17:54 quarto kernel: pid 97940 (httpd), uid 1004: exited on signal 11 
(core dumped)

So I inspected the coredump with gdb:
(gdb) backtrace
#0  0x000000080202cc3c in zend_hash_index_find (ht=0x805251ef0, h=34490315800, 
pData=0x7fffffffc378) at 
/usr/local/directadmin/custombuild/php-5.3.8/Zend/zend_hash.c:983
#1  0x0000000805132637 in my_copy_zval () from /usr/local/lib/php/extensions/no-
debug-non-zts-20090626/apc.so
#2  0x00000008051322fb in my_copy_zval_ptr () from 
/usr/local/lib/php/extensions/no-debug-non-zts-20090626/apc.so
#3  0x0000000805133aea in my_copy_hashtable_ex () from 
/usr/local/lib/php/extensions/no-debug-non-zts-20090626/apc.so
#4  0x00000008051355d0 in apc_copy_class_entry_for_execution () from 
/usr/local/lib/php/extensions/no-debug-non-zts-
20090626/apc.so
#5  0x0000000805136912 in install_class () from 
/usr/local/lib/php/extensions/no-debug-non-zts-20090626/apc.so
#6  0x0000000805137007 in cached_compile () from 
/usr/local/lib/php/extensions/no-debug-non-zts-20090626/apc.so
#7  0x0000000805137908 in my_compile_file () from 
/usr/local/lib/php/extensions/no-debug-non-zts-20090626/apc.so
#8  0x0000000801e7f091 in phar_compile_file (file_handle=0x7fffffffcdc0, type=2) 
at 
/usr/local/directadmin/custombuild/php-5.3.8/ext/phar/phar.c:3393
#9  0x0000000801ff37d8 in compile_filename (type=2, filename=0x845a044b8) at 
zend_language_scanner.l:407
#10 0x0000000802067da7 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER 
(execute_data=0x845a04350) at zend_vm_execute.h:5254
#11 0x00000008020472b1 in execute (op_array=0x804ee0d90) at 
zend_vm_execute.h:107
#12 0x0000000802020701 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at 
/usr/local/directadmin/custombuild/php-5.3.8/Zend/zend.c:1236
#13 0x0000000801fcc457 in php_execute_script (primary_file=0x7fffffffe760) at 
/usr/local/directadmin/custombuild/php-
5.3.8/main/main.c:2284
#14 0x00000008020a959e in php_handler (r=0x805595978) at 
/usr/local/directadmin/custombuild/php-
5.3.8/sapi/apache2handler/sapi_apache2.c:669
#15 0x000000000044025a in ap_run_handler (r=0x805595978) at config.c:157
#16 0x0000000000443472 in ap_invoke_handler (r=0x805595978) at config.c:376
#17 0x0000000000486f9a in ap_internal_redirect (new_uri=Variable "new_uri" is 
not available.
) at http_request.c:554
#18 0x00000000004afcea in handler_redirect (r=0x8055800a0) at mod_rewrite.c:4838
#19 0x000000000044025a in ap_run_handler (r=0x8055800a0) at config.c:157
#20 0x0000000000443472 in ap_invoke_handler (r=0x8055800a0) at config.c:376
#21 0x000000000048710e in ap_process_request (r=0x8055800a0) at 
http_request.c:282
#22 0x0000000000484418 in ap_process_http_connection (c=0x805574290) at 
http_core.c:190
#23 0x0000000000447142 in ap_run_process_connection (c=0x805574290) at 
connection.c:43
#24 0x00000000004b3938 in child_main (child_num_arg=Variable "child_num_arg" is 
not available.
) at prefork.c:667
#25 0x00000000004b3bd4 in make_child (s=0x801a27e10, slot=11) at prefork.c:768
#26 0x00000000004b4464 in ap_mpm_run (_pconf=Variable "_pconf" is not available.
) at prefork.c:903
#27 0x000000000042db7f in main (argc=4, argv=0x7fffffffed38) at main.c:739

The line number (983) in zend_hash.c corresponds to an action (p = ht-
>arBuckets[nIndex];) where it addresses a key in a 
hashtable which apparently does not exist any more. This more or less supports 
my theory of a memory leak somewhere, where 
the apc cache fills up with illegal information...


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-08-14 14:44 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2012-08-14 14:44 UTC] ab@php.net
Still can reproduce this? Please supply a fresh trace with APC trunk and a piece 
of PHP code to reproduce.
 [2012-08-14 15:11 UTC] oneiroi at fedoraproject dot org
this blog post http://notmysock.org/blog/php/user-cache-timebomb.html discusses 
the race condition leading to the issue; and I can confirm that once several 
production systems were updated to utilize the apc_add function over the 
apc_store function this issue was no longer present.

Other relevant source includes: http://serverfault.com/questions/342295/apc-
keeps-crashing
 [2013-02-18 00:35 UTC] pecl-dev at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Feb 21 16:01:27 2020 UTC