From: max at to-the-max dot net
Operating system: FreeBSD 6.2-STABLE - AMD64
PHP version: 5.2.1
PHP Bug Type: PostgreSQL related
Bug description: Crashes when using PostgreSQL module
Description:
------------
Every couple hundred of requests PHP crashes while accessing a PostgreSQL
database.
Backtrace always points to ext/pgsql/pgsql.c __zend_lineno=375
Reproduce code:
---------------
Different scripts. All have in common that they use the PostgreSQL module.
Actual result:
--------------
===
Backtrace 1
===
www3# gdb /usr/local/bin/php php.core.500
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.3...done.
Loaded symbols for /lib/libcrypt.so.3
Reading symbols from /usr/local/pgsql/lib/libpq.so.5...done.
Loaded symbols for /usr/local/pgsql/lib/libpq.so.5
Reading symbols from /usr/local/lib/libiconv.so.3...done.
Loaded symbols for /usr/local/lib/libiconv.so.3
Reading symbols from /lib/libz.so.3...done.
Loaded symbols for /lib/libz.so.3
Reading symbols from /lib/libm.so.4...done.
Loaded symbols for /lib/libm.so.4
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x000000000067b0b9 in zend_mm_check_ptr (heap=0x95c000,
ptr=0x7fff00000031, silent=1,
__zend_filename=0x78d218
"/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c", __zend_lineno=375,
__zend_orig_filename=0x0,
__zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1012
1012 if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) {
(gdb) bt
#0 0x000000000067b0b9 in zend_mm_check_ptr (heap=0x95c000,
ptr=0x7fff00000031, silent=1,
__zend_filename=0x78d218
"/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c", __zend_lineno=375,
__zend_orig_filename=0x0,
__zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1012
#1 0x000000000067c6e1 in _zend_mm_free_int (heap=0x95c000,
p=0x7fff00000031,
__zend_filename=0x78d218
"/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c", __zend_lineno=375,
__zend_orig_filename=0x0,
__zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1520
#2 0x000000000067d90d in _efree (ptr=0x7fff00000031,
__zend_filename=0x78d218 "/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c",
__zend_lineno=375, __zend_orig_filename=0x0, __zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1877
#3 0x000000000050f30f in _php_pgsql_notice_ptr_dtor (ptr=0xac0098) at
/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c:375
#4 0x00000000006a9872 in zend_hash_clean (ht=0x9539a8) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_hash.c:552
#5 0x000000000050fbfc in zm_deactivate_pgsql (type=1, module_number=10)
at /usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c:574
#6 0x00000000006a44d6 in module_registry_cleanup (module=0x9f5e00) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_API.c:1945
#7 0x00000000006a9cf2 in zend_hash_apply (ht=0x957d40,
apply_func=0x6a44a0 <module_registry_cleanup>)
at /usr/home/max/tmp/php-5.2.1/Zend/zend_hash.c:673
#8 0x000000000069c205 in zend_deactivate_modules () at
/usr/home/max/tmp/php-5.2.1/Zend/zend.c:839
#9 0x00000000006458e1 in php_request_shutdown (dummy=0x0) at
/usr/home/max/tmp/php-5.2.1/main/main.c:1293
#10 0x0000000000718b06 in main (argc=1, argv=0x7fffffffedc8) at
/usr/home/max/tmp/php-5.2.1/sapi/cgi/cgi_main.c:1796
===
Backtrace 2
===
www3# gdb /usr/local/bin/php php.core.501
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.3...done.
Loaded symbols for /lib/libcrypt.so.3
Reading symbols from /usr/local/pgsql/lib/libpq.so.5...done.
Loaded symbols for /usr/local/pgsql/lib/libpq.so.5
Reading symbols from /usr/local/lib/libiconv.so.3...done.
Loaded symbols for /usr/local/lib/libiconv.so.3
Reading symbols from /lib/libz.so.3...done.
Loaded symbols for /lib/libz.so.3
Reading symbols from /lib/libm.so.4...done.
Loaded symbols for /lib/libm.so.4
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x000000000067b0b9 in zend_mm_check_ptr (heap=0x95c000,
ptr=0x3d0000004e, silent=1,
__zend_filename=0x78d218
"/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c", __zend_lineno=375,
__zend_orig_filename=0x0,
__zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1012
1012 if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) {
(gdb) bt
#0 0x000000000067b0b9 in zend_mm_check_ptr (heap=0x95c000,
ptr=0x3d0000004e, silent=1,
__zend_filename=0x78d218
"/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c", __zend_lineno=375,
__zend_orig_filename=0x0,
__zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1012
#1 0x000000000067c6e1 in _zend_mm_free_int (heap=0x95c000,
p=0x3d0000004e,
__zend_filename=0x78d218
"/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c", __zend_lineno=375,
__zend_orig_filename=0x0,
__zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1520
#2 0x000000000067d90d in _efree (ptr=0x3d0000004e,
__zend_filename=0x78d218 "/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c",
__zend_lineno=375, __zend_orig_filename=0x0, __zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1877
#3 0x000000000050f30f in _php_pgsql_notice_ptr_dtor (ptr=0xabac18) at
/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c:375
#4 0x00000000006a9872 in zend_hash_clean (ht=0x9539a8) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_hash.c:552
#5 0x000000000050fbfc in zm_deactivate_pgsql (type=1, module_number=10)
at /usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c:574
#6 0x00000000006a44d6 in module_registry_cleanup (module=0x9f5e00) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_API.c:1945
#7 0x00000000006a9cf2 in zend_hash_apply (ht=0x957d40,
apply_func=0x6a44a0 <module_registry_cleanup>)
at /usr/home/max/tmp/php-5.2.1/Zend/zend_hash.c:673
#8 0x000000000069c205 in zend_deactivate_modules () at
/usr/home/max/tmp/php-5.2.1/Zend/zend.c:839
#9 0x00000000006458e1 in php_request_shutdown (dummy=0x0) at
/usr/home/max/tmp/php-5.2.1/main/main.c:1293
#10 0x0000000000718b06 in main (argc=1, argv=0x7fffffffedc8) at
/usr/home/max/tmp/php-5.2.1/sapi/cgi/cgi_main.c:1796
===
Backtrace 2
===
www3# gdb /usr/local/bin/php php.core.501
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.3...done.
Loaded symbols for /lib/libcrypt.so.3
Reading symbols from /usr/local/pgsql/lib/libpq.so.5...done.
Loaded symbols for /usr/local/pgsql/lib/libpq.so.5
Reading symbols from /usr/local/lib/libiconv.so.3...done.
Loaded symbols for /usr/local/lib/libiconv.so.3
Reading symbols from /lib/libz.so.3...done.
Loaded symbols for /lib/libz.so.3
Reading symbols from /lib/libm.so.4...done.
Loaded symbols for /lib/libm.so.4
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x000000000067b0b9 in zend_mm_check_ptr (heap=0x95c000,
ptr=0x3d0000004e, silent=1,
__zend_filename=0x78d218
"/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c", __zend_lineno=375,
__zend_orig_filename=0x0,
__zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1012
1012 if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) {
(gdb) bt
#0 0x000000000067b0b9 in zend_mm_check_ptr (heap=0x95c000,
ptr=0x3d0000004e, silent=1,
__zend_filename=0x78d218
"/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c", __zend_lineno=375,
__zend_orig_filename=0x0,
__zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1012
#1 0x000000000067c6e1 in _zend_mm_free_int (heap=0x95c000,
p=0x3d0000004e,
__zend_filename=0x78d218
"/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c", __zend_lineno=375,
__zend_orig_filename=0x0,
__zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1520
#2 0x000000000067d90d in _efree (ptr=0x3d0000004e,
__zend_filename=0x78d218 "/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c",
__zend_lineno=375, __zend_orig_filename=0x0, __zend_orig_lineno=0) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_alloc.c:1877
#3 0x000000000050f30f in _php_pgsql_notice_ptr_dtor (ptr=0xabac18) at
/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c:375
#4 0x00000000006a9872 in zend_hash_clean (ht=0x9539a8) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_hash.c:552
#5 0x000000000050fbfc in zm_deactivate_pgsql (type=1, module_number=10)
at /usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c:574
#6 0x00000000006a44d6 in module_registry_cleanup (module=0x9f5e00) at
/usr/home/max/tmp/php-5.2.1/Zend/zend_API.c:1945
#7 0x00000000006a9cf2 in zend_hash_apply (ht=0x957d40,
apply_func=0x6a44a0 <module_registry_cleanup>)
at /usr/home/max/tmp/php-5.2.1/Zend/zend_hash.c:673
#8 0x000000000069c205 in zend_deactivate_modules () at
/usr/home/max/tmp/php-5.2.1/Zend/zend.c:839
#9 0x00000000006458e1 in php_request_shutdown (dummy=0x0) at
/usr/home/max/tmp/php-5.2.1/main/main.c:1293
#10 0x0000000000718b06 in main (argc=1, argv=0x7fffffffedc8) at
/usr/home/max/tmp/php-5.2.1/sapi/cgi/cgi_main.c:1796
===
Other debug messages
===
Some debug messages also indicate memory leaks:
[Sat Mar 3 16:32:07 2007] Script: '/home/site/index.php'
/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c(357) : Freeing 0x0098A360
(16 bytes), script=/home/site/index.php
[Sat Mar 3 16:32:07 2007] Script: '/home/site/index.php'
/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c(285) : Freeing 0x0098E3E8
(256 bytes), script=/home/site/index.php
=== Total 2 memory leaks detected ===
[Sat Mar 3 16:32:07 2007] Script: '/home/site/index.php'
/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c(285) : Freeing 0x00B3BE08
(256 bytes), script=/home/site/index.php
[Sat Mar 3 16:32:07 2007] Script: '/home/site/index.php'
/usr/home/max/tmp/php-5.2.1/ext/pgsql/pgsql.c(357) : Freeing 0x0098B7E8
(16 bytes), script=/home/site/index.php
--
Edit bug report at http://bugs.php.net/?id=40708&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=40708&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=40708&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=40708&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=40708&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=40708&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=40708&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=40708&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=40708&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=40708&r=support
Expected behavior: http://bugs.php.net/fix.php?id=40708&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=40708&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=40708&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=40708&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=40708&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=40708&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=40708&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=40708&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=40708&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=40708&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=40708&r=mysqlcfg
