From:
Operating system: FreeBSD 7.4
PHP version: 5.3.5
Package: Apache2 related
Bug Type: Bug
Bug description:Random Segmentation Fault (11)
Description:
------------
I was getting random Segfaults in my httpd-error.log. Occurred rarely
(about 12-20 times a day on a site that has about 200,000 page views a
day). Narrowed the problem down to calls to virtual(). I had 3 to 4 per
page. Changing virtual() out with include() or require() completely
removed segfaults.
Apache 2.2.17
PHP 5.3.5 from FreeBSD ports (did not occur when using PHP 5.2.17 from
source).
Loaded symbols for /libexec/ld-elf.so.1
#0 0x28adf4f1 in _zval_ptr_dtor (zval_ptr=0xbfbfd23c,
__zend_filename=0x28c61a48
"/usr/ports/lang/php5/work/php-5.3.5/Zend/zend_execute.h",
__zend_lineno=318) at zend.h:385
385 zend.h: No such file or directory.
in zend.h
[New Thread 0x28501040 (LWP 100269)]
(gdb) bt full
#0 0x28adf4f1 in _zval_ptr_dtor (zval_ptr=0xbfbfd23c,
__zend_filename=0x28c61a48
"/usr/ports/lang/php5/work/php-5.3.5/Zend/zend_execute.h",
__zend_lineno=318) at zend.h:385
No locals.
#1 0x28b1d1fd in zend_vm_stack_clear_multiple () at zend_execute.h:318
q = (zval *) 0x0
p = (void **) 0x29924ab8
delete_count = 686419922
#2 0x28b1dc33 in zend_do_fcall_common_helper_SPEC
(execute_data=0x29924040) at zend_vm_execute.h:406
opline = (zend_op *) 0x28e9bc2c
should_change_scope = 0 '\0'
#3 0x28b22758 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x29924040) at zend_vm_execute.h:1606
opline = (zend_op *) 0x28e9bc2c
fname = (zval *) 0x28e9bc48
#4 0x28b1ca6b in execute (op_array=0x28e9f0a0) at zend_vm_execute.h:107
ret = 0
execute_data = (zend_execute_data *) 0x29924040
nested = 1 '\001'
original_in_execution = 0 '\0'
#5 0x28af0557 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /usr/ports/lang/php5/work/php-5.3.5/Zend/zend.c:1194
files = 0xbfbfd404 ""
i = 1
file_handle = (zend_file_handle *) 0xbfbfe934
orig_op_array = (zend_op_array *) 0x0
orig_retval_ptr_ptr = (zval **) 0x0
#6 0x28a843ad in php_execute_script (primary_file=0xbfbfe934) at
/usr/ports/lang/php5/work/php-5.3.5/main/main.c:2265
realfile =
"¥¤¬(ìSé(\230eé(l\000\000\000\020\000\000\000\220\214[(Ã\aÃ¥(\bå¿¿\230ì(\000\214[(\024Té(\200à Ã
(©\001",
'\0' <repeats 14 times>,
"\004ì(\024eé(\021\000\000\000Ãä¿¿¥¤¬(xö\002\000\v\000\000\000\021\000\000\000Ãä¿¿y§¬(
ö\002\000
ö\002\000\021\000\000\000\024\216[(`yé(|yé(T,\003\000\021\000\000\000Ã\aÃ¥(ð\020ø(\004ì(´yé(TÃÃ(\004\000\000\000\bå¿¿y§¬(\b,\003\000\b,\003\000\210yé(\000\000\000\000\021\000\000\0008å¿¿¥¤¬(`yé(X\000\000\000"...
__orig_bailout = (sigjmp_buf *) 0xbfbfe970
__bailout = {{_sjb = {682115418, 0, -1077947412, -1077942008, 0,
-1077942100, 4735, -1077942168, 682556027, 684203328,
682590304, 0}}}
prepend_file_p = (zend_file_handle *) 0x0
append_file_p = (zend_file_handle *) 0x0
prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {
handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf =
0x0, old_handle = 0x0, old_closer = 0}, reader = 0,
fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {
handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf =
0x0, old_handle = 0x0, old_closer = 0}, reader = 0,
fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
old_cwd = 0xbfbfd420 "/"
use_heap = 0 '\0'
---Type <return> to continue, or q <return> to quit---
retval = 0
#7 0x28bbbd73 in php_handler (r=0x29918058) at
/usr/ports/lang/php5/work/php-5.3.5/sapi/apache2handler/sapi_apache2.c:669
zfd = {type = ZEND_HANDLE_MAPPED, filename = 0x29919828
"/usr/home/yyy/public_html/folder/page.php", opened_path = 0x0,
handle = {fd = 686393184, fp = 0x28e98760, stream = {handle = 0x28e98760,
isatty = 0, mmap = {len = 11011, pos = 0, map = 0x0,
buf = 0x295fd000 <Address 0x295fd000 out of bounds>, old_handle =
0x0, old_closer = 0},
reader = 0x28a9bab0 <_php_stream_read>, fsizer = 0x28a825e0
<php_zend_stream_fsizer>,
closer = 0x28a825c0 <php_zend_stream_mmap_closer>}}, free_filename =
0 '\0'}
__orig_bailout = (sigjmp_buf *) 0x0
__bailout = {{_sjb = {683391806, 0, -1077942004, -1077941800, 0,
686098368, 4735, 676142160, 676141696, 686099352,
-1077941800, 0}}}
ctx = (php_struct * volatile) 0x2991c3f0
conf = (void *) 0x28e4f858
brigade = (apr_bucket_brigade * volatile) 0x2991cb18
bucket = (apr_bucket *) 0x2854c760
rv = 676135291
parent_req = (request_rec * volatile) 0x0
#8 0x08076a89 in ap_run_handler (r=0x29918058) at config.c:157
n = 0
rv = Variable "rv" is not available.
--
Edit bug report at http://bugs.php.net/bug.php?id=53869&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=53869&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=53869&r=trysnapshot53
Try a snapshot (trunk):
http://bugs.php.net/fix.php?id=53869&r=trysnapshottrunk
Fixed in SVN:
http://bugs.php.net/fix.php?id=53869&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=53869&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=53869&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=53869&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=53869&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=53869&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=53869&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=53869&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=53869&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=53869&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=53869&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=53869&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=53869&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=53869&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=53869&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=53869&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=53869&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=53869&r=mysqlcfg
