PHP :: Bug #49308 :: random crashes on freeing mysqli result storage

Bug #49308	random crashes on freeing mysqli result storage
Submitted:	2009-08-20 09:12 UTC	Modified:	2010-04-18 12:46 UTC
From:	f4ckm5 at web dot de	Assigned:	mysql (profile)
Status:	Closed	Package:	MySQLi related
PHP Version:	5.3, 6 (2009-08-22)	OS:	Windows Server 2003 SP2 32Bit
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2009-08-20 09:12 UTC] f4ckm5 at web dot de

Description:
------------
PHP Crashes on Freeing Mysqli Result Storage.
It happens randomly on our production machine, when the Server is under medium to heavy load.
I did a Win32 backtrace and captured 10 crashes in merely 5 minutes, each causing the apache httpd.exe worker process to restart.


Reproduce code:
---------------
I happens randomly under greater server load. I could not pin the error to some lines of code. It happens with all the 5.3 builds I tested official 5.3.0 as well as latest snapshot.
It does not happen with 5.2.x at all.

Expected result:
----------------
No crash during mysqli_result_free_storage.

Actual result:
--------------
Thread 196 - System ID 2848
Entry point   msvcrt!_endthreadex+2f 
Create time   20.08.2009 08:57:01 
Time spent in user mode   0 Days 0:0:1.312 
Time spent in kernel mode   0 Days 0:0:0.421 


Function     Arg 1     Arg 2     Arg 3   Source 
php5ts!_zend_mm_free_int+139     012d8bb0     00030004     0071ff46    
php5ts!_efree+36     012293e8     08b3fc40     00725357    
php5ts!_zval_ptr_dtor+66     05565ecc     006ad300     08b3fc20    
php5ts!zend_hash_destroy+27     08b3fb98     08b3fc20     015a1665    
php5ts!zend_object_std_dtor+2b     08b3fc20     012d7970     08b3fc20    
php_mysqli!mysqli_objects_free_storage+25     08b3fc20     012d7970     055331cc    
php_mysqli!mysqli_result_free_storage+28     08b3fc20     012d7970     012d7970    
php5ts!zend_objects_store_del_ref_by_handle_ex+1b6     0000001d     015b1600     012d7970    
php5ts!zend_objects_store_del_ref+1e     0919f470     012d7970     00000000    
php5ts!_zval_dtor_func+76     0919f470     091ac5af     007252a6    
php5ts!_zval_ptr_dtor+5b     091ac594     012d7970     00000000    
php5ts!zend_hash_del_key_or_index+1c6     0566ac60     05557a50     00000007    
php5ts!ZEND_UNSET_VAR_SPEC_CV_HANDLER+6c     046efbfc     012d7970     046efe78    
php5ts!execute+29e     05573a98     012d7900     00000000    
php5ts!zend_execute_scripts+f6     00000008     012d7970     00000000    
php5ts!php_execute_script+22d     046efe78     012d7970     00000003    
php5apache2_2!php_handler+5d0     058b48c8     00615988     058b48c8    
libhttpd!ap_run_handler+21     058b48c8     058b48c8     058b48c8    
libhttpd!ap_invoke_handler+ae     00000000     056330d0     046eff3c    
libhttpd!ap_die+29e     058b48c8     00000000     0065fb90    
libhttpd!ap_get_request_note+1ccc     056330d0     056330d0     056330d0    
libhttpd!ap_run_process_connection+21     056330d0     0062b208     046eff84    
libhttpd!ap_process_connection+33     056330d0     012cf9c0     00000000    
libhttpd!ap_regkey_value_remove+c7c     056330c8     00000000     00000000    
msvcrt!_endthreadex+a3     012a7358     00000000     00000000    
kernel32!BaseThreadStart+34     77b9b4bc     012a7358     00000000    


PHP5TS!_ZEND_MM_FREE_INT+139In httpd__PID__444__Date__08_20_2009__Time_08_57_29AM__615__First chance exception 0XC0000005.dmp the assembly instruction at php5ts!_zend_mm_free_int+139 in C:\PHP\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000010 on thread 196

Module Information 
Image Name: C:\PHP\php5ts.dll
Symbol Type:  PDB 
Base address: 0x006a0000
Time Stamp:  Mon Jun 29 22:24:07 2009  
Checksum: 0x00000000
Comments:   
COM DLL: False
Company Name:  The PHP Group 
ISAPIExtension: False
File Description:  PHP Script Interpreter 
ISAPIFilter: False
File Version:  5.3.0 
Managed DLL: False
Internal Name:  PHP Script Interpreter 
VB DLL: False
Legal Copyright:  Copyright ? 1997-2009 The PHP Group 
Loaded Image Name:  php5ts.dll
Legal Trademarks:  PHP 
Mapped Image Name:
Original filename:  php5ts.dll 
Module name:  php5ts
Private Build:   
Single Threaded:  False
Product Name:  PHP 
Module Size:  5,44 MBytes
Product Version:  5.3.0 
Symbol File Name:  C:\Dokumente und Einstellungen\Administrator.HML\Desktop\php-debug-pack-5.3.0-Win32-VC6-x86\php5ts.pdb
Special Build:  &

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-08-20 09:53 UTC] jani@php.net

Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

[2009-08-21 09:31 UTC] f4ckm5 at web dot de

I used the latest Snapshot 5.3.1-dev from Thu Aug 20 15:19:10 2009

The crashes became less frequent. Instead of 10 in 5 Minutes i caught only 5 in 3.5 hours. But the crashes still occur:

#############################################################

Thread 250 - System ID 9828
Entry point   msvcrt!_endthreadex+2f 
Create time   21.08.2009 09:11:23 
Time spent in user mode   0 Days 0:0:0.171 
Time spent in kernel mode   0 Days 0:0:0.78 


Function     Arg 1     Arg 2     Arg 3   Source 
php5ts!_zend_mm_free_int+139     056cf838     00050004     00720336    
php5ts!_efree+36     012296e8     06894910     00725877    
php5ts!_zval_ptr_dtor+66     068948e4     006ad310     06868980    
php5ts!zend_hash_destroy+27     06876538     06868980     015a1665    
php5ts!zend_object_std_dtor+2b     06868980     056ce490     06868980    
php_mysqli!mysqli_objects_free_storage+25     06868980     056ce490     05a733e4    
php_mysqli!mysqli_result_free_storage+28     06868980     056ce490     056ce490    
php5ts!zend_objects_store_del_ref_by_handle_ex+1b6     0000002b     015b1600     056ce490    
php5ts!zend_objects_store_del_ref+1e     06868960     056ce490     00000000    
php5ts!_zval_dtor_func+76     06868960     00000000     05ab9050    
php5ts!ZEND_ASSIGN_SPEC_CV_VAR_HANDLER+237     0546fbfc     056ce490     0546fe78    
php5ts!execute+29e     05ab9050     056ce400     00000000    
php5ts!zend_execute_scripts+f6     00000008     056ce490     00000000    
php5ts!php_execute_script+22d     0546fe78     056ce490     00000003    
php5apache2_2!php_handler+5d0     012c18b8     00615988     012c18b8    
libhttpd!ap_run_handler+21     012c18b8     012c18b8     012c18b8    
libhttpd!ap_invoke_handler+ae     00000000     012bc860     0546ff3c    
libhttpd!ap_die+29e     012c18b8     00000000     0065fb90    
libhttpd!ap_get_request_note+1ccc     012bc860     012bc860     012bc860    
libhttpd!ap_run_process_connection+21     012bc860     0062b108     0546ff84    
libhttpd!ap_process_connection+33     012bc860     012b1820     00000000    
libhttpd!ap_regkey_value_remove+c7c     012bc858     00000000     00000000    
msvcrt!_endthreadex+a3     012a7d08     00000000     00000000    
kernel32!BaseThreadStart+34     77b9b4bc     012a7d08     00000000    


PHP5TS!_ZEND_MM_FREE_INT+139In httpd__PID__7192__Date__08_21_2009__Time_09_11_24AM__898__First chance exception 0XC0000005.dmp the assembly instruction at php5ts!_zend_mm_free_int+139 in C:\PHP\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x02080174 on thread 250

Module Information 
Image Name: C:\PHP\php5ts.dll
Symbol Type:  PDB 
Base address: 0x006a0000
Time Stamp:  Thu Aug 20 15:19:10 2009  
Checksum: 0x00000000
Comments:   
COM DLL: False
Company Name:  The PHP Group 
ISAPIExtension: False
File Description:  PHP Script Interpreter 
ISAPIFilter: False
File Version:  5.3.1-dev 
Managed DLL: False
Internal Name:  PHP Script Interpreter 
VB DLL: False
Legal Copyright:  Copyright ? 1997-2009 The PHP Group 
Loaded Image Name:  php5ts.dll
Legal Trademarks:  PHP 
Mapped Image Name:  C:\PHP\php5ts.dll
Original filename:  php5ts.dll 
Module name:  php5ts
Private Build:   
Single Threaded:  False
Product Name:  PHP 
Module Size:  5,45 MBytes
Product Version:  5.3.1-dev 
Symbol File Name:  C:\Dokumente und Einstellungen\Administrator.HML\Desktop\php-debug-pack-5.3-win32-VC6-x86-latest\php5ts.pdb
Special Build:  &

[2009-08-26 15:38 UTC] uw@php.net

Any chance to provide a test script? I know its hard, but its also hard to say anything based on the backtrace and without a reproducible test case.

Thanks,
Ulf

[2009-08-29 15:31 UTC] f4ckm5 at web dot de

Do you have any tips on how to find the respective lines of code in a 70000 lines of code project which eventually cause the crash? All i can see is the dying apache worker thread and the corresponding message in the system log. And it is very annoying, that this happens only on the productive system. No crashes on our development and test machines.
I would gladly provide a test script. Just tell me where to start digging.

[2009-09-18 08:37 UTC] uw@php.net

Well, do you have any tips in what to do with the trace? Sorry, but a reproducible case would be much more worth than the trace.

Alternatively, is it possible to enable the mysqlnd trace?

[2010-04-08 18:04 UTC] andrey@php.net

-Status: Assigned +Status: Feedback

[2010-04-08 18:04 UTC] andrey@php.net

Checking if this thing is still alive. Do you get the same problem with 5.3.2?
Thanks!

[2010-04-18 12:46 UTC] andrey@php.net

-Status: Feedback +Status: Closed

[2010-04-18 12:46 UTC] andrey@php.net

Closing on reporter's request:

Sorry,

I would have used the bugtracking system, but the "retrieve password"-function just gave me an empty page this evening...

Currently, I'm no longer involved in the project that gave us this error. I'm not planning in getting involved again. Please feel free to close the bug due to inactivity.

[2010-10-26 10:20 UTC] ilyhich at gmail dot com

Exactly the same error on:
Win 2008
Apache 2.2.16 (and 2.2.17)
MySQL 5.1.50 (on 5.1.51)
php 5.3.3
On production machine, when the Server is under medium load.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed May 01 17:01:29 2024 UTC