[PHP-BUG] Bug #65590 [NEW]: Apache segfaults and reports zend_mm_heap corrupted

Fri, 30 Aug 2013 02:03:08 -0700 

From:             ole dot skudsvik at gmail dot com
Operating system: Linux, CentOS 6
PHP version:      5.4.19
Package:          Apache2 related
Bug Type:         Bug
Bug description:Apache segfaults and reports zend_mm_heap corrupted

Description:
------------
We are experiencing regular Apache segfaults.

We are sadly not able to reproduce as this seems to happen randomly when
apache 
have been running for a while. Neither can we relate the problem to any
spesific 
PHP code.

Apache error.log:

[Wed Aug 28 13:00:50 2013] [notice] child pid 31638 exit signal
Segmentation 
fault (11)
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
[Wed Aug 28 13:43:58 2013] [notice] child pid 13750 exit signal
Segmentation 
fault (11)


GDB Backtrace:

Core was generated by `/usr/sbin/httpd'.
Program terminated with signal 11, Segmentation fault.
#0  zend_mm_add_to_free_list (heap=<value optimized out>, 
mm_block=0x7f8e9aef8cc0) at
/usr/src/debug/php-5.4.19/Zend/zend_alloc.c:748
748                             if (ZEND_MM_FREE_BLOCK_SIZE(prev) != size) {
(gdb) bt
#0  zend_mm_add_to_free_list (heap=<value optimized out>, 
mm_block=0x7f8e9aef8cc0) at
/usr/src/debug/php-5.4.19/Zend/zend_alloc.c:748
#1  0x00007f8e8ed74412 in _zend_mm_free_int (heap=0x7f8e9a32d6a0, 
p=0x7f8e9aef8cd0) at /usr/src/debug/php-5.4.19/Zend/zend_alloc.c:2114
#2  0x00007f8e8eda6ad1 in zend_hash_destroy (ht=0x7f8e8f19ffd0) at 
/usr/src/debug/php-5.4.19/Zend/zend_hash.c:565
#3  0x00007f8e8ed8d173 in shutdown_executor () at /usr/src/debug/php-
5.4.19/Zend/zend_execute_API.c:322
#4  0x00007f8e8ed99e52 in zend_deactivate () at /usr/src/debug/php-
5.4.19/Zend/zend.c:938
#5  0x00007f8e8ed3c67c in php_request_shutdown (dummy=<value optimized
out>) at 
/usr/src/debug/php-5.4.19/main/main.c:1803
#6  0x00007f8e8ee44037 in php_apache_request_dtor (r=0x7f8e9ac8d1a8) at 
/usr/src/debug/php-5.4.19/sapi/apache2handler/sapi_apache2.c:507
#7  php_handler (r=0x7f8e9ac8d1a8) at /usr/src/debug/php-
5.4.19/sapi/apache2handler/sapi_apache2.c:679
#8  0x00007f8e97ea0bb0 in ap_run_handler (r=0x7f8e9ac8d1a8) at 
/usr/src/debug/httpd-2.2.15/server/config.c:158
#9  0x00007f8e97ea446e in ap_invoke_handler (r=0x7f8e9ac8d1a8) at 
/usr/src/debug/httpd-2.2.15/server/config.c:376
#10 0x00007f8e97eafb30 in ap_process_request (r=0x7f8e9ac8d1a8) at 
/usr/src/debug/httpd-2.2.15/modules/http/http_request.c:282
#11 0x00007f8e97eac9a8 in ap_process_http_connection (c=0x7f8e9ac80c18) at

/usr/src/debug/httpd-2.2.15/modules/http/http_core.c:190
#12 0x00007f8e97ea86b8 in ap_run_process_connection (c=0x7f8e9ac80c18) at 
/usr/src/debug/httpd-2.2.15/server/connection.c:43
#13 0x00007f8e97eb4977 in child_main (child_num_arg=<value optimized out>)
at 
/usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:667
#14 0x00007f8e97eb4c8a in make_child (s=0x7f8e99ffe860, slot=6) at 
/usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:763
#15 0x00007f8e97eb590c in perform_idle_server_maintenance (_pconf=<value 
optimized out>, plog=<value optimized out>, s=<value optimized out>) at 
/usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:898
#16 ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, 
s=<value optimized out>) at /usr/src/debug/httpd-
2.2.15/server/mpm/prefork/prefork.c:1102
#17 0x00007f8e97e8c900 in main (argc=1, argv=0x7fffb01ca148) at 
/usr/src/debug/httpd-2.2.15/server/main.c:760

A complete strace of the crash is available here: 
https://gist.github.com/olesku/6387821

Test script:
---------------
Currently not able to reproduce.


-- 
Edit bug report at https://bugs.php.net/bug.php?id=65590&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=65590&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=65590&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=65590&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=65590&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=65590&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=65590&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=65590&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=65590&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=65590&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=65590&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=65590&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=65590&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=65590&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65590&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=65590&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=65590&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=65590&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=65590&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=65590&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=65590&r=mysqlcfg

Reply via email to