php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69540 opcache.max_accelerated_files is not enough -> zend_mm_heap corrupted
Submitted: 2015-04-28 05:08 UTC Modified: 2016-12-09 10:37 UTC
Votes:6
Avg. Score:4.8 ± 0.4
Reproduced:6 of 6 (100.0%)
Same Version:4 (66.7%)
Same OS:3 (50.0%)
From: naoki-kawamukai at cybozu dot co dot jp Assigned:
Status: Duplicate Package: opcache
PHP Version: 5.5.24 OS: Ubuntu 14.04.2
Private report: No CVE-ID:
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: naoki-kawamukai at cybozu dot co dot jp
New email:
PHP Version: OS:

 

 [2015-04-28 05:08 UTC] naoki-kawamukai at cybozu dot co dot jp
Description:
------------
I use PHP 5.5.24 + php-fpm + opcache.
CPU is Intel(R) Xeon(R) CPU X5650  @ 2.67GHz.
Memory is 4GB.
I apply some original patches and use original extensions.
My application can not run without them,
because they are closely related with it.

Sometimes, following logs are recorded on php-fpm.log:
[13-Apr-2015 01:14:34] WARNING: [pool www] child 30683 said into stderr: "zend_mm_heap corrupted"
[13-Apr-2015 01:14:34] WARNING: [pool www] child 30683 exited with code 1 after 1220.432552 seconds from start
[13-Apr-2015 01:14:34] NOTICE: [pool www] child 3481 started

This error occurs on random.
It is hard to find a reproducing code.

My opcache config is following:
[opcache]
opcache.memory_consumption=384
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=200
opcache.revalidate_freq=60
opcache.fast_shutdown=1

When I change opcache.max_accelerated_files to 7000,
the frequency of "zend_mm_heap corrupted" decreases.
When I change opcache.max_accelerated_files to 60000,
"zend_mm_heap corrupted" does not occur.
# My application consists of 10000+ PHP files.

Expected result:
----------------
PHP-FPM process should not report "zend_mm_heap corrupted"

Actual result:
--------------
PHP-FPM process reports "zend_mm_heap corrupted" sometimes.

I try to get coredump with "--enable-debug".
but, this error does not reproduced it with "--enable-debug".
So, I modified L91 like this and built PHP:
https://github.com/php/php-src/blob/php-5.5.24/Zend/zend_alloc.c#L91
> #if ZEND_DEBUG && defined(HAVE_KILL) && defined(HAVE_GETPID)
> ↓
> #if defined(HAVE_KILL) && defined(HAVE_GETPID)

Now, I can get coredump.

GDB backtrace:

GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/php/sbin/php-fpm...done.
[New LWP 4688]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `php-fpm: pool www                                                       '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f6f84b7ffb7 in kill () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007f6f84b7ffb7 in kill () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x000000000042f9ab in zend_mm_panic (message=0xab36ca "zend_mm_heap corrupted") at /home/build/php/php-5.5.24/Zend/zend_alloc.c:92
#2  0x000000000072f188 in zend_mm_remove_from_free_list (heap=<optimized out>, mm_block=<optimized out>)
    at /home/build/php/php-5.5.24/Zend/zend_alloc.c:800
#3  0x000000000072f3ac in _zend_mm_free_int (heap=0x1792330, p=0x256ea08) at /home/build/php/php-5.5.24/Zend/zend_alloc.c:2106
#4  0x0000000000763968 in zend_hash_destroy (ht=0xe45690 <compiler_globals+272>) at /home/build/php/php-5.5.24/Zend/zend_hash.c:560
#5  0x0000000000733428 in shutdown_compiler () at /home/build/php/php-5.5.24/Zend/zend_compile.c:243
#6  0x0000000000755ee5 in zend_deactivate () at /home/build/php/php-5.5.24/Zend/zend.c:949
#7  0x00000000006f779d in php_request_shutdown (dummy=dummy@entry=0x0) at /home/build/php/php-5.5.24/main/main.c:1812
#8  0x0000000000430ff4 in main (argc=<optimized out>, argv=<optimized out>) at /home/build/php/php-5.5.24/sapi/fpm/fpm/fpm_main.c:1981

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-03-07 20:58 UTC] cjm at ias dot edu
This looks like a duplicate of https://bugs.php.net/bug.php?id=65590
 [2016-12-09 05:18 UTC] naoki-kawamukai at cybozu dot co dot jp
When I change opcache.revalidate_freq to 7000 and opcache.fast_shutdown to 0
"zend_mm_heap corrupted" does not occur.

Yes, this is a duplicate of https://bugs.php.net/bug.php?id=65590
 [2016-12-09 10:15 UTC] naoki-kawamukai at cybozu dot co dot jp
-Status: Open +Status: Closed
 [2016-12-09 10:15 UTC] naoki-kawamukai at cybozu dot co dot jp
I close this because of a duplicate
 [2016-12-09 10:37 UTC] requinix@php.net
-Status: Closed +Status: Duplicate
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC