ID: 43834
Updated by: [EMAIL PROTECTED]
Reported By: jaco at jump dot co dot za
-Status: Open
+Status: Feedback
Bug Type: Scripting Engine problem
Operating System: Windows 2003
PHP Version: 5.2CVS-2008-01-14 (snap)
New Comment:
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
Previous Comments:
------------------------------------------------------------------------
[2008-01-14 07:10:29] jaco at jump dot co dot za
I got this in the user.dmp file:
In user.dmp the assembly instruction at php5ts!_zend_mm_free_int+139 in
C:\WINDOWS\system32\php5ts.dll from The PHP Group has caused an access
violation exception (0xC0000005) when trying to read from memory
location 0x697a6f59 on thread 7
------------------------------------------------------------------------
[2008-01-14 06:45:43] jaco at jump dot co dot za
I finally got the symbol files to work, and the stack trace looks a bit
different now:
function: php5ts!_zend_mm_free_int
006aac9b 33c9 xor ecx,ecx
006aac9d 8b4718 mov eax,[edi+0x18]
006aaca0 85c0 test eax,eax
006aaca2 0f95c1 setne cl
006aaca5 8d448f14 lea eax,[edi+ecx*4+0x14]
006aaca9 8b4c8f14 mov ecx,[edi+ecx*4+0x14]
006aacad 85c9 test ecx,ecx
006aacaf 75e6 jnz
php5ts!_zend_mm_free_int+0x117 (006aac97)
006aacb1 c70200000000 mov dword ptr [edx],0x0
006aacb7 eb6f jmp
php5ts!_zend_mm_free_int+0x1a8 (006aad28)
FAULT ->006aacb9 395f0c cmp [edi+0xc],ebx
ds:0023:0000000c=????????
006aacbc 7505 jnz
php5ts!_zend_mm_free_int+0x143 (006aacc3)
006aacbe 395908 cmp [ecx+0x8],ebx
006aacc1 7410 jz
php5ts!_zend_mm_free_int+0x153 (006aacd3)
006aacc3 68cc629500 push 0x9562cc
006aacc8 e883f6ffff call php5ts!zend_mm_panic
(006aa350)
006aaccd 8b4dfc mov ecx,[ebp-0x4]
006aacd0 83c404 add esp,0x4
006aacd3 894f0c mov [edi+0xc],ecx
006aacd6 897908 mov [ecx+0x8],edi
006aacd9 8b03 mov eax,[ebx]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
0236fae0 006abce9 080dab18 00020000 00755f17
php5ts!_zend_mm_free_int+0x139 (CONV: cdecl)
0236faec 00755f17 01253a20 0b936cac 00735f13 php5ts!_efree+0x39 (FPO:
[1,0,0]) (CONV: cdecl)
0236faf8 00735f13 01253a78 0b936d20 0073a117
php5ts!_zval_dtor_func+0x27 (FPO: [1,0,1]) (CONV: cdecl)
0236fb04 0073a117 0b936cac 0b937348 0b927c00 php5ts!_zval_ptr_dtor+0x23
(FPO: [1,0,1]) (CONV: cdecl)
0236fb1c 00755f49 0b927c60 0b937354 00735f13
php5ts!zend_hash_destroy+0x27 (FPO: [EBP 0x0b927a40] [1,0,4]) (CONV:
cdecl)
0236fb28 00735f13 0b927c00 0b937420 0073a1a3
php5ts!_zval_dtor_func+0x59 (FPO: [1,0,1]) (CONV: cdecl)
0236fb34 0073a1a3 0b937354 0b925718 0236fc10 php5ts!_zval_ptr_dtor+0x23
(FPO: [1,0,1]) (CONV: cdecl)
0236fb4c 006bce7b 0b927a40 00000000 0b91f89e
php5ts!zend_hash_clean+0x23 (FPO: [EBP 0x0236fbb4] [1,0,4]) (CONV:
cdecl)
0236fb94 006bc465 0236fbb4 080d98a0 006bc3e5
php5ts!zend_do_fcall_common_helper_SPEC+0xa0b (FPO: [EBP 0x0236fb98]
[2,12,4]) (CONV: cdecl)
0236fba0 006bc3e5 0236fbb4 080d98a0 080d98a0
php5ts!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER+0x15 (FPO: [2,0,0]) (CONV:
cdecl)
0236fc28 0075b9fd 00000008 080d98a0 00000000 php5ts!execute+0x1c5 (FPO:
[EBP 0x0b920598] [2,16,3]) (CONV: cdecl)
0236fc58 006abca9 7c827d0b 00000040 000006f4
php5ts!php_execute_script+0x20d (CONV: cdecl)
0236fc5c 7c827d0b 00000040 000006f4 00000000 php5ts!_emalloc+0x39 (FPO:
[1,0,0]) (CONV: cdecl)
WARNING: Stack unwind information not available. Following frames may
be wrong.
0236fc6c 77e61d43 08112da8 00000000 0236fcb8
ntdll!NtWaitForSingleObject+0xc
00000000 00000000 00000000 00000000 00000000
kernel32!WaitForSingleObjectEx+0xad
------------------------------------------------------------------------
[2008-01-14 00:07:08] jaco at jump dot co dot za
Description:
------------
On random apache crashes, the following is in the event log:
Faulting application httpd.exe, version 2.2.4.0, faulting module
php5ts.dll, version 5.2.5.5, fault address 0x0000adae.
The fault address is always: 0x0000adae and 0x0000acb9
The following dump was created by dr watson:
*----> State Dump for Thread Id 0xc68 <----*
eax=030f011c ebx=016616f8 ecx=000a2168 edx=1a943ff8 esi=fe5415dc
edi=00030000
eip=006aadae esp=03c2fad0 ebp=03c2fae0 iopl=0 nv up ei ng nz ac
pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00010293
function: php5ts!zend_mm_shutdown
006aad93 8b03 mov eax,[ebx]
006aad95 8b4d0c mov ecx,[ebp+0xc]
006aad98 03c8 add ecx,eax
006aad9a 894d0c mov [ebp+0xc],ecx
006aad9d 8bf9 mov edi,ecx
006aad9f 8b4604 mov eax,[esi+0x4]
006aada2 a801 test al,0x1
006aada4 0f85a7010000 jne
php5ts!zend_mm_shutdown+0x11e1 (006aaf51)
006aadaa 24fc and al,0xfc
006aadac 2bf0 sub esi,eax
FAULT ->006aadae 8b7e08 mov edi,[esi+0x8]
ds:0023:fe5415e4=????????
006aadb1 8b5e0c mov ebx,[esi+0xc]
006aadb4 3bfe cmp edi,esi
006aadb6 0f85b4000000 jne
php5ts!zend_mm_shutdown+0x1100 (006aae70)
006aadbc 3bde cmp ebx,esi
006aadbe 740d jz
php5ts!zend_mm_shutdown+0x105d (006aadcd)
006aadc0 68cc629500 push 0x9562cc
006aadc5 e886f5ffff call php5ts!zend_mm_shutdown+0x5e0
(006aa350)
006aadca 83c404 add esp,0x4
006aadcd 8b5618 mov edx,[esi+0x18]
006aadd0 33c9 xor ecx,ecx
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may
be wrong.
03c2fae0 006abce9 1a9424d0 00030000 00755f17
php5ts!zend_mm_shutdown+0x103e
77bbce33 e877ba20 0000b685 8508758b ac840ff6 php5ts!efree+0x39
e868186a 00000000 00000000 00000000 00000000 0xe877ba20
I have installed the latest snapshot, and this is still happening.
Reproduce code:
---------------
I am not able to reproduce this code, this only happens on the
production server, with more than 4 million records in the database,
every page I tested does not cause this to happen, so I am now thinking
that this might be caused by specific data coming from mysql
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=43834&edit=1
