#31106 [NEW]: apache2 - execute dtor'ing something wrong.

alan at akbkhome dot com Wed, 15 Dec 2004 16:33:47 -0800

From:             alan at akbkhome dot com
Operating system: linux
PHP version:      4.3.10
PHP Bug Type:     Reproducible crash
Bug description:  apache2  - execute dtor'ing something wrong.


Description:
------------
config with apache2 fork
I need to isolate the code causing this, - but it appears to be a common
segfault, on more than just one page.

php4.3.7 runs fine. - exactly the same config

  './configure' '--with-apxs2=/usr/bin/apxs2' '--prefix=/usr'
'--with-regex=php' '--with-config-file-path=/etc/php4/apache'
'--disable-rpath' '--disable-debug' '--enable-memory-limit'
'--with-layout=GNU' '--enable-calendar' '--enable-sysvsem'
'--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid'
'--enable-bcmath' '--with-bz2' '--with-db4' '--with-iconv' '--enable-exif'
'--enable-filepro' '--enable-ftp' '--with-gettext' '--enable-mbstring'
'--with-pcre-regex=/usr' '--enable-shmop' '--enable-sockets'
'--enable-wddx' '--with-expat-dir=/usr' '--enable-yp' '--with-zlib'
'--without-pgsql' '--with-openssl=/usr' '--disable-static'
'--with-zlib-dir=/usr' '--with-mysql=/usr' '--with-ming=/usr'

full backtrace:

#0  0x4040a264 in mallopt () from /lib/libc.so.6
#1  0x4040907f in free () from /lib/libc.so.6
#2  0x40726d7f in _efree (ptr=0x84726ac) at
/usr/src/php-4.3.10/Zend/zend_alloc.c:265
#3  0x4073b3df in zend_hash_destroy (ht=0x843b0cc) at
/usr/src/php-4.3.10/Zend/zend_hash.c:566
#4  0x40735084 in _zval_dtor (zvalue=0x8437774) at
/usr/src/php-4.3.10/Zend/zend_variables.c:60
#5  0x4072e23c in _zval_ptr_dtor (zval_ptr=0x408e0df0) at
/usr/src/php-4.3.10/Zend/zend_execute_API.c:289
#6  0x40744748 in execute (op_array=0x82f3a7c) at zend_execute_locks.h:26
#7  0x407468c4 in execute (op_array=0x82f3a14) at
/usr/src/php-4.3.10/Zend/zend_execute.c:1686
#8  0x407468c4 in execute (op_array=0x824799c) at
/usr/src/php-4.3.10/Zend/zend_execute.c:1686
#9  0x407468c4 in execute (op_array=0x8247344) at
/usr/src/php-4.3.10/Zend/zend_execute.c:1686
#10 0x407468c4 in execute (op_array=0x82419e4) at
/usr/src/php-4.3.10/Zend/zend_execute.c:1686
#11 0x40736971 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /usr/src/php-4.3.10/Zend/zend.c:900
#12 0x40708a1f in php_execute_script (primary_file=0xbffffa50) at
/usr/src/php-4.3.10/main/main.c:1736
#13 0x4074bb8c in php_handler (r=0x8235478) at
/usr/src/php-4.3.10/sapi/apache2handler/sapi_apache2.c:542
#14 0x080782b5 in ap_run_handler ()
#15 0x08189a68 in ?? ()
(gdb) bt full
#0  0x4040a264 in mallopt () from /lib/libc.so.6
No symbol table info available.
#1  0x4040907f in free () from /lib/libc.so.6
No symbol table info available.
#2  0x40726d7f in _efree (ptr=0x84726ac) at
/usr/src/php-4.3.10/Zend/zend_alloc.c:265
        p = (zend_mem_header *) 0x8472698
        real_size = 138880672
        cache_index = 138880664
#3  0x4073b3df in zend_hash_destroy (ht=0x843b0cc) at
/usr/src/php-4.3.10/Zend/zend_hash.c:566
        p = (Bucket *) 0x0
        q = (Bucket *) 0x84727bc
#4  0x40735084 in _zval_dtor (zvalue=0x8437774) at
/usr/src/php-4.3.10/Zend/zend_variables.c:60
No locals.
#5  0x4072e23c in _zval_ptr_dtor (zval_ptr=0x408e0df0) at
/usr/src/php-4.3.10/Zend/zend_execute_API.c:289
No locals.
#6  0x40744748 in execute (op_array=0x82f3a7c) at zend_execute_locks.h:26
        execute_data = {opline = 0x8307708, function_state =
{function_symbol_table = 0x82481fc, function = 0x82f3a7c,
    reserved = {0x408d8678, 0x408a085b, 0x82432f4, 0xbfffb358}}, fbc =
0x0, ce = 0x0, object = {ptr = 0x0},
  Ts = 0xbfff914c, original_in_execution = 1 '\001', op_array = 0x82f3a7c,
prev_execute_data = 0xbfffb760}
#7  0x407468c4 in execute (op_array=0x82f3a14) at
/usr/src/php-4.3.10/Zend/zend_execute.c:1686
        calling_symbol_table = (HashTable *) 0x82c2644
        original_return_value = (zval **) 0xbfffc554
        execute_data = {opline = 0x827d480, function_state =
{function_symbol_table = 0x82432f4, function = 0x82f3a7c,
    reserved = {0x408d8678, 0x408a085b, 0x82c2644, 0xbfffb7b8}}, fbc =
0x82f3a7c, ce = 0x0, object = {
    ptr = 0x82fcf5c}, Ts = 0xbfffb37c, original_in_execution = 1 '\001',
op_array = 0x82f3a14,
  prev_execute_data = 0xbfffcdb0}
#8  0x407468c4 in execute (op_array=0x824799c) at
/usr/src/php-4.3.10/Zend/zend_execute.c:1686
        calling_symbol_table = (HashTable *) 0x8247df4
        original_return_value = (zval **) 0xbfffd204
        execute_data = {opline = 0x824df60, function_state =
{function_symbol_table = 0x82c2644, function = 0x82f3a14,
    reserved = {0x408d8678, 0x408a085b, 0x8247df4, 0xbfffce08}}, fbc =
0x82f3a14, ce = 0x0, object = {
    ptr = 0x82fcf5c}, Ts = 0xbfffb7dc, original_in_execution = 1 '\001',
op_array = 0x824799c,
---Type <return> to continue, or q <return> to quit---
  prev_execute_data = 0xbfffd3e0}
#9  0x407468c4 in execute (op_array=0x8247344) at
/usr/src/php-4.3.10/Zend/zend_execute.c:1686
        calling_symbol_table = (HashTable *) 0x82d86a4
        original_return_value = (zval **) 0xbfffd5cc
        execute_data = {opline = 0x8249734, function_state =
{function_symbol_table = 0x8247df4, function = 0x824799c,
    reserved = {0x40726df3, 0x82a1584, 0x0, 0x20}}, fbc = 0x824799c, ce =
0x0, object = {ptr = 0x82d877c},
  Ts = 0xbfffce2c, original_in_execution = 1 '\001', op_array = 0x8247344,
prev_execute_data = 0xbfffd7b0}
#10 0x407468c4 in execute (op_array=0x82419e4) at
/usr/src/php-4.3.10/Zend/zend_execute.c:1686
        calling_symbol_table = (HashTable *) 0x408e0c6c
        original_return_value = (zval **) 0xbfffd828
        execute_data = {opline = 0x8246300, function_state =
{function_symbol_table = 0x82d86a4, function = 0x8247344,
    reserved = {0x408d8678, 0x8241b24, 0x0, 0xbfffd7e8}}, fbc = 0x8247344,
ce = 0x827b9f8, object = {ptr = 0x0},
  Ts = 0xbfffd45c, original_in_execution = 0 '\0', op_array = 0x82419e4,
prev_execute_data = 0x0}
#11 0x40736971 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /usr/src/php-4.3.10/Zend/zend.c:900
        files = 0xbfffd854 ""
        i = 1
        file_handle = (zend_file_handle *) 0xbffffa50
        orig_op_array = (zend_op_array *) 0x0
        local_retval = (zval *) 0x0
#12 0x40708a1f in php_execute_script (primary_file=0xbffffa50) at
/usr/src/php-4.3.10/main/main.c:1736
        orig_bailout = {{__jmpbuf = {1083016824, 1083051352, -1073743060,
-1073743032, -1073743488, 1081391400},
    __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32
times>}}}}
        orig_bailout_set = 1 '\001'
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x0
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
handle = {fd = 0, fp = 0x0},
  free_filename = 0 '\0'}
---Type <return> to continue, or q <return> to quit---
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
handle = {fd = 0, fp = 0x0},
  free_filename = 0 '\0'}
        old_cwd = 0xbfffd85c "/usr/src/php-4.3.10"
        old_primary_file_path = 0x0
        retval = 0
#13 0x4074bb8c in php_handler (r=0x8235478) at
/usr/src/php-4.3.10/sapi/apache2handler/sapi_apache2.c:542
        zfd = {type = 1 '\001', filename = 0x8236690
"/mnt/svn_live/FlexyWiki/spam.php",
  opened_path = 0x8241aec "ì¶x|\004", handle = {fd = 20, fp = 0x14},
free_filename = 0 '\0'}
        ctx = (php_struct *) 0x823d8e8
        conf = <value optimized out>
        brigade = (apr_bucket_brigade *) 0x823d960
        bucket = <value optimized out>
        rv = <value optimized out>
        parent_req = (request_rec *) 0x0
#14 0x080782b5 in ap_run_handler ()


Reproduce code:
---------------
To follow later.


-- 
Edit bug report at http://bugs.php.net/?id=31106&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=31106&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=31106&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=31106&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=31106&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=31106&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=31106&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=31106&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=31106&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=31106&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=31106&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=31106&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=31106&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=31106&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=31106&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=31106&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=31106&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=31106&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=31106&r=float
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=31106&r=mysqlcfg

#31106 [NEW]: apache2 - execute dtor'ing something wrong.

Reply via email to