ID: 20986 Comment by: mee at huyou dot com Reported By: louis at sixnet dot net Status: No Feedback Bug Type: Apache related Operating System: RedHat Linux 7.1 & 8.0 PHP Version: 4.2.2 New Comment:
~ from china Previous Comments: ------------------------------------------------------------------------ [2003-01-07 01:00:10] php-bugs at lists dot php dot net No feedback was provided for this bug for over 2 weeks, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2002-12-22 01:10:25] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-latest.zip ------------------------------------------------------------------------ [2002-12-13 04:13:22] louis at sixnet dot net This bug has been discussed over at RedHat's Bugzilla. See http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=70846 A quick synopsis of how I get it to misbehave: Create the following simple PHP script and access it through a web browser: <?php $crash = array( 0 => 2, 'test' => 2, 1 => 'hello', 'say' => 'hello', 2 => 42, 'life' => 42, 3 => 'this should help \'crash\' the machine', 'hoho' => 'this should help \'crash\' the machine'); print_r($crash); for( $i=0; $i<count($crash); $i++ ) $crash[$i] = stripslashes($crash[$i]); print_r($crash); ?> It should die with an error similar to this: Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 35 bytes) in /home/****/crash.php on line 14 Reload this page a good 5-10 times. If you run 'ipcs -s' and then restart apache and run 'ipcs -s' again you will find that the number of semaphore arrays has increased and the first few semid's are unchanged (not having been freed when apache shutdown?). If you rinse and repeat the above with a crude shell script like: while [ true ]; do wget -O - http://localhost/crash.php wget -O - http://localhost/crash.php wget -O - http://localhost/crash.php wget -O - http://localhost/crash.php wget -O - http://localhost/crash.php wget -O - http://localhost/crash.php wget -O - http://localhost/crash.php wget -O - http://localhost/crash.php wget -O - http://localhost/crash.php wget -O - http://localhost/crash.php ipcs -s|grep apache|wc /etc/rc.d/init.d/httpd restart sleep 1 ipcs -s|grep apache|wc done then you'll find the semaphore array numbers increasing slowly and apache taking longer and longer to do each restart until eventually (once all 128 semaphore arrays are used) it refuses to start at all with the message reported earlier in this bug (70846): Starting httpd: Ouch! ap_mm_create(1048576, "/var/run/httpd.mm.5619") failed Error: MM: mm:core: failed to acquire semaphore (No space left on device): OS: Invalid argument [FAILED] Just restarting apache in a loop without loading crash.php on a freshly booted system does not cause the number of semaphores to spiral - it stays constant at 5. This is verifyable on multiple RH7.1 and a RH8.0 machine, all fully updated through RHN (except for kernels). RedHat have literally just released an updated mm package which stops the use of kernel semaphores so that the leaks should not cause Apache problems so quickly (ie more than 128 are now allowed), but none-the-less there RedHat agree there is still a PHP problem. Louis ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=20986&edit=1