Apache segmentation fault


#1

Hello,

I’m just starting out trying to use the PHP couchbase extension under apache in the following environment:

Debian Linux Wheezy x64
Apache 2.2.22
PHP 5.4.34
Couchbase server 3.0.0 (running on another Debian Wheezy machine)
libcouchbase 2.4.3 libraries installed from http://packages.couchbase.com/ubuntu wheezy wheezy/main
PHP extension 2.0.1 installed via “pecl install couchbase”

However, I cannot do even the simplest tasks without apache crashing with a segmentation fault.

Here’s my code:

<?php
$cluster = new \CouchbaseCluster("couchbase://cbserver");
$bucket = $cluster->openBucket("sessions", "12345");
$result = $bucket->get("abc123",array('expiry' => 600));

The couchbase server is completely empty and using default settings for the most part.

Running this code the first time produces an expected “The key does not exist on the server” message in the error log.
Running it a second time causes an immediate segmentation fault of apache.

There’s no other information in the logs to go on.

During my testing, I also managed to get this in the logs:

PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 140298844647032 bytes) in Unknown on line 0

There’s obviously some bad code somewhere in the couchbase libs, but I don’t have the time to track it down.

I’ve found a number of other topics here with similar sounding problems. One linked to this still-open ticket as well (that has no additional information as of yet): PCBC-310

However, I can provide help for someone else to find the problem as it is entirely 100% reproducable every time on my machine.

I would really like to use couchbase, but this is obviously a showstopper issue for me.

Here’s a valgrind log that may help as well:

==24150== Memcheck, a memory error detector
==24150== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==24150== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==24150== Command: /usr/sbin/apache2 -X
==24150== Parent PID: 22976
==24150== 
==24150== Invalid write of size 8
==24150==    at 0xEF85A8C: pcbc_wait (bucket.c:398)
==24150==    by 0xEF873F3: zim_Bucket_get (bucket.c:934)
==24150==    by 0x9A261A0: zend_do_fcall_common_helper_SPEC (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x99DFB56: execute (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x997E9FB: zend_execute_scripts (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x991E372: php_execute_script (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x9A28899: php_handler (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x14EC8F: ap_run_handler (config.c:159)
==24150==    by 0x14F0DA: ap_invoke_handler (config.c:377)
==24150==    by 0x15F207: ap_process_request (http_request.c:282)
==24150==    by 0x15C0C7: ap_process_http_connection (http_core.c:190)
==24150==    by 0x15564F: ap_run_process_connection (connection.c:43)
==24150==    by 0x163DBD: child_main (prefork.c:667)
==24150==    by 0x1644CD: make_child (prefork.c:712)
==24150==    by 0x164C81: ap_mpm_run (prefork.c:988)
==24150==    by 0x139895: main (main.c:755)
==24150==  Address 0x1ab76988 is 139,880 bytes inside a block of size 262,144 free'd
==24150==    at 0x4C27D4E: free (vg_replace_malloc.c:427)
==24150==    by 0x9958857: zend_mm_shutdown (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x991D08D: php_request_shutdown (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x9A2875E: php_handler (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x14EC8F: ap_run_handler (config.c:159)
==24150==    by 0x14F0DA: ap_invoke_handler (config.c:377)
==24150==    by 0x15F207: ap_process_request (http_request.c:282)
==24150==    by 0x15C0C7: ap_process_http_connection (http_core.c:190)
==24150==    by 0x15564F: ap_run_process_connection (connection.c:43)
==24150==    by 0x163DBD: child_main (prefork.c:667)
==24150==    by 0x1644CD: make_child (prefork.c:712)
==24150==    by 0x164C81: ap_mpm_run (prefork.c:988)
==24150==    by 0x139895: main (main.c:755)
==24150== 
==24150== Invalid write of size 8
==24150==    at 0xEF8870C: cookie_error (bucket.c:276)
==24150==    by 0xEF88D30: get_callback (bucket.c:294)
==24150==    by 0xF1B53E7: ??? (in /usr/lib/libcouchbase.so.2.0.19)
==24150==    by 0xF1BCFDB: ??? (in /usr/lib/libcouchbase.so.2.0.19)
==24150==    by 0xF1BFFA1: ??? (in /usr/lib/libcouchbase.so.2.0.19)
==24150==    by 0xF1A646B: ??? (in /usr/lib/libcouchbase.so.2.0.19)
==24150==    by 0x1AFFCCCB: event_base_loop (in /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5.1.7)
==24150==    by 0xF1BDFD4: lcb_wait (in /usr/lib/libcouchbase.so.2.0.19)
==24150==    by 0xEF85A98: pcbc_wait (bucket.c:400)
==24150==    by 0xEF873F3: zim_Bucket_get (bucket.c:934)
==24150==    by 0x9A261A0: zend_do_fcall_common_helper_SPEC (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x99DFB56: execute (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x997E9FB: zend_execute_scripts (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x991E372: php_execute_script (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x9A28899: php_handler (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x14EC8F: ap_run_handler (config.c:159)
==24150==    by 0x14F0DA: ap_invoke_handler (config.c:377)
==24150==    by 0x15F207: ap_process_request (http_request.c:282)
==24150==    by 0x15C0C7: ap_process_http_connection (http_core.c:190)
==24150==    by 0x15564F: ap_run_process_connection (connection.c:43)
==24150==    by 0x163DBD: child_main (prefork.c:667)
==24150==    by 0x1644CD: make_child (prefork.c:712)
==24150==    by 0x164C81: ap_mpm_run (prefork.c:988)
==24150==    by 0x139895: main (main.c:755)
==24150==  Address 0x1ab76988 is 139,880 bytes inside a block of size 262,144 free'd
==24150==    at 0x4C27D4E: free (vg_replace_malloc.c:427)
==24150==    by 0x9958857: zend_mm_shutdown (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x991D08D: php_request_shutdown (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x9A2875E: php_handler (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x14EC8F: ap_run_handler (config.c:159)
==24150==    by 0x14F0DA: ap_invoke_handler (config.c:377)
==24150==    by 0x15F207: ap_process_request (http_request.c:282)
==24150==    by 0x15C0C7: ap_process_http_connection (http_core.c:190)
==24150==    by 0x15564F: ap_run_process_connection (connection.c:43)
==24150==    by 0x163DBD: child_main (prefork.c:667)
==24150==    by 0x1644CD: make_child (prefork.c:712)
==24150==    by 0x164C81: ap_mpm_run (prefork.c:988)
==24150==    by 0x139895: main (main.c:755)
==24150== 
==24150== Invalid read of size 8
==24150==    at 0xEF85A99: pcbc_wait (bucket.c:402)
==24150==    by 0xEF873F3: zim_Bucket_get (bucket.c:934)
==24150==    by 0x9A261A0: zend_do_fcall_common_helper_SPEC (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x99DFB56: execute (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x997E9FB: zend_execute_scripts (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x991E372: php_execute_script (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x9A28899: php_handler (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x14EC8F: ap_run_handler (config.c:159)
==24150==    by 0x14F0DA: ap_invoke_handler (config.c:377)
==24150==    by 0x15F207: ap_process_request (http_request.c:282)
==24150==    by 0x15C0C7: ap_process_http_connection (http_core.c:190)
==24150==    by 0x15564F: ap_run_process_connection (connection.c:43)
==24150==    by 0x163DBD: child_main (prefork.c:667)
==24150==    by 0x1644CD: make_child (prefork.c:712)
==24150==    by 0x164C81: ap_mpm_run (prefork.c:988)
==24150==    by 0x139895: main (main.c:755)
==24150==  Address 0x1ab76988 is 139,880 bytes inside a block of size 262,144 free'd
==24150==    at 0x4C27D4E: free (vg_replace_malloc.c:427)
==24150==    by 0x9958857: zend_mm_shutdown (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x991D08D: php_request_shutdown (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x9A2875E: php_handler (in /usr/lib/apache2/modules/libphp5.so)
==24150==    by 0x14EC8F: ap_run_handler (config.c:159)
==24150==    by 0x14F0DA: ap_invoke_handler (config.c:377)
==24150==    by 0x15F207: ap_process_request (http_request.c:282)
==24150==    by 0x15C0C7: ap_process_http_connection (http_core.c:190)
==24150==    by 0x15564F: ap_run_process_connection (connection.c:43)
==24150==    by 0x163DBD: child_main (prefork.c:667)
==24150==    by 0x1644CD: make_child (prefork.c:712)
==24150==    by 0x164C81: ap_mpm_run (prefork.c:988)
==24150==    by 0x139895: main (main.c:755)

#2

Hey Frisket,

The issue you pointed to is indeed the one to track. I fully expect this issue to be resolved by our next release and intend to drop an interim build to test with prior to this. Please bear with us while we resolve this issue.

Cheers, Brett


#3

New version released! I have a few confirmations that it fixes the known issues you were encountering.
Read more here: http://docs.couchbase.com/developer/php-2.0/release-notes.html

Cheers, Brett