php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56751 glibc detected - httpd child process died
Submitted: 2005-12-28 07:14 UTC Modified: 2010-03-26 11:37 UTC
From: darko dot bunic at hrt dot hr Assigned: grantc@php.net (profile)
Status: Closed Package: ingres (PECL)
PHP Version: 1.2.1 OS: Linux FC4
Private report: No CVE-ID: None
 [2005-12-28 07:14 UTC] darko dot bunic at hrt dot hr
Description:
------------
Sometimes we can see following error in error_log. We assume that ingres_ii.so cause error. httpd is Apache/2.0.54, PHP is latest snapshot (5.1.2-dev), we have ingres r3 (client library to connect to database server with openingres 2.6)

Here are versions of our gcc, glibc and so on ...
glibc-2.3.5-10.3
kernel-smp-2.6.14-1.1653_FC4
gcc-4.0.2-8.fc4
libgcc-4.0.2-8.fc4
gcc-c++-4.0.2-8.fc4


From httpd error_log:
*** glibc detected *** /usr/sbin/httpd: free(): invalid pointer: 0x09901b08 ***
======= Backtrace: =========
/lib/libc.so.6[0x4cc124]
/lib/libc.so.6(__libc_free+0x77)[0x4cc65f]
/usr/lib/php/modules/ingres_ii.so[0x4362e1]
/etc/httpd/modules/libphp5.so(list_entry_destructor+0x90)[0x74052ff]
/etc/httpd/modules/libphp5.so(zend_hash_del_key_or_index+0x22e)[0x7404142]
/etc/httpd/modules/libphp5.so(_zend_list_delete+0x7f)[0x7404f91]
/usr/lib/php/modules/ingres_ii.so(zm_deactivate_ii+0x29)[0x4348d0]
/etc/httpd/modules/libphp5.so(module_registry_cleanup+0x20)[0x73fc693]
/etc/httpd/modules/libphp5.so(zend_hash_apply+0x3c)[0x74027a0]
/etc/httpd/modules/libphp5.so(zend_deactivate_modules+0x7e)[0x73fa6e4]
/etc/httpd/modules/libphp5.so(php_request_shutdown+0x498)[0x73bc33a]
/etc/httpd/modules/libphp5.so[0x748989a]
/usr/sbin/httpd(ap_run_handler+0x41)[0x2b0edc]
/usr/sbin/httpd(ap_invoke_handler+0x5d)[0x2b1277]
/usr/sbin/httpd(ap_process_request+0x172)[0x2addb1]
/usr/sbin/httpd[0x2a8693]
/usr/sbin/httpd(ap_run_process_connection+0x41)[0x2bbabb]
/usr/sbin/httpd(ap_process_connection+0x51)[0x2bbdf0]
/usr/sbin/httpd[0x2aed3e]
/usr/sbin/httpd[0x2aeffa]
/usr/sbin/httpd(ap_mpm_run+0xc55)[0x2afd30]
/usr/sbin/httpd(main+0x5cb)[0x2b684e]
/lib/libc.so.6(__libc_start_main+0xdf)[0x47dd5f]
/usr/sbin/httpd[0x2a8151]
======= Memory map: ========
[Wed Dec 28 07:39:16 2005] [notice] child pid 19859 exit signal Aborted (6)


Reproduce code:
---------------
We can not post reproduce code unfortunately ... error is occuring from time to time and we are asking for help


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-28 07:23 UTC] darko dot bunic at hrt dot hr
package ingres version is 1.2.1
 [2005-12-29 03:01 UTC] darko dot bunic at hrt dot hr
This morning we have another message:

*** glibc detected *** /usr/sbin/httpd: double free or corruption (out): 0x09e5e7e0 ***
======= Backtrace: =========
/lib/libc.so.6[0x236124]
/lib/libc.so.6(__libc_free+0x77)[0x23665f]
/usr/lib/php/modules/ingres_ii.so[0xc612e1]
/etc/httpd/modules/libphp5.so(list_entry_destructor+0x90)[0x515e2ff]
/etc/httpd/modules/libphp5.so(zend_hash_del_key_or_index+0x22e)[0x515d142]
/etc/httpd/modules/libphp5.so(_zend_list_delete+0x7f)[0x515df91]
/usr/lib/php/modules/ingres_ii.so(zm_deactivate_ii+0x29)[0xc5f8d0]
/etc/httpd/modules/libphp5.so(module_registry_cleanup+0x20)[0x5155693]
/etc/httpd/modules/libphp5.so(zend_hash_apply+0x3c)[0x515b7a0]
/etc/httpd/modules/libphp5.so(zend_deactivate_modules+0x7e)[0x51536e4]
/etc/httpd/modules/libphp5.so(php_request_shutdown+0x498)[0x511533a]
/etc/httpd/modules/libphp5.so[0x51e289a]
/usr/sbin/httpd(ap_run_handler+0x41)[0xa8dedc]
/usr/sbin/httpd(ap_invoke_handler+0x5d)[0xa8e277]
/usr/sbin/httpd(ap_process_request+0x172)[0xa8adb1]
/usr/sbin/httpd[0xa85693]
/usr/sbin/httpd(ap_run_process_connection+0x41)[0xa98abb]
/usr/sbin/httpd(ap_process_connection+0x51)[0xa98df0]
/usr/sbin/httpd[0xa8bd3e]
/usr/sbin/httpd[0xa8bffa]
/usr/sbin/httpd[0xa8c0ca]
/usr/sbin/httpd(ap_mpm_run+0x9d0)[0xa8caab]
/usr/sbin/httpd(main+0x5cb)[0xa9384e]
/lib/libc.so.6(__libc_start_main+0xdf)[0x1e7d5f]
/usr/sbin/httpd[0xa85151]
======= Memory map: ========
[Thu Dec 29 08:47:53 2005] [notice] child pid 32489 exit signal Aborted (6)
 [2005-12-29 05:29 UTC] grantc@php.net
Hi,

it looks like the problem is occuring during shutdown. Is there any chance you can build the extension and PHP in debug? That should provide a better indication as to where the problem is occuring.

thanks

grant
 [2005-12-29 08:37 UTC] darko dot bunic at hrt dot hr
Hi,
no problem. We have built php in debug mode and here is output from error_log (thanks in advance for your assistance):

*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev): 0x08cb88b8 ***
[Thu Dec 29 13:50:39 2005]  Script:  '/var/www/html/partis/public/tv_program_3/frame2.xml'
/usr/src/redhat/BUILD/php-5.1.1/ext/ingres_ii/ii.c(2195) :  Freeing 0x08C7098C (32 bytes), script=/var/www/html/partis/public/tv_program_3/frame2.xml
/usr/src/redhat/BUILD/php-5.1.1/Zend/zend_hash.c(169) : Actual location (location was relayed)
Last leak repeated 1 time
=== Total 2 memory leaks detected ===
[Thu Dec 29 13:51:01 2005]  Script:  '/var/www/html/partishr/public/zanr/frame_bottom.xml'
/usr/src/redhat/BUILD/php-5.1.1/ext/ingres_ii/ii.c(2195) :  Freeing 0x08C8D8BC (32 bytes), script=/var/www/html/partishr/public/zanr/frame_bottom.xml
/usr/src/redhat/BUILD/php-5.1.1/Zend/zend_hash.c(169) : Actual location (location was relayed)
Last leak repeated 1 time
=== Total 2 memory leaks detected ===
[Thu Dec 29 13:51:18 2005]  Script:  '/var/www/html/partis/public/tv_program_3/frame2.xml'
/usr/src/redhat/BUILD/php-5.1.1/ext/ingres_ii/ii.c(2195) :  Freeing 0x08CC53D4 (32 bytes), script=/var/www/html/partis/public/tv_program_3/frame2.xml
/usr/src/redhat/BUILD/php-5.1.1/Zend/zend_hash.c(169) : Actual location (location was relayed)
Last leak repeated 1 time
=== Total 2 memory leaks detected ===
[Thu Dec 29 13:51:26 2005]  Script:  '/var/www/html/partis/public/tv_program_3/frame2.xml'
/usr/src/redhat/BUILD/php-5.1.1/ext/ingres_ii/ii.c(2195) :  Freeing 0x08C86EA4 (32 bytes), script=/var/www/html/partis/public/tv_program_3/frame2.xml
/usr/src/redhat/BUILD/php-5.1.1/Zend/zend_hash.c(169) : Actual location (location was relayed)
Last leak repeated 1 time
=== Total 2 memory leaks detected ===
[Thu Dec 29 13:52:31 2005]  Script:  '/var/www/html/partis/public/tkosam/frame1.xml'
/usr/src/redhat/BUILD/php-5.1.1/ext/ingres_ii/ii.c(2195) :  Freeing 0x08C812FC (32 bytes), script=/var/www/html/partis/public/tkosam/frame1.xml
/usr/src/redhat/BUILD/php-5.1.1/Zend/zend_hash.c(169) : Actual location (location was relayed)
Last leak repeated 1 time
=== Total 2 memory leaks detected ===
[Thu Dec 29 13:52:55 2005]  Script:  '/var/www/html/partishr/public/pretraga/iframe_poglavlje.xml'
/usr/src/redhat/BUILD/php-5.1.1/ext/ingres_ii/ii.c(2195) :  Freeing 0x08CD0174 (32 bytes), script=/var/www/html/partishr/public/pretraga/iframe_poglavlje.xml
/usr/src/redhat/BUILD/php-5.1.1/Zend/zend_hash.c(169) : Actual location (location was relayed)
Last leak repeated 1 time
=== Total 2 memory leaks detected ===
[Thu Dec 29 13:54:58 2005]  Script:  '/var/www/html/partishr/public/pretraga/frame_bottom.xml'
/usr/src/redhat/BUILD/php-5.1.1/ext/ingres_ii/ii.c(2195) :  Freeing 0x08CA8584 (32 bytes), script=/var/www/html/partishr/public/pretraga/frame_bottom.xml
/usr/src/redhat/BUILD/php-5.1.1/Zend/zend_hash.c(169) : Actual location (location was relayed)
Last leak repeated 3 times
=== Total 4 memory leaks detected ===
[Thu Dec 29 13:59:57 2005]  Script:  '/var/www/html/_acl/login/do-login.php'
/usr/src/redhat/BUILD/php-5.1.1/ext/ingres_ii/ii.c(2195) :  Freeing 0x08CA25A4 (32 bytes), script=/var/www/html/_acl/login/do-login.php
/usr/src/redhat/BUILD/php-5.1.1/Zend/zend_hash.c(169) : Actual location (location was relayed)
Last leak repeated 1 time
 [2005-12-29 08:45 UTC] darko dot bunic at hrt dot hr
Sorry, as we can see in ii.c source, line 2195 is:
array_init(return_value);
in function "php_ii_fetch" ....

We have added few comments about changes in ii.c source:
/*
line:
 ifdef COMPILE_DL_INGRES
changed to:
 ifdef COMPILE_DL_INGRES_II
*/

because of errors during the compilation ...
Without that change, ingres module wasn't working.
 [2006-03-03 03:26 UTC] darko dot bunic at hrt dot hr
Hi,
we are still waiting for debug of memory leaks and crashing httpd child processes.

In the meantime we noticed change in ingres_fetch_row function.
After upgrade to PHP5 and new ingres driver, ingres_fetch_row
returns result array starting from index 0.

In manual http://www.php.net/manual/en/function.ingres-fetch-row.php
function is described as follows:

"ingres_fetch_row() returns an array that corresponds to the fetched row, 
or FALSE if there are no more rows. Each result column is stored in an 
array offset, starting at offset 1."

It's more appropriate that all arrays start from index 0, but ingres_field_name
function still works on old fashion :)

So, workaround in PHP script with example loop looks like:

while($row = ingres_fetch_row($link)){
	for ($i=0; $i<count($row); $i++){
		print ingres_field_name($i+1, $link) .' -> '. $row[$i] . '<br>';
	}
}

As you can see, loop now goes from 0 and I have to add +1 in ingres_field_name index.

Nice, but can we expect same behavior of this two functions (and other).

Thanks for your assistance.
 [2006-04-19 07:30 UTC] grantc@php.net
Hi darko,

apologies for the delay in looking this. I believe the problem has been fixed. Can you check out the latest code from CVS. I have run valgrind against the code and am unable see the SEGV on unload of the PHP module.

Regarding the array index change. That has been reverted. If in future you wish to have arrays index from 0 and not 1 there is an ini setting, ingres.array_index_start, that controls this.

regards

grant
 [2006-05-04 02:06 UTC] darko dot bunic at hrt dot hr
Hi Grant,

As we can see for the past few days, ingres driver works much much stable.
Now we can go on with migration from old server to new one. 
Thanks for your assistance.

Regarding array indexes. In your latest relase you created an option to
let us choose wether arrays will start from 0 or 1. This options only
affects function "ingres_fetch_row" but other functions such as
"ingres_field_name" are unaffected by this setting and always return
arrays that are 1-base indexed. We think that you shoud be consistent and
consider making "ingres.array_index_start" variable affect all ingres
function, not only "ingres_fetch_row".

In ii.c we had to change some lines in order to make ingres
extension functionable. Since ingres extension is no longer 
bundled with php, we have downloaded it from PECL and copied
it into "ext/ingres_ii" directory under php root directory before
compilation. Ingres extension is named "ingres_ii" and not "ingres" 
so we had to do change some lines in your code.

These are the original lines:
----------------------------
#ifdef COMPILE_DL_INGRES
ZEND_GET_MODULE(ingres)
#endif
----------------------------

This is what we changes:
----------------------------
#ifdef COMPILE_DL_INGRES_II
ZEND_GET_MODULE(ingres)
#endif
----------------------------
 [2006-05-04 03:33 UTC] grantc@php.net
Hi Darko

Many thanks for getting back to me - its good to see the SEGV has been nailed. Regarding the change of array start for fields etc. good point. As for making the change to be able to build within the PHP source tree. The preferred way to build is to use phpize against the ingres source. That will then create you a shared library that can be changed without needing to rebuild all of PHP. Alternatively copy the pecl/ingres directory to ext and remove ext/ingres_ii. Then you need to run buildconf --force from the main php dir before running configure.

thanks again

grant
 [2010-03-26 07:57 UTC] jitendra dot admin at gmail dot com
*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev)
Debian 5.0 (2.6.26-2-686 #1 SMP )
ii  linux-image-2.6-686               2.6.26+17+lenny1           Linux 2.6 image on PPro/Celeron/PII/PIII/P4
ii  linux-image-2.6.26-2-686          2.6.26-21lenny3            Linux 2.6.26 image on PPro/Celeron/PII/PIII/P4
ii  linux-libc-dev                    2.6.26-21lenny3            Linux support headers for userspace development
###################################################################
GCC:
ii  gcc                               4:4.3.2-2                  The GNU C compiler
ii  gcc-4.1-base                      4.1.2-25                   The GNU Compiler Collection (base package)
ii  gcc-4.2-base                      4.2.4-6                    The GNU Compiler Collection (base package)
ii  gcc-4.3                           4.3.2-1.1                  The GNU C compiler
ii  gcc-4.3-base                      4.3.2-1.1                  The GNU Compiler Collection (base package)
ii  gcc-4.3-locales                   4.3.2-1.1                  The GNU C compiler (native language support files)
ii  gcc-4.3-multilib                  4.3.2-1.1                  The GNU C compiler (multilib files)
ii  gcc-multilib                      4:4.3.2-2                  The GNU C compiler (multilib files)
ii  lib64gcc1                         1:4.3.2-1.1                GCC support library (64bit)
ii  libgcc1                           1:4.3.2-1.1                GCC support library
ii  libgcc1-dbg                       1:4.3.2-1.1                GCC support library (debug symbols)
#######################################################################
=>libc:
ii  klibc-utils                       1.5.12-2                   small utilities built with klibc for early boot
ii  libc6                             2.7-18lenny2               GNU C Library: Shared libraries
ii  libc6-amd64                       2.7-18lenny2               GNU C Library: 64bit Shared libraries for AMD64
ii  libc6-dev                         2.7-18lenny2               GNU C Library: Development Libraries and Header Files
ii  libc6-dev-amd64                   2.7-18lenny2               GNU C Library: 64bit Development Libraries for AMD64
ii  libc6-i686                        2.7-18lenny2               GNU C Library: Shared libraries [i686 optimized]
ii  libcap1                           1:1.10-14                  support for getting/setting POSIX.1e capabilities
ii  libcomerr2                        1.41.3-1                   common error description library
ii  libcompress-raw-zlib-perl         2.012-1lenny1              low-level interface to zlib compression library
ii  libcompress-zlib-perl             2.012-1                    Perl module for creation and manipulation of gzip files
ii  libconsole                        1:0.2.3dbs-65.1            Shared libraries for Linux console and font manipulation
ii  libconvert-binhex-perl            1.119+pristine-3           Perl5 module for extracting data from macintosh BinHex files
ii  libcrypt-ssleay-perl              0.57-1+b1                  Support for https protocol in LWP
ii  libcups2                          1.3.8-1+lenny7             Common UNIX Printing System(tm) - libs
ii  libcupsimage2                     1.3.8-1+lenny7             Common UNIX Printing System(tm) - image libs
ii  libcwidget3                       0.5.12-4                   high-level terminal interface library for C++ (runtime files)
ii  libklibc                          1.5.12-2                   minimal libc subset for use with initramfs
ii  liblocale-gettext-perl            1.05-4                     Using libc functions for internationalization in Perl
ii  linux-libc-dev                    2.6.26-21lenny3            Linux support headers for userspace development
ii  zlibc                             0.9k-4                     An on-fly auto-uncompressing C library
#######################################################################
=>APACHE: apache_1.3.41
=> PHP: php-5.1.5
#######################################################################

Suddenly i am getting high load (CPU,Memory), as well as this error at the time of shutdown the apache..

[Thu Mar 25 09:49:46 2010] [warn] child process 4431 still did not exit, sending a SIGTERM
[Thu Mar 25 09:49:46 2010] [warn] child process 4432 still did not exit, sending a SIGTERM
*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev): 0x08100bf8 ***
*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev): 0x08100bf8 ***
*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev): 0x0812e398 ***
*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev): 0x08100bf8 ***
*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev): 0x0812e398 ***
*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev): 0x08100bf8 ***
*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev): 0x08100bf8 ***
*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev): 0x08100bf8 ***
*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev): 0x08100bf8 ***
*** glibc detected *** /usr/sbin/httpd: double free or corruption (!prev): 0x08100bf8 ***
======= Backtrace: =========
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0xb7e09624]
======= Backtrace: =========
/lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7e0b826]
/lib/i686/cmov/libc.so.6[0xb7e09624]
/lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7e0b826]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(zend_shutdown+0x12)[0xb799fb72]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(zend_shutdown+0x12)[0xb799fb72]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown+0x35)[0xb7962e95]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown+0x35)[0xb7962e95]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown_wrapper+0xb)[0xb7962f3b]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown_wrapper+0xb)[0xb7962f3b]
/usr/sbin/httpd(ap_child_exit_modules+0x57)[0x806ff1e]
/usr/sbin/httpd(ap_child_exit_modules+0x57)[0x806ff1e]
/usr/sbin/httpd[0x807750e]
======= Backtrace: =========
/usr/sbin/httpd[0x80795df]
[0xb7f73400]
/lib/i686/cmov/libc.so.6[0xb7e09624]
/lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7e0b826]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(zend_hash_destroy+0x3e)[0xb79a86fe]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(zend_shutdown+0x8b)[0xb799fbeb]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(zend_shutdown+0x12)[0xb799fb72]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown+0x35)[0xb7962e95]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown+0x35)[0xb7962e95]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown_wrapper+0xb)[0xb7962f3b]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown_wrapper+0xb)[0xb7962f3b]
/usr/sbin/httpd(ap_child_exit_modules+0x57)[0x806ff1e]
/usr/sbin/httpd(ap_child_exit_modules+0x57)[0x806ff1e]
/lib/i686/cmov/libc.so.6[0xb7e09624]
/usr/sbin/httpd[0x807750e]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(zend_hash_destroy+0x3e)[0xb79a86fe]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(zend_shutdown+0x12)[0xb799fb72]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(zend_shutdown+0x8b)[0xb799fbeb]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown+0x35)[0xb7962e95]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown+0x35)[0xb7962e95]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown_wrapper+0xb)[0xb7962f3b]
/usr/sbin/httpd(ap_child_exit_modules+0x57)[0x806ff1e]
/usr/sbin/httpd[0x807750e]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(php_module_shutdown_wrapper+0xb)[0xb7962f3b]
/usr/sbin/httpd[0x80795df]
[0xb7f73400]
/usr/sbin/httpd(ap_child_exit_modules+0x57)[0x806ff1e]
/usr/sbin/httpd[0x807750e]
/usr/sbin/httpd[0x80795df]
[0xb7f73400]
/usr/sbin/httpd[0x807b3f0]
/usr/sbin/httpd[0x807b7e0]
/usr/sbin/httpd[0x807beb5]
/usr/sbin/httpd(main+0x3d2)[0x807c560]
/usr/local/apache-1.3.41-DSO/libexec/libphp5.so(zend_hash_destroy+0x3e)[0xb79a86fe]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7db1455]
/usr/sbin/httpd[0x8050de1]
======= Memory map: ========
 [2010-03-26 11:36 UTC] grant dot croker at ingres dot com
Hi jitendra dot admin at gmail dot com

this bug is closed and I fail to see how it relates to the 
Ingres PHP driver.

grant
 [2010-03-26 11:37 UTC] grant dot croker at ingres dot com
Sorry I meant I fail to see how your update relates to the 
Ingres driver.
 [2012-01-18 13:59 UTC] jitendra dot admin at gmail dot com
after upgrade php5.3.8 also same issue is comming.....
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 14:01:29 2024 UTC