Bug #63691 [Opn->Fbk]: Segmentation Fault (_zend_mm_free_int)

laruence Wed, 05 Dec 2012 01:00:23 -0800

Edit report at https://bugs.php.net/bug.php?id=63691&edit=1


 ID:                 63691
 Updated by:         larue...@php.net
 Reported by:        shivammaharshi at gmail dot com
 Summary:            Segmentation Fault (_zend_mm_free_int)
-Status:             Open
+Status:             Feedback
 Type:               Bug
 Package:            *General Issues
 Operating System:   i386-redhat-linux
 PHP Version:        5.4.9
 Block user comment: N
 Private report:     N

 New Comment:

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

if there is no test script,  then we can not do anything...

please, try to refine a reproduce script or scripts.

thanks


Previous Comments:
------------------------------------------------------------------------
[2012-12-05 07:16:15] shivammaharshi at gmail dot com

Description:
------------
I am getting segmentation faults on the live server. Here is the core dump 
below. 
PHP Version : 5.4.6 
Zend Module is Used.
Please Notice that segmentation faults are 50-100 a day in number.
The total hits I am getting on my Live servers are > 10000. So no script can be 
given to reproduce this error. From what I understand this has a problem with 
accessing the variable which has been de-referenced already. Thus getting 
segmentation faults. Kindly help me fix this, or may be suggest a work around.


Core was generated by `/usr/local/apache/bin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/libssl.so.4...done.
Loaded symbols for /lib/libssl.so.4
Reading symbols from /lib/libcrypto.so.4...done.
Loaded symbols for /lib/libcrypto.so.4
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /usr/local/apache/lib/libaprutil-0.so.0...done.
Loaded symbols for /usr/local/apache/lib/libaprutil-0.so.0
Reading symbols from /usr/lib/libgdbm.so.2...done.
Loaded symbols for /usr/lib/libgdbm.so.2
Reading symbols from /usr/lib/tls/i686/libdb-4.2.so...done.
Loaded symbols for /usr/lib/tls/i686/libdb-4.2.so
Reading symbols from /usr/lib/libexpat.so.0...done.
Loaded symbols for /usr/lib/libexpat.so.0
Reading symbols from /usr/local/apache/lib/libapr-0.so.0...done.
Loaded symbols for /usr/local/apache/lib/libapr-0.so.0
Reading symbols from /lib/tls/librt.so.1...done.
Loaded symbols for /lib/tls/librt.so.1
Reading symbols from /lib/tls/libm.so.6...done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/tls/libpthread.so.0...done.
Loaded symbols for /lib/tls/libpthread.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/local/apache/modules/libphp5.so...done.
Loaded symbols for /usr/local/apache/modules/libphp5.so
Reading symbols from /usr/local/mysql/lib/mysql/libmysqlclient.so.15...done.
Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.15
Reading symbols from /usr/lib/libpng12.so.0...done.
Loaded symbols for /usr/lib/libpng12.so.0
Reading symbols from /usr/lib/libjpeg.so.62...done.
Loaded symbols for /usr/lib/libjpeg.so.62
Reading symbols from /usr/lib/libcurl.so.3...done.
Loaded symbols for /usr/lib/libcurl.so.3
Reading symbols from /usr/lib/libidn.so.11...done.
Loaded symbols for /usr/lib/libidn.so.11
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /usr/local/apache/modules/mod_expires.so...done.
Loaded symbols for /usr/local/apache/modules/mod_expires.so
Reading symbols from /usr/local/apache/modules/mod_headers.so...done.
Loaded symbols for /usr/local/apache/modules/mod_headers.so
Reading symbols from /usr/local/apache/modules/mod_rpaf-2.0.so...done.
Loaded symbols for /usr/local/apache/modules/mod_rpaf-2.0.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/xcache.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/xcache.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/pdo.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/pdo.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/pdo_mysql.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/pdo_mysql.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/memcache.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/memcache.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/wordmapping.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/wordmapping.so
Reading symbols from /usr/lib/libstdc++.so.6...done.
Loaded symbols for /usr/lib/libstdc++.so.6
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/oauth.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/oauth.so
Reading symbols from /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/mcrypt.so...done.
Loaded symbols for /usr/local/php/lib/php/extensions/no-debug-non-zts-
20060613/mcrypt.so
Reading symbols from /usr/local/lib/libmcrypt.so.4...done.
Loaded symbols for /usr/local/lib/libmcrypt.so.4
Reading symbols from /usr/lib/libltdl.so.3...done.
Loaded symbols for /usr/lib/libltdl.so.3
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
832                     if (UNEXPECTED(prev->next_free_block != mm_block) || 
UNEXPECTED(next->prev_free_block != mm_block)) {
(gdb) 
                        if (UNEXPECTED(prev->next_free_block != mm_block) || 
UNEXPECTED(next->prev_free_block != mm_block)) {



###########analyse this one from bottom to top


#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
#1  0x00582ea1 in destroy_op_array (op_array=0xafbfbf04) at /opt/php-
5.2.6/Zend/zend_opcode.c:234
#2  0x005954c4 in zend_hash_destroy (ht=0xafc7408c) at /opt/php-
5.2.6/Zend/zend_hash.c:526
#3  0x00583162 in destroy_zend_class (pce=0x8e1fbec) at /opt/php-
5.2.6/Zend/zend_opcode.c:186
#4  0x00595698 in zend_hash_apply_deleter (ht=0x8c89850, p=0x8e1fbe0) at 
/opt/php-5.2.6/Zend/zend_hash.c:611
#5  0x00595947 in zend_hash_reverse_apply (ht=0x8c89850, apply_func=0x57f260 
<clean_non_persistent_class>)
    at /opt/php-5.2.6/Zend/zend_hash.c:760
#6  0x0057f8fd in shutdown_executor () at /opt/php-
5.2.6/Zend/zend_execute_API.c:291
#7  0x0058c0f8 in zend_deactivate () at /opt/php-5.2.6/Zend/zend.c:860
#8  0x0055454a in php_request_shutdown (dummy=0x0) at /opt/php-
5.2.6/main/main.c:1486
#9  0x006089de in php_handler (r=0x8df6230) at /opt/php-
5.2.6/sapi/apache2handler/sapi_apache2.c:469
#10 0x0809b54e in ap_run_handler (r=0x8df6230) at config.c:152
#11 0x0809b919 in ap_invoke_handler (r=0x8df6230) at config.c:364
#12 0x0808468d in ap_process_request (r=0x8df6230) at http_request.c:249
#13 0x080801d9 in ap_process_http_connection (c=0x8debff8) at http_core.c:251
#14 0x080a4ae6 in ap_run_process_connection (c=0x8debff8) at connection.c:43
#15 0x08099d29 in child_main (child_num_arg=Variable "child_num_arg" is not 
available.
) at prefork.c:610
#16 0x08099f53 in make_child (s=Variable "s" is not available.
) at prefork.c:704
#17 0x0809a8b9 in ap_mpm_run (_pconf=0x8c2f0a8, plog=0x8c67188, s=0x8c34618) at 
prefork.c:839
#18 0x0809f887 in main (argc=3, argv=0xbfe03244) at main.c:618

(gdb) dump_bt executor_globals.current_execute_data
(gdb) bt
#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
#1  0x00582ea1 in destroy_op_array (op_array=0xafbfbf04) at /opt/php-
5.2.6/Zend/zend_opcode.c:234
#2  0x005954c4 in zend_hash_destroy (ht=0xafc7408c) at /opt/php-
5.2.6/Zend/zend_hash.c:526
#3  0x00583162 in destroy_zend_class (pce=0x8e1fbec) at /opt/php-
5.2.6/Zend/zend_opcode.c:186
#4  0x00595698 in zend_hash_apply_deleter (ht=0x8c89850, p=0x8e1fbe0) at 
/opt/php-5.2.6/Zend/zend_hash.c:611
#5  0x00595947 in zend_hash_reverse_apply (ht=0x8c89850, apply_func=0x57f260 
<clean_non_persistent_class>)
    at /opt/php-5.2.6/Zend/zend_hash.c:760
#6  0x0057f8fd in shutdown_executor () at /opt/php-
5.2.6/Zend/zend_execute_API.c:291
#7  0x0058c0f8 in zend_deactivate () at /opt/php-5.2.6/Zend/zend.c:860
#8  0x0055454a in php_request_shutdown (dummy=0x0) at /opt/php-
5.2.6/main/main.c:1486
#9  0x006089de in php_handler (r=0x8df6230) at /opt/php-
5.2.6/sapi/apache2handler/sapi_apache2.c:469
#10 0x0809b54e in ap_run_handler (r=0x8df6230) at config.c:152
#11 0x0809b919 in ap_invoke_handler (r=0x8df6230) at config.c:364
#12 0x0808468d in ap_process_request (r=0x8df6230) at http_request.c:249
#13 0x080801d9 in ap_process_http_connection (c=0x8debff8) at http_core.c:251
#14 0x080a4ae6 in ap_run_process_connection (c=0x8debff8) at connection.c:43
#15 0x08099d29 in child_main (child_num_arg=Variable "child_num_arg" is not 
available.
) at prefork.c:610
#16 0x08099f53 in make_child (s=Variable "s" is not available.
) at prefork.c:704
#17 0x0809a8b9 in ap_mpm_run (_pconf=0x8c2f0a8, plog=0x8c67188, s=0x8c34618) at 
prefork.c:839
#18 0x0809f887 in main (argc=3, argv=0xbfe03244) at main.c:618


(gdb) bt full
#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
        prev = Variable "prev" is not available.

(gdb) frame
#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
832                     if (UNEXPECTED(prev->next_free_block != mm_block) || 
UNEXPECTED(next->prev_free_block != mm_block)) {
(gdb) frame 2
#2  0x005954c4 in zend_hash_destroy (ht=0xafc7408c) at /opt/php-
5.2.6/Zend/zend_hash.c:526
526                             ht->pDestructor(q->pData);
(gdb)

(gdb) info locals
p = (Bucket *) 0xafbfbf98
q = (Bucket *) 0xafbfbecc
(gdb) info args
ht = (HashTable *) 0xafc7408c
(gdb) 

(gdb) bt full
#0  0x00574e4d in _zend_mm_free_int (heap=0x8c89600, p=Variable "p" is not 
available.
) at /opt/php-5.2.6/Zend/zend_alloc.c:832
        prev = Variable "prev" is not available



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=63691&edit=1

Bug #63691 [Opn->Fbk]: Segmentation Fault (_zend_mm_free_int)

Reply via email to