Edit report at https://bugs.php.net/bug.php?id=55753&edit=1
ID: 55753
Comment by: dado at burza dot hr
Reported by: dado at burza dot hr
Summary: Sporadic crashes
Status: Feedback
Type: Bug
Package: Reproducible crash
Operating System: Fedora 14 i686
PHP Version: 5.3.8
Block user comment: N
Private report: N
New Comment:
As promised, this is a BT on Ubuntu running PHP 5.3.5-1ubuntu7.2 crashing on
the exact same spot. Don't know why php5-dbg package doesn't include full
source.
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal 11, Segmentation fault.
#0 _zval_ptr_dtor (zval_ptr=0x7ffb5103f628)
at /build/buildd/php5-5.3.5/Zend/zend.h:385
385 /build/buildd/php5-5.3.5/Zend/zend.h: No such file or directory.
in /build/buildd/php5-5.3.5/Zend/zend.h
(gdb) set pagination 0
(gdb) thread apply all bt full
Thread 1 (Thread 11025):
#0 _zval_ptr_dtor (zval_ptr=0x7ffb5103f628) at
/build/buildd/php5-5.3.5/Zend/zend.h:385
No locals.
#1 0x00007ffb4bf42043 in zend_hash_destroy (ht=0x7ffb51042098) at
/build/buildd/php5-5.3.5/Zend/zend_hash.c:729
No locals.
#2 0x00007ffb4bf33caf in _zval_dtor_func (zvalue=0x7ffb50e829e0) at
/build/buildd/php5-5.3.5/Zend/zend_variables.c:46
No locals.
#3 0x00007ffb4bf26392 in _zval_ptr_dtor (zval_ptr=0x7ffb5103d7e8) at
/build/buildd/php5-5.3.5/Zend/zend_variables.h:35
No locals.
#4 0x00007ffb4bf42043 in zend_hash_destroy (ht=0x7ffb510422e8) at
/build/buildd/php5-5.3.5/Zend/zend_hash.c:729
No locals.
#5 0x00007ffb4bf55819 in zend_object_std_dtor (object=0x7ffb51027348) at
/build/buildd/php5-5.3.5/Zend/zend_objects.c:45
No locals.
#6 0x00007ffb4bf55839 in zend_objects_free_object_storage
(object=0x7ffb51027348) at /build/buildd/php5-5.3.5/Zend/zend_objects.c:126
No locals.
#7 0x00007ffb4bf59801 in zend_objects_store_del_ref_by_handle_ex
(handle=32763, handlers=0x7ffb4fcef1f0) at
/build/buildd/php5-5.3.5/Zend/zend_objects_API.c:220
__orig_bailout = <incomplete type>
__bailout = {{__jmpbuf = {3963155104, 32767, 1357416720, 32763,
2516337659, 3972986342, 1359405360, 32763}, __mask_was_saved = -1638120453,
__saved_mask = {__val = {0, 32763, 1274365381, 32763, 1356958584, 32763,
1355452944, 32763, 0, 0, 1274365381, 32763, 1355952000, 32763, 1274365381,
32763}}}}
obj = 0x2580
failure = 32763
#8 0x00007ffb4bf59823 in zend_objects_store_del_ref (zobject=0x7ffb50e88910)
at /build/buildd/php5-5.3.5/Zend/zend_objects_API.c:172
handle = 1359214120
#9 0x00007ffb4bf26392 in _zval_ptr_dtor (zval_ptr=0x7ffb5104ea20) at
/build/buildd/php5-5.3.5/Zend/zend_variables.h:35
No locals.
#10 0x00007ffb4bf42043 in zend_hash_destroy (ht=0x7ffb50e913b8) at
/build/buildd/php5-5.3.5/Zend/zend_hash.c:729
No locals.
#11 0x00007ffb4bf33caf in _zval_dtor_func (zvalue=0x7ffb50e93840) at
/build/buildd/php5-5.3.5/Zend/zend_variables.c:46
No locals.
#12 0x00007ffb4bf26392 in _zval_ptr_dtor (zval_ptr=0x7ffb50cb1180) at
/build/buildd/php5-5.3.5/Zend/zend_variables.h:35
No locals.
#13 0x00007ffb4bf42043 in zend_hash_destroy (ht=0x7ffb50c357e0) at
/build/buildd/php5-5.3.5/Zend/zend_hash.c:729
No locals.
#14 0x00007ffb4bf55819 in zend_object_std_dtor (object=0x7ffb50c35430) at
/build/buildd/php5-5.3.5/Zend/zend_objects.c:45
No locals.
#15 0x00007ffb4bf55839 in zend_objects_free_object_storage
(object=0x7ffb50c35430) at /build/buildd/php5-5.3.5/Zend/zend_objects.c:126
No locals.
#16 0x00007ffb4bf5936f in zend_objects_store_free_object_storage
(objects=0x7ffb4c66fbf8) at /build/buildd/php5-5.3.5/Zend/zend_objects_API.c:92
i = 79
#17 0x00007ffb4bf269b4 in shutdown_executor () at
/build/buildd/php5-5.3.5/Zend/zend_execute_API.c:302
__orig_bailout = <incomplete type>
__bailout = {{__jmpbuf = {1281816640, 32763, 3456910331, 3972973522,
1281814688, 32763, 1342279408, 32763}, __mask_was_saved = 0, __saved_mask =
{__val = {1350706600, 32763, 0, 0, 1274365153, 32763, 1350922816, 32763,
1249169440, 32763, 1281798232, 32763, 1249169440, 32763, 0, 0}}}}
__bailout = {{__jmpbuf = {1281816640, 32763, 3456910331, 3972973522,
1281814688, 32763, 1342279408, 32763}, __mask_was_saved = 0, __saved_mask =
{__val = {1350706600, 32763, 0, 0, 1274365153, 32763, 1350922816, 32763,
1249169440, 32763, 1281798232, 32763, 1249169440, 32763, 0, 0}}}}
__bailout = {{__jmpbuf = {1281816640, 32763, 3456910331, 3972973522,
1281814688, 32763, 1342279408, 32763}, __mask_was_saved = 0, __saved_mask =
{__val = {1350706600, 32763, 0, 0, 1274365153, 32763, 1350922816, 32763,
1249169440, 32763, 1281798232, 32763, 1249169440, 32763, 0, 0}}}}
__bailout = {{__jmpbuf = {1281816640, 32763, 3456910331, 3972973522,
1281814688, 32763, 1342279408, 32763}, __mask_was_saved = 0, __saved_mask =
{__val = {1350706600, 32763, 0, 0, 1274365153, 32763, 1350922816, 32763,
1249169440, 32763, 1281798232, 32763, 1249169440, 32763, 0, 0}}}}
__bailout = {{__jmpbuf = {1281816640, 32763, 3456910331, 3972973522,
1281814688, 32763, 1342279408, 32763}, __mask_was_saved = 0, __saved_mask =
{__val = {1350706600, 32763, 0, 0, 1274365153, 32763, 1350922816, 32763,
1249169440, 32763, 1281798232, 32763, 1249169440, 32763, 0, 0}}}}
__bailout = {{__jmpbuf = {1281816640, 32763, 3456910331, 3972973522,
1281814688, 32763, 1342279408, 32763}, __mask_was_saved = 0, __saved_mask =
{__val = {1350706600, 32763, 0, 0, 1274365153, 32763, 1350922816, 32763,
1249169440, 32763, 1281798232, 32763, 1249169440, 32763, 0, 0}}}}
__bailout = {{__jmpbuf = {1281816640, 32763, 3456910331, 3972973522,
1281814688, 32763, 1342279408, 32763}, __mask_was_saved = 0, __saved_mask =
{__val = {1350706600, 32763, 0, 0, 1274365153, 32763, 1350922816, 32763,
1249169440, 32763, 1281798232, 32763, 1249169440, 32763, 0, 0}}}}
__bailout = {{__jmpbuf = {1281816640, 32763, 3456910331, 3972973522,
1281814688, 32763, 1342279408, 32763}, __mask_was_saved = 0, __saved_mask =
{__val = {1350706600, 32763, 0, 0, 1274365153, 32763, 1350922816, 32763,
1249169440, 32763, 1281798232, 32763, 1249169440, 32763, 0, 0}}}}
__orig_bailout = <incomplete type>
__bailout = {{__jmpbuf = {1281816640, 32763, 3456910331, 3972973522,
1281814688, 32763, 1342279408, 32763}, __mask_was_saved = 0, __saved_mask =
{__val = {1350706600, 32763, 0, 0, 1274365153, 32763, 1350922816, 32763,
1249169440, 32763, 1281798232, 32763, 1249169440, 32763, 0, 0}}}}
__bailout = {{__jmpbuf = {1281816640, 32763, 3456910331, 3972973522,
1281814688, 32763, 1342279408, 32763}, __mask_was_saved = 0, __saved_mask =
{__val = {1350706600, 32763, 0, 0, 1274365153, 32763, 1350922816, 32763,
1249169440, 32763, 1281798232, 32763, 1249169440, 32763, 0, 0}}}}
__bailout = {{__jmpbuf = {1281816640, 32763, 3456910331, 3972973522,
1281814688, 32763, 1342279408, 32763}, __mask_was_saved = 0, __saved_mask =
{__val = {1350706600, 32763, 0, 0, 1274365153, 32763, 1350922816, 32763,
1249169440, 32763, 1281798232, 32763, 1249169440, 32763, 0, 0}}}}
#18 0x00007ffb4bf34a05 in zend_deactivate () at
/build/buildd/php5-5.3.5/Zend/zend.c:962
__orig_bailout = 0xffffffff00000001
__bailout = {{__jmpbuf = {0, 0, 1281814688, 32763, 2995536891,
322458676, 1281814688, 32763}, __mask_was_saved = 558253051, __saved_mask =
{__val = {0, 32763, 1342279408, 32763, 1, 4294967295, 0, 0, 0, 0, 0, 0,
1350261504, 32763, 1328329152, 32763}}}}
__orig_bailout = 0xffffffff00000001
__bailout = {{__jmpbuf = {0, 0, 1281814688, 32763, 2995536891,
322458676, 1281814688, 32763}, __mask_was_saved = 558253051, __saved_mask =
{__val = {0, 32763, 1342279408, 32763, 1, 4294967295, 0, 0, 0, 0, 0, 0,
1350261504, 32763, 1328329152, 32763}}}}
__orig_bailout = 0x0
__bailout = {{__jmpbuf = {0, 0, 1281814688, 32763, 2995536891,
322458676, 1281814688, 32763}, __mask_was_saved = 558253051, __saved_mask =
{__val = {0, 32763, 1342279408, 32763, 1, 4294967295, 0, 0, 0, 0, 0, 0,
1350261504, 32763, 1328329152, 32763}}}}
__orig_bailout = 0x0
__bailout = {{__jmpbuf = {0, 0, 1281814688, 32763, 2995536891,
322458676, 1281814688, 32763}, __mask_was_saved = 558253051, __saved_mask =
{__val = {0, 32763, 1342279408, 32763, 1, 4294967295, 0, 0, 0, 0, 0, 0,
1350261504, 32763, 1328329152, 32763}}}}
__orig_bailout = 0x7ffb5079b770
__bailout = {{__jmpbuf = {0, 0, 1281814688, 32763, 2995536891,
322458676, 1281814688, 32763}, __mask_was_saved = 558253051, __saved_mask =
{__val = {0, 32763, 1342279408, 32763, 1, 4294967295, 0, 0, 0, 0, 0, 0,
1350261504, 32763, 1328329152, 32763}}}}
__orig_bailout = 0x0
__bailout = {{__jmpbuf = {0, 0, 1281814688, 32763, 2995536891,
322458676, 1281814688, 32763}, __mask_was_saved = 558253051, __saved_mask =
{__val = {0, 32763, 1342279408, 32763, 1, 4294967295, 0, 0, 0, 0, 0, 0,
1350261504, 32763, 1328329152, 32763}}}}
__orig_bailout = 0xffffffff00000001
__bailout = {{__jmpbuf = {0, 0, 1281814688, 32763, 2995536891,
322458676, 1281814688, 32763}, __mask_was_saved = 558253051, __saved_mask =
{__val = {0, 32763, 1342279408, 32763, 1, 4294967295, 0, 0, 0, 0, 0, 0,
1350261504, 32763, 1328329152, 32763}}}}
#19 0x00007ffb4bee19ff in php_request_shutdown (dummy=0x7ffb5103f628) at
/build/buildd/php5-5.3.5/main/main.c:1649
report_memleaks = 0 '\000'
#20 0x00007ffb4bfcc287 in php_handler (r=0x7ffb4bfcc287) at
/build/buildd/php5-5.3.5/sapi/apache2handler/sapi_apache2.c:526
ctx = 0x7ffb507f17c8
conf = 0x7ffb507ef2c8
brigade = 0x0
bucket = 0x7ffb4fc720d8
rv = 1338450136
parent_req = 0x1
#21 0x00007ffb4fde9318 in ap_run_handler (r=0x7ffb507ef2c8) at
/build/buildd/apache2-2.2.17/server/config.c:159
pHook = <value optimized out>
n = <value optimized out>
rv = <value optimized out>
#22 0x00007ffb4fde977c in ap_invoke_handler (r=0x7ffb507ef2c8) at
/build/buildd/apache2-2.2.17/server/config.c:377
handler = <value optimized out>
p = <value optimized out>
result = <value optimized out>
old_handler = 0x7ffb50528778 "application/x-httpd-php"
ignore = <value optimized out>
#23 0x00007ffb4fdf8b8c in ap_internal_redirect (new_uri=<value optimized out>,
r=<value optimized out>) at
/build/buildd/apache2-2.2.17/modules/http/http_request.c:549
new = 0x7ffb507ef2c8
access_status = <value optimized out>
#24 0x00007ffb4a29b12d in handler_redirect (r=0x7ffb507ea700) at
/build/buildd/apache2-2.2.17/modules/mappers/mod_rewrite.c:4848
No locals.
#25 0x00007ffb4fde9318 in ap_run_handler (r=0x7ffb507ea700) at
/build/buildd/apache2-2.2.17/server/config.c:159
pHook = <value optimized out>
n = <value optimized out>
rv = <value optimized out>
#26 0x00007ffb4fde977c in ap_invoke_handler (r=0x7ffb507ea700) at
/build/buildd/apache2-2.2.17/server/config.c:377
handler = <value optimized out>
p = <value optimized out>
result = <value optimized out>
old_handler = 0x7ffb4a2a18c8 "redirect-handler"
ignore = <value optimized out>
#27 0x00007ffb4fdf9550 in ap_process_request (r=0x7ffb507ea700) at
/build/buildd/apache2-2.2.17/modules/http/http_request.c:282
access_status = <value optimized out>
#28 0x00007ffb4fdf6528 in ap_process_http_connection (c=0x7ffb507e4470) at
/build/buildd/apache2-2.2.17/modules/http/http_core.c:190
r = 0x7ffb507ea700
csd = 0x0
#29 0x00007ffb4fdefef8 in ap_run_process_connection (c=0x7ffb507e4470) at
/build/buildd/apache2-2.2.17/server/connection.c:43
pHook = <value optimized out>
n = <value optimized out>
rv = <value optimized out>
#30 0x00007ffb4fdfe530 in child_main (child_num_arg=<value optimized out>) at
/build/buildd/apache2-2.2.17/server/mpm/prefork/prefork.c:662
current_conn = 0x7ffb507e4470
csd = 0x7ffb507e4280
ptrans = 0x7ffb507e4208
allocator = 0x7ffb507e2100
status = <value optimized out>
i = <value optimized out>
lr = <value optimized out>
pollset = 0x7ffb507e2300
sbh = 0x7ffb507e22f8
bucket_alloc = 0x7ffb507e8678
last_poll_idx = 0
#31 0x00007ffb4fdfe83a in make_child (s=0x7ffb503f1938, slot=0) at
/build/buildd/apache2-2.2.17/server/mpm/prefork/prefork.c:763
pid = 0
#32 0x00007ffb4fdfe8f7 in startup_children (number_to_start=5) at
/build/buildd/apache2-2.2.17/server/mpm/prefork/prefork.c:781
i = <value optimized out>
#33 0x00007ffb4fdff24a in ap_mpm_run (_pconf=<value optimized out>, plog=<value
optimized out>, s=<value optimized out>) at
/build/buildd/apache2-2.2.17/server/mpm/prefork/prefork.c:1002
index = <value optimized out>
remaining_children_to_start = <value optimized out>
rv = <value optimized out>
#34 0x00007ffb4fdd43aa in main (argc=3, argv=0x7fffec38fca8) at
/build/buildd/apache2-2.2.17/server/main.c:741
c = 0 '\000'
configtestonly = <value optimized out>
confname = 0x7ffb4fe00e2b "apache2.conf"
def_server_root = 0x7ffb4fe00e1e "/etc/apache2"
temp_error_log = 0x0
error = <value optimized out>
process = 0x7ffb503e9218
server_conf = 0x7ffb503f1938
pglobal = 0x7ffb503e9128
pconf = 0x7ffb503eb138
plog = 0x7ffb5041f2d8
ptemp = 0x7ffb503f3178
pcommands = 0x7ffb503ed148
opt = 0x7ffb503ed238
rv = 0
mod = <value optimized out>
optarg = 0x1 <Address 0x1 out of bounds>
signal_server = <value optimized out>
I'm guessing this is as much as I can provide without any directions or input
on your side. Hope this helps.
Previous Comments:
------------------------------------------------------------------------
[2011-09-22 08:05:44] dado at burza dot hr
Anyway, installed and run it through valgrind, this is what I get when the
crash happens:
==3484== Invalid read of size 1
==3484== at 0x5742DAF: _zend_mm_free_int (zend_alloc.c:2028)
==3484== by 0x5754BED: _zval_ptr_dtor (zend_execute_API.c:448)
==3484== by 0x577169E: zend_hash_destroy (zend_hash.c:529)
==3484== by 0x5762F0D: _zval_dtor_func (zend_variables.c:43)
==3484== by 0x5754BE5: _zval_ptr_dtor (zend_variables.h:35)
==3484== by 0x577169E: zend_hash_destroy (zend_hash.c:529)
==3484== by 0x5784603: zend_object_std_dtor (zend_objects.c:45)
==3484== by 0x5784642: zend_objects_free_object_storage (zend_objects.c:126)
==3484== by 0x57888EB: zend_objects_store_del_ref_by_handle_ex
(zend_objects_API.c:220)
==3484== by 0x578892F: zend_objects_store_del_ref (zend_objects_API.c:172)
==3484== by 0x5762EE0: _zval_dtor_func (zend_variables.c:52)
==3484== by 0x5754BE5: _zval_ptr_dtor (zend_variables.h:35)
==3484== Address 0x14d8a104 is not stack'd, malloc'd or (recently) free'd
==3484==
==3484==
==3484== HEAP SUMMARY:
==3484== in use at exit: 4,227,758 bytes in 17,213 blocks
==3484== total heap usage: 19,369 allocs, 2,156 frees, 7,173,022 bytes
allocated
==3484==
==3484== LEAK SUMMARY:
==3484== definitely lost: 20 bytes in 5 blocks
==3484== indirectly lost: 0 bytes in 0 blocks
==3484== possibly lost: 3,042,278 bytes in 5,404 blocks
==3484== still reachable: 1,185,460 bytes in 11,804 blocks
==3484== suppressed: 0 bytes in 0 blocks
==3484== Rerun with --leak-check=full to see details of leaked memory
==3484==
==3484== For counts of detected and suppressed errors, rerun with: -v
==3484== ERROR SUMMARY: 5 errors from 3 contexts (suppressed: 963 from 13)
Seeing I'm not a C developer and can't really read valgrind's and gdb's
backtraces, you'll have to tell if this means anything. :)
------------------------------------------------------------------------
[2011-09-21 11:46:38] dado at burza dot hr
OK, I am not able to make the vanilla version crash, but just now checked and
the production server is running manually compiled 5.2 version which also
crashes here (don't know if for same reason, assuming yes). I've taken their
./configure, but as it uses other, also manually compiled stuff, it doesn't
match my environment (and thus, also doesn't crash).
Are you able (by looking at the bt) to slightly reduce where this could be? I
can provide additional info and try/test stuff to see if it breaks. Also, as
said earlier, my co-worker got a crash on the exact same place, running Ubuntu.
When he gets back, I'll attach his BT here too.
------------------------------------------------------------------------
[2011-09-21 09:24:28] dado at burza dot hr
Yeah, I need it to go through Apache to be able to access the URL which it
crashes on, seeing I don't have a simple script to run on a locally installed
executable.
I'm compiling vanilla as typing this, but have yet to figure out how to get the
exact ./configure from the RPM (different options might make it not crash at
all). The issue is that this is crashing on the exact same place on Fedora,
CentOS and Ubuntu (my co-worker tried) so my guess is that it isn't
distro-specific).
Will get back to you, tnx.
------------------------------------------------------------------------
[2011-09-21 09:19:33] [email protected]
not really, best would be to be using our src directly. You don't have to
install
PHP, it can be done using a local install in your home.
If you can't do it, I would suggest to report the problem to fedora directly
but
without some kind of reproduce steps, there is little chance to get a fix.
------------------------------------------------------------------------
[2011-09-21 09:10:14] dado at burza dot hr
If I recompile the RPM having disabled all the patches, does that count?
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=55753
--
Edit this bug report at https://bugs.php.net/bug.php?id=55753&edit=1
