Apologies if you receive this twice. My posts dont appear to be going through...
Cheers. Aa. ---------- Forwarded message ---------- Date: Mon, 21 Oct 2002 11:57:09 -0700 (PDT) From: Aaron Gowatch <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Subject: Re: [PHP-DEV] Re: Segfaults in 4.2.3? Is it possible to get any help at all on this? Do I just need to open a bug ticket? I have tons of backtraces as well as tons of debug info being written to the error log from --enable-debug. Anyone? Aa. ---------- Forwarded message ---------- Date: Tue, 15 Oct 2002 12:15:07 -0700 (PDT) From: Aaron Gowatch <[EMAIL PROTECTED]> To: Aaron Gowatch <[EMAIL PROTECTED]> Cc: Andi Gutmans <[EMAIL PROTECTED]>, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Subject: Re: [PHP-DEV] Re: Segfaults in 4.2.3? Heres some more information on this segfault. I'm running apache with MALLOC_CHECK_=2. (gdb) handle SIGPIPE nostop Signal Stop Print Pass to program Description SIGPIPE No Yes Yes Broken pipe (gdb) cont Continuing. Program received signal SIGABRT, Aborted. 0x42029331 in kill () from /lib/i686/libc.so.6 (gdb) bt #0 0x42029331 in kill () from /lib/i686/libc.so.6 #1 0x4202911a in raise () from /lib/i686/libc.so.6 #2 0x4202a8c2 in abort () from /lib/i686/libc.so.6 #3 0x4207d3eb in realloc_check () from /lib/i686/libc.so.6 #4 0x4207b091 in realloc () from /lib/i686/libc.so.6 #5 0x4202b65c in __add_to_environ () from /lib/i686/libc.so.6 #6 0x4202b33f in putenv () from /lib/i686/libc.so.6 #7 0x080c87fb in zif_putenv (ht=1, return_value=0x8a1e5a4, this_ptr=0x0, return_value_used=0) at basic_functions.c:1302 #8 0x0816c05b in execute (op_array=0x89e9880) at ./zend_execute.c:1598 #9 0x0816c22f in execute (op_array=0x866a594) at ./zend_execute.c:1638 #10 0x08148936 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:812 #11 0x080a61de in php_execute_script (primary_file=0xbffff670) at main.c:1383 #12 0x08153f72 in apache_php_module_main (r=0x82d0684, display_source_mode=0) at sapi_apache.c:90 #13 0x080a2690 in send_php (r=0x82d0684, display_source_mode=0, filename=0x0) at mod_php4.c:575 #14 0x080a26de in send_parsed_php (r=0x82d0684) at mod_php4.c:590 #15 0x08174547 in ap_invoke_handler (r=0x82d0684) at http_config.c:538 #16 0x081837ef in process_request_internal (r=0x82d0684) at http_request.c:1308 #17 0x08183852 in ap_process_request (r=0x82d0684) at http_request.c:1324 #18 0x0817d0bc in child_main (child_num_arg=7) at http_main.c:4629 #19 0x0817d2b3 in make_child (s=0x829b70c, slot=7, now=1034706069) at http_main.c:4799 #20 0x0817d56e in perform_idle_server_maintenance () at http_main.c:4981 #21 0x0817d9f9 in standalone_main (argc=3, argv=0xbffffb14) at http_main.c:5218 #22 0x0817df50 in main (argc=3, argv=0xbffffb14) at http_main.c:5482 #23 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 (gdb) frame 8 #8 0x0816c05b in execute (op_array=0x89e9880) at ./zend_execute.c:1598 1598 ((zend_internal_function *) EX(function_state).function)->handler(EX(opline)->extended_value, EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr, return_value_used TSRMLS_CC); (gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name $1 = 0x822b98f "putenv" (gdb) print (char *)executor_globals.active_op_array->function_name $2 = 0x8ab16dc "set_up_language" (gdb) print (char *)executor_globals.active_op_array->filename $3 = 0x86214ec "/var/www/vhost/webmail.divinia.com/docs/functions/i18n.php" (gdb) frame 7 #7 0x080c87fb in zif_putenv (ht=1, return_value=0x8a1e5a4, this_ptr=0x0, return_value_used=0) at basic_functions.c:1302 1302 if ((ret = putenv(pe.putenv_string)) == 0) { /* success */ (gdb) print pe.putenv_string $4 = 0x8a1e4ec "LC_ALL=en_US" Heres the snippet of code that appears to be triggering the abort: if ( !ini_get('safe_mode') && getenv( 'LC_ALL' ) != $sm_notAlias ) { putenv( "LC_ALL=$sm_notAlias" ); putenv( "LANG=$sm_notAlias" ); putenv( "LANGUAGE=$sm_notAlias" ); } Seems that I can call this snippet of code all day and it wont segfault, however... Any help would be greatly appreciated. Aa. On Mon, 14 Oct 2002, Aaron Gowatch wrote: > Andi -- > > I'm still trying to track that down. Given the backtrace below, is it > possible to find out what script or function was executing when the > process SIGSEGV'd? I read the docs on bugs.php.net on diagnosing crashes > with gdb, but this looks a little different (ie. theres no execute() in > this backtrace). Its also possible that the bug that caused this SIGSEGV > happened in a previous request. I posted some of the errors that php is > logging last night, which were similar to: > > [Mon Oct 14 11:06:45 2002] Script: > '/var/www/vhost/webmail.divinia.com/docs/src/read_body.php' > --------------------------------------- > zend_stack.c(103) : Block 0x08BB30B0 status: > Beginning: Overrun (magic=0x08407248, expected=0x7312F8DC) > > Unknown(0) : Warning - String is not zero-terminated (ZZZZZZ<84>Ì<8F>**18) > (source: zend_opcode.c:165) > [Mon Oct 14 12:15:22 2002] Script: > '/var/www/vhost/webmail.divinia.com/docs/src/right_main. > php' > --------------------------------------- > zend_opcode.c(165) : Block 0x08B78328 status: > zend_variables.c(44) : Actual location (location was relayed) > Beginning: Cached (allocated on string.c:3193, 6 bytes) > End: OK > --------------------------------------- > > A segfault can usually found shortly thereafter, or even immediately > after. The script read_body.php listed above for example, has executed > over 500 times today, and I've experienced 4 segmentation faults. The > script also varies: > > [Mon Oct 14 11:06:45 2002] Script: >'/var/www/vhost/webmail.divinia.com/docs/src/read_body.php' > [Mon Oct 14 12:15:22 2002] Script: >'/var/www/vhost/webmail.divinia.com/docs/src/right_main.php' > > So if anyone has any suggestions on how I can narrow down the source of > this error further it'd be much appreciated. > > Thanks, > Aa. > > On Mon, 14 Oct 2002, Andi Gutmans wrote: > > > What we'd really need is a short 10-20 line reproducing script. > > > > Andi > > > > At 11:20 AM 10/14/2002 -0700, Aaron Gowatch wrote: > > >Heres a backtrace from one of my SIGSEGVs. This one looks a little > > >different from previous segfaults, but perhaps it can help track this bug > > >down: > > > > > >Program received signal SIGSEGV, Segmentation fault. > > >0x42082a0c in memcpy () from /lib/i686/libc.so.6 > > >(gdb) bt > > >#0 0x42082a0c in memcpy () from /lib/i686/libc.so.6 > > >#1 0x0813865a in _mem_block_check (ptr=0x8bb30d4, silent=0, > > >__zend_filename=0x8248882 "zend_stack.c", > > > __zend_lineno=103, __zend_orig_filename=0x0, __zend_orig_lineno=0) at > > >zend_alloc.c:650 > > >#2 0x0813861d in _mem_block_check (ptr=0x8bb30d4, silent=1, > > >__zend_filename=0x8248882 "zend_stack.c", > > > __zend_lineno=103, __zend_orig_filename=0x0, __zend_orig_lineno=0) at > > >zend_alloc.c:642 > > >#3 0x08137877 in _efree (ptr=0x8bb30d4, __zend_filename=0x8248882 > > >"zend_stack.c", __zend_lineno=103, > > > __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:224 > > >#4 0x08146e3a in zend_stack_destroy (stack=0x8298870) at zend_stack.c:103 > > >#5 0x08138c0f in shutdown_compiler () at zend_compile.c:100 > > >#6 0x08148257 in zend_deactivate () at zend.c:601 > > >#7 0x080a5068 in php_request_shutdown (dummy=0x0) at main.c:789 > > >#8 0x08153fca in apache_php_module_main (r=0x82d4ddc, > > >display_source_mode=0) at sapi_apache.c:96 > > >#9 0x080a2690 in send_php (r=0x82d4ddc, display_source_mode=0, > > >filename=0x0) at mod_php4.c:575 > > >#10 0x080a26de in send_parsed_php (r=0x82d4ddc) at mod_php4.c:590 > > >#11 0x08174547 in ap_invoke_handler (r=0x82d4ddc) at http_config.c:538 > > >#12 0x081837ef in process_request_internal (r=0x82d4ddc) at > > >http_request.c:1308 > > >#13 0x08183852 in ap_process_request (r=0x82d4ddc) at http_request.c:1324 > > >#14 0x0817d0bc in child_main (child_num_arg=0) at http_main.c:4629 > > >#15 0x0817d2b3 in make_child (s=0x829b704, slot=0, now=1034578800) at > > >http_main.c:4799 > > >#16 0x0817d330 in startup_children (number_to_start=5) at http_main.c:4826 > > >#17 0x0817d82c in standalone_main (argc=3, argv=0xbffffb14) at > > >http_main.c:5134 > > >#18 0x0817df50 in main (argc=3, argv=0xbffffb14) at http_main.c:5482 > > >#19 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 > > > > > >I'll leave my gdb attached in case more information is needed. > > > > > >Thanks in advance, > > >Aa. > > > > > >(Apologies if this is received twice) > > > > > >On Sun, 13 Oct 2002, Aaron Gowatch wrote: > > > > > > > My apache children have been segfaulting for a few weeks now. My attempts > > > > to debug them leads me to believe that its happening in php somewhere. > > > > The SIGSEGV actually occurs in chunk_alloc, after a malloc and several > > > > calls to execute. (I'll fwd a backtrace per the bugs docs as soon as my > > > > gdb -p catches the SIGSEGV). > > > > > > > > This weekend, I started apache with MALLOC_CHECK_=2 and built my php with > > > > --enable-debug. Some interesting things started appearing in the logs: > > > > > > > > [Sat Oct 12 19:58:16 2002] Script: > > > > '/var/www/vhost/webmail.divinia.com/docs/src/login.php' > > > > --------------------------------------- > > > > zend_stack.c(103) : Block 0x08C6E628 status: > > > > Beginning: Overrun (magic=0x08415420, expected=0x7312F8DC) > > > > [Sat Oct 12 19:58:17 2002] [notice] child pid 3037 exit signal > > > Segmentation fault (11) > > > > > > > > [Sat Oct 12 18:50:42 2002] Script: > > > > '/var/www/vhost/www.divinia.com/docs/mail/src/read_body.php' > > > > --------------------------------------- > > > > zend_stack.c(103) : Block 0x08BAF388 status: > > > > Beginning: Overrun (magic=0x08415420, expected=0x7312F8DC) > > > > [Sat Oct 12 18:50:42 2002] [notice] child pid 4672 exit signal > > > Segmentation fault (11) > > > > > > > > Then some pretty whack stuff (that looks like trampled memory) starts > > > > showing up: > > > > > > > > Sun Oct 13 15:08:02 2002] [notice] child pid 28803 exit signal Aborted (6) > > > > Unknown(0) : Warning - String is not zero-terminated (base_uri) (source: > > > > zend_execute_API.c:274) > > > > Unknown(0) : Warning - String is not zero-terminated (ZZZZZZZZZ > > > > Ì*) > > > > (source: zend_opcode.c:159) > > > > [Sun Oct 13 15:08:14 2002] Script: > > > > '/var/www/vhost/webmail.divinia.com/docs/src/login.php' > > > > --------------------------------------- > > > > zend_opcode.c(159) : Block 0x08698778 status: > > > > zend_variables.c(44) : Actual location (location was relayed) > > > > Beginning: Cached (allocated on zend_language_scanner.c:4150, 9 bytes) > > > > End: OK > > > > --------------------------------------- > > > > > > > > > > > >ÀàBÀàBpÀ=XïXïØàBØàBààBààBph£ðàBðàBøàBøàB(÷(ááBáBáBÝݸ¾¸¾(áB(áB0áB0áB8áB8áB@áB@áBHáBHáBPáBPáBÀÀ`áB`áBà#ror] > > > > > > > > [client 66.25.48.206] File does not exist: > > > > /var/www/vhost/www.divinia.com/docs/ > > > > Unknown(0) : Fatal error - Maximum execution time of 30 seconds exceeded > > > > > > > >ÀàBÀàBpÀ=XïXïØàBØàBààBààBpPsðàBðàBøàBøàB(÷(ááBáBáBÝݸ¾¸¾(áB(áB0áB0áB8áB8áB@áB@áBHáBHáBPáBPáBÀÀ`áB`áBà#02] > > > > > > > > [error] [client 66.25.48.206] File does not exist: > > > > /var/www/vhost/www.divinia.com/docs/ > > > > images/max.gif > > > > > > > > The PHP application is squirrelmail-1.2.8 (although its also segfaulted > > > > with vbulletin scripts). Heres my httpd -l: > > > > > > > > Compiled-in modules: > > > > http_core.c > > > > mod_env.c > > > > mod_log_config.c > > > > mod_mime.c > > > > mod_negotiation.c > > > > mod_status.c > > > > mod_include.c > > > > mod_autoindex.c > > > > mod_dir.c > > > > mod_cgi.c > > > > mod_actions.c > > > > mod_speling.c > > > > mod_userdir.c > > > > mod_alias.c > > > > mod_rewrite.c > > > > mod_access.c > > > > mod_auth.c > > > > mod_auth_mysql.c > > > > mod_usertrack.c > > > > mod_unique_id.c > > > > mod_setenvif.c > > > > mod_php4.c > > > > mod_perl.c > > > > mod_throttle.c > > > > apache_ssl.c > > > > suexec: enabled; valid wrapper /sbin/suexec > > > > > > > > glibc-2.2.5, Linux kernel 2.4.19. > > > > > > > > As soon as the next child segfaults, I'll forward a backtrace, but if > > > > anyone has any comments or suggestions it'd be much appreciated. > > > > > > > > Thanks in advance, > > > > Aa. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >-- > > >PHP Development Mailing List <http://www.php.net/> > > >To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php