List:MySQL and PHP« Previous MessageNext Message »
From:Mike Date:August 4 2007 3:07pm
Subject:Re: crash with mysqlnd
View as plain text  

I found some tme now and  looked into the sources.

the macro SET_NEW_MESSAGE caused the problem.

#define SET_NEW_MESSAGE(buf, buf_len, message, len) \
         {\
                 if ((buf)) { \
                         efree((buf)); \
                 } \
                 (buf) = (message); \
                 (buf_len) = (len); \
                 /* Transfer ownership*/ \
                 (message) = NULL; \
         }


The crash was caused by the efree() call.
It tried to free conn->last_message

It was called here (mysqlnd_simple_command_handle_response):
                                 } else {

SET_NEW_MESSAGE(conn->last_message, conn->last_message_len,

ok_response.message, ok_response.message_len);

                                         conn->upsert_status.warning_count 
= ok_response.warning_count;
                                         conn->upsert_status.server_status 
= ok_response.server_status;
                                         conn->upsert_status.affected_rows 
= ok_response.affected_rows;
                                         conn->upsert_status.last_insert_id 
= ok_response.last_insert_id;
                                 }


Which is confusing because it tried to efree() con->last_message.....


Removing efree((buf)) solved the problem for me now... but I don't think 
it's the right fix. mysqlnd developers should take a look into 
it more closely.


-Mike


On Sat, 4 Aug 2007, Mike wrote:

>
> This is a high load site.
>
>
> With enabled eAccelerator:
> #0  zend_hash_rehash (ht=0x83965f0) at 
> /usr/local/src/build/php-5.2.3/Zend/zend_hash.c:447
> 447                     nIndex = p->h & ht->nTableMask;
> (gdb) bt
> #0  zend_hash_rehash (ht=0x83965f0) at 
> /usr/local/src/build/php-5.2.3/Zend/zend_hash.c:447
> #1  0x0823bca5 in zend_hash_do_resize (ht=0x83854d0) at 
> /usr/local/src/build/php-5.2.3/Zend/zend_hash.c:428
> #2  0x0823c333 in _zend_hash_quick_add_or_update (ht=0x83854d0, 
> arKey=0x28e630ec "nid", nKeyLength=4, h=2090544320, pData=0xbfbfa7cc, 
> nDataSize=4,
>    pDest=0xbfbfa870, flag=1) at 
> /usr/local/src/build/php-5.2.3/Zend/zend_hash.c:334
> #3  0x0824c5d1 in zend_assign_to_variable (result=0x28e588b8, op1=0x28e588cc, 
> op2=0x28e588e0, value=0x83ac9b4, type=4, Ts=0xbfbfa8e0)
>    at /usr/local/src/build/php-5.2.3/Zend/zend_execute.c:160
> #4  0x082a3eca in ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0xbfbfaec0) 
> at zend_vm_execute.h:24140
> #5  0x0824d59d in execute (op_array=0x83a7398) at zend_vm_execute.h:92
> #6  0x08253c17 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER 
> (execute_data=0xbfbfb390) at zend_vm_execute.h:2030
> #7  0x0824d59d in execute (op_array=0x839911c) at zend_vm_execute.h:92
> #8  0x0823448d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at 
> /usr/local/src/build/php-5.2.3/Zend/zend.c:1134
> #9  0x081fca21 in php_execute_script (primary_file=0xbfbfeb90) at 
> /usr/local/src/build/php-5.2.3/main/main.c:1794
> #10 0x082b078a in main (argc=1, argv=0xbfbfec20) at 
> /usr/local/src/build/php-5.2.3/sapi/cgi/cgi_main.c:1735
>
>
> With disabled eAccelerator:
> #0  0x0821ca31 in _zend_mm_free_int (heap=0x838a000, p=0x0) at 
> /usr/local/src/build/php-5.2.3/Zend/zend_alloc.c:821
> 821                     if (UNEXPECTED(prev->next_free_block != mm_block) || 
> UNEXPECTED(next->prev_free_block != mm_block)) {
> (gdb) bt
> #0  0x0821ca31 in _zend_mm_free_int (heap=0x838a000, p=0x0) at 
> /usr/local/src/build/php-5.2.3/Zend/zend_alloc.c:821
> #1  0x081ef11d in mysqlnd_simple_command_handle_response (conn=0x84fc000, 
> ok_packet=3217001560, silent=0 '\0', command=COM_PING)
>    at /usr/local/src/build/php-5.2.3/ext/mysqlnd/mysqlnd.c:264
> #2  0x081ef3f7 in mysqlnd_simple_command (conn=0x84fc000, command=COM_PING, 
> arg=0x0, arg_len=0, ok_packet=PROT_OK_PACKET, silent=0 '\0')
>    at /usr/local/src/build/php-5.2.3/ext/mysqlnd/mysqlnd.c:360
> #3  0x081f01fa in php_mysqlnd_conn_ping_pub (conn=0x84fc000) at 
> /usr/local/src/build/php-5.2.3/ext/mysqlnd/mysqlnd.c:813
> #4  0x080e0e00 in php_mysql_do_connect (ht=139434544, return_value=0x83ac040, 
> return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, persistent=1)
>    at /usr/local/src/build/php-5.2.3/ext/mysql/php_mysql.c:758
> #5  0x0824de16 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfbf91e0) 
> at zend_vm_execute.h:200
> #6  0x0824d59d in execute (op_array=0x83ab520) at zend_vm_execute.h:92
> #7  0x08253c17 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER 
> (execute_data=0xbfbfb380) at zend_vm_execute.h:2030
> #8  0x0824d59d in execute (op_array=0x83998b0) at zend_vm_execute.h:92
> #9  0x0823448d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at 
> /usr/local/src/build/php-5.2.3/Zend/zend.c:1134
> #10 0x081fca21 in php_execute_script (primary_file=0xbfbfeb80) at 
> /usr/local/src/build/php-5.2.3/main/main.c:1794
> #11 0x082b078a in main (argc=1, argv=0xbfbfec1c) at 
> /usr/local/src/build/php-5.2.3/sapi/cgi/cgi_main.c:1735
>
>
> -- 
> MySQL PHP Mailing List
> For list archives: http://lists.mysql.com/php
> To unsubscribe:    http://lists.mysql.com/php?unsub=1
>
>
>
Thread
crash with mysqlndMike4 Aug
  • Re: crash with mysqlndMike4 Aug
    • Re: crash with mysqlndUlf Wendel6 Aug
      • Re: crash with mysqlndMike6 Aug