ID: 43582 User updated by: steve at grommit dot com Reported By: steve at grommit dot com -Status: Feedback +Status: Open Bug Type: Apache2 related Operating System: OpenSolaris (snv_75a) PHP Version: 5.2.5 New Comment:
Nope - still crashes. I installed from the CVS tarball pointed at below, and just got the following core dump: [EMAIL PROTECTED]:core] 501$ mdb core.httpd.9922 Loading modules: [ libc.so.1 libnvpair.so.1 libuutil.so.1 libavl.so.1 ld.so.1 ] > $c libphp5.so`_zend_mm_alloc_int+0x11f(82329e8, 40) libphp5.so`_emalloc+0x27(40) libphp5.so`_safe_emalloc+0xa0(10, 4, 0) libphp5.so`_ecalloc+0x2a(10, 4) libphp5.so`_zend_hash_init+0x8e(8047738, a, 0, 0, 0) libphp5.so`ps_srlzr_encode_php+0x48(80477b4, 80477ec) libphp5.so`php_session_encode+0x42(80477ec) libphp5.so`php_session_save_current_state+0x246(0, fdbb9d5c, 8047824, fd3d2cac, 82a6c40, fd2ac45c) libphp5.so`php_session_flush+0x54(8047878, fd2ac476, 1, e, fd2902bb, 82329e8) libphp5.so`zm_deactivate_session+0xb(1, e) libphp5.so`module_registry_cleanup+0x1a(82a6c78) libphp5.so`zend_hash_apply+0x54(fd413d60, fd2ac45c) libphp5.so`zend_deactivate_modules+0x55(8380000, fd414fc0, fd3d2cac, fd3d2cac, fd414fc0, 8380000) libphp5.so`php_request_shutdown+0x125(0) libphp5.so`php_handler+0x4ae(8380000) ap_run_handler+0x25(8380000) ap_invoke_handler+0xba(8380000) ap_process_request+0x50(8380000) ap_process_http_connection+0x52(8372260) ap_run_process_connection+0x25(8372260) ap_process_connection+0x3a(8372260, 8371fc8) child_main+0x2f6(6) make_child+0x84(80beaf8, 6) perform_idle_server_maintenance+0xe2(80bcc58) ap_mpm_run+0x234(80bcc58, 80ead10, 80beaf8) main+0x6e8(3, 8047e38, 8047e48) _start+0x7a(3, 8047ed4, 8047eeb, 8047eee, 0, 8047ef4) Since it looks like it happened at a different instruction, here's the disassembly: > libphp5.so`_zend_mm_alloc_int+0x11f::dis libphp5.so`_zend_mm_alloc_int+0x104: testl %esi,%esi libphp5.so`_zend_mm_alloc_int+0x106: jne +0x7 <libphp5.so`_zend_mm_alloc_int+0x10f> libphp5.so`_zend_mm_alloc_int+0x108: jmp +0x231 <libphp5.so`_zend_mm_alloc_int+0x33e> libphp5.so`_zend_mm_alloc_int+0x10d: movl %ecx,%esi libphp5.so`_zend_mm_alloc_int+0x10f: movl 0x2874(%ebx),%eax libphp5.so`_zend_mm_alloc_int+0x115: movl (%eax),%eax libphp5.so`_zend_mm_alloc_int+0x117: testl %eax,%eax libphp5.so`_zend_mm_alloc_int+0x119: je +0x2 <libphp5.so`_zend_mm_alloc_int+0x11d> libphp5.so`_zend_mm_alloc_int+0x11b: call *%eax libphp5.so`_zend_mm_alloc_int+0x11d: movl (%esi),%eax libphp5.so`_zend_mm_alloc_int+0x11f: cmpl 0x4(%esi,%eax),%eax libphp5.so`_zend_mm_alloc_int+0x123: jne +0x15 <libphp5.so`_zend_mm_alloc_int+0x13a> libphp5.so`_zend_mm_alloc_int+0x125: movl 0x4(%esi),%edx libphp5.so`_zend_mm_alloc_int+0x128: cmpl $0x3,%edx libphp5.so`_zend_mm_alloc_int+0x12b: je +0x1c <libphp5.so`_zend_mm_alloc_int+0x149> libphp5.so`_zend_mm_alloc_int+0x12d: movl %edx,%eax libphp5.so`_zend_mm_alloc_int+0x12f: andl $0xfffffffc,%eax libphp5.so`_zend_mm_alloc_int+0x132: movl %esi,%ecx libphp5.so`_zend_mm_alloc_int+0x134: subl %eax,%ecx libphp5.so`_zend_mm_alloc_int+0x136: cmpl %edx,(%ecx) libphp5.so`_zend_mm_alloc_int+0x138: je +0xf <libphp5.so`_zend_mm_alloc_int+0x149> and the register contents: > $r %cs = 0x0043 %eax = 0x3a726f72 %ds = 0x004b %ebx = 0xfd3d2cac %ss = 0x004b %ecx = 0x082329e8 %es = 0x004b %edx = 0x00000003 %fs = 0x0000 %esi = 0x087460e0 %gs = 0x01c3 %edi = 0x00000000 %eip = 0xfd28f74b libphp5.so`_zend_mm_alloc_int+0x11f %ebp = 0x0804765c %kesp = 0x00000000 %eflags = 0x00000246 id=0 vip=0 vif=0 ac=0 vm=0 rf=0 nt=0 iopl=0x0 status=<of,df,IF,tf,sf,ZF,af,PF,cf> %esp = 0x08047634 %trapno = 0xe %err = 0x4 It's definitely a recurring crash - unfortunately since it's in httpd, I don't know how to figure out what page/PHP instruction is causing it to trip. Got any suggestions for what I can do to help to try and narrow down the cause? Previous Comments: ------------------------------------------------------------------------ [2007-12-13 09:18:42] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi ------------------------------------------------------------------------ [2007-12-12 18:10:07] steve at grommit dot com Description: ------------ I'm seeing consistent core dumps of httpd in libphp5.so (compiled on my Solaris Nevada build 75a machine), all of them here: libphp5.so`_zend_mm_alloc_int+0x5e(82329e8, 2d) This is snv_75a on a quad core Intel xeon with PHP 5.2.5 and Apache2 2.2.3. Actual result: -------------- Stack trace: [EMAIL PROTECTED]:core] 501$ mdb core.httpd.22142 $Loading modules: [ libc.so.1 libnvpair.so.1 libuutil.so.1 libavl.so.1 ld.so.1 ] > $c libphp5.so`_zend_mm_alloc_int+0x5e(82329e8, 2d) libphp5.so`_emalloc+0x27(2d) libphp5.so`_zend_hash_quick_add_or_update+0x1f1(85cec90, 8999260, a, 7f4f5fed, 80438a8, 4) libphp5.so`_get_zval_ptr_ptr+0x17e(880a6c0, 8043940, 80438f0, 1) libphp5.so`ZEND_RECV_INIT_SPEC_CONST_HANDLER+0x103(8044168) libphp5.so`execute+0x12d(8714c90) libphp5.so`zend_do_fcall_common_helper_SPEC+0x29f(8044fd8) libphp5.so`ZEND_DO_FCALL_SPEC_CONST_HANDLER+0x67(8044fd8) libphp5.so`execute+0x12d(8906200) libphp5.so`zend_do_fcall_common_helper_SPEC+0x29f(8047558) libphp5.so`ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER+0x15(8047558) libphp5.so`execute+0x12d(823daf8) libphp5.so`zend_execute_scripts+0x128(8, 0, 3, 0, 8047b24, 0) libphp5.so`php_execute_script+0x26d(8047b24) libphp5.so`php_handler+0x426(8380000) ap_run_handler+0x25(8380000) ap_invoke_handler+0xba(8380000) ap_process_request+0x50(8380000) ap_process_http_connection+0x52(8372260) ap_run_process_connection+0x25(8372260) ap_process_connection+0x3a(8372260, 8371fc8) child_main+0x2f6(13) make_child+0x84(80beaf8, 13) perform_idle_server_maintenance+0xe2(80bcc58) ap_mpm_run+0x234(80bcc58, 80ead10, 80beaf8) main+0x6e8(3, 8047e38, 8047e48) _start+0x7a(3, 8047ed4, 8047eeb, 8047eee, 0, 8047ef4) Dissassembly of that portion of the code: > libphp5.so`_zend_mm_alloc_int+0x5e::dis libphp5.so`_zend_mm_alloc_int+0x3f: shrl $0x3,%esi libphp5.so`_zend_mm_alloc_int+0x42: leal -0x2(%esi),%ecx libphp5.so`_zend_mm_alloc_int+0x45: cmpl %edx,%eax libphp5.so`_zend_mm_alloc_int+0x47: jb +0x44e <libphp5.so`_zend_mm_alloc_int+0x49b> libphp5.so`_zend_mm_alloc_int+0x4d: movl 0x8(%ebp),%eax libphp5.so`_zend_mm_alloc_int+0x50: movl %eax,-0x4(%ebp) libphp5.so`_zend_mm_alloc_int+0x53: movl 0x3c(%eax,%esi,4),%edx libphp5.so`_zend_mm_alloc_int+0x57: testl %edx,%edx libphp5.so`_zend_mm_alloc_int+0x59: je +0x18 <libphp5.so`_zend_mm_alloc_int+0x73> libphp5.so`_zend_mm_alloc_int+0x5b: leal 0x8(%edx),%eax libphp5.so`_zend_mm_alloc_int+0x5e: movl 0x8(%edx),%ecx libphp5.so`_zend_mm_alloc_int+0x61: movl -0x4(%ebp),%edx libphp5.so`_zend_mm_alloc_int+0x64: movl %ecx,0x3c(%edx,%esi,4) libphp5.so`_zend_mm_alloc_int+0x68: movl -0x10(%ebp),%ecx libphp5.so`_zend_mm_alloc_int+0x6b: subl %ecx,0x40(%edx) libphp5.so`_zend_mm_alloc_int+0x6e: jmp +0x443 <libphp5.so`_zend_mm_alloc_int+0x4b6> libphp5.so`_zend_mm_alloc_int+0x73: movl -0x4(%ebp),%eax libphp5.so`_zend_mm_alloc_int+0x76: movl 0x4(%eax),%eax libphp5.so`_zend_mm_alloc_int+0x79: shrl %cl,%eax libphp5.so`_zend_mm_alloc_int+0x7b: testl %eax,%eax libphp5.so`_zend_mm_alloc_int+0x7d: je +0x1b <libphp5.so`_zend_mm_alloc_int+0x9a> Register contents: > $r %cs = 0x0043 %eax = 0x41373041 %ds = 0x004b %ebx = 0xfd3d156c %ss = 0x004b %ecx = 0x00000005 %es = 0x004b %edx = 0x41373039 %fs = 0x0000 %esi = 0x00000007 %gs = 0x01c3 %edi = 0x00000000 %eip = 0xfd28f552 libphp5.so`_zend_mm_alloc_int+0x5e %ebp = 0x080437ec %kesp = 0x00000000 %eflags = 0x00000206 id=0 vip=0 vif=0 ac=0 vm=0 rf=0 nt=0 iopl=0x0 status=<of,df,IF,tf,sf,zf,af,PF,cf> %esp = 0x080437c4 %trapno = 0xe %err = 0x4 > ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=43582&edit=1
