Bug #51319 [Com]: apache process sigsegv (double free or corruption (fasttop))
Edit report at http://bugs.php.net/bug.php?id=51319&edit=1 ID: 51319 Comment by: gms8994 at gmail dot com Reported by:idsl at cc dot com dot pl Summary:apache process sigsegv (double free or corruption (fasttop)) Status: Open Type: Bug Package:Apache related Operating System: Redhat 4U4 PHP Version:5.2.13 Block user comment: N New Comment: For What It's Worth: I recompiled PHP on 2 of the boxes exhibiting the problem for me to include -- enable-debug, and the problem has not manifested itself since. Heisenberg in the house? Previous Comments: [2010-09-04 10:19:41] hossy421 at yahoo dot co dot jp this is the same problem that I reported before. apache2handler doesn't have the handler of blocking signals. please test the patch attached my report. ref. http://bugs.php.net/bug.php?id=47768 [2010-07-23 14:16:41] php-lover at bobmail dot info Following script could be useful in reproducing issue: The problem is caused by zend_timeout() signal handler, php now is doing unsafe operation inside like calling free/malloc. Possible fix is delaying zend_timeout call. [2010-03-18 08:35:49] idsl at cc dot com dot pl Description: Hello. We have this problem with 5.2.12 and still with 5.2.13. In very random situation apache process sigsegv with this in error log: *** glibc detected *** double free or corruption (fasttop): 0x88aa9300 *** [Thu Mar 18 06:22:06 2010] [notice] seg fault or similar nasty error detected in the parent process [Thu Mar 18 06:22:07 2010] [notice] child pid 1107 exit signal Segmentation fault (11), possible coredump in /tmp gdb shows this: (gdb) backtrace #0 0x0013a2c2 in abort () from /lib/tls/libc.so.6 #1 0x0016c4ea in __libc_message () from /lib/tls/libc.so.6 #2 0x00172c6f in _int_free () from /lib/tls/libc.so.6 #3 0x00172fea in free () from /lib/tls/libc.so.6 #4 0x01287c44 in php_error_cb (type=1, error_filename=0xc36f894 "theme.php(10) : eval()'d code", error_lineno=9, format=0x1570b84 "Maximum execution time of %d second%s exceeded", args=0xa0f6195c "\036") at /tmp/php-5.2.13/main/main.c:836 #5 0x012c8b2a in zend_error (type=1, format=0x1570b84 "Maximum execution time of %d second%s exceeded") at /tmp/php-5.2.13/Zend/zend.c:976 #6 0x012bd76d in zend_timeout (dummy=27) at /tmp/php-5.2.13/Zend/zend_execute_API.c:1347 #7 #8 0x00175030 in malloc () from /lib/tls/libc.so.6 #9 0x00179cd0 in strdup () from /lib/tls/libc.so.6 #10 0x012879e7 in php_error_cb (type=2, error_filename=0xc36f894 "theme.php(10) : eval()'d code", error_lineno=9, format=0x15723f4 "%s%s%s(): supplied argument is not a valid %s resource", args=0xa0f61d48 "ÅKT\001ÅKT\001OjT\001FŽU\001x\035ö \001") at /tmp/php-5.2.13/main/main.c:845 Lines of code from backtrace are: 833 /* store the error if it has changed */ 834 if (display) { 835 if (PG(last_error_message)) { 836 free(PG(last_error_message)); 837 } 838 if (PG(last_error_file)) { 839 free(PG(last_error_file)); 840 } 841 if (!error_filename) { 842 error_filename = "Unknown"; 843 } 844 PG(last_error_type) = type; 845 PG(last_error_message) = strdup(buffer); 846 PG(last_error_file) = strdup(error_filename); 847 PG(last_error_lineno) = error_lineno; Test script: --- It's independent from scripts. For last 12h on over 3mln requests we have only 15 such errors. Expected result: We expected not to receive sigsegv's for apache. -- Edit this bug report at http://bugs.php.net/bug.php?id=51319&edit=1
Bug #51319 [Com]: apache process sigsegv (double free or corruption (fasttop))
Edit report at http://bugs.php.net/bug.php?id=51319&edit=1 ID: 51319 Comment by: hossy421 at yahoo dot co dot jp Reported by:idsl at cc dot com dot pl Summary:apache process sigsegv (double free or corruption (fasttop)) Status: Open Type: Bug Package:Apache related Operating System: Redhat 4U4 PHP Version:5.2.13 Block user comment: N New Comment: this is the same problem that I reported before. apache2handler doesn't have the handler of blocking signals. please test the patch attached my report. ref. http://bugs.php.net/bug.php?id=47768 Previous Comments: [2010-07-23 14:16:41] php-lover at bobmail dot info Following script could be useful in reproducing issue: The problem is caused by zend_timeout() signal handler, php now is doing unsafe operation inside like calling free/malloc. Possible fix is delaying zend_timeout call. [2010-03-18 08:35:49] idsl at cc dot com dot pl Description: Hello. We have this problem with 5.2.12 and still with 5.2.13. In very random situation apache process sigsegv with this in error log: *** glibc detected *** double free or corruption (fasttop): 0x88aa9300 *** [Thu Mar 18 06:22:06 2010] [notice] seg fault or similar nasty error detected in the parent process [Thu Mar 18 06:22:07 2010] [notice] child pid 1107 exit signal Segmentation fault (11), possible coredump in /tmp gdb shows this: (gdb) backtrace #0 0x0013a2c2 in abort () from /lib/tls/libc.so.6 #1 0x0016c4ea in __libc_message () from /lib/tls/libc.so.6 #2 0x00172c6f in _int_free () from /lib/tls/libc.so.6 #3 0x00172fea in free () from /lib/tls/libc.so.6 #4 0x01287c44 in php_error_cb (type=1, error_filename=0xc36f894 "theme.php(10) : eval()'d code", error_lineno=9, format=0x1570b84 "Maximum execution time of %d second%s exceeded", args=0xa0f6195c "\036") at /tmp/php-5.2.13/main/main.c:836 #5 0x012c8b2a in zend_error (type=1, format=0x1570b84 "Maximum execution time of %d second%s exceeded") at /tmp/php-5.2.13/Zend/zend.c:976 #6 0x012bd76d in zend_timeout (dummy=27) at /tmp/php-5.2.13/Zend/zend_execute_API.c:1347 #7 #8 0x00175030 in malloc () from /lib/tls/libc.so.6 #9 0x00179cd0 in strdup () from /lib/tls/libc.so.6 #10 0x012879e7 in php_error_cb (type=2, error_filename=0xc36f894 "theme.php(10) : eval()'d code", error_lineno=9, format=0x15723f4 "%s%s%s(): supplied argument is not a valid %s resource", args=0xa0f61d48 "ÅKT\001ÅKT\001OjT\001FŽU\001x\035ö \001") at /tmp/php-5.2.13/main/main.c:845 Lines of code from backtrace are: 833 /* store the error if it has changed */ 834 if (display) { 835 if (PG(last_error_message)) { 836 free(PG(last_error_message)); 837 } 838 if (PG(last_error_file)) { 839 free(PG(last_error_file)); 840 } 841 if (!error_filename) { 842 error_filename = "Unknown"; 843 } 844 PG(last_error_type) = type; 845 PG(last_error_message) = strdup(buffer); 846 PG(last_error_file) = strdup(error_filename); 847 PG(last_error_lineno) = error_lineno; Test script: --- It's independent from scripts. For last 12h on over 3mln requests we have only 15 such errors. Expected result: We expected not to receive sigsegv's for apache. -- Edit this bug report at http://bugs.php.net/bug.php?id=51319&edit=1
Bug #51319 [Com]: apache process sigsegv (double free or corruption (fasttop))
Edit report at http://bugs.php.net/bug.php?id=51319&edit=1 ID: 51319 Comment by: php-lover at bobmail dot info Reported by: idsl at cc dot com dot pl Summary: apache process sigsegv (double free or corruption (fasttop)) Status: Open Type: Bug Package: Apache related Operating System: Redhat 4U4 PHP Version: 5.2.13 New Comment: Following script could be useful in reproducing issue: The problem is caused by zend_timeout() signal handler, php now is doing unsafe operation inside like calling free/malloc. Possible fix is delaying zend_timeout call. Previous Comments: [2010-03-18 08:35:49] idsl at cc dot com dot pl Description: Hello. We have this problem with 5.2.12 and still with 5.2.13. In very random situation apache process sigsegv with this in error log: *** glibc detected *** double free or corruption (fasttop): 0x88aa9300 *** [Thu Mar 18 06:22:06 2010] [notice] seg fault or similar nasty error detected in the parent process [Thu Mar 18 06:22:07 2010] [notice] child pid 1107 exit signal Segmentation fault (11), possible coredump in /tmp gdb shows this: (gdb) backtrace #0 0x0013a2c2 in abort () from /lib/tls/libc.so.6 #1 0x0016c4ea in __libc_message () from /lib/tls/libc.so.6 #2 0x00172c6f in _int_free () from /lib/tls/libc.so.6 #3 0x00172fea in free () from /lib/tls/libc.so.6 #4 0x01287c44 in php_error_cb (type=1, error_filename=0xc36f894 "theme.php(10) : eval()'d code", error_lineno=9, format=0x1570b84 "Maximum execution time of %d second%s exceeded", args=0xa0f6195c "\036") at /tmp/php-5.2.13/main/main.c:836 #5 0x012c8b2a in zend_error (type=1, format=0x1570b84 "Maximum execution time of %d second%s exceeded") at /tmp/php-5.2.13/Zend/zend.c:976 #6 0x012bd76d in zend_timeout (dummy=27) at /tmp/php-5.2.13/Zend/zend_execute_API.c:1347 #7 #8 0x00175030 in malloc () from /lib/tls/libc.so.6 #9 0x00179cd0 in strdup () from /lib/tls/libc.so.6 #10 0x012879e7 in php_error_cb (type=2, error_filename=0xc36f894 "theme.php(10) : eval()'d code", error_lineno=9, format=0x15723f4 "%s%s%s(): supplied argument is not a valid %s resource", args=0xa0f61d48 "ÅKT\001ÅKT\001OjT\001FŽU\001x\035ö \001") at /tmp/php-5.2.13/main/main.c:845 Lines of code from backtrace are: 833 /* store the error if it has changed */ 834 if (display) { 835 if (PG(last_error_message)) { 836 free(PG(last_error_message)); 837 } 838 if (PG(last_error_file)) { 839 free(PG(last_error_file)); 840 } 841 if (!error_filename) { 842 error_filename = "Unknown"; 843 } 844 PG(last_error_type) = type; 845 PG(last_error_message) = strdup(buffer); 846 PG(last_error_file) = strdup(error_filename); 847 PG(last_error_lineno) = error_lineno; Test script: --- It's independent from scripts. For last 12h on over 3mln requests we have only 15 such errors. Expected result: We expected not to receive sigsegv's for apache. -- Edit this bug report at http://bugs.php.net/bug.php?id=51319&edit=1