#50057 [Com]: crash in _php_pgsql_notice_ptr_dtor - efree with Horde
ID: 50057 Comment by: svanegmond at tinyplanet dot ca Reported By: proforg at maloletka dot ru Status: Feedback Bug Type: PostgreSQL related Operating System: Debian Lenny 2.6.26-2-amd64 PHP Version: 5.2SVN-2009-11-02 (snap) New Comment: Hi, We have produced this crash on a MacOSX machine using MacPorts. We were running an internal publishing framework under Apache2, and the bug is difficult to isolate. It occurs every two or three hits, only a certain page and no others. Reviewing the crash log, we saw that it was handling an error message. The database server had just thrown a warning message in response to a query; from pgsql's server log: WARNING: nonstandard use of escape in a string literal at character 34 HINT: Use the escape string syntax for escapes, e.g., E'\r\n'. Fixing the query to not trigger this notice eliminated the problem. $ postgres -V postgres (PostgreSQL) 8.4.1 $ ./httpd -v Server version: Apache/2.2.13 (Unix) Server built: Nov 11 2009 14:26:14 $ php -v PHP 5.3.0 (cli) (built: Nov 11 2009 14:32:44) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies Stack trace: /Library/Logs/CrashReporter/httpd_2009-11-11-160757_xserve2.crash Process: httpd [18789] Path:/opt/local/apache2/bin/httpd Identifier: httpd Version: ??? (???) Code Type: X86 (Native) Parent Process: httpd [17820] Date/Time: 2009-11-11 16:07:57.993 -0500 OS Version: Mac OS X Server 10.5.8 (9L30) Report Version: 6 Anonymous UUID: 97323980-327D-4574-BA0D-3ECFD564DB05 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x72702f34 Crashed Thread: 0 Application Specific Information: *** single-threaded process forked *** Thread 0 Crashed: 0 libphp5.so 0x011e18a9 _zend_mm_free_int + 25 1 pgsql.so0x017a307a _php_pgsql_notice_ptr_dtor + 26 2 libphp5.so 0x01210b82 _zend_hash_index_update_or_next_insert + 562 3 pgsql.so0x017a301f _php_pgsql_notice_handler + 143 4 libpq.5.dylib 0x01790630 pqGetErrorNotice3 + 1232 5 libpq.5.dylib 0x01791080 pqParseInput3 + 976 6 libpq.5.dylib 0x01787d48 parseInput + 24 7 libpq.5.dylib 0x0178882d PQgetResult + 173 8 libpq.5.dylib 0x017889fd PQexecFinish + 45 9 pgsql.so0x017a4690 zif_pg_query + 416 10 libphp5.so 0x012326cc zend_do_fcall_common_helper_SPEC + 2860 11 libphp5.so 0x01231635 execute + 485 12 libphp5.so 0x01203886 zend_execute_scripts + 102 13 libphp5.so 0x011aad78 php_execute_script + 392 14 libphp5.so 0x0129137b php_handler + 1691 15 httpd 0x2368 ap_run_handler + 72 16 httpd 0x2877 ap_invoke_handler + 119 17 httpd 0x000280ae ap_process_request + 430 18 httpd 0x000247a8 ap_process_http_connection + 344 19 httpd 0x000103b8 ap_run_process_connection + 72 20 httpd 0x0002cef7 child_main + 1031 21 httpd 0x0002d253 make_child + 323 22 httpd 0x0002d330 startup_children + 96 23 httpd 0x0002ea83 ap_mpm_run + 4003 24 httpd 0x8ce0 main + 2544 25 httpd 0x1826 start + 54 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x008fdc00 ebx: 0x011e189e ecx: 0x0001 edx: 0x72702f3c edi: 0x72702f34 esi: 0x01aa37c0 ebp: 0xbfffece8 esp: 0xbfffecb0 ss: 0x001f efl: 0x00200206 eip: 0x011e18a9 cs: 0x0017 ds: 0x001f es: 0x001f fs: 0x gs: 0x0037 cr2: 0x72702f34 Binary Images: 0x1000 -0x37fe7 +httpd ??? (???) b168b1baf5a905648504a18b6389516b /opt/local/apache2/bin/httpd 0x57000 -0x84fe7 +libpcre.0.dylib ??? (???) e850e6a552f9505aa3af76bab3599caa /opt/local/lib/libpcre.0.dylib 0x89000 -0x9dff3 +libaprutil-1.0.dylib ??? (???) 35ba3b12730afda10626fe0bea4774c7 /opt/local/lib/libaprutil-1.0.dylib 0xa6000 -0xc2fe3 +libexpat.1.dylib ??? (???) 86bb4cce4c61a5db862ebfb991656809 /opt/local/lib/libexpat.1.dylib 0xca000 -0xe3fef +libapr-1.0.dylib ??? (???) 56c87ffb4d4b5d67272ae1d3836e08e7 /opt/local/lib/libapr-1.0.dylib 0xf1000 -0xf1ff5 +mod_authn_file.so ??? (???) 1f3aa9d5825ca6109f63df61b390f153 /opt/local/apache2/modules/mod_authn_file.so 0xf5000 -0xf5ffe +mod_authn_dbm.so ??? (???) 59d6f1179bc711e2320c5934578ef098
#50057 [Com]: crash in _php_pgsql_notice_ptr_dtor - efree with Horde
ID: 50057 Comment by: proforg at maloletka dot ru Reported By: proforg at maloletka dot ru Status: Feedback Bug Type: PostgreSQL related Operating System: Debian Lenny 2.6.26-2-amd64 PHP Version: 5.2SVN-2009-11-02 (snap) New Comment: Same SEGFAULTS in PHP 5.3.0 Previous Comments: [2009-11-04 03:08:09] proforg at maloletka dot ru Unfortunately, at the moment, I'm not able to figure out exact part of the code which causes this segfault. Horde code is quite large and not very clear. I'll try to simplify it as much as posible and send you test case ASAP, but I can't even estimate how much time may it take. Moreover, this error occures not every request, sometimes only on each second, or third request. Requested valgrind output: http://maloletka.ru/valgrind.out.gz [2009-11-04 01:42:09] scott...@php.net Can you provide a reproduce script and also would it be possible to run what you have through valgrind to get a better memory trace. [2009-11-04 00:55:39] proforg at maloletka dot ru php5.2-200911032130 configure options: --enable-fastcgi --enable-force-cgi-redirect --with-pgsql --with-pear=/usr/share/php/ --enable-debug --with-imap --with- kerberos --with-imap-ssl --with-gettext run options: /usr/local/bin/php-cgi -b 127.0.0.1:9919 -c /etc/php5/fpm/ backtrace: [New process 4752] #0 0x006fc288 in zend_mm_check_ptr (heap=0xcd8390, ptr=0x1, silent=1, __zend_filename=0x830c38 /usr/local/src/php5.2- 200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1304 1304if (p-info._size != ZEND_MM_NEXT_BLOCK(p)-info._prev) { (gdb) bt #0 0x006fc288 in zend_mm_check_ptr (heap=0xcd8390, ptr=0x1, silent=1, __zend_filename=0x830c38 /usr/local/src/php5.2- 200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1304 #1 0x006fdd2e in _zend_mm_free_int (heap=0xcd8390, p=0x1, __zend_filename=0x830c38 /usr/local/src/php5.2- 200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1943 #2 0x006ff2ca in _efree (ptr=0x1, __zend_filename=0x830c38 /usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:2311 #3 0x0056e2f0 in _php_pgsql_notice_ptr_dtor (ptr=0x134b848) at /usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c:379 #4 0x0072c591 in zend_hash_clean (ht=0xb12388) at /usr/local/src/php5.2-200911032130/Zend/zend_hash.c:552 #5 0x0056eb8e in zm_deactivate_pgsql (type=1, module_number=14) at /usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c:578 #6 0x00726f19 in module_registry_cleanup (module=0xd041d0) at /usr/local/src/php5.2-200911032130/Zend/zend_API.c:1976 #7 0x0072cdf9 in zend_hash_reverse_apply (ht=0xb16760, apply_func=0x726ede module_registry_cleanup) at /usr/local/src/php5.2- 200911032130/Zend/zend_hash.c:755 #8 0x0071e481 in zend_deactivate_modules () at /usr/local/src/php5.2-200911032130/Zend/zend.c:838 #9 0x006c6258 in php_request_shutdown (dummy=0x0) at /usr/local/src/php5.2-200911032130/main/main.c:1474 #10 0x007a6ce5 in main (argc=5, argv=0x7fff3f4b5eb8) at /usr/local/src/php5.2-200911032130/sapi/cgi/cgi_main.c:2057 [2009-11-03 12:33:45] proforg at maloletka dot ru Yes, definitely, same result at least with apache2 sapi. I'll try to have some more tests and backtraces with clear cgi-fcgi sapi later today, [2009-11-03 10:45:38] j...@php.net Can you reproduce this without the 3rd party patches? (no, we do not support this FPM thing!) The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/50057 -- Edit this bug report at http://bugs.php.net/?id=50057edit=1
#50057 [Com]: crash in _php_pgsql_notice_ptr_dtor - efree with Horde
ID: 50057 Comment by: proforg at maloletka dot ru Reported By: proforg at maloletka dot ru Status: Feedback Bug Type: PostgreSQL related Operating System: Debian Lenny 2.6.26-2-amd64 PHP Version: 5.2SVN-2009-11-02 (snap) New Comment: Yes, definitely, same result at least with apache2 sapi. I'll try to have some more tests and backtraces with clear cgi-fcgi sapi later today, Previous Comments: [2009-11-03 10:45:38] j...@php.net Can you reproduce this without the 3rd party patches? (no, we do not support this FPM thing!) [2009-11-03 02:22:59] proforg at maloletka dot ru the same for 5.2.10 and 5.2.11 but 5.2.9 works fine [2009-11-02 23:10:30] proforg at maloletka dot ru Description: php5.2-200911021930 + apache2 / fpm sapi frequently crashes on debian horde3 + imp4 installation. Reproduce code: --- Current debian horde and imp packages. Actual result: -- fpm log output: Nov 03 01:51:13.738647 [WARNING] fpm_children_bury(), line 217: child 19892 (pool www-data) exited on signal 11 SIGSEGV (core dumped) after 2377.432524 seconds from start Nov 03 01:51:13.738687 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: [Tue Nov 3 01:36:48 2009] Script: '/usr/share/horde3//index.php' Nov 03 01:51:13.738716 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: /usr/local/src/php5.2-200911021930/ext/pgsql/pgsql.c(289) : Freeing 0x029A97C0 (46 bytes), script=/usr/share/horde3//index.php, pipe is closed Nov 03 01:51:13.738738 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: [Tue Nov 3 01:36:48 2009] Script: '/usr/share/horde3//index.php', pipe is closed Nov 03 01:51:13.738758 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: /usr/local/src/php5.2-200911021930/ext/pgsql/pgsql.c(361) : Freeing 0x02540370 (16 bytes), script=/usr/share/horde3//index.php, pipe is closed Nov 03 01:51:13.738779 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: === Total 2 memory leaks detected ===, pipe is closed backtrace: [New process 19892] #0 0x00734d34 in zend_mm_check_ptr (heap=0x1e392a0, ptr=0x69766f7270207469, silent=1, __zend_filename=0x8913f8 /usr/local/src/php5.2- 200911021930/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911021930/Zend/zend_alloc.c:1304 1304if (p-info._size != ZEND_MM_NEXT_BLOCK(p)- info._prev) { (gdb) bt #0 0x00734d34 in zend_mm_check_ptr (heap=0x1e392a0, ptr=0x69766f7270207469, silent=1, __zend_filename=0x8913f8 /usr/local/src/php5.2- 200911021930/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911021930/Zend/zend_alloc.c:1304 #1 0x007367da in _zend_mm_free_int (heap=0x1e392a0, p=0x69766f7270207469, __zend_filename=0x8913f8 /usr/local/src/php5.2-200911021930/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2- 200911021930/Zend/zend_alloc.c:1943 #2 0x00737d76 in _efree (ptr=0x69766f7270207469, __zend_filename=0x8913f8 /usr/local/src/php5.2- 200911021930/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911021930/Zend/zend_alloc.c:2311 #3 0x005a7ba0 in _php_pgsql_notice_ptr_dtor (ptr=0x1fe2928) at /usr/local/src/php5.2- 200911021930/ext/pgsql/pgsql.c:379 #4 0x0076503d in zend_hash_clean (ht=0xb83a88) at /usr/local/src/php5.2-200911021930/Zend/zend_hash.c:552 #5 0x005a843e in zm_deactivate_pgsql (type=1, module_number=18) at /usr/local/src/php5.2- 200911021930/ext/pgsql/pgsql.c:578 #6 0x0075f9c5 in module_registry_cleanup (module=0x1e70e80) at /usr/local/src/php5.2- 200911021930/Zend/zend_API.c:1976 #7 0x007658a5 in zend_hash_reverse_apply (ht=0xb87e60, apply_func=0x75f98a module_registry_cleanup) at /usr/local/src/php5.2-200911021930/Zend/zend_hash.c:755 #8 0x00756f2d in zend_deactivate_modules () at /usr/local/src/php5.2-200911021930/Zend/zend.c:838 #9 0x006fed04 in php_request_shutdown (dummy=0x0) at /usr/local/src/php5.2-200911021930/main/main.c:1474 #10 0x007de90f in main (argc=6, argv=0x7fff4f59af58) at /usr/local/src/php5.2- 200911021930/sapi/fpm/cgi/cgi_main.c:1589 php build options: --with-fpm --with-libevent=shared,/usr --with-pgsql --with-gd --with- mhash --with-mcrypt --with-pear=/usr/share/php/ --enable- debug --with-imap
#50057 [Com]: crash in _php_pgsql_notice_ptr_dtor - efree with Horde
ID: 50057 Comment by: proforg at maloletka dot ru Reported By: proforg at maloletka dot ru Status: Feedback Bug Type: PostgreSQL related Operating System: Debian Lenny 2.6.26-2-amd64 PHP Version: 5.2SVN-2009-11-02 (snap) New Comment: php5.2-200911032130 configure options: --enable-fastcgi --enable-force-cgi-redirect --with-pgsql --with-pear=/usr/share/php/ --enable-debug --with-imap --with- kerberos --with-imap-ssl --with-gettext run options: /usr/local/bin/php-cgi -b 127.0.0.1:9919 -c /etc/php5/fpm/ backtrace: [New process 4752] #0 0x006fc288 in zend_mm_check_ptr (heap=0xcd8390, ptr=0x1, silent=1, __zend_filename=0x830c38 /usr/local/src/php5.2- 200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1304 1304if (p-info._size != ZEND_MM_NEXT_BLOCK(p)-info._prev) { (gdb) bt #0 0x006fc288 in zend_mm_check_ptr (heap=0xcd8390, ptr=0x1, silent=1, __zend_filename=0x830c38 /usr/local/src/php5.2- 200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1304 #1 0x006fdd2e in _zend_mm_free_int (heap=0xcd8390, p=0x1, __zend_filename=0x830c38 /usr/local/src/php5.2- 200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1943 #2 0x006ff2ca in _efree (ptr=0x1, __zend_filename=0x830c38 /usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:2311 #3 0x0056e2f0 in _php_pgsql_notice_ptr_dtor (ptr=0x134b848) at /usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c:379 #4 0x0072c591 in zend_hash_clean (ht=0xb12388) at /usr/local/src/php5.2-200911032130/Zend/zend_hash.c:552 #5 0x0056eb8e in zm_deactivate_pgsql (type=1, module_number=14) at /usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c:578 #6 0x00726f19 in module_registry_cleanup (module=0xd041d0) at /usr/local/src/php5.2-200911032130/Zend/zend_API.c:1976 #7 0x0072cdf9 in zend_hash_reverse_apply (ht=0xb16760, apply_func=0x726ede module_registry_cleanup) at /usr/local/src/php5.2- 200911032130/Zend/zend_hash.c:755 #8 0x0071e481 in zend_deactivate_modules () at /usr/local/src/php5.2-200911032130/Zend/zend.c:838 #9 0x006c6258 in php_request_shutdown (dummy=0x0) at /usr/local/src/php5.2-200911032130/main/main.c:1474 #10 0x007a6ce5 in main (argc=5, argv=0x7fff3f4b5eb8) at /usr/local/src/php5.2-200911032130/sapi/cgi/cgi_main.c:2057 Previous Comments: [2009-11-03 12:33:45] proforg at maloletka dot ru Yes, definitely, same result at least with apache2 sapi. I'll try to have some more tests and backtraces with clear cgi-fcgi sapi later today, [2009-11-03 10:45:38] j...@php.net Can you reproduce this without the 3rd party patches? (no, we do not support this FPM thing!) [2009-11-03 02:22:59] proforg at maloletka dot ru the same for 5.2.10 and 5.2.11 but 5.2.9 works fine [2009-11-02 23:10:30] proforg at maloletka dot ru Description: php5.2-200911021930 + apache2 / fpm sapi frequently crashes on debian horde3 + imp4 installation. Reproduce code: --- Current debian horde and imp packages. Actual result: -- fpm log output: Nov 03 01:51:13.738647 [WARNING] fpm_children_bury(), line 217: child 19892 (pool www-data) exited on signal 11 SIGSEGV (core dumped) after 2377.432524 seconds from start Nov 03 01:51:13.738687 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: [Tue Nov 3 01:36:48 2009] Script: '/usr/share/horde3//index.php' Nov 03 01:51:13.738716 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: /usr/local/src/php5.2-200911021930/ext/pgsql/pgsql.c(289) : Freeing 0x029A97C0 (46 bytes), script=/usr/share/horde3//index.php, pipe is closed Nov 03 01:51:13.738738 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: [Tue Nov 3 01:36:48 2009] Script: '/usr/share/horde3//index.php', pipe is closed Nov 03 01:51:13.738758 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: /usr/local/src/php5.2-200911021930/ext/pgsql/pgsql.c(361) : Freeing 0x02540370 (16 bytes), script=/usr/share/horde3//index.php, pipe is closed Nov 03 01:51:13.738779 [WARNING] fpm_stdio_child_said(),
#50057 [Com]: crash in _php_pgsql_notice_ptr_dtor - efree with Horde
ID: 50057 Comment by: proforg at maloletka dot ru Reported By: proforg at maloletka dot ru Status: Feedback Bug Type: PostgreSQL related Operating System: Debian Lenny 2.6.26-2-amd64 PHP Version: 5.2SVN-2009-11-02 (snap) New Comment: Unfortunately, at the moment, I'm not able to figure out exact part of the code which causes this segfault. Horde code is quite large and not very clear. I'll try to simplify it as much as posible and send you test case ASAP, but I can't even estimate how much time may it take. Moreover, this error occures not every request, sometimes only on each second, or third request. Requested valgrind output: http://maloletka.ru/valgrind.out.gz Previous Comments: [2009-11-04 01:42:09] scott...@php.net Can you provide a reproduce script and also would it be possible to run what you have through valgrind to get a better memory trace. [2009-11-04 00:55:39] proforg at maloletka dot ru php5.2-200911032130 configure options: --enable-fastcgi --enable-force-cgi-redirect --with-pgsql --with-pear=/usr/share/php/ --enable-debug --with-imap --with- kerberos --with-imap-ssl --with-gettext run options: /usr/local/bin/php-cgi -b 127.0.0.1:9919 -c /etc/php5/fpm/ backtrace: [New process 4752] #0 0x006fc288 in zend_mm_check_ptr (heap=0xcd8390, ptr=0x1, silent=1, __zend_filename=0x830c38 /usr/local/src/php5.2- 200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1304 1304if (p-info._size != ZEND_MM_NEXT_BLOCK(p)-info._prev) { (gdb) bt #0 0x006fc288 in zend_mm_check_ptr (heap=0xcd8390, ptr=0x1, silent=1, __zend_filename=0x830c38 /usr/local/src/php5.2- 200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1304 #1 0x006fdd2e in _zend_mm_free_int (heap=0xcd8390, p=0x1, __zend_filename=0x830c38 /usr/local/src/php5.2- 200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:1943 #2 0x006ff2ca in _efree (ptr=0x1, __zend_filename=0x830c38 /usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911032130/Zend/zend_alloc.c:2311 #3 0x0056e2f0 in _php_pgsql_notice_ptr_dtor (ptr=0x134b848) at /usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c:379 #4 0x0072c591 in zend_hash_clean (ht=0xb12388) at /usr/local/src/php5.2-200911032130/Zend/zend_hash.c:552 #5 0x0056eb8e in zm_deactivate_pgsql (type=1, module_number=14) at /usr/local/src/php5.2-200911032130/ext/pgsql/pgsql.c:578 #6 0x00726f19 in module_registry_cleanup (module=0xd041d0) at /usr/local/src/php5.2-200911032130/Zend/zend_API.c:1976 #7 0x0072cdf9 in zend_hash_reverse_apply (ht=0xb16760, apply_func=0x726ede module_registry_cleanup) at /usr/local/src/php5.2- 200911032130/Zend/zend_hash.c:755 #8 0x0071e481 in zend_deactivate_modules () at /usr/local/src/php5.2-200911032130/Zend/zend.c:838 #9 0x006c6258 in php_request_shutdown (dummy=0x0) at /usr/local/src/php5.2-200911032130/main/main.c:1474 #10 0x007a6ce5 in main (argc=5, argv=0x7fff3f4b5eb8) at /usr/local/src/php5.2-200911032130/sapi/cgi/cgi_main.c:2057 [2009-11-03 12:33:45] proforg at maloletka dot ru Yes, definitely, same result at least with apache2 sapi. I'll try to have some more tests and backtraces with clear cgi-fcgi sapi later today, [2009-11-03 10:45:38] j...@php.net Can you reproduce this without the 3rd party patches? (no, we do not support this FPM thing!) [2009-11-03 02:22:59] proforg at maloletka dot ru the same for 5.2.10 and 5.2.11 but 5.2.9 works fine The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/50057 -- Edit this bug report at http://bugs.php.net/?id=50057edit=1
#50057 [Com]: crash in _php_pgsql_notice_ptr_dtor - efree with Horde
ID: 50057 Comment by: proforg at maloletka dot ru Reported By: proforg at maloletka dot ru Status: Open Bug Type: Reproducible crash Operating System: Debian Lenny 2.6.26-2-amd64 PHP Version: 5.2SVN-2009-11-02 (snap) New Comment: the same for 5.2.10 and 5.2.11 but 5.2.9 works fine Previous Comments: [2009-11-02 23:10:30] proforg at maloletka dot ru Description: php5.2-200911021930 + apache2 / fpm sapi frequently crashes on debian horde3 + imp4 installation. Reproduce code: --- Current debian horde and imp packages. Actual result: -- fpm log output: Nov 03 01:51:13.738647 [WARNING] fpm_children_bury(), line 217: child 19892 (pool www-data) exited on signal 11 SIGSEGV (core dumped) after 2377.432524 seconds from start Nov 03 01:51:13.738687 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: [Tue Nov 3 01:36:48 2009] Script: '/usr/share/horde3//index.php' Nov 03 01:51:13.738716 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: /usr/local/src/php5.2-200911021930/ext/pgsql/pgsql.c(289) : Freeing 0x029A97C0 (46 bytes), script=/usr/share/horde3//index.php, pipe is closed Nov 03 01:51:13.738738 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: [Tue Nov 3 01:36:48 2009] Script: '/usr/share/horde3//index.php', pipe is closed Nov 03 01:51:13.738758 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: /usr/local/src/php5.2-200911021930/ext/pgsql/pgsql.c(361) : Freeing 0x02540370 (16 bytes), script=/usr/share/horde3//index.php, pipe is closed Nov 03 01:51:13.738779 [WARNING] fpm_stdio_child_said(), line 167: child 19892 (pool www-data) said into stderr: === Total 2 memory leaks detected ===, pipe is closed backtrace: [New process 19892] #0 0x00734d34 in zend_mm_check_ptr (heap=0x1e392a0, ptr=0x69766f7270207469, silent=1, __zend_filename=0x8913f8 /usr/local/src/php5.2- 200911021930/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911021930/Zend/zend_alloc.c:1304 1304if (p-info._size != ZEND_MM_NEXT_BLOCK(p)- info._prev) { (gdb) bt #0 0x00734d34 in zend_mm_check_ptr (heap=0x1e392a0, ptr=0x69766f7270207469, silent=1, __zend_filename=0x8913f8 /usr/local/src/php5.2- 200911021930/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911021930/Zend/zend_alloc.c:1304 #1 0x007367da in _zend_mm_free_int (heap=0x1e392a0, p=0x69766f7270207469, __zend_filename=0x8913f8 /usr/local/src/php5.2-200911021930/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2- 200911021930/Zend/zend_alloc.c:1943 #2 0x00737d76 in _efree (ptr=0x69766f7270207469, __zend_filename=0x8913f8 /usr/local/src/php5.2- 200911021930/ext/pgsql/pgsql.c, __zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /usr/local/src/php5.2-200911021930/Zend/zend_alloc.c:2311 #3 0x005a7ba0 in _php_pgsql_notice_ptr_dtor (ptr=0x1fe2928) at /usr/local/src/php5.2- 200911021930/ext/pgsql/pgsql.c:379 #4 0x0076503d in zend_hash_clean (ht=0xb83a88) at /usr/local/src/php5.2-200911021930/Zend/zend_hash.c:552 #5 0x005a843e in zm_deactivate_pgsql (type=1, module_number=18) at /usr/local/src/php5.2- 200911021930/ext/pgsql/pgsql.c:578 #6 0x0075f9c5 in module_registry_cleanup (module=0x1e70e80) at /usr/local/src/php5.2- 200911021930/Zend/zend_API.c:1976 #7 0x007658a5 in zend_hash_reverse_apply (ht=0xb87e60, apply_func=0x75f98a module_registry_cleanup) at /usr/local/src/php5.2-200911021930/Zend/zend_hash.c:755 #8 0x00756f2d in zend_deactivate_modules () at /usr/local/src/php5.2-200911021930/Zend/zend.c:838 #9 0x006fed04 in php_request_shutdown (dummy=0x0) at /usr/local/src/php5.2-200911021930/main/main.c:1474 #10 0x007de90f in main (argc=6, argv=0x7fff4f59af58) at /usr/local/src/php5.2- 200911021930/sapi/fpm/cgi/cgi_main.c:1589 php build options: --with-fpm --with-libevent=shared,/usr --with-pgsql --with-gd --with- mhash --with-mcrypt --with-pear=/usr/share/php/ --enable- debug --with-imap --with-kerberos --with-imap-ssl --with-gettext same result with apache2 sapi -- Edit this bug report at http://bugs.php.net/?id=50057edit=1