php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18647 ps_mm_destroy segfault
Submitted: 2002-07-30 09:28 UTC Modified: 2002-09-09 01:00 UTC
Votes:5
Avg. Score:4.0 ± 0.6
Reproduced:5 of 5 (100.0%)
Same Version:1 (20.0%)
Same OS:2 (40.0%)
From: tomas at intermedia dot com dot ar Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.2.2 OS: RedHat 7.2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tomas at intermedia dot com dot ar
New email:
PHP Version: OS:

 

 [2002-07-30 09:28 UTC] tomas at intermedia dot com dot ar
session.save_handler set to mm seg faults at ps_mm_destroy.

gdb bt:
#0  ps_mm_destroy (data=0x80cd120) at mod_mm.c:241
#1  0x40383bc0 in zm_shutdown_ps_mm (type=1, module_number=23) at mod_mm.c:293
#2  0x403388a7 in module_destructor (module=0x80d05e8) at zend_API.c:1127
#3  0x4033a2b3 in zend_hash_destroy (ht=0x404bc1e0) at zend_hash.c:541
#4  0x403358e2 in zend_shutdown () at zend.c:490
#5  0x4034276e in php_module_shutdown () at main.c:1050
#6  0x4034273a in php_module_shutdown_wrapper (sapi_globals=0x404989c0)
    at main.c:1027
#7  0x403401d8 in apache_php_module_shutdown_wrapper () at mod_php4.c:795
#8  0x08051d90 in run_cleanups ()
#9  0x08050642 in ap_clear_pool ()
#10 0x080618b4 in standalone_main ()
#11 0x08062293 in main ()
#12 0x40142657 in __libc_start_main (main=0x8061ed0 <main>, argc=1, 
    ubp_av=0xbffffa24, init=0x804f4a8 <_init>, fini=0x8092550 <_fini>, 
    rtld_fini=0x4000dcd4 <_dl_fini>, stack_end=0xbffffa1c)
    at ../sysdeps/generic/libc-start.c:129


using apache 1.3.26
php: './configure' '--with-mysql' '--with-apxs'                                  '--with-imap=/usr/src/mailsync-4.3/imap-2002.RC1/'                            '--with-ldap' '--with-gettext' '--with-mm'

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-30 18:21 UTC] sniper@php.net
This is fixed at least in the HEAD:

http://snaps.php.net/php4-latest.tar.gz

Not sure about 4.2.x branch:

http://snaps.php.net/php4-STABLE-latest.tar.gz
 [2002-09-09 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2003-12-18 18:02 UTC] goop at scs dot unr dot edu
I seem to be having the same problem.  Wasn't sure whether to open a new bug (this is 1.5 yrs old now) or not.  I'll add comment here and hope it gets re-opened:

Environment is Apache 1.3.29 with mod_php 4.3.4 and mm 1.3.0 in a chroot environment on Solaris 8 (patched).  This environment seems to work fine (+1 week under production load) with php.ini:session.save_handler = files.  However, we get cascading (multiple children) SEGV and bus errors 1-3 hours after starting apache/php with php.ini:session.save_handler = mm.  We didn't experience this on our test environment, and so I think it's load related or exacerbated.

export CC="gcc -m32"
export LD_LIBRARY_PATH=/usr/local/lib
export EAPI_MM=SYSTEM
./configure --with-config-file-path=/conf --enable-trans-sid
--enable-sockets --enable-ftp
--with-zlib-dir=/usr/local --with-mysql=/usr/local/mysql
--with-mcrypt=/usr/local --with-mhash=/usr/local --with-ndbm --with-mm
--with-openssl=/usr/local/ssl --with-gd --with-png-dir -with-jpeg-dir
--with-ttf --with-freetype-dir=/usr/local --enable-gd-native-ttf
--with-gettext --with-imap=/usr/local --with-dom=/usr/local
--enable-force-cgi-redirect --enable-discard-path --disable-path-info-check 
--with-apxs=/usr/local/WWW/bin/apxs --enable-cli --prefix=/usr/local


I'm new to coding and bug reporting (apologies), so this is all I have for now.  I will install gdb, recompile php with debug, and get you a gdb backtrace as soon as I can.  However, I used Sun's dbx (on one of several cores) to determine the problem seems to be originating in ps_mm_destroy (mod_mm.c):


[foo:/WWW/logs/truss]# dbx ../../bin/httpd core
detected a multithreaded program
t@1 (l@1) terminated by signal BUS (Bus Error)
0xfec6d678: ps_mm_destroy+0x0044:       ld      [%o1], %l0
(/opt/SUNWspro/bin/../WS6U2/bin/sparcv9/dbx) where                           
current thread: t@1
=>[1] ps_mm_destroy(0x11bb68, 0xfed2893c, 0xffbef78c, 0x13e298, 0xfee6acf8, 0xfee6a270), at 0xfec6d678
  [2] zm_shutdown_ps_mm(0x0, 0x5, 0x17, 0x13e288, 0x33, 0x13ecf8), at 0xfec6d87c
  [3] zm_shutdown_session(0x0, 0x5, 0x13f6c0, 0xff23c000, 0x0, 0x0), at 0xfec6c73c
  [4] module_destructor(0x13e240, 0x0, 0xd, 0xfed23778, 0x0, 0x49fd8), at 0xfed212d0
  [5] zend_hash_apply_deleter(0xfee6f5e4, 0x13e208, 0x19cc18, 0xff23c000, 0x0, 0x0), at 0xfed23800
  [6] zend_hash_graceful_reverse_destroy(0xfee6f5e4, 0x0, 0x0, 0xfed1e0e8, 0x0, 0x0), at 0xfed23898
  [7] zend_shutdown(0x0, 0x0, 0x0, 0x0, 0x0, 0x1), at 0xfed1e0f8
  [8] php_module_shutdown(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfecefbb4
  [9] php_module_shutdown_wrapper(0x0, 0x1, 0xfef9933c, 0x166, 0xfecefb60, 0x452c), at 0xfecefb64
  [10] apache_php_module_shutdown_wrapper(0x0, 0xb4400, 0x0, 0x0, 0x0, 0xf2c70), at 0xfed31aa8
  [11] run_cleanups(0x1e4220, 0xb4400, 0x0, 0x0, 0x0, 0x0), at 0x38d7c
  [12] ap_clear_pool(0xbffd8, 0xb4400, 0xffffffff, 0x2a, 0xff240430, 0x1c86d8), at 0x36c10
  [13] ap_destroy_pool(0xbffd8, 0xb4400, 0xffffffff, 0xff211990, 0xffbedce1, 0x0), at 0x36ca0
  [14] ap_clear_pool(0xbdfc0, 0xff243a4c, 0xff23fd60, 0xa, 0xff23fd60, 0xffbedca0), at 0x36bcc
  [15] ap_destroy_pool(0xbdfc0, 0x14ec, 0xd, 0xc0000, 0x0, 0x9ff2c), at 0x36ca0
  [16] clean_parent_exit(0x0, 0x14ec, 0xd, 0xc0000, 0x9ff2c, 0xf2860), at 0x4ac48
  [17] standalone_main(0x2, 0xffbefe84, 0xb6754, 0xffffffff, 0x0, 0xf2860), at 0x4e2e8
  [18] main(0x2, 0xffffffff, 0xffbefe90, 0xb3800, 0x0, 0x0), at 0x4ea78

I will follow up with a gdb backtrace as soon as I can, but hope some of this info is helpful now.  Thank you very much.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 11:01:27 2024 UTC