Edit report at https://bugs.php.net/bug.php?id=40479&edit=1
ID: 40479
Comment by: laacz at laacz dot lv
Reported by: rrossi at maggioli dot it
Summary: zend_mm_heap corrupted
Status: Feedback
Type: Bug
Package: Reproducible crash
Operating System: Suse Linux 9.0
PHP Version: 5.2.1
Block user comment: N
Private report: N
New Comment:
Second this by running code, provided by "f dot ardelian at gmail dot com" at
2011-08-31 07:49 UTC:
# php -q zend_mm_heap_corrupted.php
If you see this, try to increase OBJECT_COUNT to 100,000zend_mm_heap corrupted
# php --version
PHP 5.3.8 (cli) (built: Aug 29 2011 14:48:33)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by
eAccelerator
with Xdebug v2.1.2, Copyright (c) 2002-2011, by Derick Rethans
Previous Comments:
------------------------------------------------------------------------
[2011-09-02 11:28:40] christoffer at westart dot se
I must agree with Florin, we are experiencing the same kinds of issues, both
with
CLI and mod_php, su_php and across 5.2.* and 5.3.*. We really need this to be
fixed. Any updates?
------------------------------------------------------------------------
[2011-08-31 07:49:32] f dot ardelian at gmail dot com
The cause is pretty clear to me: when the script ends, the garbage collector
starts to destroy the objects and the `unset()` in the destructor probably
invokes the garbage collector again. The error message doesn't always appear on
the screen nor in the error log (sometimes it does). The "Segmentation fault"
always appears in the error log. Breaks if PHP is installed using apt-get or
yum or comes with your Linux distro. Seems to work fine on Windows and codepads
(custom compiled PHPs). Definitely breaks on Debian. Don't forget to set
memory_limit to have enough room in memory to create all the objects (128M
seems to be enough on Debian to create 150,000 objects).
<?php
define('OBJECT_COUNT', 20 * 1000);
class Object {
private static $world = array();
private static $maxGuid = 0;
protected $_guid = null;
public function __construct() {
self::$world[$this->_guid = self::$maxGuid++] = $this;
}
public function __destruct() {
unset(self::$world[$this->_guid]);
}
}
for ($i = 0; $i < OBJECT_COUNT; ++$i) {
new Object();
}
// You probably won't see this because of the "zend_mm_heap corrupted"
echo 'If you see this, try to increase OBJECT_COUNT to 100,000';
?>
If this code pinpoints the four and a half years-old issue, email me a beer.
Florin Ardelian
------------------------------------------------------------------------
[2010-10-16 00:06:47] fel...@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2010-09-16 13:23:05] michael202 at gmx dot de
The problem is still in 5.3.3 on Suse 11.2, but it is not reproducible :-(
Sometimes it is twice a day sometimes every few days.
Apache starts giving these messages:
"child pid xxxxx exit signal Segmentation fault (11)"
And if your are lucky, the scripts still return xml-results.
If you get a no result from the script (i.a. white page in browser),
you'll need a apache stop and start (graceful does not help)
and the error_log says:
"seg fault or similar nasty error detected in the parent process"
------------------------------------------------------------------------
[2010-08-09 10:32:10] sht dot alien at gmx dot net
I had it coming when I started my unittests. But it happened out of nowhere ^^
Wehen I set USE_ZEND_ALLOC=0 it didn't go away, but instead I got a debug
backtrace (as seen below). But I came up with a solution: ZendDebugger was the
root of all evil. I'll check out if there's a newer version available...
FAILURES!
Tests: 284, Assertions: 1911, Errors: 4, Incomplete: 10, Skipped: 9.
*** glibc detected *** /usr/local/zend/bin/php: free(): invalid pointer:
0x00000000035b5a8f ***
======= Backtrace: =========
/lib/libc.so.6(+0x775b6)[0x7f56f13105b6]
/lib/libc.so.6(cfree+0x73)[0x7f56f1316e53]
/usr/local/zend/bin/php(zend_hash_destroy+0x7b)[0x656b7b]
/usr/local/zend/bin/php(destroy_zend_class+0x55)[0x641845]
/usr/local/zend/bin/php[0x656822]
/usr/local/zend/bin/php(zend_hash_reverse_apply+0x59)[0x656929]
/usr/local/zend/bin/php[0x63e486]
/usr/local/zend/bin/php[0x64a8b2]
/usr/local/zend/bin/php(php_request_shutdown+0x1ae)[0x5f9cce]
/usr/local/zend/bin/php[0x6d2be4]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f56f12b7c4d]
/usr/local/zend/bin/php[0x45ffaa]
======= Memory map: ========
00400000-009d8000 r-xp 00000000 08:01 12588460
/usr/local/zend/bin/php
00ad8000-00b5f000 rwxp 005d8000 08:01 12588460
/usr/local/zend/bin/php
00b5f000-00b7f000 rwxp 00000000 00:00 0
02b4e000-04999000 rwxp 00000000 00:00 0 [heap]
7f56e0000000-7f56e0021000 rwxp 00000000 00:00 0
7f56e0021000-7f56e4000000 ---p 00000000 00:00 0
7f56e5309000-7f56e530e000 r-xp 00000000 08:01 15842
/lib/libnss_dns-2.11.1.so
7f56e530e000-7f56e550d000 ---p 00005000 08:01 15842
/lib/libnss_dns-2.11.1.so
7f56e550d000-7f56e550e000 r-xp 00004000 08:01 15842
/lib/libnss_dns-2.11.1.so
7f56e550e000-7f56e550f000 rwxp 00005000 08:01 15842
/lib/libnss_dns-2.11.1.so
7f56e550f000-7f56e5511000 r-xp 00000000 08:01 41397
/lib/libnss_mdns4_minimal.so.2
7f56e5511000-7f56e5710000 ---p 00002000 08:01 41397
/lib/libnss_mdns4_minimal.so.2
7f56e5710000-7f56e5711000 r-xp 00001000 08:01 41397
/lib/libnss_mdns4_minimal.so.2
7f56e5711000-7f56e5712000 rwxp 00002000 08:01 41397
/lib/libnss_mdns4_minimal.so.2
7f56e5712000-7f56e5714000 rwxp 00000000 00:00 0
7f56e5794000-7f56e58f7000 r-xp 00000000 08:01 12582939
/usr/local/zend/lib/debugger/php-5.3.x/ZendDebugger.so
7f56e58f7000-7f56e59f7000 ---p 00163000 08:01 12582939
/usr/local/zend/lib/debugger/php-5.3.x/ZendDebugger.so
7f56e59f7000-7f56e5a21000 rwxp 00163000 08:01 12582939
/usr/local/zend/lib/debugger/php-5.3.x/ZendDebugger.so
7f56e5a21000-7f56e5a27000 rwxp 00000000 00:00 0
7f56e5a27000-7f56e5a69000 r-xp 00000000 08:01 12583569
/usr/local/zend/lib/optimizerplus/php-5.3.x/ZendOptimizerPlus.so
7f56e5a69000-7f56e5b69000 ---p 00042000 08:01 12583569
/usr/local/zend/lib/optimizerplus/php-5.3.x/ZendOptimizerPlus.so
7f56e5b69000-7f56e5b6b000 rwxp 00042000 08:01 12583569
/usr/local/zend/lib/optimizerplus/php-5.3.x/ZendOptimizerPlus.so
7f56e5b6b000-7f56e5b76000 rwxp 00000000 00:00 0
7f56e5b76000-7f56e5cd3000 r-xp 00000000 08:01 12583576
/usr/local/zend/lib/utils/php-5.3.x/ZendUtils.so
7f56e5cd3000-7f56e5dd3000 ---p 0015d000 08:01 12583576
/usr/local/zend/lib/utils/php-5.3.x/ZendUtils.so
7f56e5dd3000-7f56e5ddb000 rwxp 0015d000 08:01 12583576
/usr/local/zend/lib/utils/php-5.3.x/ZendUtils.so
7f56e5ddb000-7f56e5dde000 rwxp 00000000 00:00 0
7f56e5dde000-7f56e5f50000 r-xp 00000000 08:01 12583528
/usr/local/zend/lib/datacache/php-5.3.x/ZendDataCache.so
7f56e5f50000-7f56e604f000 ---p 00172000 08:01 12583528
/usr/local/zend/lib/datacache/php-5.3.x/ZendDataCache.so
7f56e604f000-7f56e6058000 rwxp 00171000 08:01 12583528
/usr/local/zend/lib/datacache/php-5.3.x/ZendDataCache.so
7f56e6058000-7f56e605b000 rwxp 00000000 00:00 0
7f56e605b000-7f56e605e000 r-xp 00000000 08:01 537567
/usr/lib/gconv/UTF-16.so
7f56e605e000-7f56e625d000 ---p 00003000 08:01 537567
/usr/lib/gconv/UTF-16.so
7f56e625d000-7f56e625e000 r-xp 00002000 08:01 537567
/usr/lib/gconv/UTF-16.so
7f56e625e000-7f56e625f000 rwxp 00003000 08:01 537567
/usr/lib/gconv/UTF-16.so
7f56e625f000-7f56e6269000 r-xp 00000000 08:01 15845
/lib/libnss_nis-2.11.1.so
7f56e6269000-7f56e6468000 ---p 0000a000 08:01 15845
/lib/libnss_nis-2.11.1.so
7f56e6468000-7f56e6469000 r-xp 00009000 08:01 15845
/lib/libnss_nis-2.11.1.so
7f56e6469000-7f56e646a000 rwxp 0000a000 08:01 15845
/lib/libnss_nis-2.11.1.so
7f56e646a000-7f56e6472000 r-xp 00000000 08:01 15841
/lib/libnss_compat-2.11.1.so
7f56e6472000-7f56e6671000 ---p 00008000 08:01 15841
/lib/libnss_compat-2.11.1.so
7f56e6671000-7f56e6672000 r-xp 00007000 08:01 15841
/lib/libnss_compat-2.11.1.so
7f56e6672000-7f56e6673000 rwxp 00008000 08:01 15841
/lib/libnss_compat-2.11.1.so
7f56e6673000-7f56e6b9c000 r-xp 00000000 08:01 36700
/usr/lib/libociicus.so
7f56e6b9c000-7f56e6c9b000 ---p 00529000 08:01 36700
/usr/lib/libociicus.so
7f56e6c9b000-7f56e6c9c000 rwxp 00528000 08:01 36700
/usr/lib/libociicus.so
7f56e6c9c000-7f56e6cbf000 rwxp 00000000 00:00 0
7f56e6cbf000-7f56e6ccb000 r-xp 00000000 08:01 15843
/lib/libnss_files-2.11.1.so
7f56e6ccb000-7f56e6eca000 ---p 0000c000 08:01 15843
/lib/libnss_files-2.11.1.so
7f56e6eca000-7f56e6ecb000 r-xp 0000b000 08:01 15843
/lib/libnss_files-2.11.1.so
7f56e6ecb000-7f56e6ecc000 rwxp 0000c000 08:01 15843
/lib/libnss_files-2.11.1.so
7f56e6ecc000-7f56e6ede000 r-xp 00000000 08:01 12583643
/usr/local/zend/lib/php_extensions/zip.so
7f56e6ede000-7f56e6fde000 ---p 00012000 08:01 12583643
/usr/local/zend/lib/php_extensions/zip.so
7f56e6fde000-7f56e6fe0000 rwxp 00012000 08:01 12583643
/usr/local/zend/lib/php_extensions/zip.so
7f56e6fe0000-7f56e702a000 r-xp 00000000 08:01 12583581
/usr/local/zend/lib/php_extensions/xsl.so
7f56e702a000-7f56e712a000 ---p 0004a000 08:01 12583581
/usr/local/zend/lib/php_extensions/xsl.so
7f56e712a000-7f56e712c000 rwxp 0004a000 08:01 12583581
/usr/local/zend/lib/php_extensions/xsl.so
7f56e712c000-7f56e7264000 r-xp 00000000 08:01 12583656
/usr/local/zend/lib/php_extensions/xmlwriter.so
7f56e7264000-7f56e7364000 ---p 00138000 08:01 12583656
/usr/local/zend/lib/php_extensions/xmlwriter.so
7f56e7364000-7f56e7372000 rwxp 00138000 08:01 12583656
/usr/local/zend/lib/php_extensions/xmlwriter.so
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=40479
--
Edit this bug report at https://bugs.php.net/bug.php?id=40479&edit=1
