Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:10819 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 5827 invoked by uid 1010); 28 Jun 2004 14:14:21 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 5803 invoked from network); 28 Jun 2004 14:14:20 -0000 Received: from unknown (HELO chiba.rackshack.net) (216.127.80.125) by pb1.pair.com with SMTP; 28 Jun 2004 14:14:20 -0000 Received: from [10.10.10.82] (localhost.localdomain [127.0.0.1]) by chiba.rackshack.net (8.12.10/8.12.6) with ESMTP id i5SECJia029809 for ; Mon, 28 Jun 2004 09:12:19 -0500 Mime-Version: 1.0 (Apple Message framework v618) Content-Transfer-Encoding: 7bit Message-ID: <71F4FEB2-C90D-11D8-935E-003065D5A6CA@postfin.com> Content-Type: text/plain; charset=US-ASCII; format=flowed To: " " Date: Mon, 28 Jun 2004 09:14:19 -0500 X-Mailer: Apple Mail (2.618) Subject: Possible bug in zend_mm.c From: aleigh@postfin.com (Alex Leigh) Hi all. I have been having some problems with running PHP5 under the Continuity webserver, which I wrote the SAPI module for. 5 has been working well with the apps that people have been rolling out with Continuity so far, but one client has a large, complicated application that they have been trying to test on PHP5 on Solaris. When pages from the app are hit it will randomly crash after about 5 - 10 requests, depending. phpinfo() will serve all day long without problems. Different pages (and really, different complicated apps) will produce the crash. A common denominator is that they all use the OCI8 module to talk to Oracle, but I am not sure if this is directly related. It crashes like this on the CVS head and also RC3. I saw that there were some changes "recently" to zend_mm.c so I went back to RC1 and could not reproduce this crash, but, there was a different crash I had that I assume is unrelated and fixed at least by RC3. I have just started to look at this myself and was wondering if this jogs anyones memory or if anyone has any pointer on where I might begin, I am not very familiar with the memory allocator in PHP. Also, should I open a bug on this? Crash #1: (more common) =>[1] zend_mm_remove_from_free_list(heap = 0x12aca0, mm_block = 0x1e5f8e0), line 163 in "zend_mm.c" [2] zend_mm_free(heap = 0x12aca0, p = 0x1e5f988), line 362 in "zend_mm.c" [3] shutdown_memory_manager(silent = 0, full_shutdown = 0, tsrm_ls = 0x472d78), line 491 in "zend_alloc.c" [4] php_request_shutdown(dummy = (nil)), line 1223 in "main.c" [5] capi_module_main(request_context = 0x46cad8, tsrm_ls = 0x472d78), line 451 in "capi.c" [6] phpFservice(t = 0x10afe0, opts = 0xb7200), line 486 in "capi.c" [7] dlFpipeline_exec(payload = 0x10afe0, catid = 4, limit_name = 0xfef05fb0 "type", limit_value = 0x46ca90 "PHP/5.0.0-dev"), line 316 in "dl.c" [8] httpFhandler(0x3888510, 0x0, 0xff051a00, 0x0, 0x0, 0x0), at 0xfef03050 [9] thrFthread(arg = 0x1cf33d8), line 529 in "thr.c" mm_block = 0x1e5f8e0 __func__ = "zend_mm_remove_from_free_list" heap = 0x12aca0 *mm_block = { size = 0 type = 0 prev_size = 0 prev_free_block = 0x47 next_free_block = (nil) } ============================================= Crash #2: (less common) =>[1] zend_mm_alloc(heap = 0x122c90, size = 264U), line 308 in "zend_mm.c" [2] _emalloc(size = 256U), line 182 in "zend_alloc.c" [3] zend_stack_init(stack = 0xf9688), line 28 in "zend_stack.c" [4] shutdown_executor(tsrm_ls = 0x30d1d8), line 232 in "zend_execute_API.c" [5] zend_deactivate(tsrm_ls = 0x30d1d8), line 819 in "zend.c" [6] php_request_shutdown(dummy = (nil)), line 1212 in "main.c" [7] capi_module_main(request_context = 0x30ca88, tsrm_ls = 0x30d1d8), line 451 in "capi.c" [8] phpFservice(t = 0x10afe0, opts = 0xb7200), line 486 in "capi.c" [9] dlFpipeline_exec(payload = 0x10afe0, catid = 4, limit_name = 0xfef05fb0 "type", limit_value = 0x30ca58 "PHP/5.0.0-dev"), line 316 in "dl.c" [10] httpFhandler(0x3c927b8, 0x0, 0xff051a00, 0x0, 0x0, 0x0), at 0xfef03050 [11] thrFthread(arg = 0x2e367b0), line 529 in "thr.c" free_list_bucket = 0xfdf63d3c index = 35U best_fit = 0x3179550 p = 0x7000000 true_size = 280U size = 264U __func__ = "zend_mm_alloc" heap = 0x122c90 (dbx) print *free_list_bucket *free_list_bucket = 0x40000002 -- Alex Leigh - www.configuredlight.com The difference between theory and reality is that in theory there is no difference.