ID: 43834 User updated by: jaco at jump dot co dot za Reported By: jaco at jump dot co dot za -Status: Feedback +Status: Open Bug Type: Scripting Engine problem Operating System: Windows 2003 PHP Version: 5.2CVS-2008-01-14 (snap) New Comment:
I am unable to privide any code to re-produce this proplem. The best I could figure out up to know is that the get_browser() function together with the browscap.ini on windows on a busy website is not a good idea. The bug does not appear every time, but after I removed all get_browser() code from the site, the server did not crash again. We get about 500,000 page impressions per day, and the error occured about 10-15 times a day. Previous Comments: ------------------------------------------------------------------------ [2008-01-28 23:37:39] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If the script requires a database to demonstrate the issue, please make sure it creates all necessary tables, stored procedures etc. Please avoid embedding huge scripts into the report. ------------------------------------------------------------------------ [2008-01-14 07:10:29] jaco at jump dot co dot za I got this in the user.dmp file: In user.dmp the assembly instruction at php5ts!_zend_mm_free_int+139 in C:\WINDOWS\system32\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x697a6f59 on thread 7 ------------------------------------------------------------------------ [2008-01-14 06:45:43] jaco at jump dot co dot za I finally got the symbol files to work, and the stack trace looks a bit different now: function: php5ts!_zend_mm_free_int 006aac9b 33c9 xor ecx,ecx 006aac9d 8b4718 mov eax,[edi+0x18] 006aaca0 85c0 test eax,eax 006aaca2 0f95c1 setne cl 006aaca5 8d448f14 lea eax,[edi+ecx*4+0x14] 006aaca9 8b4c8f14 mov ecx,[edi+ecx*4+0x14] 006aacad 85c9 test ecx,ecx 006aacaf 75e6 jnz php5ts!_zend_mm_free_int+0x117 (006aac97) 006aacb1 c70200000000 mov dword ptr [edx],0x0 006aacb7 eb6f jmp php5ts!_zend_mm_free_int+0x1a8 (006aad28) FAULT ->006aacb9 395f0c cmp [edi+0xc],ebx ds:0023:0000000c=???????? 006aacbc 7505 jnz php5ts!_zend_mm_free_int+0x143 (006aacc3) 006aacbe 395908 cmp [ecx+0x8],ebx 006aacc1 7410 jz php5ts!_zend_mm_free_int+0x153 (006aacd3) 006aacc3 68cc629500 push 0x9562cc 006aacc8 e883f6ffff call php5ts!zend_mm_panic (006aa350) 006aaccd 8b4dfc mov ecx,[ebp-0x4] 006aacd0 83c404 add esp,0x4 006aacd3 894f0c mov [edi+0xc],ecx 006aacd6 897908 mov [ecx+0x8],edi 006aacd9 8b03 mov eax,[ebx] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child 0236fae0 006abce9 080dab18 00020000 00755f17 php5ts!_zend_mm_free_int+0x139 (CONV: cdecl) 0236faec 00755f17 01253a20 0b936cac 00735f13 php5ts!_efree+0x39 (FPO: [1,0,0]) (CONV: cdecl) 0236faf8 00735f13 01253a78 0b936d20 0073a117 php5ts!_zval_dtor_func+0x27 (FPO: [1,0,1]) (CONV: cdecl) 0236fb04 0073a117 0b936cac 0b937348 0b927c00 php5ts!_zval_ptr_dtor+0x23 (FPO: [1,0,1]) (CONV: cdecl) 0236fb1c 00755f49 0b927c60 0b937354 00735f13 php5ts!zend_hash_destroy+0x27 (FPO: [EBP 0x0b927a40] [1,0,4]) (CONV: cdecl) 0236fb28 00735f13 0b927c00 0b937420 0073a1a3 php5ts!_zval_dtor_func+0x59 (FPO: [1,0,1]) (CONV: cdecl) 0236fb34 0073a1a3 0b937354 0b925718 0236fc10 php5ts!_zval_ptr_dtor+0x23 (FPO: [1,0,1]) (CONV: cdecl) 0236fb4c 006bce7b 0b927a40 00000000 0b91f89e php5ts!zend_hash_clean+0x23 (FPO: [EBP 0x0236fbb4] [1,0,4]) (CONV: cdecl) 0236fb94 006bc465 0236fbb4 080d98a0 006bc3e5 php5ts!zend_do_fcall_common_helper_SPEC+0xa0b (FPO: [EBP 0x0236fb98] [2,12,4]) (CONV: cdecl) 0236fba0 006bc3e5 0236fbb4 080d98a0 080d98a0 php5ts!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER+0x15 (FPO: [2,0,0]) (CONV: cdecl) 0236fc28 0075b9fd 00000008 080d98a0 00000000 php5ts!execute+0x1c5 (FPO: [EBP 0x0b920598] [2,16,3]) (CONV: cdecl) 0236fc58 006abca9 7c827d0b 00000040 000006f4 php5ts!php_execute_script+0x20d (CONV: cdecl) 0236fc5c 7c827d0b 00000040 000006f4 00000000 php5ts!_emalloc+0x39 (FPO: [1,0,0]) (CONV: cdecl) WARNING: Stack unwind information not available. Following frames may be wrong. 0236fc6c 77e61d43 08112da8 00000000 0236fcb8 ntdll!NtWaitForSingleObject+0xc 00000000 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObjectEx+0xad ------------------------------------------------------------------------ [2008-01-14 00:07:08] jaco at jump dot co dot za Description: ------------ On random apache crashes, the following is in the event log: Faulting application httpd.exe, version 2.2.4.0, faulting module php5ts.dll, version 5.2.5.5, fault address 0x0000adae. The fault address is always: 0x0000adae and 0x0000acb9 The following dump was created by dr watson: *----> State Dump for Thread Id 0xc68 <----* eax=030f011c ebx=016616f8 ecx=000a2168 edx=1a943ff8 esi=fe5415dc edi=00030000 eip=006aadae esp=03c2fad0 ebp=03c2fae0 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010293 function: php5ts!zend_mm_shutdown 006aad93 8b03 mov eax,[ebx] 006aad95 8b4d0c mov ecx,[ebp+0xc] 006aad98 03c8 add ecx,eax 006aad9a 894d0c mov [ebp+0xc],ecx 006aad9d 8bf9 mov edi,ecx 006aad9f 8b4604 mov eax,[esi+0x4] 006aada2 a801 test al,0x1 006aada4 0f85a7010000 jne php5ts!zend_mm_shutdown+0x11e1 (006aaf51) 006aadaa 24fc and al,0xfc 006aadac 2bf0 sub esi,eax FAULT ->006aadae 8b7e08 mov edi,[esi+0x8] ds:0023:fe5415e4=???????? 006aadb1 8b5e0c mov ebx,[esi+0xc] 006aadb4 3bfe cmp edi,esi 006aadb6 0f85b4000000 jne php5ts!zend_mm_shutdown+0x1100 (006aae70) 006aadbc 3bde cmp ebx,esi 006aadbe 740d jz php5ts!zend_mm_shutdown+0x105d (006aadcd) 006aadc0 68cc629500 push 0x9562cc 006aadc5 e886f5ffff call php5ts!zend_mm_shutdown+0x5e0 (006aa350) 006aadca 83c404 add esp,0x4 006aadcd 8b5618 mov edx,[esi+0x18] 006aadd0 33c9 xor ecx,ecx *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 03c2fae0 006abce9 1a9424d0 00030000 00755f17 php5ts!zend_mm_shutdown+0x103e 77bbce33 e877ba20 0000b685 8508758b ac840ff6 php5ts!efree+0x39 e868186a 00000000 00000000 00000000 00000000 0xe877ba20 I have installed the latest snapshot, and this is still happening. Reproduce code: --------------- I am not able to reproduce this code, this only happens on the production server, with more than 4 million records in the database, every page I tested does not cause this to happen, so I am now thinking that this might be caused by specific data coming from mysql ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=43834&edit=1