Opened 6 years ago

Last modified 6 years ago

#336 infoneeded defect

segfaults when using XCache 3.0.4

Reported by: boxdev Owned by: moo
Priority: critical Milestone: 3.3.0
Component: cacher Version: 3.0.4
Keywords: Cc:
Application: PHP Version: 5.4.19
Other Exts: SAPI: Irrelevant
Probability: Blocked By:


Our machines have XCache 3.0.4 installed. We start to observe segfaults during the early morning hours on several machines.

We would appreciate your feedback on what other data we can gather.

Version of XCache: php-xcache-3.0.4-5.4_box2.el6.x86_64
Version of PHP: php-5.4.19-1.el6.x86_64
Version of Apache: httpd-2.2.15-15.sl6.1.x86_64
OS: Scientific Linux 6
Output of 'uname -a': Linux 2.6.32-220.23.1.el6.x86_64 #1 SMP Mon Jun 18 09:58:09 CDT 2012 x86_64 x86_64 x86_64 GNU/Linux
Frequency of occurrence: Normally very low. But intermittently, every web server request results in a segfault.
xcache.readonly_protection = On

Once a server gets into the state where all requests result in a segfault, we bounce httpd and requests can be processed normally again.

When we review the stack traces, we see some xcache functions in the stack trace.

Attachments (1)

coredumps.20131223-1.txt (50.5 KB) - added by boxdev 6 years ago.
stack trace from core dump

Download all attachments as: .zip

Change History (6)

Changed 6 years ago by boxdev

stack trace from core dump

comment:1 Changed 6 years ago by moo

  • Status changed from new to accepted

Thanks for your report. It's a pity that a lot of argument/variable is opt out. I'm hope we can find a way to reproduce.

comment:2 Changed 6 years ago by moo

It seems that the line crash on

    for (literalinfoindex = 0; literalinfoindex < op_array_info->literalinfo_cnt; ++literalinfoindex) {
        int literalindex = op_array_info->literalinfos[literalinfoindex].index;
        int literalinfo = op_array_info->literalinfos[literalinfoindex].info;

by reading the core dump info. op_array_info->literalinfo_cnt > 0

literalindex = <error reading variable literalindex (Cannot access memory at address 0x0)>

means op_array_info->literalinfos == 0. it's impossible to have literalinfo_cnt > 0 && literalinfos == 0

check the code below

    op_array_info->literalinfo_cnt = details.cnt;
    op_array_info->literalinfos    = xc_vector_detach(xc_op_array_info_detail_t, &details);

current conclusion: looks like the cache is corrupted. can you please turn xcache.readonly_protection = on (and make sure xcache.mmap_path != "/dev/zero" because protection is available in this case)

comment:3 Changed 6 years ago by boxdev

Thanks for looking into this problem. Here are our current settings.

; N/A for /dev/zero
xcache.readonly_protection = On

; for *nix, xcache.mmap_path is a file path, not directory.
; Use something like "/tmp/xcache" if you want to turn on ReadonlyProtection
; 2 group of php won't share the same /tmp/xcache
; for win32, xcache.mmap_path=anonymous map name, not file path
xcache.mmap_path = "/box/var/tmp/xcache.mmap"

comment:4 Changed 6 years ago by moo

  • Milestone changed from undecided to 3.1.1

please upgrade to 3.1.x and upgrade your php if possible

comment:5 Changed 6 years ago by moo

  • Status changed from accepted to infoneeded
Note: See TracTickets for help on using tickets.