php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72029 zend_hash_destroy crashing apache service
Submitted: 2016-04-15 10:02 UTC Modified: 2016-05-15 04:22 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: diprajkuwar at gmail dot com Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: Irrelevant OS: Windows Server 2012
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: diprajkuwar at gmail dot com
New email:
PHP Version: OS:

 

 [2016-04-15 10:02 UTC] diprajkuwar at gmail dot com
Description:
------------
I am using Apache 2.4.17 and PHP 7.0.0 ( thread safe ) all 64 bit on windows server 2012 and php is being confiugred as the apache module.  Recently I noticed that my apache process crashes frequently, so i monitored the logs and using windbg tool and crash dump we found below details
-----------------------

*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


DUMP_CLASS: 2

DUMP_QUALIFIER: 400

CONTEXT:  (.ecxr)
rax=0000000a3cf3d698 rbx=00000000c0000374 rcx=00007ffe3397a000
rdx=0000000000000000 rsi=0000000000000000 rdi=00007ffe35e7ed40
rip=00007ffe35e41b70 rsp=0000000a3cf3db30 rbp=0000000000000000
 r8=0000000000000003  r9=00007ffe35e7eda8 r10=00007ffe35da3dc7
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000008 r15=0000000000000001
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
ntdll!RtlReportCriticalFailure+0x8c:
00007ffe`35e41b70 eb00            jmp     ntdll!RtlReportCriticalFailure+0x8e (00007ffe`35e41b72)
Resetting default scope

FAULTING_IP: 
ntdll!RtlReportCriticalFailure+8c
00007ffe`35e41b70 eb00            jmp     ntdll!RtlReportCriticalFailure+0x8e (00007ffe`35e41b72)

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ffe35e41b70 (ntdll!RtlReportCriticalFailure+0x000000000000008c)
   ExceptionCode: c0000374
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 00007ffe35e7ed40

PROCESS_NAME:  httpd.exe

ERROR_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.

EXCEPTION_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.

EXCEPTION_CODE_STR:  c0000374

EXCEPTION_PARAMETER1:  00007ffe35e7ed40

WATSON_BKT_PROCSTAMP:  57039cd6

WATSON_BKT_PROCVER:  2.4.20.0

PROCESS_VER_PRODUCT:  Apache HTTP Server

WATSON_BKT_MODULE:  ntdll.dll

WATSON_BKT_MODSTAMP:  56951674

WATSON_BKT_MODOFFSET:  f1b70

WATSON_BKT_MODVER:  6.3.9600.18194

MODULE_VER_PRODUCT:  Microsoft® Windows® Operating System

BUILD_VERSION_STRING:  6.3.9600.17415 (winblue_r4.141028-1500)

MODLIST_WITH_TSCHKSUM_HASH:  79305b621530bc5936373f698644f46e8a6553eb

MODLIST_SHA1_HASH:  b9551ed0f2752f1cb445a13d3f9d6c6b3fbcaa21

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

PRODUCT_TYPE:  3

SUITE_MASK:  272

DUMP_FLAGS:  8000c07

DUMP_TYPE:  0

APP:  httpd.exe

ANALYSIS_SESSION_HOST:  GRC7-UAT-KBOX1

ANALYSIS_SESSION_TIME:  04-15-2016 02:30:30.0309

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

THREAD_ATTRIBUTES: 
LAST_CONTROL_TRANSFER:  from 00007ffe35e44db2 to 00007ffe35e41b70

FAULTING_THREAD:  ffffffff

THREAD_SHA1_HASH_MOD_FUNC:  64e2788a1e73f7e49b0b0fd2452b91f86267cd91

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  30f877e44f24ff3ed9b2116d8543c2340c2c0b05

OS_LOCALE:  ENU

PROBLEM_CLASSES: 



ACTIONABLE_HEAP_CORRUPTION
    Tid    [0x890]
    Frame  [0x02]: ntdll!RtlpLogHeapFailure
    String [heap_failure_block_not_busy]
    Failure Bucketing



DOUBLE_FREE
    Tid    [0x890]
    Frame  [0x02]: ntdll!RtlpLogHeapFailure


BUGCHECK_STR:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_DOUBLE_FREE

DEFAULT_BUCKET_ID:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy

STACK_TEXT:  
00007ffe`35e7eda8 00007ffe`35dfa56f ntdll!RtlFreeHeap+0x74eff
00007ffe`35e7edb0 00007ffe`2d74419b ucrtbase!free+0x1b
00007ffe`35e7edb8 00007ffe`16eb565f php7ts!zend_hash_destroy+0x5f
00007ffe`35e7edc0 00007ffe`172330d8 php7ts!libiconv_set_relocation_prefix+0x10b38
00007ffe`35e7edc8 00007ffe`16ebdedc php7ts!destroy_op_array+0x3ec
00007ffe`35e7edd0 00007ffe`16eb9934 php7ts!execute_ex+0x44
00007ffe`35e7edd8 00007ffe`16ee48b8 php7ts!zend_execute+0x1e8
00007ffe`35e7ede0 00007ffe`16ee458b php7ts!zend_execute_scripts+0x13b
00007ffe`35e7ede8 00007ffe`16ee43b6 php7ts!php_execute_script+0x4c6
00007ffe`35e7edf0 00007ffe`2f943c19 php7apache2_4+0x3c19
00007ffe`35e7edf8 00000000`68bbe415 libhttpd!ap_run_handler+0x35
00007ffe`35e7ee00 00000000`68bbd270 libhttpd!ap_invoke_handler+0x110
00007ffe`35e7ee08 00000000`68bb9a86 libhttpd!ap_internal_redirect+0x36
00007ffe`35e7ee10 00000000`68975258 mod_rewrite+0x5258
00007ffe`35e7ee18 00000000`68bbe415 libhttpd!ap_run_handler+0x35
00007ffe`35e7ee20 00000000`68bbd270 libhttpd!ap_invoke_handler+0x110
00007ffe`35e7ee28 00000000`68bb9a86 libhttpd!ap_internal_redirect+0x36
00007ffe`35e7ee30 00000000`68975258 mod_rewrite+0x5258
00007ffe`35e7ee38 00000000`68bbe415 libhttpd!ap_run_handler+0x35
00007ffe`35e7ee40 00000000`68bbd270 libhttpd!ap_invoke_handler+0x110
00007ffe`35e7ee48 00000000`68bb9d3a libhttpd!ap_internal_redirect_handler+0x29a
00007ffe`35e7ee50 00000000`68bb9dc7 libhttpd!ap_process_request+0x17
00007ffe`35e7ee58 00000000`68bb3b2f libhttpd!ap_byterange_filter+0x152f
00007ffe`35e7ee60 00000000`68bc11d5 libhttpd!ap_run_process_connection+0x35
00007ffe`35e7ee68 00000000`68bd0f14 libhttpd!ap_run_generate_log_id+0x3f24
00007ffe`35e7ee70 00007ffe`338613d2 kernel32!BaseThreadInitThunk+0x22
00007ffe`35e7ee78 00007ffe`35d654e4 ntdll!RtlUserThreadStart+0x34


STACK_COMMAND:  dps 7ffe35e7eda8 ; kb

THREAD_SHA1_HASH_MOD:  551070382f5ec06819b0d0fe3ecbf1630b278e84

FOLLOWUP_IP: 
php7ts!zend_hash_destroy+5f
00007ffe`16eb565f 488b4f18        mov     rcx,qword ptr [rdi+18h]

FAULT_INSTR_CODE:  184f8b48

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  php7ts!zend_hash_destroy+5f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: php7ts

IMAGE_NAME:  php7ts.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  5660848c

FAILURE_BUCKET_ID:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_c0000374_php7ts.dll!zend_hash_destroy

BUCKET_ID:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_DOUBLE_FREE_php7ts!zend_hash_destroy+5f

PRIMARY_PROBLEM_CLASS:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_DOUBLE_FREE_php7ts!zend_hash_destroy+5f

BUCKET_ID_OFFSET:  5f

BUCKET_ID_MODULE_STR:  php7ts

BUCKET_ID_MODTIMEDATESTAMP:  5660848c

BUCKET_ID_MODCHECKSUM:  820932

BUCKET_ID_MODVER_STR:  7.0.0.0

BUCKET_ID_PREFIX_STR:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_DOUBLE_FREE_

FAILURE_PROBLEM_CLASS:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy

FAILURE_EXCEPTION_CODE:  c0000374

FAILURE_IMAGE_NAME:  php7ts.dll

FAILURE_FUNCTION_NAME:  zend_hash_destroy

BUCKET_ID_FUNCTION_STR:  zend_hash_destroy

FAILURE_SYMBOL_NAME:  php7ts.dll!zend_hash_destroy

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/httpd.exe/2.4.20.0/57039cd6/ntdll.dll/6.3.9600.18194/56951674/c0000374/000f1b70.htm?Retriage=1

TARGET_TIME:  2016-04-15T06:40:14.000Z

OSBUILD:  9600

OSSERVICEPACK:  17415

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 8.1

OSEDITION:  Windows 8.1 Server TerminalServer SingleUserTS

USER_LCID:  0

OSBUILD_TIMESTAMP:  2014-10-28 19:45:30

BUILDDATESTAMP_STR:  141028-1500

BUILDLAB_STR:  winblue_r4

BUILDOSVER_STR:  6.3.9600.17415

ANALYSIS_SESSION_ELAPSED_TIME: 1e65

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:actionable_heap_corruption_heap_failure_block_not_busy_c0000374_php7ts.dll!zend_hash_destroy

FAILURE_ID_HASH:  {6a976e9d-35d4-5578-a07f-862eacf9ba57}

Followup:     MachineOwner
---------



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-05-03 11:14 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2016-05-03 11:14 UTC] ab@php.net
Thanks for the report. Were it possible to extract some short reproduce code? From the backtrace you've posted, it is related to the iconv extension. Possibyly some iconv stream filter, etc.?

Thanks.
 [2016-05-15 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2016-05-16 05:04 UTC] diprajkuwar at gmail dot com
we are not sure about the exact PHP code, but we tried to analyze lots of Apache Crash dump and found the traces of PHP Borwscap extension in the dump.  So we removed the PHP Browscap extension and it worked well without any Apache Process Crash.

Thank you.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon May 23 18:05:46 2022 UTC