php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64446 APC apc_new_interned_string cyclic reference in arBuckets
Submitted: 2013-03-18 17:32 UTC Modified: 2016-11-18 21:18 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: ed at iweb dot co dot uk Assigned:
Status: Wont fix Package: APC (PECL)
PHP Version: 5.4.13 OS: Ubuntu 12.04.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ed at iweb dot co dot uk
New email:
PHP Version: OS:

 

 [2013-03-18 17:32 UTC] ed at iweb dot co dot uk
Description:
------------
We are hitting a bug in APC new_intern_string. When there is a hash collision 
occasionally the linked list of items becomes corrupted and p->pNext refers to 
itself and so loops indefinitely.

versions:
=========
php-apc-3.1.13

apc.ini:
========
extension=apc.so
apc.rfc1867 = 1
apc.rfc1867_freq = 50k
apc.enable = 1
apc.enable_cli = 1
apc.stat=On
realpath_cache_size=1M
realpath_cache_ttl=86400
apc.write_lock=Off
apc.shm_size=128

we suspect that write_lock may influence the behaviour but performance was not 
acceptable with it enabled.

Backtrace:
==========

apc_new_interned_string (arKey=arKey@entry=0x7f0087359120 "explodeincludepath", 
nKeyLength=nKeyLength@entry=19)
    at /root/d/php-apc-3.1.13/APC-3.1.13/apc_string.c:91
91	        p = p->pNext;
(gdb) bt
#0  apc_new_interned_string (arKey=arKey@entry=0x7f0087359120 
"explodeincludepath",
    nKeyLength=nKeyLength@entry=19) at /root/d/php-apc-3.1.13/APC-
3.1.13/apc_string.c:91
#1  0x00007f00903c8714 in apc_string_pmemcpy (str=0x7f0087359120 
"explodeincludepath", len=19,
    pool=pool@entry=0x7f0088f77b40) at /root/d/php-apc-3.1.13/APC-
3.1.13/apc_compile.c:291
#2  0x00007f00903c0735 in my_copy_zval (dst=dst@entry=0x7f0088f7bff8, 
src=src@entry=0x7f009feae030,
    ctxt=ctxt@entry=0x7fff5b0f1990) at /root/d/php-apc-3.1.13/APC-
3.1.13/apc_compile.c:348
#3  0x00007f00903c93ce in apc_copy_op_array (dst=dst@entry=0x7f0088f7bca8, 
src=src@entry=0x7f009fea8970,
    ctxt=0x7fff5b0f1990) at /root/d/php-apc-3.1.13/APC-3.1.13/apc_compile.c:1211
#4  0x00007f00903c9d1a in my_copy_function (dst=<optimised out>, dst@entry=0x0, 
src=0x7f009fea8970,
    ctxt=ctxt@entry=0x7fff5b0f1990) at /root/d/php-apc-3.1.13/APC-
3.1.13/apc_compile.c:490
#5  0x00007f00903c0426 in my_copy_hashtable_ex (dst=dst@entry=0x7f0088f77e50, 
src=src@entry=0x7f009fea7658,
    copy_fn=copy_fn@entry=0x7f00903c9c70 <my_copy_function>, 
holds_ptrs=holds_ptrs@entry=0,
    ctxt=ctxt@entry=0x7fff5b0f1990, check_fn=check_fn@entry=0x7f00903c8600 
<my_check_copy_function>)
    at /root/d/php-apc-3.1.13/APC-3.1.13/apc_compile.c:1034
#6  0x00007f00903cada4 in my_copy_class_entry (dst=0x7f0088f77e28, dst@entry=0x0, 
src=0x7f009fea7630,
    ctxt=ctxt@entry=0x7fff5b0f1990) at /root/d/php-apc-3.1.13/APC-
3.1.13/apc_compile.c:687
#7  0x00007f00903cb9d2 in apc_copy_new_classes (op_array=<optimised out>, 
old_count=old_count@entry=284,
    ctxt=ctxt@entry=0x7fff5b0f1990) at /root/d/php-apc-3.1.13/APC-
3.1.13/apc_compile.c:1544
#8  0x00007f00903cce56 in apc_compile_cache_entry (key=key@entry=0x7fff5b0f1ff0, 
h=h@entry=0x7fff5b0f3240,
    type=type@entry=2, t=t@entry=1363615582, 
op_array=op_array@entry=0x7fff5b0f1f08,
    cache_entry=cache_entry@entry=0x7fff5b0f1f00) at /root/d/php-apc-3.1.13/APC-
3.1.13/apc_main.c:446
#9  0x00007f00903cd725 in my_compile_file (h=0x7fff5b0f3240, type=2)
    at /root/d/php-apc-3.1.13/APC-3.1.13/apc_main.c:603
#10 0x00007f009ad54f32 in phar_compile_file (file_handle=<incomplete type>, 
type=32767)
    at /root/d/php5-5.4.6/ext/phar/phar.c:3391
#11 0x00007f009aea0e8c in compile_filename (type=2, filename=0x7f009fe97658) at 
Zend/zend_language_scanner.l:625
#12 0x00007f009af19eeb in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER 
(execute_data=0x7f0098626738)
    at /root/d/php5-5.4.6/Zend/zend_vm_execute.h:27386
#13 0x00007f009af37cbf in execute (op_array=0x7f00874a51f0) at /root/d/php5-
5.4.6/Zend/zend_vm_execute.h:410
#14 0x00007f009aec9158 in zend_call_function (fci=0x7fff5b0f35a0, 
fci_cache=0x7f00986260c8)
    at /root/d/php5-5.4.6/Zend/zend_execute_API.c:958

(gdb) print p
$2 = (Bucket *) 0x7f00880d9ea0
(gdb) print p->h
$4 = 11401928441719084423
(gdb) print p->arKey
$5 = 0x7f00880d9ee8 "Config must be an array or an instance of Zend_Config."
(gdb) print p->pData
$6 = (void *) 0x7f00880d9eb8
(gdb) print p->pLast
$7 = (struct bucket *) 0x7f00880d9ea0
(gdb) print p->pNext
$8 = (struct bucket *) 0x7f00880d9ea0

Under our setup "Config must be an array or an instance of Zend_Config." and 
"explodeincludepath" trigger a hash collision

We are experiencing this issue around twice a week but we are unable to reliably 
reproduce the problem. If you require additional information let us know and we 
will collect it the next time the server goes.




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-24 03:25 UTC] jean-luc dot cooke at trustificorp dot com
Problem occurring on Amazon EC2 build - also not reliably reproducible. httpd PID is spinning out of control for hours on end.  Lots of available system memory and APC cache limit nowhere near reaching it's limit of 192MB.

php54-5.4.28-1.54.amzn1.x86_64
php54-pecl-apc-3.1.15-0.3.svn329913.14.amzn1.x86_64

GDB backtrace
Program received signal SIGTRAP, Trace/breakpoint trap.
0x00007fb4402adca0 in apc_new_interned_string () from /usr/lib64/php/modules/apc.so
(gdb) bt
#0  0x00007fb4402adca0 in apc_new_interned_string () from /usr/lib64/php/modules/apc.so
#1  0x00007fb4402a1874 in ?? () from /usr/lib64/php/modules/apc.so
#2  0x00007fb4402998f5 in ?? () from /usr/lib64/php/modules/apc.so
#3  0x00007fb4402a1ab7 in ?? () from /usr/lib64/php/modules/apc.so
#4  0x00007fb4402995f3 in ?? () from /usr/lib64/php/modules/apc.so
#5  0x00007fb44029992e in ?? () from /usr/lib64/php/modules/apc.so
#6  0x00007fb4402a0442 in apc_cache_store_zval () from /usr/lib64/php/modules/apc.so
#7  0x00007fb4402a05a0 in apc_cache_make_user_entry () from /usr/lib64/php/modules/apc.so
#8  0x00007fb44029df51 in _apc_store () from /usr/lib64/php/modules/apc.so
#9  0x00007fb44029e17f in ?? () from /usr/lib64/php/modules/apc.so
#10 0x00007fb441b421dc in ?? () from /etc/httpd/modules/libphp5.so
#11 0x00007fb441ac0427 in execute () from /etc/httpd/modules/libphp5.so
#12 0x00007fb441a9ab54 in zend_execute_scripts () from /etc/httpd/modules/libphp5.so
#13 0x00007fb441a3c6f6 in php_execute_script () from /etc/httpd/modules/libphp5.so
#14 0x00007fb441b43eba in ?? () from /etc/httpd/modules/libphp5.so
#15 0x00007fb44fb21020 in ap_run_handler ()
#16 0x00007fb44fb21569 in ap_invoke_handler ()
#17 0x00007fb44fb3568a in ap_process_async_request ()
#18 0x00007fb44fb35964 in ap_process_request ()
#19 0x00007fb44fb32432 in ?? ()
#20 0x00007fb44fb2a620 in ap_run_process_connection ()
#21 0x00007fb445728767 in ?? () from /etc/httpd/modules/mod_mpm_prefork.so
#22 0x00007fb4457289a6 in ?? () from /etc/httpd/modules/mod_mpm_prefork.so
#23 0x00007fb44572960e in ?? () from /etc/httpd/modules/mod_mpm_prefork.so
#24 0x00007fb44fb0777e in ap_run_mpm ()
#25 0x00007fb44fb00f46 in main ()

bash# free
             total       used       free     shared    buffers     cached
Mem:        606924     600188       6736          0       7876      80976
-/+ buffers/cache:     511336      95588
Swap:      1048572     155324     893248
 [2016-11-18 21:18 UTC] kalle@php.net
-Status: Open +Status: Wont fix
 [2016-11-18 21:18 UTC] kalle@php.net
APC is no longer supported in favor of opcache that comes bundled with PHP, if you wish to use the user cache, then look at PECL/APCu.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Dec 01 13:01:47 2020 UTC