#36891 [NEW]: Apache 2.0 with PHP 4.XX.XX crashes on different files

alexey at kovyrin dot net Tue, 28 Mar 2006 04:20:23 -0800

From:             alexey at kovyrin dot net
Operating system: RHEL 4 on AMD64
PHP version:      4.4.2
PHP Bug Type:     Reproducible crash
Bug description:  Apache 2.0 with PHP 4.XX.XX crashes on different files


Description:
------------
We have php 4.4.2.X (as for now now - last 4.4.2-dev) installed as
apache2filter on apache 2.0.52. Server is not under high load (10-100
requests per minute). 5-10% of the requests are failing with following
messages in apache error_log:

[Tue Mar 28 06:53:46 2006] [notice] child pid 6805 exit signal
Segmentation fault (11), possible coredump in /tmp

or

*** glibc detected *** corrupted double-linked list: 0x000000552af37bf0
***
[Tue Mar 28 06:55:07 2006] [notice] child pid 6800 exit signal Aborted
(6), possible coredump in /tmp

Crashes are not related to contains of files or something else... it loks
like they are random.

Backtraces for described crashes are in Actual result section.


Reproduce code:
---------------
System info:
Linux m5 2.6.9-22.0.1.ELsmp #1 SMP Tue Oct 18 18:39:02 EDT 2005 x86_64
x86_64 x86_64 GNU/Linux

libc version: libc-2.3.4
Apache Server version: Apache/2.0.52


PHP Info:

[PHP Modules]
ctype
domxml
ftp
mysql
oci8
overload
pcntl
pcre
posix
session
sockets
standard
tokenizer
wddx
xml
xmlrpc
zlib


Actual result:
--------------
First error (segfault):

#0  0x0000002a9a0c8eab in zend_fetch_var_address (
    opline=0x552af39a48, Ts=0x7fbfffab30, type=1) at
/usr/src/php_snap/php4-STABLE-200603281036/Zend/zend_execute.c:624
624             Ts[opline->result.u.var].var.ptr_ptr = retval;
(gdb) bt
#0  0x0000002a9a0c8eab in zend_fetch_var_address (opline=0x552af39a48,
Ts=0x7fbfffab30, type=1)
    at /usr/src/php_snap/php4-STABLE-200603281036/Zend/zend_execute.c:624
#1  0x0000002a9a0cc555 in execute (op_array=0x552afa5ab8) at
/usr/src/php_snap/php4-STABLE-200603281036/Zend/zend_execute.c:1278
#2  0x0000002a9a0cebbc in execute (op_array=0x552ae71a08) at
/usr/src/php_snap/php4-STABLE-200603281036/Zend/zend_execute.c:1719
#3  0x0000002a9a0bbdbe in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at
/usr/src/php_snap/php4-STABLE-200603281036/Zend/zend.c:934
#4  0x0000002a9a08e443 in php_execute_script (primary_file=0x7fbffff2b0)
at /usr/src/php_snap/php4-STABLE-200603281036/main/main.c:1753
#5  0x0000002a9a0d8dca in php_handler (r=0x552adc7f38) at
/usr/src/php_snap/php4-STABLE-200603281036/sapi/apache2handler/sapi_apache2.c:581
#6  0x000000552aac79e3 in ap_run_handler () from /usr/sbin/httpd
#7  0x000000552aac7ea1 in ap_invoke_handler () from /usr/sbin/httpd
#8  0x000000552aac4ca8 in ap_process_request () from /usr/sbin/httpd
#9  0x000000552aac0089 in _start () from /usr/sbin/httpd
#10 0x000000552aad1683 in ap_run_process_connection () from
/usr/sbin/httpd
#11 0x000000552aac5b10 in ap_graceful_stop_signalled () from
/usr/sbin/httpd
#12 0x000000552aac5dea in ap_graceful_stop_signalled () from
/usr/sbin/httpd
#13 0x000000552aac5e94 in ap_graceful_stop_signalled () from
/usr/sbin/httpd
#14 0x000000552aac65cb in ap_mpm_run () from /usr/sbin/httpd
#15 0x000000552aacccdf in main () from /usr/sbin/httpd


--------------------------------------
Second error (glibc error):
(gdb) bt
#0  0x0000002a9662637d in raise () from /lib64/tls/libc.so.6
#1  0x0000002a96627aae in abort () from /lib64/tls/libc.so.6
#2  0x0000002a9665abe1 in __libc_message () from /lib64/tls/libc.so.6
#3  0x0000002a96660782 in _int_free () from /lib64/tls/libc.so.6
#4  0x0000002a966609b6 in free () from /lib64/tls/libc.so.6
#5  0x0000002a9a0aa85e in _efree (ptr=Variable "ptr" is not available.
) at /usr/src/php_snap/php4-STABLE-200603281036/Zend/zend_alloc.c:266
#6  0x0000002a9a0b18a6 in _zval_ptr_dtor (zval_ptr=0x552af37dc0) at
/usr/src/php_snap/php4-STABLE-200603281036/Zend/zend_execute_API.c:289
#7  0x0000002a9a0c0962 in zend_hash_destroy (ht=0x552afea7c8) at
/usr/src/php_snap/php4-STABLE-200603281036/Zend/zend_hash.c:558
#8  0x0000002a9a0c0862 in zend_hash_del_key_or_index (ht=0x552acefe20,
arKey=0x552afea730 "smarty", nKeyLength=7, h=Variable "h" is not
available.
)
    at /usr/src/php_snap/php4-STABLE-200603281036/Zend/zend_hash.c:529
#9  0x0000002a9a0c0ec1 in zend_hash_reverse_apply (ht=0x552acefe20,
apply_func=0x2a9a0b16e0 <is_not_internal_class>)
    at /usr/src/php_snap/php4-STABLE-200603281036/Zend/zend_hash.c:777
#10 0x0000002a9a0b1ba0 in shutdown_executor () at
/usr/src/php_snap/php4-STABLE-200603281036/Zend/zend_execute_API.c:200
#11 0x0000002a9a0bb5b8 in zend_deactivate () at
/usr/src/php_snap/php4-STABLE-200603281036/Zend/zend.c:689
#12 0x0000002a9a08c833 in php_request_shutdown (dummy=Variable "dummy" is
not available.
) at /usr/src/php_snap/php4-STABLE-200603281036/main/main.c:999
#13 0x0000002a9a0d8ce0 in php_handler (r=0x552adc1f08) at
/usr/src/php_snap/php4-STABLE-200603281036/sapi/apache2handler/sapi_apache2.c:443
#14 0x000000552aac79e3 in ap_run_handler () from /usr/sbin/httpd
#15 0x000000552aac7ea1 in ap_invoke_handler () from /usr/sbin/httpd
#16 0x000000552aac4ca8 in ap_process_request () from /usr/sbin/httpd
#17 0x000000552aac0089 in _start () from /usr/sbin/httpd
#18 0x000000552aad1683 in ap_run_process_connection () from
/usr/sbin/httpd
#19 0x000000552aac5b10 in ap_graceful_stop_signalled () from
/usr/sbin/httpd
#20 0x000000552aac5dea in ap_graceful_stop_signalled () from
/usr/sbin/httpd
#21 0x000000552aac5e94 in ap_graceful_stop_signalled () from
/usr/sbin/httpd
#22 0x000000552aac65cb in ap_mpm_run () from /usr/sbin/httpd
#23 0x000000552aacccdf in main () from /usr/sbin/httpd
(gdb)




-- 
Edit bug report at http://bugs.php.net/?id=36891&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=36891&r=trysnapshot44
Try a CVS snapshot (PHP 5.1): 
http://bugs.php.net/fix.php?id=36891&r=trysnapshot51
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=36891&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=36891&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=36891&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=36891&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=36891&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=36891&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=36891&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=36891&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=36891&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=36891&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=36891&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=36891&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=36891&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=36891&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=36891&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=36891&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=36891&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=36891&r=mysqlcfg

#36891 [NEW]: Apache 2.0 with PHP 4.XX.XX crashes on different files

Reply via email to