Edit report at https://bugs.php.net/bug.php?id=64722&edit=1
ID: 64722
Comment by: tj dot botha at plista dot com
Reported by: tj dot botha at plista dot com
Summary: PDO extension causes zend_mm_heap corrupted
Status: Feedback
Type: Bug
Package: PDO related
Operating System: Ubuntu Server 12.10
PHP Version: master-Git-2013-04-26 (Git)
Block user comment: N
Private report: N
New Comment:
That is an old backtrace - here is the newest:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd8fe9700 (LWP 31920)]
0x00007fffeb6a5722 in zval_delref_p (pz=0x5a5a5a5a5a5a5a5a) at /home/tj/php-
5.4.14/Zend/zend.h:395
395 return --pz->refcount__gc;
(gdb) backtrace
#0 0x00007fffeb6a5722 in zval_delref_p (pz=0x5a5a5a5a5a5a5a5a) at /home/tj/php-
5.4.14/Zend/zend.h:395
#1 0x00007fffeb6a7d06 in _zval_ptr_dtor (zval_ptr=0x7fffd6d39378,
__zend_filename=0x7fffebb88468 "/home/tj/php-5.4.14/Zend/zend_objects.c",
__zend_lineno=54)
at /home/tj/php-5.4.14/Zend/zend_execute_API.c:432
#2 0x00007fffeb6f258a in zend_object_std_dtor (object=0x7fffd00f56c0,
tsrm_ls=0x7fffd0017170) at /home/tj/php-5.4.14/Zend/zend_objects.c:54
#3 0x00007fffeb3e0056 in pdo_dbh_free_storage (dbh=0x7fffd00f56c0,
tsrm_ls=0x7fffd0017170) at /home/tj/php-5.4.14/ext/pdo/pdo_dbh.c:1577
#4 0x00007fffeb6fac18 in zend_objects_store_del_ref_by_handle_ex (handle=122,
handlers=0x7fffebeb8a20 <pdo_dbh_object_handlers>, tsrm_ls=0x7fffd0017170)
at /home/tj/php-5.4.14/Zend/zend_objects_API.c:221
#5 0x00007fffeb6fa759 in zend_objects_store_del_ref (zobject=0x7fffd6d240e0,
tsrm_ls=0x7fffd0017170) at /home/tj/php-5.4.14/Zend/zend_objects_API.c:173
#6 0x00007fffeb6baacd in _zval_dtor_func (zvalue=0x7fffd6d240e0,
__zend_filename=0x7fffebb83be8 "/home/tj/php-5.4.14/Zend/zend_execute_API.c",
__zend_lineno=438)
at /home/tj/php-5.4.14/Zend/zend_variables.c:54
#7 0x00007fffeb6a58c1 in _zval_dtor (zvalue=0x7fffd6d240e0,
__zend_filename=0x7fffebb83be8 "/home/tj/php-5.4.14/Zend/zend_execute_API.c",
__zend_lineno=438)
at /home/tj/php-5.4.14/Zend/zend_variables.h:35
#8 0x00007fffeb6a7da9 in _zval_ptr_dtor (zval_ptr=0x7fffd6bee268,
__zend_filename=0x7fffebb84cb0 "/home/tj/php-5.4.14/Zend/zend_variables.c",
__zend_lineno=182)
at /home/tj/php-5.4.14/Zend/zend_execute_API.c:438
#9 0x00007fffeb6baef5 in _zval_ptr_dtor_wrapper (zval_ptr=0x7fffd6bee268) at
/home/tj/php-5.4.14/Zend/zend_variables.c:182
#10 0x00007fffeb6d3281 in zend_hash_destroy (ht=0x7fffd6d39768) at /home/tj/php-
5.4.14/Zend/zend_hash.c:560
#11 0x00007fffeb6baa76 in _zval_dtor_func (zvalue=0x7fffd7d18be8,
__zend_filename=0x7fffebb83be8 "/home/tj/php-5.4.14/Zend/zend_execute_API.c",
__zend_lineno=438)
at /home/tj/php-5.4.14/Zend/zend_variables.c:45
#12 0x00007fffeb6a58c1 in _zval_dtor (zvalue=0x7fffd7d18be8,
__zend_filename=0x7fffebb83be8 "/home/tj/php-5.4.14/Zend/zend_execute_API.c",
__zend_lineno=438)
at /home/tj/php-5.4.14/Zend/zend_variables.h:35
#13 0x00007fffeb6a7da9 in _zval_ptr_dtor (zval_ptr=0x7fffd7d18d98,
__zend_filename=0x7fffebb84228 "/home/tj/php-5.4.14/Zend/zend_opcode.c",
__zend_lineno=165)
at /home/tj/php-5.4.14/Zend/zend_execute_API.c:438
#14 0x00007fffeb6aef6a in cleanup_user_class_data (ce=0x7fffd7d185d0,
tsrm_ls=0x7fffd0017170) at /home/tj/php-5.4.14/Zend/zend_opcode.c:165
#15 0x00007fffeb6af1c8 in zend_cleanup_user_class_data (pce=0x7fffd00d6ad8,
tsrm_ls=0x7fffd0017170) at /home/tj/php-5.4.14/Zend/zend_opcode.c:198
#16 0x00007fffeb6d3ce3 in zend_hash_reverse_apply (ht=0x7fffd001a770,
apply_func=0x7fffeb6af194 <zend_cleanup_user_class_data>,
tsrm_ls=0x7fffd0017170)
at /home/tj/php-5.4.14/Zend/zend_hash.c:799
#17 0x00007fffeb6a71e8 in shutdown_executor (tsrm_ls=0x7fffd0017170) at
/home/tj/php-5.4.14/Zend/zend_execute_API.c:289
#18 0x00007fffeb6be217 in zend_deactivate (tsrm_ls=0x7fffd0017170) at
/home/tj/php-5.4.14/Zend/zend.c:938
#19 0x00007fffeb601c90 in php_request_shutdown (dummy=0x0) at /home/tj/php-
5.4.14/main/main.c:1800
#20 0x00007fffeb777c6d in php_apache_request_dtor (r=0x7fffd000f068,
tsrm_ls=0x7fffd0017170) at /home/tj/php-
5.4.14/sapi/apache2handler/sapi_apache2.c:507
#21 0x00007fffeb7787cf in php_handler (r=0x7fffd000f068) at /home/tj/php-
5.4.14/sapi/apache2handler/sapi_apache2.c:679
#22 0x0000000000447e40 in ap_run_handler (r=0x7fffd000f068) at config.c:169
#23 0x000000000044827b in ap_invoke_handler (r=r@entry=0x7fffd000f068) at
config.c:432
#24 0x000000000045b1bc in ap_internal_redirect (new_uri=<optimised out>, r=
<optimised out>) at http_request.c:644
#25 0x00007fffebed6658 in handler_redirect (r=0x7fffd0002970) at
mod_rewrite.c:5051
#26 0x0000000000447e40 in ap_run_handler (r=0x7fffd0002970) at config.c:169
#27 0x000000000044827b in ap_invoke_handler (r=r@entry=0x7fffd0002970) at
config.c:432
#28 0x000000000045bc5a in ap_process_async_request (r=0x7fffd0002970) at
http_request.c:317
#29 0x0000000000458b27 in ap_process_http_async_connection (c=0x7fffe4037410)
at
http_core.c:143
#30 ap_process_http_connection (c=0x7fffe4037410) at http_core.c:228
#31 0x0000000000450ff0 in ap_run_process_connection (c=0x7fffe4037410) at
connection.c:41
#32 0x000000000046284a in process_socket (my_thread_num=24, my_child_num=0,
cs=0x7fffe4037398, sock=0x7fffe4037190, p=0x7fffe4037118, thd=0x6bf770) at
event.c:964
#33 worker_thread (thd=0x6bf770, dummy=<optimised out>) at event.c:1812
#34 0x00007ffff7531e9a in start_thread () from /lib/x86_64-linux-
gnu/libpthread.so.0
#35 0x00007ffff725ecbd in clone () from /lib/x86_64-linux-gnu/libc.so.6
#36 0x0000000000000000 in ?? ()
The project relies heavily on PDO and runs okay on PHP 5.3.24.
Previous Comments:
------------------------------------------------------------------------
[2013-04-30 14:50:35] johan...@php.net
I can't reproduce this on my machine.
Apparently your PHP is not compiled in threaded mode (no tsrm_ls parameters in
the stacktrace) so I assume you're not in threaded mode, so no race conditions.
Can you share more details on your setup and code?
------------------------------------------------------------------------
[2013-04-30 14:44:16] tj dot botha at plista dot com
I just want to emphasize - that commenting out the code not a solution - since
it
causes errors later down the line. Also, when stepping / breaking at problem
area through the code - the project starts loading in bits and pieces, no
segfaults occur. Only when left to run without breakpoints does it crash -
therefor this really does seem like a concurrency problem.
------------------------------------------------------------------------
[2013-04-30 12:45:41] tj dot botha at plista dot com
This appears to be a race condition - so I am unable to reproduce. I am
however
able to make the problem go away by modifying pdo_dbh.c to the following:
static void pdo_dbh_free_storage(pdo_dbh_t *dbh TSRMLS_DC)
{
if (dbh->in_txn && dbh->methods && dbh->methods->rollback) {
dbh->methods->rollback(dbh TSRMLS_CC);
dbh->in_txn = 0;
}
if (dbh->is_persistent && dbh->methods && dbh->methods-
>persistent_shutdown) {
dbh->methods->persistent_shutdown(dbh TSRMLS_CC);
}
//uncomment below to cause zend_mm_heap corrupted
//zend_object_std_dtor(&dbh->std TSRMLS_CC);
//dbh->std.properties = NULL;
dbh_free(dbh TSRMLS_CC);
}
If I recompile this into PHP it works - however now there is most likely a
memory leak. I checked and this code is also new from PHP 5.3. So definitely
it is causing the fault.
Don't know what the real solution is though.
TJ
------------------------------------------------------------------------
[2013-04-26 17:53:01] s...@php.net
Do you have a reproducible testcase?
------------------------------------------------------------------------
[2013-04-26 14:48:58] tj dot botha at plista dot com
Description:
------------
I have a project which uses MySQL PDO. I Compiled PHP versions 5.4.6, PHP
5.4.14 and PHP 5.6 (from current GIT repositoty - 26 April 2013).
I have various configuration options, but everytime I my configure command
includes --with-pdo-mysql=mysqlnd, I am unable to run my project.
The ONLY log file which shows any kind of information is Apache error.log:
zend_mm_heap corrupted
When I remove --with-pdo-mysql from configure, then my project works okay
(however all my PDO functions are of course missing) and I just get normal
expected PHP errors.
However. When I compile PHP version 5.3.24, it works. I can successfully
include --with-pdo-mysql=mysqlnd, and my project loads without problems.
Test script:
---------------
I do not have a test script - as I have no indication as to where the app fails
Actual result:
--------------
#0 0x00000000008ee2c2 in zval_delref_p (pz=0x5a5a5a5a5a5a5a5a) at /home/tj/php-
latest/Zend/zend.h:409
#1 0x00000000008ee51f in i_zval_ptr_dtor (zval_ptr=0x5a5a5a5a5a5a5a5a,
__zend_filename=0xe38408 "/home/tj/php-latest/Zend/zend_objects.c",
__zend_lineno=54)
at /home/tj/php-latest/Zend/zend_execute.h:76
#2 0x00000000008ef896 in _zval_ptr_dtor (zval_ptr=0x7f88d6068a20,
__zend_filename=0xe38408 "/home/tj/php-latest/Zend/zend_objects.c",
__zend_lineno=54)
at /home/tj/php-latest/Zend/zend_execute_API.c:428
#3 0x00000000009354de in zend_object_std_dtor (object=0x271b880) at
/home/tj/php-latest/Zend/zend_objects.c:54
#4 0x000000000068aad0 in pdo_dbh_free_storage (dbh=0x271b880) at /home/tj/php-
latest/ext/pdo/pdo_dbh.c:1576
#5 0x000000000093c9ad in zend_objects_store_del_ref_by_handle_ex (handle=140,
handlers=0x116c2e0 <pdo_dbh_object_handlers>)
at /home/tj/php-latest/Zend/zend_objects_API.c:221
#6 0x000000000093c6b3 in zend_objects_store_del_ref (zobject=0x7f88d60a4af8)
at
/home/tj/php-latest/Zend/zend_objects_API.c:173
#7 0x0000000000901b6c in _zval_dtor_func (zvalue=0x7f88d60a4af8,
__zend_filename=0xe335f8 "/home/tj/php-latest/Zend/zend_execute.h",
__zend_lineno=81)
at /home/tj/php-latest/Zend/zend_variables.c:54
#8 0x00000000008ee4c1 in _zval_dtor (zvalue=0x7f88d60a4af8,
__zend_filename=0xe335f8 "/home/tj/php-latest/Zend/zend_execute.h",
__zend_lineno=81)
at /home/tj/php-latest/Zend/zend_variables.h:35
#9 0x00000000008ee58c in i_zval_ptr_dtor (zval_ptr=0x7f88d60a4af8,
__zend_filename=0xe34970 "/home/tj/php-latest/Zend/zend_variables.c",
__zend_lineno=182)
at /home/tj/php-latest/Zend/zend_execute.h:81
#10 0x00000000008ef896 in _zval_ptr_dtor (zval_ptr=0x7f88d6030b28,
__zend_filename=0xe34970 "/home/tj/php-latest/Zend/zend_variables.c",
__zend_lineno=182)
at /home/tj/php-latest/Zend/zend_execute_API.c:428
#11 0x0000000000901f7b in _zval_ptr_dtor_wrapper (zval_ptr=0x7f88d6030b28) at
/home/tj/php-latest/Zend/zend_variables.c:182
#12 0x00000000009174a7 in zend_hash_destroy (ht=0x7f88d6069138) at /home/tj/php-
latest/Zend/zend_hash.c:560
#13 0x0000000000901b2f in _zval_dtor_func (zvalue=0x7f88d6b1ece8,
__zend_filename=0xe335f8 "/home/tj/php-latest/Zend/zend_execute.h",
__zend_lineno=81)
at /home/tj/php-latest/Zend/zend_variables.c:45
#14 0x00000000008ee4c1 in _zval_dtor (zvalue=0x7f88d6b1ece8,
__zend_filename=0xe335f8 "/home/tj/php-latest/Zend/zend_execute.h",
__zend_lineno=81)
at /home/tj/php-latest/Zend/zend_variables.h:35
#15 0x00000000008ee58c in i_zval_ptr_dtor (zval_ptr=0x7f88d6b1ece8,
__zend_filename=0xe33d68 "/home/tj/php-latest/Zend/zend_opcode.c",
__zend_lineno=169)
at /home/tj/php-latest/Zend/zend_execute.h:81
#16 0x00000000008ef896 in _zval_ptr_dtor (zval_ptr=0x7f88d6b1ef20,
__zend_filename=0xe33d68 "/home/tj/php-latest/Zend/zend_opcode.c",
__zend_lineno=169)
at /home/tj/php-latest/Zend/zend_execute_API.c:428
---Type <return> to continue, or q <return> to quit---
#17 0x00000000008f562e in cleanup_user_class_data (ce=0x7f88d6b1e528) at
/home/tj/php-latest/Zend/zend_opcode.c:169
#18 0x00000000008f5757 in zend_cleanup_user_class_data (pce=0x26d28e8) at
/home/tj/php-latest/Zend/zend_opcode.c:202
#19 0x0000000000917ee7 in zend_hash_reverse_apply (ht=0x25016b0,
apply_func=0x8f572e <zend_cleanup_user_class_data>) at /home/tj/php-
latest/Zend/zend_hash.c:799
#20 0x00000000008ef301 in shutdown_executor () at /home/tj/php-
latest/Zend/zend_execute_API.c:289
#21 0x000000000090411e in zend_deactivate () at /home/tj/php-
latest/Zend/zend.c:939
#22 0x000000000086c2b5 in php_request_shutdown (dummy=0x0) at /home/tj/php-
latest/main/main.c:1800
#23 0x00000000009b42f8 in do_cli (argc=2, argv=0x2500a40) at /home/tj/php-
latest/sapi/cli/php_cli.c:1176
#24 0x00000000009b4b8d in main (argc=2, argv=0x2500a40) at /home/tj/php-
latest/sapi/cli/php_cli.c:1377
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=64722&edit=1
