ID: 43387 User updated by: matteo at beccati dot com Reported By: matteo at beccati dot com -Status: Feedback +Status: Open Bug Type: Reproducible crash Operating System: GNU/Linux 2.6.18 x86_64 PHP Version: 5.2.5 New Comment:
If I was able to understand what is causing the issue, I would happily create a short reproduce script. Unfortunately the bug only shows randomly during shutdown after a very complex script. The best I could do is to give you access to my machine in case the crash happens again, but I'm afraid I can't do much more right now. Previous Comments: ------------------------------------------------------------------------ [2007-11-25 17:31:26] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If the script requires a database to demonstrate the issue, please make sure it creates all necessary tables, stored procedures etc. Please avoid embedding huge scripts into the report. ------------------------------------------------------------------------ [2007-11-24 15:20:57] matteo at beccati dot com FreeBSD, PHP 5.2.4: ./configure --with-apxs2=/usr/local/sbin/apxs --with-mysql=/usr/local --with-pgsql=/usr/local/pgsql --with-zlib --with-iconv=/usr/local --enable-bcmath --enable-ftp --enable-mbstring --with-mcrypt=/usr/local --with-mhash=/usr/local --with-curl=/usr/local --with-xml --with-xmlrpc --with-gettext --with-gd --enable-gd-native-ttf --with-png --with-png-dir=/usr/local --with-jpeg --with-jpeg-dir=/usr/local --with-freetype-dir=/usr/local --with-ttf=/usr/local --enable-pcntl --enable-sockets --enable-sigchild --enable-shmop --enable-sysvmsg --enable-sysvsem --enable-sysvshm No extensions loaded in php.ini. Nothing has changed, but I'm unable to reproduce it ATM. Linux, PHP 5.2.5: ./configure --prefix=/usr/local/php-5.2.5 --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql-5.0 --with-pgsql=/usr/local/pgsql-8.2 --enable-mbstring --with-gd --enable-gd-native-ttf --with-freetype-dir --with-jpeg-dir --with-png-dir --with-curl --with-openssl --with-zlib --enable-pcntl No extensions loaded in php.ini. Another CriuseControl build failed for that very reason the last night. ------------------------------------------------------------------------ [2007-11-24 12:14:54] [EMAIL PROTECTED] What configure line was used when building PHP? Are you loading some extensions in php.ini? Did you disable all zend extensions (like caches, optimizers..etc.) ? ------------------------------------------------------------------------ [2007-11-23 10:57:32] matteo at beccati dot com Description: ------------ PHP 5.2.5 sometimes crashes with a segmentation fault after running a specific unit test suite. Unfortunately the issue isn't easily replicable and seems to happen randomly. We have CruiseControl running dozens of builds with different PHP versions back to 4.3 and it just happens that sometimes one of the builds using PHP 5.2.5 fails on a particular test. So far it happened when running tests with PostgreSQL 8.0, 8.1 and MySQL 5.0. I've just tried to replicate the issue on another server and I finally did it. It crashes also on FreeBSD 6.2/amd64 using PHP 5.2.4 and MySQL 5.1. Surprisingly a similarily compiled 5.2.5 doesn't crash on this server. Reproduce code: --------------- svn export -r12748 https://svn.openads.org/openads/trunk OA-trunk cd OA-trunk cp etc/test.conf var/ ; edit var/test.conf.php and set the db parameters cd tests php run.php --type=unit --level=file --layer=dal --folder=lib/OA/Dal/Delivery --file=DeliveryDB.dal.test.php --format=text --host=test Expected result: ---------------- UNIT: Data Abstraction Layer (DB): lib/OA/Dal/Delivery/DeliveryDB.dal.test.php OK Test cases run: 1/1, Passes: 302, Failures: 0, Exceptions: 0 Actual result: -------------- UNIT: Data Abstraction Layer (DB): lib/OA/Dal/Delivery/DeliveryDB.dal.test.php OK Test cases run: 1/1, Passes: 302, Failures: 0, Exceptions: 0 Segmentation fault: 11 (core dumped) gdb output on Linux / PHP 5.2.5 =============================== GNU gdb Red Hat Linux (6.5-16.el5rh) Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db library "/lib64/libthread_db.so.1". Reading symbols from /lib64/libcrypt.so.1...done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /usr/local/pgsql-8.2.5/lib/libpq.so.5...done. Loaded symbols for /usr/local/pgsql-8.2.5/lib/libpq.so.5 Reading symbols from /lib64/librt.so.1...done. Loaded symbols for /lib64/librt.so.1 Reading symbols from /usr/local/mysql-5.0.45-linux-x86_64-glibc23/lib/libmysqlclient.so.15...done. Loaded symbols for /usr/local/mysql-5.0/lib/libmysqlclient.so.15 Reading symbols from /usr/lib64/libfreetype.so.6...done. Loaded symbols for /usr/lib64/libfreetype.so.6 Reading symbols from /usr/lib64/libpng12.so.0...done. Loaded symbols for /usr/lib64/libpng12.so.0 Reading symbols from /usr/lib64/libjpeg.so.62...done. Loaded symbols for /usr/lib64/libjpeg.so.62 Reading symbols from /usr/lib64/libcurl.so.3...done. Loaded symbols for /usr/lib64/libcurl.so.3 Reading symbols from /lib64/libresolv.so.2...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /lib64/libm.so.6...done. Loaded symbols for /lib64/libm.so.6 Reading symbols from /lib64/libdl.so.2...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/libnsl.so.1...done. Loaded symbols for /lib64/libnsl.so.1 Reading symbols from /usr/lib64/libxml2.so.2...done. Loaded symbols for /usr/lib64/libxml2.so.2 Reading symbols from /lib64/libssl.so.6...done. Loaded symbols for /lib64/libssl.so.6 Reading symbols from /lib64/libcrypto.so.6...done. Loaded symbols for /lib64/libcrypto.so.6 Reading symbols from /usr/lib64/libgssapi_krb5.so.2...done. Loaded symbols for /usr/lib64/libgssapi_krb5.so.2 Reading symbols from /usr/lib64/libkrb5.so.3...done. Loaded symbols for /usr/lib64/libkrb5.so.3 Reading symbols from /usr/lib64/libk5crypto.so.3...done. Loaded symbols for /usr/lib64/libk5crypto.so.3 Reading symbols from /lib64/libcom_err.so.2...done. Loaded symbols for /lib64/libcom_err.so.2 Reading symbols from /usr/lib64/libidn.so.11...done. Loaded symbols for /usr/lib64/libidn.so.11 Reading symbols from /lib64/libc.so.6...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/libpthread.so.0...done. Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/ld-linux-x86-64.so.2...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /usr/lib64/libz.so.1...done. Loaded symbols for /usr/lib64/libz.so.1 Reading symbols from /usr/lib64/libkrb5support.so.0...done. Loaded symbols for /usr/lib64/libkrb5support.so.0 Reading symbols from /lib64/libnss_files.so.2...done. Loaded symbols for /lib64/libnss_files.so.2 Core was generated by `/usr/local/php-5.2/bin/php run.php --type=unit --level=file --layer=dal --folde'. Program terminated with signal 11, Segmentation fault. #0 0x000000000069f095 in _zend_mm_free_int (heap=0x129eb330, p=0x13b898d0) at /usr/local/src/php-5.2.5/Zend/zend_alloc.c:807 807 ZEND_MM_CHECK_TREE(mm_block); (gdb) bt full #0 0x000000000069f095 in _zend_mm_free_int (heap=0x129eb330, p=0x13b898d0) at /usr/local/src/php-5.2.5/Zend/zend_alloc.c:807 p = <value optimized out> mm_block = (zend_mm_block *) 0x13b89668 next_block = (zend_mm_block *) 0x13b89920 size = 96 #1 0x00000000006c4aae in zend_hash_destroy (ht=0x13a285e0) at /usr/local/src/php-5.2.5/Zend/zend_hash.c:531 p = (Bucket *) 0x13b421e8 #2 0x00000000006b9a3f in _zval_dtor_func (zvalue=0x139ed0f8) at /usr/local/src/php-5.2.5/Zend/zend_variables.c:43 No locals. #3 0x00000000006ad566 in _zval_ptr_dtor (zval_ptr=0x13a4f258) at /usr/local/src/php-5.2.5/Zend/zend_variables.h:35 No locals. #4 0x00000000006c4a88 in zend_hash_destroy (ht=0x13d28448) at /usr/local/src/php-5.2.5/Zend/zend_hash.c:526 p = (Bucket *) 0x13ba2480 #5 0x00000000006b9a3f in _zval_dtor_func (zvalue=0x13c9e128) at /usr/local/src/php-5.2.5/Zend/zend_variables.c:43 No locals. #6 0x00000000006ad566 in _zval_ptr_dtor (zval_ptr=0x13b7e568) at /usr/local/src/php-5.2.5/Zend/zend_variables.h:35 No locals. #7 0x00000000006c4a88 in zend_hash_destroy (ht=0x13ba3790) at /usr/local/src/php-5.2.5/Zend/zend_hash.c:526 p = (Bucket *) 0x13cd6f68 #8 0x00000000006d4359 in zend_object_std_dtor (object=0x13ca7350) at /usr/local/src/php-5.2.5/Zend/zend_objects.c:45 No locals. #9 0x00000000006d4379 in zend_objects_free_object_storage (object=0x129eb330) at /usr/local/src/php-5.2.5/Zend/zend_objects.c:122 No locals. #10 0x00000000006d73fb in zend_objects_store_free_object_storage ( objects=0xc44a40) at /usr/local/src/php-5.2.5/Zend/zend_objects_API.c:89 i = 39 #11 0x00000000006adaec in shutdown_executor () at /usr/local/src/php-5.2.5/Zend/zend_execute_API.c:299 __bailout = {{__jmpbuf = {12863136, 1788433170706147115, 7051744, 0, 140735876909575, 0, 1788410096376635051, 1788433170712606839}, __mask_was_saved = 0, __saved_mask = {__val = {224601251756, 312816976, 224604232032, 12862816, 1, 0, 140735876909575, 0, 224601251756, 12845728, 0, 12864960, 4805079, 312889664, 12864224, 12862816}}}} #12 0x00000000006ba062 in zend_deactivate () at /usr/local/src/php-5.2.5/Zend/zend.c:860 __orig_bailout = (jmp_buf *) 0x0 __bailout = {{__jmpbuf = {12861248, 1788433170706147115, 1, 0, 140735876909575, 0, 1788410096376619435, 1788433170712543689}, __mask_was_saved = 0, __saved_mask = {__val = {224604232032, 48, 48, 7, 224604232032, 12863136, 1, 0, 140735876909575, 0, 224601251756, 1788410096376627707, 1788433170712238944, 206158430208, 140735876907376, 1}}}} #13 0x000000000067848e in php_request_shutdown (dummy=<value optimized out>) at /usr/local/src/php-5.2.5/main/main.c:1485 __bailout = {{__jmpbuf = {12863136, 1788433170710094219, 1, 0, 140735876909575, 0, 1788410096376619179, 1788433170712290697}, __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0}}}} report_memleaks = 1 '\001' #14 0x000000000073a285 in main (argc=9, argv=0x7fff9ff346f8) at /usr/local/src/php-5.2.5/sapi/cli/php_cli.c:1321 __bailout = {{__jmpbuf = {0, 1788433170710094218, 7306640099802838133, 8103230749319183720, 110, 7596570286683205949, 1788410096376619979, 1788433170710970368}, __mask_was_saved = 0, __saved_mask = {__val = { 224600799864, 0, 46912507384152, 46912505074424, 224613378969, 224600849328, 224613372088, 4294967296, 4294967449, 46912507387520, 46912505076592, 140735876908224, 140735876908144, 2972705047, 224596626327, 0}}}} exit_status = 0 c = <value optimized out> file_handle = {type = 2 '\002', filename = 0x7fff9ff34a07 "run.php", opened_path = 0x0, handle = {fd = 314281120, fp = 0x12bb8ca0, stream = { handle = 0x12bb8ca0, reader = 0x6cdab0 <zend_stream_stdio_reader>, closer = 0x6cda90 <zend_stream_stdio_closer>, fteller = 0x6cda80 <zend_stream_stdio_fteller>, interactive = 0}}, free_filename = 0 '\0'} behavior = 1 reflection_what = 0x0 orig_optind = 1 orig_optarg = 0x0 arg_free = <value optimized out> arg_excp = <value optimized out> script_file = 0x7fff9ff34a07 "run.php" interactive = 0 module_started = 1 request_started = 329950032 lineno = 1 exec_direct = 0x0 exec_run = 0x0 exec_begin = 0x0 exec_end = 0x0 param_error = <value optimized out> hide_argv = 0 ini_entries_len = <value optimized out> gdb output on FreeBSD / PHP 5.2.4 ================================= GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Core was generated by `php'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libcrypt.so.3...done. Loaded symbols for /lib/libcrypt.so.3 Reading symbols from /usr/local/pgsql/lib/libpq.so.5...done. Loaded symbols for /usr/local/pgsql/lib/libpq.so.5 Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.15...done. Loaded symbols for /usr/local/lib/mysql/libmysqlclient.so.15 Reading symbols from /lib/libm.so.4...done. Loaded symbols for /lib/libm.so.4 Reading symbols from /lib/libz.so.3...done. Loaded symbols for /lib/libz.so.3 Reading symbols from /usr/local/lib/libmhash.so.2...done. Loaded symbols for /usr/local/lib/libmhash.so.2 Reading symbols from /usr/local/lib/libmcrypt.so.8...done. Loaded symbols for /usr/local/lib/libmcrypt.so.8 Reading symbols from /usr/local/lib/libltdl.so.4...done. Loaded symbols for /usr/local/lib/libltdl.so.4 Reading symbols from /usr/local/lib/libintl.so.8...done. Loaded symbols for /usr/local/lib/libintl.so.8 Reading symbols from /usr/local/lib/libfreetype.so.9...done. Loaded symbols for /usr/local/lib/libfreetype.so.9 Reading symbols from /usr/local/lib/libpng.so.5...done. Loaded symbols for /usr/local/lib/libpng.so.5 Reading symbols from /usr/local/lib/libjpeg.so.9...done. Loaded symbols for /usr/local/lib/libjpeg.so.9 Reading symbols from /usr/local/lib/libcurl.so.4...done. Loaded symbols for /usr/local/lib/libcurl.so.4 Reading symbols from /usr/lib/libssl.so.4...done. Loaded symbols for /usr/lib/libssl.so.4 Reading symbols from /lib/libcrypto.so.4...done. Loaded symbols for /lib/libcrypto.so.4 Reading symbols from /usr/local/lib/libxml2.so.5...done. Loaded symbols for /usr/local/lib/libxml2.so.5 Reading symbols from /usr/local/lib/libiconv.so.3...done. Loaded symbols for /usr/local/lib/libiconv.so.3 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /libexec/ld-elf.so.1...done. Loaded symbols for /libexec/ld-elf.so.1 #0 _zend_mm_free_int (heap=0xb64000, p=0x205da30) at /array1/compile/php-5.2.4-apache/Zend/zend_alloc.c:806 806 ZEND_MM_CHECK_TREE(mm_block); (gdb) bt full #0 _zend_mm_free_int (heap=0xb64000, p=0x205da30) at /array1/compile/php-5.2.4-apache/Zend/zend_alloc.c:806 p = (zend_mm_free_block **) 0xb64648 mm_block = (zend_mm_block *) 0x1f5ed20 next_block = (zend_mm_block *) 0x1f5ed90 size = 112 #1 0x00000000006dbc1d in zend_hash_destroy (ht=0x1f5ea78) at /array1/compile/php-5.2.4-apache/Zend/zend_hash.c:531 p = (Bucket *) 0x1f12b58 q = (Bucket *) 0x1f5ed30 #2 0x00000000006cf503 in _zval_dtor_func (zvalue=0x1f5ea50) at /array1/compile/php-5.2.4-apache/Zend/zend_variables.c:43 No locals. #3 0x00000000006c17f5 in _zval_ptr_dtor (zval_ptr=0x1f09578) at zend_variables.h:35 No locals. #4 0x00000000006dbc32 in zend_hash_destroy (ht=0x1f50468) at /array1/compile/php-5.2.4-apache/Zend/zend_hash.c:526 p = (Bucket *) 0x1f29040 q = (Bucket *) 0x1f09560 #5 0x00000000006cf503 in _zval_dtor_func (zvalue=0x1f63698) at /array1/compile/php-5.2.4-apache/Zend/zend_variables.c:43 No locals. #6 0x00000000006c17f5 in _zval_ptr_dtor (zval_ptr=0x2179748) at zend_variables.h:35 No locals. #7 0x00000000006dbc32 in zend_hash_destroy (ht=0x1f50960) at /array1/compile/php-5.2.4-apache/Zend/zend_hash.c:526 p = (Bucket *) 0x1ef5ff8 q = (Bucket *) 0x2179730 #8 0x00000000006e9cbd in zend_object_std_dtor (object=0x1f247c0) at /array1/compile/php-5.2.4-apache/Zend/zend_objects.c:45 No locals. #9 0x00000000006e9f79 in zend_objects_free_object_storage (object=0x1f247c0) at /array1/compile/php-5.2.4-apache/Zend/zend_objects.c:122 No locals. #10 0x00000000006ed0f6 in zend_objects_store_free_object_storage ( objects=0xb5f940) at /array1/compile/php-5.2.4-apache/Zend/zend_objects_API.c:89 i = 48 #11 0x00000000006c1e29 in shutdown_executor () at /array1/compile/php-5.2.4-apache/Zend/zend_execute_API.c:299 __orig_bailout = (jmp_buf *) 0x0 __bailout = {{_jb = {7085378, 11925736, 140737488346872, 11924896, 11922496, 0, 0, 0, 140737488290687, 0, 0, 72057594070317848}}} #12 0x00000000006d0195 in zend_deactivate () at /array1/compile/php-5.2.4-apache/Zend/zend.c:860 __orig_bailout = (jmp_buf *) 0x0 __bailout = {{_jb = {7143797, 11922496, 140737488347432, 11924896, 11922496, 0, 0, 0, 11862911, 0, 0, 2184591365}}} #13 0x000000000068d80f in php_request_shutdown (dummy=0x258) at /array1/compile/php-5.2.4-apache/main/main.c:1463 __orig_bailout = (jmp_buf *) 0x0 __bailout = {{_jb = {6870837, 140737488349864, 140737488347768, 140737488349848, 110, 0, 0, 0, 11535231, 0, 0, 140737488348656}}} report_memleaks = 1 '\001' #14 0x0000000000760f8e in main (argc=9, argv=0x7fffffffea98) at /array1/compile/php-5.2.4-apache/sapi/cli/php_cli.c:1321 __bailout = {{_jb = {7736934, 140737488349928, 140737488348856, 1, 110, 0, 0, 0, 2184971135, 0, 0, 2158826496}}} exit_status = 0 c = -1 file_handle = {type = 2 '\002', filename = 0x7fffffffec94 "run.php", opened_path = 0x0, handle = {fd = -2108630976, fp = 0x8250d840, stream = { handle = 0x8250d840, reader = 0x6e3430 <zend_stream_stdio_reader>, closer = 0x6e3450 <zend_stream_stdio_closer>, fteller = 0x6e3470 <zend_stream_stdio_fteller>, interactive = 0}}, free_filename = 0 '\0'} behavior = 1 reflection_what = 0x0 orig_optind = 1 orig_optarg = 0x0 arg_free = 0x7fffffffec94 "run.php" arg_excp = (char **) 0x258 script_file = 0x7fffffffec94 "run.php" interactive = 0 module_started = 1 request_started = 1 lineno = 1 exec_direct = 0x0 exec_run = 0x0 exec_begin = 0x0 exec_end = 0x0 param_error = 0x0 hide_argv = 0 ini_entries_len = 110 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=43387&edit=1
