From: steve dot kehlet at gmail dot com
Operating system: CentOS 5.x
PHP version: 5.5Git-2013-07-31 (snap)
Package: Reproducible crash
Bug Type: Bug
Bug description:Segfault when restarting Apache while script running with
custom Exception
Description:
------------
Using php-trunk-201307311830, when I restart Apache while a PHP script is
still
running that has defined a subclass of Exception, it results in a
segfault.
'./configure' '--prefix=/opt/php' '--with-apxs2=/opt/apache/bin/apxs'
'--with-
ldap' '--enable-soap' '--enable-sockets=shared' '--with-pgsql=/opt/pgsql'
'--with-
pdo-pgsql=/opt/pgsql' '--with-mysql' '--with-pdo-mysql' '--with-gd'
'--with-jpeg-
dir' '--with-png-dir' '--with-zlib-dir' '--with-freetype-dir'
'--enable-gd-native-
ttf' '--enable-pcntl' '--with-openssl' '--with-curl=/opt/curl'
'--enable-mbstring'
'--with-mcrypt'
# ./httpd -V
Server version: Apache/2.4.6 (Unix)
Server built: Jul 30 2013 17:40:00
Server's Module Magic Number: 20120211:23
Server loaded: APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/opt/apache"
-D SUEXEC_BIN="/opt/apache/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
# diff php.ini-production php.ini
378c378
< expose_php = On
---
> expose_php = Off
Test script:
---------------
<?php
class MyException extends Exception {
}
sleep(30);
// Hit the above page with a browser.
// While the browser is spinning, from a terminal window:
/opt/apache/bin/apachectl restart
Expected result:
----------------
I expected Apache to restart cleanly, no segfaults, as it does when I
comment out
the MyException class.
Actual result:
--------------
# ps -efww | grep httpd
root 15667 1 0 13:42 ? 00:00:00 /opt/apache/bin/httpd -k
start
mirth 15715 15667 0 13:43 ? 00:00:00 /opt/apache/bin/httpd -k
start
mirth 15719 15667 0 13:43 ? 00:00:00 /opt/apache/bin/httpd -k
start
root 15721 15633 0 13:43 pts/0 00:00:00 grep httpd
#
#
# gdb
GNU gdb (GDB) CentOS (7.0.1-45.el5.centos)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
(gdb) attach 15715
Attaching to process 15715
Reading symbols from /opt/apache/bin/httpd...done.
Reading symbols from /opt/pcre/lib/libpcre.so.1...done.
Loaded symbols for /opt/pcre/lib/libpcre.so.1
Reading symbols from /opt/apache/lib/libaprutil-1.so.0...done.
Loaded symbols for /opt/apache/lib/libaprutil-1.so.0
Reading symbols from /lib64/libexpat.so.0...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libexpat.so.0
Reading symbols from /opt/apache/lib/libapr-1.so.0...done.
Loaded symbols for /opt/apache/lib/libapr-1.so.0
Reading symbols from /lib64/libuuid.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libuuid.so.1
Reading symbols from /lib64/librt.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib64/librt.so.1
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols
found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/libc.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /opt/apache/modules/mod_authn_file.so...done.
Loaded symbols for /opt/apache/modules/mod_authn_file.so
Reading symbols from /opt/apache/modules/mod_authn_core.so...done.
Loaded symbols for /opt/apache/modules/mod_authn_core.so
Reading symbols from /opt/apache/modules/mod_authz_host.so...done.
Loaded symbols for /opt/apache/modules/mod_authz_host.so
Reading symbols from /opt/apache/modules/mod_authz_groupfile.so...done.
Loaded symbols for /opt/apache/modules/mod_authz_groupfile.so
Reading symbols from /opt/apache/modules/mod_authz_user.so...done.
Loaded symbols for /opt/apache/modules/mod_authz_user.so
Reading symbols from /opt/apache/modules/mod_authz_core.so...done.
Loaded symbols for /opt/apache/modules/mod_authz_core.so
Reading symbols from /opt/apache/modules/mod_access_compat.so...done.
Loaded symbols for /opt/apache/modules/mod_access_compat.so
Reading symbols from /opt/apache/modules/mod_auth_basic.so...done.
Loaded symbols for /opt/apache/modules/mod_auth_basic.so
Reading symbols from /opt/apache/modules/mod_reqtimeout.so...done.
Loaded symbols for /opt/apache/modules/mod_reqtimeout.so
Reading symbols from /opt/apache/modules/mod_filter.so...done.
Loaded symbols for /opt/apache/modules/mod_filter.so
Reading symbols from /opt/apache/modules/mod_mime.so...done.
Loaded symbols for /opt/apache/modules/mod_mime.so
Reading symbols from /opt/apache/modules/mod_log_config.so...done.
Loaded symbols for /opt/apache/modules/mod_log_config.so
Reading symbols from /opt/apache/modules/mod_env.so...done.
Loaded symbols for /opt/apache/modules/mod_env.so
Reading symbols from /opt/apache/modules/mod_headers.so...done.
Loaded symbols for /opt/apache/modules/mod_headers.so
Reading symbols from /opt/apache/modules/mod_setenvif.so...done.
Loaded symbols for /opt/apache/modules/mod_setenvif.so
Reading symbols from /opt/apache/modules/mod_version.so...done.
Loaded symbols for /opt/apache/modules/mod_version.so
Reading symbols from /opt/apache/modules/mod_proxy.so...done.
Loaded symbols for /opt/apache/modules/mod_proxy.so
Reading symbols from /opt/apache/modules/mod_proxy_http.so...done.
Loaded symbols for /opt/apache/modules/mod_proxy_http.so
Reading symbols from /opt/apache/modules/mod_ssl.so...done.
Loaded symbols for /opt/apache/modules/mod_ssl.so
Reading symbols from /lib64/libssl.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libssl.so.6
Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libcrypto.so.6
Reading symbols from /usr/lib64/libz.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libz.so.1
Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libgssapi_krb5.so.2
Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libkrb5.so.3
Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libcom_err.so.2
Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libk5crypto.so.3
Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /lib64/libselinux.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libsepol.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libsepol.so.1
Reading symbols from /opt/apache/modules/mod_unixd.so...done.
Loaded symbols for /opt/apache/modules/mod_unixd.so
Reading symbols from /opt/apache/modules/mod_status.so...done.
Loaded symbols for /opt/apache/modules/mod_status.so
Reading symbols from /opt/apache/modules/mod_autoindex.so...done.
Loaded symbols for /opt/apache/modules/mod_autoindex.so
Reading symbols from /opt/apache/modules/mod_dir.so...done.
Loaded symbols for /opt/apache/modules/mod_dir.so
Reading symbols from /opt/apache/modules/mod_alias.so...done.
Loaded symbols for /opt/apache/modules/mod_alias.so
Reading symbols from /opt/apache/modules/mod_rewrite.so...done.
Loaded symbols for /opt/apache/modules/mod_rewrite.so
Reading symbols from /opt/apache/modules/libphp5.so...done.
Loaded symbols for /opt/apache/modules/libphp5.so
Reading symbols from /usr/lib64/libpq.so.4...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libpq.so.4
Reading symbols from /usr/lib64/libmcrypt.so.4...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libmcrypt.so.4
Reading symbols from /usr/lib64/libltdl.so.3...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libltdl.so.3
Reading symbols from /usr/lib64/libldap-2.3.so.0...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libldap-2.3.so.0
Reading symbols from /usr/lib64/liblber-2.3.so.0...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/liblber-2.3.so.0
Reading symbols from /usr/lib64/libfreetype.so.6...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libfreetype.so.6
Reading symbols from /usr/lib64/libpng12.so.0...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libpng12.so.0
Reading symbols from /usr/lib64/libjpeg.so.62...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libjpeg.so.62
Reading symbols from /lib64/libm.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libm.so.6
Reading symbols from /lib64/libnsl.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libnsl.so.1
Reading symbols from /usr/lib64/libxml2.so.2...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libxml2.so.2
Reading symbols from /opt/curl/lib/libcurl.so.4...done.
Loaded symbols for /opt/curl/lib/libcurl.so.4
Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libsasl2.so.2
warning: no loadable sections found in added symbol-file system-supplied
DSO at
0x7fffaf1fd000
0x0000003f9a299730 in __nanosleep_nocancel () from /lib64/libc.so.6
(gdb) c
Continuing.
Program received signal SIGHUP, Hangup.
0x0000003f9a299730 in __nanosleep_nocancel () from /lib64/libc.so.6
(gdb)
Continuing.
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0xbe39470, p=0xbe384b0) at
/work/updates/SAVED_BUILDS/php-
trunk-201307311830/Zend/zend_alloc.c:2104
2104 /work/updates/SAVED_BUILDS/php-trunk-201307311830/Zend/zend_alloc.c:
No
such file or directory.
in /work/updates/SAVED_BUILDS/php-trunk-201307311830/Zend/zend_alloc.c
(gdb)
Continuing.
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0xbe39470, p=0xbe384b0) at
/work/updates/SAVED_BUILDS/php-
trunk-201307311830/Zend/zend_alloc.c:2104
2104 in
/work/updates/SAVED_BUILDS/php-trunk-201307311830/Zend/zend_alloc.c
(gdb) bt
#0 _zend_mm_free_int (heap=0xbe39470, p=0xbe384b0) at
/work/updates/SAVED_BUILDS/php-trunk-201307311830/Zend/zend_alloc.c:2104
#1 0x00002aed759a8e55 in destroy_zend_class (pce=<value optimized out>)
at
/work/updates/SAVED_BUILDS/php-trunk-201307311830/Zend/zend_opcode.c:283
#2 0x00002aed759c1008 in zend_hash_destroy (ht=0xbe390f0)
at
/work/updates/SAVED_BUILDS/php-trunk-201307311830/Zend/zend_hash.c:536
#3 0x00002aed759b427f in zend_shutdown () at
/work/updates/SAVED_BUILDS/php-
trunk-201307311830/Zend/zend.c:824
#4 0x00002aed75953f85 in php_module_shutdown () at
/work/updates/SAVED_BUILDS/php-trunk-201307311830/main/main.c:2362
#5 0x00002aed75954039 in php_module_shutdown_wrapper
(sapi_globals=0xbe384a0)
at /work/updates/SAVED_BUILDS/php-trunk-201307311830/main/main.c:2330
#6 0x00002aed75a54c21 in php_apache_child_shutdown (tmp=<value optimized
out>)
at /work/updates/SAVED_BUILDS/php-trunk-
201307311830/sapi/apache2handler/sapi_apache2.c:398
#7 0x00002aed71e6b3fd in run_cleanups (cref=0xbfcd5c8) at
memory/unix/apr_pools.c:2352
#8 0x00002aed71e6be7e in apr_pool_destroy (pool=0xbfcd5a8) at
memory/unix/apr_pools.c:814
#9 0x000000000046044e in clean_child_exit (code=0) at prefork.c:218
#10 0x000000000046048b in just_die (sig=<value optimized out>) at
prefork.c:344
#11 <signal handler called>
#12 0x0000003f9a299730 in __nanosleep_nocancel () from /lib64/libc.so.6
#13 0x0000003f9a299584 in sleep () from /lib64/libc.so.6
#14 0x00002aed758cde21 in zif_sleep (ht=<value optimized out>,
return_value=0xbe71bb0, return_value_ptr=<value optimized out>,
this_ptr=<value optimized out>, return_value_used=<value optimized
out>)
at /work/updates/SAVED_BUILDS/php-trunk-
201307311830/ext/standard/basic_functions.c:4451
#15 0x00002aed759e5d29 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbe40af0)
at /work/updates/SAVED_BUILDS/php-trunk-
201307311830/Zend/zend_vm_execute.h:547
#16 0x00002aed75a1e2e8 in execute_ex (execute_data=0xbe40af0)
at /work/updates/SAVED_BUILDS/php-trunk-
201307311830/Zend/zend_vm_execute.h:356
#17 0x00002aed759b313b in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /work/updates/SAVED_BUILDS/php-trunk-201307311830/Zend/zend.c:1316
#18 0x00002aed75953dc9 in php_execute_script (primary_file=0x7fffaf1757c0)
at /work/updates/SAVED_BUILDS/php-trunk-201307311830/main/main.c:2484
#19 0x00002aed75a55cdd in php_handler (r=0xbfd7890)
at /work/updates/SAVED_BUILDS/php-trunk-
201307311830/sapi/apache2handler/sapi_apache2.c:667
#20 0x00000000004460aa in ap_run_handler (r=0xbfd7890) at config.c:168
#21 0x0000000000449d72 in ap_invoke_handler (r=0xbfd7890) at config.c:432
#22 0x000000000045aa9f in ap_process_async_request (r=0xbfd7890) at
http_request.c:317
#23 0x000000000045abdf in ap_process_request (r=0x7fffaf1731f0) at
http_request.c:363
#24 0x00000000004573a5 in ap_process_http_sync_connection (c=0xbfcf820) at
http_core.c:190
#25 ap_process_http_connection (c=0xbfcf820) at http_core.c:231
#26 0x000000000044faea in ap_run_process_connection (c=0xbfcf820) at
connection.c:41
#27 0x00000000004608ba in child_main (child_num_arg=<value optimized out>)
at
prefork.c:704
#28 0x0000000000460bc4 in make_child (s=0xbbd8820, slot=0) at
prefork.c:800
#29 0x0000000000460c77 in startup_children (number_to_start=1) at
prefork.c:818
#30 0x0000000000461202 in prefork_run (_pconf=<value optimized out>,
plog=0xbbcf378, s=0xbbd8820) at prefork.c:976
#31 0x000000000042e5c4 in ap_run_mpm (pconf=0xbba2138, plog=0xbbcf378,
s=0xbbd8820) at mpm_common.c:96
#32 0x0000000000428d87 in main (argc=3, argv=0x7fffaf175ea8) at main.c:777
(gdb) quit
A debugging session is active.
Inferior 1 [process 15715] will be detached.
Quit anyway? (y or n) y
LND: Sending signal 11 to Thread 0x2aed7229d170 (LWP 15715)
Detaching from program: /opt/apache/bin/httpd, process 15715
--
Edit bug report at https://bugs.php.net/bug.php?id=65369&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=65369&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=65369&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=65369&r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=65369&r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=65369&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=65369&r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=65369&r=needscript
Try newer version: https://bugs.php.net/fix.php?id=65369&r=oldversion
Not developer issue: https://bugs.php.net/fix.php?id=65369&r=support
Expected behavior: https://bugs.php.net/fix.php?id=65369&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=65369&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=65369&r=submittedtwice
register_globals: https://bugs.php.net/fix.php?id=65369&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65369&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=65369&r=dst
IIS Stability: https://bugs.php.net/fix.php?id=65369&r=isapi
Install GNU Sed: https://bugs.php.net/fix.php?id=65369&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=65369&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=65369&r=nozend
MySQL Configuration Error: https://bugs.php.net/fix.php?id=65369&r=mysqlcfg
