php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16583 php 4.2.0RC3 always crashes apache 2.0.35 server at start
Submitted: 2002-04-13 04:58 UTC Modified: 2002-05-17 07:49 UTC
Votes:12
Avg. Score:5.0 ± 0.0
Reproduced:12 of 12 (100.0%)
Same Version:11 (91.7%)
Same OS:9 (75.0%)
From: misiek at pld dot org dot pl Assigned:
Status: Closed Package: Apache2 related
PHP Version: 4.2.0RC4 OS: PLD Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: misiek at pld dot org dot pl
New email:
PHP Version: OS:

 

 [2002-04-13 04:58 UTC] misiek at pld dot org dot pl
I wanted to test apache 2.0.35 with php 4.2.0RC3 on my Linux (2.4 kernel, 2.5.5 glibc, gcc 3.1 20020408 prerelease) unfortunately it always crashes at start (backtrace below).

Anyway if fix is know then please let me know - I want to test it. I also can provide more information if needed.

httpd -X
gdb /usr/sbin/httpd core 
...
#0  0x008332ce in ts_resource_ex (id=1, th_id=0x0) at TSRM.c:310
310                             TSRM_SAFE_RETURN_RSRC(thread_resources->storage, id, thread_resources->count);
(gdb) where
#0  0x008332ce in ts_resource_ex (id=1, th_id=0x0) at TSRM.c:310
#1  0x0077e56c in php_module_startup (sf=0x602020) at main.c:856
#2  0x00600cb5 in php_apache_server_startup (pconf=0x4d4010, plog=0x513010, ptemp=0xad7010, s=0x4d5d60)
    at sapi_apache2.c:433
#3  0x080681e5 in ap_run_post_config (pconf=0x4d4010, plog=0x513010, ptemp=0xad7010, s=0x4d5d60) at config.c:130
#4  0x0806e7a5 in main (argc=2, argv=0xbffff9f4) at main.c:611
#5  0x003c0418 in __libc_start_main () from /lib/libc.so.6
$1 = (struct _tsrm_tls_entry *) 0xadcff0
(gdb) print *thread_resources
$2 = {storage = 0x1, count = 1885497708, thread_id = 1932420708, next = 0x312e6f}
(gdb) print *thread_resources->storage
Cannot access memory at address 0x1
(gdb) print thread_resources->storage
$3 = (void **) 0x1
(gdb) print thread_resources->count  
$4 = 1885497708
(gdb) info threads
* 1 process 5627  0x008332ce in ts_resource_ex (id=1, th_id=0x0) at TSRM.c:310
(gdb) l
305                             TSRM_ERROR((TSRM_ERROR_LEVEL_INFO, "Fetching resource id %d for current thread %d", id, (long) thread_resources->thread_id));
306                             /* Read a specific resource from the thread's resources.
307                              * This is called outside of a mutex, so have to be aware about external
308                              * changes to the structure as we read it.
309                              */
310                             TSRM_SAFE_RETURN_RSRC(thread_resources->storage, id, thread_resources->count);
311                     }
312                     thread_id = tsrm_thread_id();
313             } else {
314                     thread_id = *th_id;

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-13 05:15 UTC] misiek at pld dot org dot pl
I also added patch from php cvs (after rc3):
--- php4/sapi/apache2filter/sapi_apache2.c      11 Apr 2002 20:34:31 -0000      1.61.2.8
+++ php4/sapi/apache2filter/sapi_apache2.c      12 Apr 2002 22:26:28 -0000      1.61.2.9
(modifies safe_free() define)

And now:
#0  0x0039605d in pthread_mutex_lock () from /lib/libpthread.so.0
(gdb) where
#0  0x0039605d in pthread_mutex_lock () from /lib/libpthread.so.0
#1  0x0062f646 in tsrm_mutex_lock (mutexp=0x0) at TSRM.c:492
#2  0x0062f2f8 in ts_resource_ex (id=0, th_id=0x0) at TSRM.c:318
#3  0x00568400 in _zend_bailout (filename=0x644f84 "zend_hash.c", lineno=98) at zend.c:522
#4  0x0056e0ba in _zend_is_inconsistent (ht=0x80dea70, file=0x644f84 "zend_hash.c", line=532) at zend_hash.c:98
#5  0x0056f919 in zend_hash_destroy (ht=0x80dea70) at zend_hash.c:532
#6  0x004fcfef in destroy_php_config () from /usr/lib/apache/libphp4.so
#7  0x00168529 in apr_pool_cleanup_run () from /usr/lib/libapr.so.0
#8  0x00167d39 in apr_pool_clear () from /usr/lib/libapr.so.0
#9  0x0806e5af in main (argc=2, argv=0xbffffa34) at main.c:579
#10 0x003bc418 in __libc_start_main () from /lib/libc.so.6
(gdb) frame 2
#2  0x0062f2f8 in ts_resource_ex (id=0, th_id=0x0) at TSRM.c:318
318             tsrm_mutex_lock(tsmm_mutex);
(gdb) 
(gdb) print tsmm_mutex
$1 = (struct {...} *) 0x0
(gdb) l 
313             } else {
314                     thread_id = *th_id;
315             }
316     
317             TSRM_ERROR((TSRM_ERROR_LEVEL_INFO, "Fetching resource id %d for thread %ld", id, (long) thread_id));
318             tsrm_mutex_lock(tsmm_mutex);
319     
320             hash_value = THREAD_HASH_OF(thread_id, tsrm_tls_table_size);
321             thread_resources = tsrm_tls_table[hash_value];
322
 [2002-04-13 09:12 UTC] misiek at pld dot org dot pl
After running httpd via ElectricFence I got different backtrace... problaby there is some memory corruption(?).

#0  0x007f0e68 in ts_resource_ex (id=1, th_id=0x0) at TSRM.c:307
307                             TSRM_ERROR((TSRM_ERROR_LEVEL_INFO, "Fetching resource id %d for current thread %d", id, (long) thread_resources->thread_id));
(gdb) 
(gdb) bt
#0  0x007f0e68 in ts_resource_ex (id=1, th_id=0x0) at TSRM.c:307
#1  0x0075831e in php_module_startup (sf=0x55b020) at main.c:856
#2  0x00559ca3 in php_apache_server_startup (pconf=0x4d5010, plog=0x514010, ptemp=0xa91010, s=0x4d6d60)
    at sapi_apache2.c:435
#3  0x080681e5 in ap_run_post_config (pconf=0x4d5010, plog=0x514010, ptemp=0xa91010, s=0x4d6d60) at config.c:130
#4  0x0806e7a5 in main (argc=2, argv=0xbffff9c4) at main.c:611
#5  0x003c0418 in __libc_start_main () from /lib/libc.so.6
(gdb) frame 0
#0  0x007f0e68 in ts_resource_ex (id=1, th_id=0x0) at TSRM.c:307
307                             TSRM_ERROR((TSRM_ERROR_LEVEL_INFO, "Fetching resource id %d for current thread %d", id, (long) thread_resources->thread_id));
(gdb) print thread_resources  
$1 = (struct _tsrm_tls_entry *) 0xaa0000
(gdb) print *thread_resources
Cannot access memory at address 0xaa0000
(gdb) print tls_key
$2 = 1

For now I did:
    thread_resources = pthread_getspecific(tls_key);
+    thread_resources = NULL;
#elif defined(TSRM_ST)


and wget -S myserver tells me:
Server: Apache/2.0.35 (Unix) PHP/4.2.0RC3

And it works
http://misie.k.pl/phptest.php

Now I'm waiting for official fix instead of mine ugly workaround.
 [2002-04-16 08:24 UTC] misiek at pld dot org dot pl
RC4 doesn't work, too :-(
 [2002-04-17 11:27 UTC] eric at abovegod dot net
I have the same problem.  On startup it dumps core.  Here is my backtrace:

(gdb) where
#0  0x40566ba9 in ts_resource_ex (id=1, th_id=0x0) at TSRM.c:310
#1  0x404c60ee in php_module_startup (sf=0x4061e920) at main.c:856
#2  0x404c3e70 in php_apache_server_startup (pconf=0x80fb9c8, plog=0x8125a70, ptemp=0x819cb10, s=0x80fd718) at sapi_apache2.c:435
#3  0x806f4be in ap_run_post_config (pconf=0x80fb9c8, plog=0x8125a70, ptemp=0x819cb10, s=0x80fd718) at config.c:127
#4  0x8073bd5 in main (argc=2, argv=0xbffff874) at main.c:611
#5  0x4027f74f in __libc_start_main () from /lib/libc.so.6


My environment: Slackware, 2.4.18, glibc 2.2.5, gcc 3.0.4.
PHP 4.2.0RC4
 [2002-04-17 17:30 UTC] adasi at grubno dot da dot ru
Also not working. Ugly workaround with thread_resources = NULL; works but that's not the way. Backtrace does not give anything because it's pretty random, it hardly depends on system status while tracing.
 [2002-04-19 11:16 UTC] aaron@php.net
Hmmm.. you all have gcc3. Have any of you been able to
reproduce this with gcc2.95?
 [2002-04-19 11:31 UTC] misiek at pld dot org dot pl
I was using gcc version 3.1 20020408 (prerelease)
but adasi@grubno was using gcc version 2.95.4 20010319 (prerelease).
 [2002-04-19 11:49 UTC] aaron@php.net
Try disabling compiler optimizations:

CFLAGS="-Wall -g" ./configure ...

Please report back all of the configure options
you passed to both apache and php.

FWIW, I'm using RH72 w/ gcc 2.96, glibc 2.2.4
and linux 2.4.9 and I don't see this.
 [2002-04-19 12:08 UTC] misiek at pld dot org dot pl
%configure \
--with-apxs2=%{_sbindir}/apxs` \
%else
        `[ $i = apxs ] && echo --with-apxs=%{_sbindir}/apxs` \
%endif  
        --with-config-file-path=%{_sysconfdir} \
        --with-exec-dir=%{_bindir} \
        --%{!?debug:dis}%{?debug:en}able-debug \
        --enable-bcmath=shared \
        --enable-calendar=shared \
        --enable-dba=shared \
        --enable-exif=shared \
        --enable-ftp=shared \
        --enable-gd-native-ttf \
        --enable-magic-quotes \
        --enable-posix=shared \
        --enable-session \
        --enable-shared \
        --enable-shmop=shared \
        --enable-sysvsem=shared \
        --enable-sysvshm=shared \
        --enable-track-vars \
        --enable-trans-sid \
        --enable-safe-mode \
        --enable-sockets=shared \
        --enable-yp=shared \
        --enable-ucd-snmp-hack \
        --enable-xml=shared \
        --with-expat-dir=/usr \
        %{?_with_xslt:--enable-xslt=shared} \
        --with-bz2=shared \
        %{?_with_libcpdf:--with-cpdflib=shared} \
        --with-ctype=shared \
        --with-curl=shared \
        --without-db2 \
        --with-db3 \
        --with-dbase=shared \
        --with-iconv=shared \
        --with-dom=shared \
        --with-dom-xslt=shared \
        --with-filepro=shared \
        --with-freetype-dir=shared \
        --with-gettext=shared \
        --with-gd=shared \
        --with-gdbm \
        --with-gmp=shared \
        --with-hyperwave \
        %{!?_without_imap:--with-imap=shared --with-imap-ssl} \
        %{?_with_java:--with-java} \
        --with-jpeg-dir=%{_includedir} \
        %{!?_without_ldap:--with-ldap=shared} \
        --with-mcrypt=shared \
        --with-mysql=shared,%{_prefix} \
        --with-mysql-sock=/var/lib/mysql/mysql.sock \
        --with-mhash=shared \
        --with-ming=shared \
        %{!?_without_mm:--with-mm} \
        %{!?_without_openssl:--with-openssl} \
        %{?_with_oracle:--with-oracle=shared} \
        %{?_with_oci8:--with-oci8=shared} \
        --with-pear=%{peardir} \
        --with-pcre-regex=shared \
        --with-pdflib=shared \
        --with-pgsql=shared,%{_prefix} \
        --with-png-dir=%{_includedir} \
        %{!?_without_recode:--with-recode=shared} \
        --with-regex=php \
        %{!?_without_sablot:--with-sablot=/usr/lib} \
        %{!?_without_snmp:--with-snmp=shared} \
        --with-t1lib=shared \
        %{!?_without_odbc:--with-unixODBC=shared} \
        %{?_with_wddx:--enable-wddx=shared} \
        --with-zlib=shared \
        --with-zlib-dir=shared \
        --without-xmlrpc \
        %{?_with_xslt:--with-xslt-sablot=shared} \
        --disable-cli

whole spec file is here: http://cvs.pld.org.pl/SPECS/php.spec?rev=1.120.2.17

src.rpm is here:
ftp://ftp.pld.org.pl:/dists/nest/test/SRPMS/php-4.2.0RC4-1.src.rpm

while building I was using rpm --debug, so in such case
CFLAGS="-g -O0"

buildlog is here:
ftp://buildlogs.pld.org.pl/nest/i686/OK/_r_DEVEL_php.bz2
(the only difference between this buildlog and mine is that I was compiling with CFLAGS="-g -O0)

I'll setup test enviroment if you want to debug it remotely over ssh.
 [2002-04-19 12:11 UTC] misiek at pld dot org dot pl
%configure \
         --with-apxs2=%{_sbindir}/apxs` \
        --with-config-file-path=%{_sysconfdir} \
        --with-exec-dir=%{_bindir} \
        --enable-bcmath=shared \
        --enable-calendar=shared \
        --enable-dba=shared \
        --enable-exif=shared \
        --enable-ftp=shared \
        --enable-gd-native-ttf \
        --enable-magic-quotes \
        --enable-posix=shared \
        --enable-session \
        --enable-shared \
        --enable-shmop=shared \
        --enable-sysvsem=shared \
        --enable-sysvshm=shared \
        --enable-track-vars \
        --enable-trans-sid \
        --enable-safe-mode \
        --enable-sockets=shared \
        --enable-yp=shared \
        --enable-ucd-snmp-hack \
        --enable-xml=shared \
        --with-expat-dir=/usr \
        --with-bz2=shared \
        --with-ctype=shared \
        --with-curl=shared \
        --without-db2 \
        --with-db3 \
        --with-dbase=shared \
        --with-iconv=shared \
        --with-dom=shared \
        --with-dom-xslt=shared \
        --with-filepro=shared \
        --with-freetype-dir=shared \
        --with-gettext=shared \
        --with-gd=shared \
        --with-gdbm \
        --with-gmp=shared \
        --with-hyperwave \
        --with-imap=shared --with-imap-ssl \
        --with-jpeg-dir=%{_includedir} \
        --with-ldap=shared \
        --with-mcrypt=shared \
        --with-mysql=shared,%{_prefix} \
        --with-mysql-sock=/var/lib/mysql/mysql.sock \
        --with-mhash=shared \
        --with-ming=shared \
         --without-mm \
        --with-openssl \
        --with-pear=%{peardir} \
        --with-pcre-regex=shared \
        --with-pdflib=shared \
        --with-pgsql=shared,%{_prefix} \
        --with-png-dir=%{_includedir} \
        --without-recode=shared \
        --with-regex=php \
        --with-sablot=/usr/lib \
        --with-snmp=shared \
        --with-t1lib=shared \
        --with-unixODBC=shared \
        --with-zlib=shared \
        --with-zlib-dir=shared \
        --without-xmlrpc \
        --disable-cli

whole spec file is here: http://cvs.pld.org.pl/SPECS/php.spec?rev=1.120.2.17

src.rpm is here:
ftp://ftp.pld.org.pl/dists/nest/test/SRPMS/php-4.2.0RC4-1.src.rpm

while building I was using rpm --debug, so in such case
rpm sets CFLAGS="-g -O0"

buildlog is here:
ftp://buildlogs.pld.org.pl/nest/i686/OK/_r_DEVEL_php.bz2
(the only difference between this buildlog and mine is that I was compiling with CFLAGS="-g -O0)
 [2002-04-20 08:27 UTC] kala at pinerecords dot com
100% reproducible, crashes on loadmodule.

$ gcc -v
gcc version 2.95.3 20010315 (release)

$ uname -r
2.4.19-pre7-ac2

configured as
  ./configure \
  --prefix=/usr \
  --sysconfdir=/etc \
  --localstatedir=/var \
  --with-apxs2=/var/lib/httpd/bin/apxs \
  --with-zlib \
  --without-mysql \
  --with-pgsql=/var/lib/pgsql \
  i386-slackware-linux
 [2002-04-20 08:38 UTC] kala at pinerecords dot com
Building w/ optimizations off (CFLAGS="-g -Wall") won't
help either.
 [2002-04-21 18:46 UTC] jwoolley@php.net
This is the same bug as #16475.  I concur that the
problem appears to be some form of heap corruption... I
can easily reproduce the problem myself.  Further followup
will be done under bug #16475.  Thanks!
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Sep 24 10:03:36 2021 UTC