php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #29330 pcntl_tick_handler crashes
Submitted: 2004-07-22 16:18 UTC Modified: 2004-09-27 20:23 UTC
From: grayw at mail dot montclair dot edu Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.0.0 OS: Mac OS X 10.3.4
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: grayw at mail dot montclair dot edu
New email:
PHP Version: OS:

 

 [2004-07-22 16:18 UTC] grayw at mail dot montclair dot edu 
Description:
------------
A daemon (using PHPCLI) that spawns children using pcntl_fork crashes reproducibly. 

Crashlog suggests pcntl_tick_handler is the culprit, however it could be my doing.  Crashlog output below.  Crash sometimes occurs right away, but never later than 3 minutes after starting daemon.

Other info:
configure: 
./configure \
--prefix=/usr/local/php5 \
--disable-cgi \
--with-openssl=/usr/local/ssl \
--enable-calendar \
--with-libxml-dir=/usr/local \
--with-gd \
--with-jpeg-dir=/usr/local \
--with-png-dir=/usr/local \
--with-zlib-dir=/usr \
--enable-ftp \
--with-ldap \
--with-mcrypt \
--with-mhash \
--with-mysql=/usr/local/mysql \
--with-ncurses \
--with-pgsql=/usr/local/postgres \
--enable-soap \
--enable-sockets \
--with-pear \
--enable-pcntl

Changes to php.ini from ini-dist:
;include_path = ".:/php/includes"
include_path = ".:/usr/local/php5/include/php:/usr/local/php5/lib/php:./includes"

Reproduce code:
---------------
Providing link to the full source, as the source is somewhat complex:

http://quicksilver.montclair.edu/src/ServiceMonitor/

The crash is happening during the loop() method of ServiceCheckRunner:

    public function loop()
    {
        declare(ticks=1);
        pcntl_signal(SIGCHLD, array($this, "sig_child"));
        pcntl_signal(SIGUSR1, array($this, "sig_usr1"));
        pcntl_signal(SIGINT, array($this, "sig_int"));
        pcntl_signal(SIGHUP, array($this, "sig_hup"));
        pcntl_signal(SIGTERM, array($this, "sig_term"));
        
        //while (1) {}
        
        //begin, The Big Loop.
        while(1)
        {
            $now = time();
            
            if (count($this->children) < $this->num_children)
            {
                $service = $this->next();
                if ($now < $service->next_attempt())
                {
                    sleep(1);
                    continue;
                }
                $service->set_next_attempt();
                if ($pid = pcntl_fork())
                {
                    $this->children[$pid] = $service;
                }
                else {
                    pcntl_alarm($service->timeout());
                    exit($service->run());
                }
            }
            
        } // end, The Big Loop.
        
    } // end function loop

Expected result:
----------------
The processes should continue running until a signal is received and handled, or they receive a SIGKILL.

Actual result:
--------------
Daemon crashes every time it is run, with a malloc message and a core dump (which the kernel catches, and formats using CrashReporter).

Console output:
*** malloc[19317]: error for object 0xcbc4d0: Incorrect checksum for freed object - object was probably modified after being freed; break at szone_error


Output from Apple's CrashReporter:
**********

Host Name:      quicksilver.montclair.edu
Date/Time:      2004-07-22 09:44:07 -0400
OS Version:     10.3.4 (Build 7H63)
Report Version: 2

Command: php
Path:    /usr/local/php5/bin/php
Version: ??? (???)
PID:     19660
Thread:  0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0x784816ff

Thread 0 Crashed:
0   php 	0x001bb470 pcntl_tick_handler + 0x9c (pcntl.c:668)
1   php 	0x001804b8 zend_llist_apply_with_argument + 0x38 (zend_llist.c:233)
2   php 	0x0015bb78 php_run_ticks + 0x38 (php_ticks.c:71)
3   php 	0x001ae654 zend_ticks_handler + 0x64 (zend_execute.c:4187)
4   php 	0x001a7364 execute + 0x14c (zend_execute.c:1391)
5   php 	0x001aa90c zend_do_fcall_common_helper + 0x350 (zend_execute.c:2729)
6   php 	0x001a7364 execute + 0x14c (zend_execute.c:1391)
7   php 	0x0018952c zend_execute_scripts + 0xfc (zend.c:1062)
8   php 	0x00152148 php_execute_script + 0x270 (main.c:1629)
9   php 	0x001bca70 main + 0xb98 (php_cli.c:944)
10  php 	0x00002380 _start + 0x188 (crt.c:267)
11  php 	0x000021f4 start + 0x30

PPC Thread State:
  srr0: 0x001bb470 srr1: 0x0000f030                vrsave: 0x00000000
    cr: 0x88022224  xer: 0x00000002   lr: 0x001bb478  ctr: 0x0017d7b0
    r0: 0x001bb4b4   r1: 0xbfffea50   r2: 0x00000000   r3: 0x00279720
    r4: 0x104816f7   r5: 0xbfffea90   r6: 0x00cb08e0   r7: 0x00000004
    r8: 0x02045210   r9: 0x00ca2d60  r10: 0x00276250  r11: 0x00276254
   r12: 0x0017d7b0  r13: 0x00275000  r14: 0x00000000  r15: 0x00278e90
   r16: 0x00000008  r17: 0x00259440  r18: 0x002761b8  r19: 0x00000000
   r20: 0x00000000  r21: 0x00ca33d0  r22: 0x00000001  r23: 0x002749f0
   r24: 0x0025a5d4  r25: 0x00000000  r26: 0x00cbce30  r27: 0x0025b3dc
   r28: 0x00274920  r29: 0x00000001  r30: 0x784816f7  r31: 0x001bb3dc

Binary Images Description:
    0x1000 -   0x228fff php 	php
  0x890000 -   0x8aafff libmysqlclient.12.dylib 	/usr/local/mysql/lib/mysql/libmysqlclient.12.dylib
  0x8b9000 -   0x8d3fff libjpeg.62.dylib 	/usr/local/lib/libjpeg.62.dylib
  0xa6d000 -   0xa93fff libmhash.2.dylib 	/usr/local/lib/libmhash.2.dylib
  0xad5000 -   0xaf5fff libmcrypt.4.dylib 	/usr/local/lib/libmcrypt.4.dylib
 0x1808000 -  0x18d0fff libxml2.2.dylib 	/usr/local/lib/libxml2.2.dylib
0x76080000 - 0x76085fff libltdl.3.dylib 	/usr/lib/libltdl.3.dylib
0x81b90000 - 0x81b92fff libpanel.5.dylib 	/usr/lib/libpanel.5.dylib
0x8fe00000 - 0x8fe4ffff dyld 	/usr/lib/dyld
0x90000000 - 0x90122fff libSystem.B.dylib 	/usr/lib/libSystem.B.dylib
0x939d0000 - 0x939d4fff libmathCommon.A.dylib 	/usr/lib/system/libmathCommon.A.dylib
0x94000000 - 0x9403cfff com.apple.LDAPFramework 1.3 (37)	/System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x94120000 - 0x9414bfff libncurses.5.dylib 	/usr/lib/libncurses.5.dylib
0x94500000 - 0x9450ffff libsasl2.2.0.1.dylib 	/usr/lib/libsasl2.2.0.1.dylib
0x945b0000 - 0x945b9fff libz.1.dylib 	/usr/lib/libz.1.dylib
0x94610000 - 0x9462afff libresolv.9.dylib 	/usr/lib/libresolv.9.dylib
0x96a20000 - 0x96ae2fff libcrypto.0.9.7.dylib 	/usr/lib/libcrypto.0.9.7.dylib
0x96b40000 - 0x96b6efff libssl.0.9.7.dylib 	/usr/lib/libssl.0.9.7.dylib
0x96cb0000 - 0x96d9efff libiconv.2.dylib 	/usr/lib/libiconv.2.dylib

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-08-02 11:07 UTC] derick@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2004-08-02 23:38 UTC] grayw at mail dot montclair dot edu 
Still trying to determine how to get a core file in Mac OS X Panther.  According to the manpage, cores should dump to /cores provided that /etc/hostconfig has COREDUMPS=-YES- and the invoking user can write to cores.  This, however, is not working.
 [2004-08-03 09:15 UTC] derick@php.net 
Please read that page carefully, it also says what to do if you're not getting core-dumps.
 [2004-08-03 20:38 UTC] grayw at mail dot montclair dot edu 
As this was a PHP-CLI program, and I did not build the apache module for PHP5 (I use php4 for my webserver), I rebuilt PHP5 with the apache module and configured my web server to use it instead of 4.  (There has to be a better way! Damn apple and the missing coredumps ;-)

Then I spent a lot of time trying to convert fputs into prints, etc.  Apparantly, pcntl_fork() isn't recognized by the php5_module, just the PHP CLI.  Which makes sense.  This program forks twice to detach from the terminal and run as a daemon.  So, I don't think we can really get this program to work using httpd -X from gdb.  Is there another way I can get a core dump?  Or does someone in the PHP group know how to turn them on in Mac OS X?

Are you able to get any useful information from the Mac OS X crashlog below?  It does provide a stack trace.
 [2004-09-27 17:23 UTC] grayw at mail dot montclair dot edu 
Update: upgrading to Mac OS X 10.3.5 did not fix this bug, however, using PHP 5.0.2 with the same exact code, this problem is no longer occurring.

These changes may have been related: (from the Changelog for the new version):
Fixed bug #29873 (No defines around pcntl_*priority definitions). (Derick)

These possibly related changes were made in 5.0.1:
pcntl_wait(). (GeorgeS)
pcntl_getpriority() and pcntl_setpriority(). (Ilia)
 [2004-09-27 20:23 UTC] derick@php.net 
Let's close it then; please reopen if the problem returns.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Aug 15 19:00:03 2025 UTC