ID: 38525
User updated by: judas dot iscariote at gmail dot com
Reported By: judas dot iscariote at gmail dot com
-Status: Feedback
+Status: Open
Bug Type: Reproducible crash
Operating System: linux
PHP Version: 5.2.0RC2
New Comment:
apache 2.2.X with prefork MPM
Previous Comments:
------------------------------------------------------------------------
[2006-08-21 12:11:13] [EMAIL PROTECTED]
Which Apache version is used and what is the MPM ?
------------------------------------------------------------------------
[2006-08-21 10:40:32] judas dot iscariote at gmail dot com
well. additionally , this is a 64bit machine,but can be reproduced in
IIRC can be reproduced in 32 bit too. it linux with latest 5.2 CVS,
also reproduced in "released" RC2 tarball.
not reproducible with 5.1.x cause this is caused by the new memory
manager.
A trace with xdebug loaded also ends abruptly in random places..
sometimes just after end of an IMAP stream,
>=> ' Logout completed.\r\n'
6.4978 9175040 -> trim(' Logout completed.\r\n')
/srv/www/htdocs/squirrelmail/functions/imap_general.php:203
>=> 'Logout completed.'
>=> array (0 => array (0 => '* BYE
Logging out\r\n'))
>=> array (0 => '* BYE Logging
out\r\n')
>=> array (0 => '* BYE Logging out\r\n')
>=> NULL
>=> 1
6.5415 5767168
TRACE END [2006-08-20 18:37:19]
or in other ocassions (weird) it segfaults **just after that** when
squirelmail tries to register and object in a session , session
variable si created and then die, :(
also, the random error happends not only with right_main.php of SM but
with read_body.php or the simple login.php.
Im done, I don't know how else to look, not sure If I can provide
reproduce code either. any clues ?
------------------------------------------------------------------------
[2006-08-21 10:18:19] judas dot iscariote at gmail dot com
took me a while to reproduce it again, oO.
that 's whaT I obtained with valgrind.
==15053== Conditional jump or move depends on uninitialised value(s)
==15053== at 0x59E1002: vfprintf (in /lib64/libc-2.4.so)
==15053== by 0x59FE6F8: vsprintf (in /lib64/libc-2.4.so)
==15053== by 0x59E91A7: sprintf (in /lib64/libc-2.4.so)
==15053== by 0x7D120DA: _convert_to_string (zend_operators.c:556)
==15053== by 0x7D1A6C2: zend_make_printable_zval (zend.c:266)
==15053== by 0x7D58B84: ZEND_ADD_VAR_SPEC_TMP_CV_HANDLER
(zend_vm_execute.h:6552)
==15053== by 0x7D4407E: execute (zend_vm_execute.h:92)
==15053== by 0x7D4480F: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:234)
==15053== by 0x7D454AD: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:322)
==15053== by 0x7D4407E: execute (zend_vm_execute.h:92)
==15053== by 0x7D1C4DA: zend_execute_scripts (zend.c:1095)
==15053== by 0x7CBE341: php_execute_script (main.c:1759)
==15053==
==15053== Process terminating with default action of signal 11
(SIGSEGV)
==15053== Bad permissions for mapped region at address 0x18
==15053== at 0x7CF7D50: zend_mm_add_to_free_list (zend_alloc.c:465)
==15053== by 0x7CF986B: _zend_mm_alloc_int (zend_alloc.c:1233)
==15053== by 0x7CFA7C5: _zend_mm_realloc_int (zend_alloc.c:1543)
==15053== by 0x7CFAAE5: _erealloc (zend_alloc.c:1633)
==15053== by 0x7C82C92: php_var_serialize_string (var.c:540)
==15053== by 0x7C8650F: php_var_serialize_intern (var.c:810)
==15053== by 0x7C86709: php_var_serialize_intern (var.c:827)
==15053== by 0x7C87325: php_var_serialize (var.c:845)
==15053== by 0x7B8B8D4: ps_srlzr_encode_php (session.c:479)
==15053== by 0x7B8C43C: php_session_encode (session.c:581)
==15053== by 0x7B8CFB1: php_session_save_current_state
(session.c:860)
==15053== by 0x7B91F3C: php_session_flush (session.c:1845)
==15053==
==15053== ERROR SUMMARY: 63 errors from 13 contexts (suppressed: 155
from 1)
==15053== malloc/free: in use at exit: 20,326,987 bytes in 11,487
blocks.
==15053== malloc/free: 214,233 allocs, 202,746 frees, 315,649,047 bytes
allocated.
==15053== For counts of detected errors, rerun with: -v
==15053== searching for pointers to 11,487 not-freed blocks.
==15053== checked 17,712,560 bytes.
==15053==
==15053== LEAK SUMMARY:
==15053== definitely lost: 924 bytes in 35 blocks.
==15053== possibly lost: 0 bytes in 0 blocks.
==15053== still reachable: 20,326,063 bytes in 11,452 blocks.
==15053== suppressed: 0 bytes in 0 blocks.
==15053== Use --leak-check=full to see details of leaked memory.
hell:~ #
------------------------------------------------------------------------
[2006-08-21 08:53:05] [EMAIL PROTECTED]
Obviously the new heap implementation from Zend is unstable.
------------------------------------------------------------------------
[2006-08-21 08:39:58] [EMAIL PROTECTED]
Could you also please try to see if valgrind tells you anything?
valgrind --tool=memcheck --log-file=httpd /path/to/apache/httpd -X
And check out httpd.<PID> file.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/38525
--
Edit this bug report at http://bugs.php.net/?id=38525&edit=1
