From: d at blrf dot net Operating system: Linux billy 2.4.22 #10 SMP Mon S PHP version: 5CVS-2004-04-19 (dev) PHP Bug Type: Reproducible crash Bug description: Random segfaults
Description: ------------ This problem started from around php5-200404150830 and up. I tried the latest CVS one and I still get random segmentation fault. It seems that the point of failure is always the same: '#7 0x081d8583 in execute (op_array=0x4055dc74) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391 1391 if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) {' Reproduce code: --------------- I cannot post reporoduce code, as this happens in random places and I still couldn't figure out where. Sometimes at one line another time, it's working ... and then, it dies at completly different line. But as I was running the script several times, the execute frame code was always the same. That's why I'm appending two backtraces, with same script. Expected result: ---------------- ... Actual result: -------------- Here's the backtrace I: -- warning: core file may not match specified executable file. Core was generated by `/usr/local/bin/php -q ./callcheck.php'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libcrypt.so.1...done. Loaded symbols for /lib/libcrypt.so.1 Reading symbols from /usr/local/lib/libhistory.so.4...done. Loaded symbols for /usr/local/lib/libhistory.so.4 Reading symbols from /usr/local/lib/libreadline.so.4...done. Loaded symbols for /usr/local/lib/libreadline.so.4 Reading symbols from /lib/libncurses.so.5...done. Loaded symbols for /lib/libncurses.so.5 Reading symbols from /usr/lib/libpanel.so.5...done. Loaded symbols for /usr/lib/libpanel.so.5 Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.12...done. Loaded symbols for /usr/local/lib/mysql/libmysqlclient.so.12 Reading symbols from /lib/libm.so.6...done. Loaded symbols for /lib/libm.so.6 Reading symbols from /usr/local/lib/libsybdb.so.3...done. Loaded symbols for /usr/local/lib/libsybdb.so.3 Reading symbols from /usr/local/lib/libt1.so.5...done. Loaded symbols for /usr/local/lib/libt1.so.5 Reading symbols from /usr/local/lib/libfreetype.so.6...done. Loaded symbols for /usr/local/lib/libfreetype.so.6 Reading symbols from /usr/local/lib/libpng.so.3...done. Loaded symbols for /usr/local/lib/libpng.so.3 Reading symbols from /lib/libresolv.so.2...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/libnsl.so.1...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /usr/local/lib/libnetsnmp.so.5...done. Loaded symbols for /usr/local/lib/libnetsnmp.so.5 Reading symbols from /usr/local/lib/libxml2.so.2...done. Loaded symbols for /usr/local/lib/libxml2.so.2 Reading symbols from /lib/libpthread.so.0...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /lib/libnss_compat.so.2...done. Loaded symbols for /lib/libnss_compat.so.2 Reading symbols from /lib/libnss_dns.so.2...done. Loaded symbols for /lib/libnss_dns.so.2 #0 0x081cdd75 in zend_get_property_info (zobj=0xffffffff, member=0x40792194, silent=0) at /root/setup/php5-200404191230/Zend/zend_object_handlers.c:202 202 if (zend_hash_quick_find(&zobj->ce->properties_info, Z_STRVAL_P(member), Z_STRLEN_P(member)+1, h, (void **) &property_info)==SUCCESS) { (gdb) bt #0 0x081cdd75 in zend_get_property_info (zobj=0xffffffff, member=0x40792194, silent=0) at /root/setup/php5-200404191230/Zend/zend_object_handlers.c:202 #1 0x081cc939 in zend_std_read_property (object=0x407d53f4, member=0x40792194, type=0) at /root/setup/php5-200404191230/Zend/zend_object_handlers.c:287 #2 0x081d7c00 in zend_fetch_property_address_read (result=0x40792168, op1=0x4079217c, op2=0x40792190, Ts=0xbfffa100, type=0) at /root/setup/php5-200404191230/Zend/zend_execute.c:1155 #3 0x081d9d84 in zend_fetch_obj_r_handler (execute_data=0xbfffc570, opline=0x40792164, op_array=0x407774dc) at /root/setup/php5-200404191230/Zend/zend_execute.c:2120 #4 0x081d8583 in execute (op_array=0x407774dc) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391 #5 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffced0, opline=0x40761520, op_array=0x4075ec34) at /root/setup/php5-200404191230/Zend/zend_execute.c:2728 #6 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0xc, opline=0x40761520, op_array=0x4075ec34) at /root/setup/php5-200404191230/Zend/zend_execute.c:2810 #7 0x081d8583 in execute (op_array=0x4075ec34) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391 #8 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffd680, opline=0x404fc0b0, op_array=0x404eeb9c) at /root/setup/php5-200404191230/Zend/zend_execute.c:2728 #9 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0xc, opline=0x404fc0b0, op_array=0x404eeb9c) at /root/setup/php5-200404191230/Zend/zend_execute.c:2810 #10 0x081d8583 in execute (op_array=0x404eeb9c) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391 #11 0x081be151 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/setup/php5-200404191230/Zend/zend.c:1058 #12 0x0818d997 in php_execute_script (primary_file=0xbffffa60) at /root/setup/php5-200404191230/main/main.c:1630 #13 0x081eb694 in main (argc=3, argv=0xbffffaf4) at /root/setup/php5-200404191230/sapi/cli/php_cli.c:943 #14 0x403ccbb4 in __libc_start_main () from /lib/libc.so.6 (gdb) frame 4 #4 0x081d8583 in execute (op_array=0x407774dc) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391 1391 if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) { (gdb) -- Backtrace II: -- [EMAIL PROTECTED]:/home/dejan/callcheck# gdb /usr/local/bin/php core GNU gdb 5.3 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-slackware-linux"... warning: core file may not match specified executable file. Core was generated by `/usr/local/bin/php -q ./callcheck.php'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libcrypt.so.1...done. Loaded symbols for /lib/libcrypt.so.1 Reading symbols from /usr/local/lib/libhistory.so.4...done. Loaded symbols for /usr/local/lib/libhistory.so.4 Reading symbols from /usr/local/lib/libreadline.so.4...done. Loaded symbols for /usr/local/lib/libreadline.so.4 Reading symbols from /lib/libncurses.so.5...done. Loaded symbols for /lib/libncurses.so.5 Reading symbols from /usr/lib/libpanel.so.5...done. Loaded symbols for /usr/lib/libpanel.so.5 Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.12...done. Loaded symbols for /usr/local/lib/mysql/libmysqlclient.so.12 Reading symbols from /lib/libm.so.6...done. Loaded symbols for /lib/libm.so.6 Reading symbols from /usr/local/lib/libsybdb.so.3...done. Loaded symbols for /usr/local/lib/libsybdb.so.3 Reading symbols from /usr/local/lib/libt1.so.5...done. Loaded symbols for /usr/local/lib/libt1.so.5 Reading symbols from /usr/local/lib/libfreetype.so.6...done. Loaded symbols for /usr/local/lib/libfreetype.so.6 Reading symbols from /usr/local/lib/libpng.so.3...done. Loaded symbols for /usr/local/lib/libpng.so.3 Reading symbols from /lib/libresolv.so.2...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/libnsl.so.1...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /usr/local/lib/libnetsnmp.so.5...done. Loaded symbols for /usr/local/lib/libnetsnmp.so.5 Reading symbols from /usr/local/lib/libxml2.so.2...done. Loaded symbols for /usr/local/lib/libxml2.so.2 Reading symbols from /lib/libpthread.so.0...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /lib/libnss_compat.so.2...done. Loaded symbols for /lib/libnss_compat.so.2 Reading symbols from /lib/libnss_dns.so.2...done. Loaded symbols for /lib/libnss_dns.so.2 #0 0x081bc82f in _zval_copy_ctor (zvalue=0x407d2ddc) at /root/setup/php5-200404191230/Zend/zend_variables.c:156 156 Z_OBJ_HT_P(zvalue)->add_ref(zvalue TSRMLS_CC); (gdb) bt #0 0x081bc82f in _zval_copy_ctor (zvalue=0x407d2ddc) at /root/setup/php5-200404191230/Zend/zend_variables.c:156 #1 0x081c7d62 in debug_backtrace_get_args (curpos=0x0) at /root/setup/php5-200404191230/Zend/zend_builtin_functions.c:1411 #2 0x081c82e5 in zend_fetch_debug_backtrace (return_value=0x407d383c, skip_last=0) at /root/setup/php5-200404191230/Zend/zend_builtin_functions.c:1634 #3 0x081cac6f in zend_default_exception_new (class_type=0x4051d27c) at /root/setup/php5-200404191230/Zend/zend_exceptions.c:93 #4 0x081bf42e in _object_and_properties_init (arg=0x407d41e4, class_type=0x4051d27c, properties=0x0) at /root/setup/php5-200404191230/Zend/zend_API.c:714 #5 0x081bf494 in _object_init_ex (arg=0x407d41e4, class_type=0x4051d27c) at /root/setup/php5-200404191230/Zend/zend_API.c:721 #6 0x081dcd4c in zend_new_handler (execute_data=0xbfff99a0, opline=0x40561564, op_array=0x4055dc74) at /root/setup/php5-200404191230/Zend/zend_execute.c:3246 #7 0x081d8583 in execute (op_array=0x4055dc74) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391 #8 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffa020, opline=0x4055f874, op_array=0x405584ec) at /root/setup/php5-200404191230/Zend/zend_execute.c:2728 #9 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0, opline=0x4055f874, op_array=0x405584ec) at /root/setup/php5-200404191230/Zend/zend_execute.c:2810 #10 0x081d8583 in execute (op_array=0x405584ec) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391 #11 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffc570, opline=0x40792e74, op_array=0x407774dc) at /root/setup/php5-200404191230/Zend/zend_execute.c:2728 #12 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0, opline=0x40792e74, op_array=0x407774dc) at /root/setup/php5-200404191230/Zend/zend_execute.c:2810 #13 0x081d8583 in execute (op_array=0x407774dc) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391 #14 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffced0, opline=0x40761520, op_array=0x4075ec34) at /root/setup/php5-200404191230/Zend/zend_execute.c:2728 #15 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0, opline=0x40761520, op_array=0x4075ec34) at /root/setup/php5-200404191230/Zend/zend_execute.c:2810 #16 0x081d8583 in execute (op_array=0x4075ec34) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391 #17 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffd680, opline=0x404fc0b0, op_array=0x404eeb9c) at /root/setup/php5-200404191230/Zend/zend_execute.c:2728 #18 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0, opline=0x404fc0b0, op_array=0x404eeb9c) at /root/setup/php5-200404191230/Zend/zend_execute.c:2810 #19 0x081d8583 in execute (op_array=0x404eeb9c) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391 #20 0x081be151 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/setup/php5-200404191230/Zend/zend.c:1058 #21 0x0818d997 in php_execute_script (primary_file=0xbffffa60) at /root/setup/php5-200404191230/main/main.c:1630 #22 0x081eb694 in main (argc=3, argv=0xbffffaf4) at /root/setup/php5-200404191230/sapi/cli/php_cli.c:943 #23 0x403ccbb4 in __libc_start_main () from /lib/libc.so.6 (gdb) frame 7 #7 0x081d8583 in execute (op_array=0x4055dc74) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391 1391 if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) { (gdb) -- Edit bug report at http://bugs.php.net/?id=28059&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28059&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28059&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=28059&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=28059&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=28059&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=28059&r=needscript Try newer version: http://bugs.php.net/fix.php?id=28059&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=28059&r=support Expected behavior: http://bugs.php.net/fix.php?id=28059&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=28059&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=28059&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=28059&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28059&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=28059&r=dst IIS Stability: http://bugs.php.net/fix.php?id=28059&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=28059&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=28059&r=float