From: d at blrf dot net
Operating system: Linux billy 2.4.22 #10 SMP Mon S
PHP version: 5CVS-2004-04-19 (dev)
PHP Bug Type: Reproducible crash
Bug description: Random segfaults
Description:
------------
This problem started from around php5-200404150830 and up. I tried the
latest CVS one and I still get random segmentation fault. It seems that
the point of failure is always the same: '#7 0x081d8583 in execute
(op_array=0x4055dc74) at
/root/setup/php5-200404191230/Zend/zend_execute.c:1391
1391 if (EX(opline)->handler(&execute_data, EX(opline),
op_array TSRMLS_CC)) {'
Reproduce code:
---------------
I cannot post reporoduce code, as this happens in random places and I
still couldn't figure out where. Sometimes at one line another time, it's
working ... and then, it dies at completly different line. But as I was
running the script several times, the execute frame code was always the
same. That's why I'm appending two backtraces, with same script.
Expected result:
----------------
...
Actual result:
--------------
Here's the backtrace I:
--
warning: core file may not match specified executable file.
Core was generated by `/usr/local/bin/php -q ./callcheck.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/local/lib/libhistory.so.4...done.
Loaded symbols for /usr/local/lib/libhistory.so.4
Reading symbols from /usr/local/lib/libreadline.so.4...done.
Loaded symbols for /usr/local/lib/libreadline.so.4
Reading symbols from /lib/libncurses.so.5...done.
Loaded symbols for /lib/libncurses.so.5
Reading symbols from /usr/lib/libpanel.so.5...done.
Loaded symbols for /usr/lib/libpanel.so.5
Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.12...done.
Loaded symbols for /usr/local/lib/mysql/libmysqlclient.so.12
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/local/lib/libsybdb.so.3...done.
Loaded symbols for /usr/local/lib/libsybdb.so.3
Reading symbols from /usr/local/lib/libt1.so.5...done.
Loaded symbols for /usr/local/lib/libt1.so.5
Reading symbols from /usr/local/lib/libfreetype.so.6...done.
Loaded symbols for /usr/local/lib/libfreetype.so.6
Reading symbols from /usr/local/lib/libpng.so.3...done.
Loaded symbols for /usr/local/lib/libpng.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/local/lib/libnetsnmp.so.5...done.
Loaded symbols for /usr/local/lib/libnetsnmp.so.5
Reading symbols from /usr/local/lib/libxml2.so.2...done.
Loaded symbols for /usr/local/lib/libxml2.so.2
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_compat.so.2...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0 0x081cdd75 in zend_get_property_info (zobj=0xffffffff,
member=0x40792194, silent=0)
at /root/setup/php5-200404191230/Zend/zend_object_handlers.c:202
202 if (zend_hash_quick_find(&zobj->ce->properties_info,
Z_STRVAL_P(member), Z_STRLEN_P(member)+1, h, (void **)
&property_info)==SUCCESS) {
(gdb) bt
#0 0x081cdd75 in zend_get_property_info (zobj=0xffffffff,
member=0x40792194, silent=0)
at /root/setup/php5-200404191230/Zend/zend_object_handlers.c:202
#1 0x081cc939 in zend_std_read_property (object=0x407d53f4,
member=0x40792194, type=0)
at /root/setup/php5-200404191230/Zend/zend_object_handlers.c:287
#2 0x081d7c00 in zend_fetch_property_address_read (result=0x40792168,
op1=0x4079217c, op2=0x40792190, Ts=0xbfffa100, type=0)
at /root/setup/php5-200404191230/Zend/zend_execute.c:1155
#3 0x081d9d84 in zend_fetch_obj_r_handler (execute_data=0xbfffc570,
opline=0x40792164, op_array=0x407774dc)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2120
#4 0x081d8583 in execute (op_array=0x407774dc) at
/root/setup/php5-200404191230/Zend/zend_execute.c:1391
#5 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffced0,
opline=0x40761520, op_array=0x4075ec34)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#6 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0xc,
opline=0x40761520, op_array=0x4075ec34)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#7 0x081d8583 in execute (op_array=0x4075ec34) at
/root/setup/php5-200404191230/Zend/zend_execute.c:1391
#8 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffd680,
opline=0x404fc0b0, op_array=0x404eeb9c)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#9 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0xc,
opline=0x404fc0b0, op_array=0x404eeb9c)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#10 0x081d8583 in execute (op_array=0x404eeb9c) at
/root/setup/php5-200404191230/Zend/zend_execute.c:1391
#11 0x081be151 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /root/setup/php5-200404191230/Zend/zend.c:1058
#12 0x0818d997 in php_execute_script (primary_file=0xbffffa60) at
/root/setup/php5-200404191230/main/main.c:1630
#13 0x081eb694 in main (argc=3, argv=0xbffffaf4) at
/root/setup/php5-200404191230/sapi/cli/php_cli.c:943
#14 0x403ccbb4 in __libc_start_main () from /lib/libc.so.6
(gdb) frame 4
#4 0x081d8583 in execute (op_array=0x407774dc) at
/root/setup/php5-200404191230/Zend/zend_execute.c:1391
1391 if (EX(opline)->handler(&execute_data, EX(opline),
op_array TSRMLS_CC)) {
(gdb)
--
Backtrace II:
--
[EMAIL PROTECTED]:/home/dejan/callcheck# gdb /usr/local/bin/php core
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-slackware-linux"...
warning: core file may not match specified executable file.
Core was generated by `/usr/local/bin/php -q ./callcheck.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/local/lib/libhistory.so.4...done.
Loaded symbols for /usr/local/lib/libhistory.so.4
Reading symbols from /usr/local/lib/libreadline.so.4...done.
Loaded symbols for /usr/local/lib/libreadline.so.4
Reading symbols from /lib/libncurses.so.5...done.
Loaded symbols for /lib/libncurses.so.5
Reading symbols from /usr/lib/libpanel.so.5...done.
Loaded symbols for /usr/lib/libpanel.so.5
Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.12...done.
Loaded symbols for /usr/local/lib/mysql/libmysqlclient.so.12
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/local/lib/libsybdb.so.3...done.
Loaded symbols for /usr/local/lib/libsybdb.so.3
Reading symbols from /usr/local/lib/libt1.so.5...done.
Loaded symbols for /usr/local/lib/libt1.so.5
Reading symbols from /usr/local/lib/libfreetype.so.6...done.
Loaded symbols for /usr/local/lib/libfreetype.so.6
Reading symbols from /usr/local/lib/libpng.so.3...done.
Loaded symbols for /usr/local/lib/libpng.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/local/lib/libnetsnmp.so.5...done.
Loaded symbols for /usr/local/lib/libnetsnmp.so.5
Reading symbols from /usr/local/lib/libxml2.so.2...done.
Loaded symbols for /usr/local/lib/libxml2.so.2
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_compat.so.2...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0 0x081bc82f in _zval_copy_ctor (zvalue=0x407d2ddc) at
/root/setup/php5-200404191230/Zend/zend_variables.c:156
156 Z_OBJ_HT_P(zvalue)->add_ref(zvalue
TSRMLS_CC);
(gdb) bt
#0 0x081bc82f in _zval_copy_ctor (zvalue=0x407d2ddc) at
/root/setup/php5-200404191230/Zend/zend_variables.c:156
#1 0x081c7d62 in debug_backtrace_get_args (curpos=0x0) at
/root/setup/php5-200404191230/Zend/zend_builtin_functions.c:1411
#2 0x081c82e5 in zend_fetch_debug_backtrace (return_value=0x407d383c,
skip_last=0)
at /root/setup/php5-200404191230/Zend/zend_builtin_functions.c:1634
#3 0x081cac6f in zend_default_exception_new (class_type=0x4051d27c) at
/root/setup/php5-200404191230/Zend/zend_exceptions.c:93
#4 0x081bf42e in _object_and_properties_init (arg=0x407d41e4,
class_type=0x4051d27c, properties=0x0)
at /root/setup/php5-200404191230/Zend/zend_API.c:714
#5 0x081bf494 in _object_init_ex (arg=0x407d41e4, class_type=0x4051d27c)
at /root/setup/php5-200404191230/Zend/zend_API.c:721
#6 0x081dcd4c in zend_new_handler (execute_data=0xbfff99a0,
opline=0x40561564, op_array=0x4055dc74)
at /root/setup/php5-200404191230/Zend/zend_execute.c:3246
#7 0x081d8583 in execute (op_array=0x4055dc74) at
/root/setup/php5-200404191230/Zend/zend_execute.c:1391
#8 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffa020,
opline=0x4055f874, op_array=0x405584ec)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#9 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0,
opline=0x4055f874, op_array=0x405584ec)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#10 0x081d8583 in execute (op_array=0x405584ec) at
/root/setup/php5-200404191230/Zend/zend_execute.c:1391
#11 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffc570,
opline=0x40792e74, op_array=0x407774dc)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#12 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0,
opline=0x40792e74, op_array=0x407774dc)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#13 0x081d8583 in execute (op_array=0x407774dc) at
/root/setup/php5-200404191230/Zend/zend_execute.c:1391
#14 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffced0,
opline=0x40761520, op_array=0x4075ec34)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#15 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0,
opline=0x40761520, op_array=0x4075ec34)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#16 0x081d8583 in execute (op_array=0x4075ec34) at
/root/setup/php5-200404191230/Zend/zend_execute.c:1391
#17 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffd680,
opline=0x404fc0b0, op_array=0x404eeb9c)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#18 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0,
opline=0x404fc0b0, op_array=0x404eeb9c)
at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#19 0x081d8583 in execute (op_array=0x404eeb9c) at
/root/setup/php5-200404191230/Zend/zend_execute.c:1391
#20 0x081be151 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /root/setup/php5-200404191230/Zend/zend.c:1058
#21 0x0818d997 in php_execute_script (primary_file=0xbffffa60) at
/root/setup/php5-200404191230/main/main.c:1630
#22 0x081eb694 in main (argc=3, argv=0xbffffaf4) at
/root/setup/php5-200404191230/sapi/cli/php_cli.c:943
#23 0x403ccbb4 in __libc_start_main () from /lib/libc.so.6
(gdb) frame 7
#7 0x081d8583 in execute (op_array=0x4055dc74) at
/root/setup/php5-200404191230/Zend/zend_execute.c:1391
1391 if (EX(opline)->handler(&execute_data, EX(opline),
op_array TSRMLS_CC)) {
(gdb)
--
Edit bug report at http://bugs.php.net/?id=28059&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28059&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28059&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=28059&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=28059&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=28059&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=28059&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=28059&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=28059&r=support
Expected behavior: http://bugs.php.net/fix.php?id=28059&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=28059&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=28059&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=28059&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28059&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=28059&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=28059&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=28059&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28059&r=float
