PHP :: Bug #63691 :: Segmentation Fault (_zend_mm_free

Bug #63691

Segmentation Fault (_zend_mm_free_int)

Submitted:

2012-12-05 07:16 UTC

Modified:

2014-12-30 10:41 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

shivammaharshi at gmail dot com

Assigned:

Status:

No Feedback

Package:

*General Issues

PHP Version:

5.4.9

OS:

i386-redhat-linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	shivammaharshi at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2012-12-05 07:16 UTC] shivammaharshi at gmail dot com

Description:
------------
I am getting segmentation faults on the live server. Here is the core dump 
below. 
PHP Version : 5.4.6 
Zend Module is Used.
Please Notice that segmentation faults are 50-100 a day in number.
The total hits I am getting on my Live servers are > 10000. So no script can be 
given to reproduce this error. From what I understand this has a problem with 
accessing the variable which has been de-referenced already. Thus getting 
segmentation faults. Kindly help me fix this, or may be suggest a work around.


Core was generated by `/usr/local/apache/bin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/libssl.so.4...done.
Loaded symbols for /lib/libssl.so.4
Reading symbols from /lib/libcrypto.so.4...done.
Loaded symbols for /lib/libcrypto.so.4
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /usr/local/apache/lib/libaprutil-0.so.0...done.
Loaded symbols for /usr/local/apache/lib/libaprutil-0.so.0
Reading symbols from /usr/lib/libgdbm.so.2...done.
Loaded symbols for /usr/lib/libgdbm.so.2
Reading symbols from /usr/lib/tls/i686/libdb-4.2.so...done.
Loaded symbols for /usr/lib/tls/i686/libdb-4.2.so
Reading symbols from /usr/lib/libexpat.so.0...done.
Loaded symbols for /usr/lib/libexpat.so.0
Reading symbols from /usr/local/apache/lib/libapr-0.so.0...done.
Loaded symbols for /usr/local/apache/lib/libapr-0.so.0
Reading symbols from /lib/tls/librt.so.1...done.
Loaded symbols for /lib/tls/librt.so.1
Reading symbols from /lib/tls/libm.so.6...done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/tls/libpthread.so.0...done.
Loaded symbols for /lib/tls/libpthread.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/local/apache/modules/libphp5.so...done.
Loaded symbols for /usr/local/apache/modules/libphp5.so
Reading symbols from /usr/local/mysql/lib/mysql/libmysqlclient.so.15...done.
Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.15
Reading symbols from /usr/lib/libpng12.so.0...done.
Loaded symbols for /usr/lib/libpng12.so.0
Reading symbols from /usr/lib/libjpeg.so.62...done.
Loaded symbols for /usr/lib/libjpeg.so.62
Reading symbols from /usr/lib/libcurl.so.3...done.
Loaded symbols for /usr/lib/libcurl.so.3
Reading symbols from /usr/lib/libidn.so.11...done.
Loaded symbols for /usr/lib/libidn.so.11
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /usr/local/apache/modules/mod_expires.so...done.
Loaded symbols for /usr/local/apache/modules/mod_expires.so
Reading symbols from /usr/local/apache/modules/mod_headers.so...done.
Loaded symbols for /usr/local/apache/modules/mod_headers.so
Reading symbols from /usr/local/apache/modules/mod_rpaf-2.0.so...done.
Loaded symbols for /usr/local/apache/modules/mod_rpaf-2.0.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/xcache.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/xcache.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/pdo.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/pdo.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/pdo_mysql.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/pdo_mysql.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/memcache.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/memcache.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/wordmapping.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/wordmapping.so
Reading symbols from /usr/lib/libstdc++.so.6...done.
Loaded symbols for /usr/lib/libstdc++.so.6
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/oauth.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/oauth.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/mcrypt.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/mcrypt.so
Reading symbols from /usr/local/lib/libmcrypt.so.4...done.
Loaded symbols for /usr/local/lib/libmcrypt.so.4
Reading symbols from /usr/lib/libltdl.so.3...done.
Loaded symbols for /usr/lib/libltdl.so.3
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
832			if (UNEXPECTED(prev->next_free_block != mm_block) || 
UNEXPECTED(next->prev_free_block != mm_block)) {
(gdb) 
			if (UNEXPECTED(prev->next_free_block != mm_block) || 
UNEXPECTED(next->prev_free_block != mm_block)) {



###########analyse this one from bottom to top


#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
#1  0x00582ea1 in destroy_op_array (op_array=0xafbfbf04) at /opt/php-
5.2.6/Zend/zend_opcode.c:234
#2  0x005954c4 in zend_hash_destroy (ht=0xafc7408c) at /opt/php-
5.2.6/Zend/zend_hash.c:526
#3  0x00583162 in destroy_zend_class (pce=0x8e1fbec) at /opt/php-
5.2.6/Zend/zend_opcode.c:186
#4  0x00595698 in zend_hash_apply_deleter (ht=0x8c89850, p=0x8e1fbe0) at 
/opt/php-5.2.6/Zend/zend_hash.c:611
#5  0x00595947 in zend_hash_reverse_apply (ht=0x8c89850, apply_func=0x57f260 
<clean_non_persistent_class>)
    at /opt/php-5.2.6/Zend/zend_hash.c:760
#6  0x0057f8fd in shutdown_executor () at /opt/php-
5.2.6/Zend/zend_execute_API.c:291
#7  0x0058c0f8 in zend_deactivate () at /opt/php-5.2.6/Zend/zend.c:860
#8  0x0055454a in php_request_shutdown (dummy=0x0) at /opt/php-
5.2.6/main/main.c:1486
#9  0x006089de in php_handler (r=0x8df6230) at /opt/php-
5.2.6/sapi/apache2handler/sapi_apache2.c:469
#10 0x0809b54e in ap_run_handler (r=0x8df6230) at config.c:152
#11 0x0809b919 in ap_invoke_handler (r=0x8df6230) at config.c:364
#12 0x0808468d in ap_process_request (r=0x8df6230) at http_request.c:249
#13 0x080801d9 in ap_process_http_connection (c=0x8debff8) at http_core.c:251
#14 0x080a4ae6 in ap_run_process_connection (c=0x8debff8) at connection.c:43
#15 0x08099d29 in child_main (child_num_arg=Variable "child_num_arg" is not 
available.
) at prefork.c:610
#16 0x08099f53 in make_child (s=Variable "s" is not available.
) at prefork.c:704
#17 0x0809a8b9 in ap_mpm_run (_pconf=0x8c2f0a8, plog=0x8c67188, s=0x8c34618) at 
prefork.c:839
#18 0x0809f887 in main (argc=3, argv=0xbfe03244) at main.c:618

(gdb) dump_bt executor_globals.current_execute_data
(gdb) bt
#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
#1  0x00582ea1 in destroy_op_array (op_array=0xafbfbf04) at /opt/php-
5.2.6/Zend/zend_opcode.c:234
#2  0x005954c4 in zend_hash_destroy (ht=0xafc7408c) at /opt/php-
5.2.6/Zend/zend_hash.c:526
#3  0x00583162 in destroy_zend_class (pce=0x8e1fbec) at /opt/php-
5.2.6/Zend/zend_opcode.c:186
#4  0x00595698 in zend_hash_apply_deleter (ht=0x8c89850, p=0x8e1fbe0) at 
/opt/php-5.2.6/Zend/zend_hash.c:611
#5  0x00595947 in zend_hash_reverse_apply (ht=0x8c89850, apply_func=0x57f260 
<clean_non_persistent_class>)
    at /opt/php-5.2.6/Zend/zend_hash.c:760
#6  0x0057f8fd in shutdown_executor () at /opt/php-
5.2.6/Zend/zend_execute_API.c:291
#7  0x0058c0f8 in zend_deactivate () at /opt/php-5.2.6/Zend/zend.c:860
#8  0x0055454a in php_request_shutdown (dummy=0x0) at /opt/php-
5.2.6/main/main.c:1486
#9  0x006089de in php_handler (r=0x8df6230) at /opt/php-
5.2.6/sapi/apache2handler/sapi_apache2.c:469
#10 0x0809b54e in ap_run_handler (r=0x8df6230) at config.c:152
#11 0x0809b919 in ap_invoke_handler (r=0x8df6230) at config.c:364
#12 0x0808468d in ap_process_request (r=0x8df6230) at http_request.c:249
#13 0x080801d9 in ap_process_http_connection (c=0x8debff8) at http_core.c:251
#14 0x080a4ae6 in ap_run_process_connection (c=0x8debff8) at connection.c:43
#15 0x08099d29 in child_main (child_num_arg=Variable "child_num_arg" is not 
available.
) at prefork.c:610
#16 0x08099f53 in make_child (s=Variable "s" is not available.
) at prefork.c:704
#17 0x0809a8b9 in ap_mpm_run (_pconf=0x8c2f0a8, plog=0x8c67188, s=0x8c34618) at 
prefork.c:839
#18 0x0809f887 in main (argc=3, argv=0xbfe03244) at main.c:618


(gdb) bt full
#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
	prev = Variable "prev" is not available.

(gdb) frame
#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
832			if (UNEXPECTED(prev->next_free_block != mm_block) || 
UNEXPECTED(next->prev_free_block != mm_block)) {
(gdb) frame 2
#2  0x005954c4 in zend_hash_destroy (ht=0xafc7408c) at /opt/php-
5.2.6/Zend/zend_hash.c:526
526				ht->pDestructor(q->pData);
(gdb)

(gdb) info locals
p = (Bucket *) 0xafbfbf98
q = (Bucket *) 0xafbfbecc
(gdb) info args
ht = (HashTable *) 0xafc7408c
(gdb) 

(gdb) bt full
#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
	prev = Variable "prev" is not available

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-12-05 08:59 UTC] laruence@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

if there is no test script,  then we can not do anything...

please, try to refine a reproduce script or scripts.

thanks

[2012-12-05 08:59 UTC] laruence@php.net

-Status: Open +Status: Feedback

[2012-12-05 10:23 UTC] shivammaharshi at gmail dot com

I won't be able to pass a sample script for this. As I said even if I did, it 
would be very improbable that you produce this error. It happens in high load 
condition, that too a very few times. As you guys have knowledge about how the 
memory manager in php works. I was hoping may be you can give some quick fix or 
configuration setting which will help reduce them a little.

[2012-12-05 10:23 UTC] shivammaharshi at gmail dot com

-Status: Feedback +Status: Open

[2013-12-05 17:24 UTC] mike@php.net

-Status: Open +Status: Feedback

[2013-12-05 17:24 UTC] mike@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2014-12-30 10:41 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 02:01:29 2024 UTC