php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28059 Random segfaults
Submitted: 2004-04-19 16:37 UTC Modified: 2004-04-28 01:00 UTC
From: d at blrf dot net Assigned:
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5CVS-2004-04-19 (dev) OS: Linux billy 2.4.22 #10 SMP Mon S
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-04-19 16:37 UTC] d at blrf dot net 
Description:
------------
This problem started from around php5-200404150830 and up. I tried the latest CVS one and I still get random segmentation fault. It seems that the point of failure is always the same: '#7  0x081d8583 in execute (op_array=0x4055dc74) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391
1391                    if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) {'

Reproduce code:
---------------
I cannot post reporoduce code, as this happens in random places and I still couldn't figure out where. Sometimes at one line another time, it's working ... and then, it dies at completly different line. But as I was running the script several times, the execute frame code was always the same. That's why I'm appending two backtraces, with same script.

Expected result:
----------------
...

Actual result:
--------------
Here's the backtrace I:

--
warning: core file may not match specified executable file.
Core was generated by `/usr/local/bin/php -q ./callcheck.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/local/lib/libhistory.so.4...done.
Loaded symbols for /usr/local/lib/libhistory.so.4
Reading symbols from /usr/local/lib/libreadline.so.4...done.
Loaded symbols for /usr/local/lib/libreadline.so.4
Reading symbols from /lib/libncurses.so.5...done.
Loaded symbols for /lib/libncurses.so.5
Reading symbols from /usr/lib/libpanel.so.5...done.
Loaded symbols for /usr/lib/libpanel.so.5
Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.12...done.
Loaded symbols for /usr/local/lib/mysql/libmysqlclient.so.12
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/local/lib/libsybdb.so.3...done.
Loaded symbols for /usr/local/lib/libsybdb.so.3
Reading symbols from /usr/local/lib/libt1.so.5...done.
Loaded symbols for /usr/local/lib/libt1.so.5
Reading symbols from /usr/local/lib/libfreetype.so.6...done.
Loaded symbols for /usr/local/lib/libfreetype.so.6
Reading symbols from /usr/local/lib/libpng.so.3...done.
Loaded symbols for /usr/local/lib/libpng.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/local/lib/libnetsnmp.so.5...done.
Loaded symbols for /usr/local/lib/libnetsnmp.so.5
Reading symbols from /usr/local/lib/libxml2.so.2...done.
Loaded symbols for /usr/local/lib/libxml2.so.2
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_compat.so.2...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0  0x081cdd75 in zend_get_property_info (zobj=0xffffffff, member=0x40792194, silent=0)
    at /root/setup/php5-200404191230/Zend/zend_object_handlers.c:202
202             if (zend_hash_quick_find(&zobj->ce->properties_info, Z_STRVAL_P(member), Z_STRLEN_P(member)+1, h, (void **) &property_info)==SUCCESS) {
(gdb) bt
#0  0x081cdd75 in zend_get_property_info (zobj=0xffffffff, member=0x40792194, silent=0)
    at /root/setup/php5-200404191230/Zend/zend_object_handlers.c:202
#1  0x081cc939 in zend_std_read_property (object=0x407d53f4, member=0x40792194, type=0)
    at /root/setup/php5-200404191230/Zend/zend_object_handlers.c:287
#2  0x081d7c00 in zend_fetch_property_address_read (result=0x40792168, op1=0x4079217c, op2=0x40792190, Ts=0xbfffa100, type=0)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:1155
#3  0x081d9d84 in zend_fetch_obj_r_handler (execute_data=0xbfffc570, opline=0x40792164, op_array=0x407774dc)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2120
#4  0x081d8583 in execute (op_array=0x407774dc) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391
#5  0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffced0, opline=0x40761520, op_array=0x4075ec34)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#6  0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0xc, opline=0x40761520, op_array=0x4075ec34)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#7  0x081d8583 in execute (op_array=0x4075ec34) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391
#8  0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffd680, opline=0x404fc0b0, op_array=0x404eeb9c)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#9  0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0xc, opline=0x404fc0b0, op_array=0x404eeb9c)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#10 0x081d8583 in execute (op_array=0x404eeb9c) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391
#11 0x081be151 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/setup/php5-200404191230/Zend/zend.c:1058
#12 0x0818d997 in php_execute_script (primary_file=0xbffffa60) at /root/setup/php5-200404191230/main/main.c:1630
#13 0x081eb694 in main (argc=3, argv=0xbffffaf4) at /root/setup/php5-200404191230/sapi/cli/php_cli.c:943
#14 0x403ccbb4 in __libc_start_main () from /lib/libc.so.6
(gdb) frame 4
#4  0x081d8583 in execute (op_array=0x407774dc) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391
1391                    if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) {
(gdb) 
--
Backtrace II:
--
root@billy:/home/dejan/callcheck# gdb /usr/local/bin/php core
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-slackware-linux"...

warning: core file may not match specified executable file.
Core was generated by `/usr/local/bin/php -q ./callcheck.php'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/local/lib/libhistory.so.4...done.
Loaded symbols for /usr/local/lib/libhistory.so.4
Reading symbols from /usr/local/lib/libreadline.so.4...done.
Loaded symbols for /usr/local/lib/libreadline.so.4
Reading symbols from /lib/libncurses.so.5...done.
Loaded symbols for /lib/libncurses.so.5
Reading symbols from /usr/lib/libpanel.so.5...done.
Loaded symbols for /usr/lib/libpanel.so.5
Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.12...done.
Loaded symbols for /usr/local/lib/mysql/libmysqlclient.so.12
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/local/lib/libsybdb.so.3...done.
Loaded symbols for /usr/local/lib/libsybdb.so.3
Reading symbols from /usr/local/lib/libt1.so.5...done.
Loaded symbols for /usr/local/lib/libt1.so.5
Reading symbols from /usr/local/lib/libfreetype.so.6...done.
Loaded symbols for /usr/local/lib/libfreetype.so.6
Reading symbols from /usr/local/lib/libpng.so.3...done.
Loaded symbols for /usr/local/lib/libpng.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/local/lib/libnetsnmp.so.5...done.
Loaded symbols for /usr/local/lib/libnetsnmp.so.5
Reading symbols from /usr/local/lib/libxml2.so.2...done.
Loaded symbols for /usr/local/lib/libxml2.so.2
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_compat.so.2...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0  0x081bc82f in _zval_copy_ctor (zvalue=0x407d2ddc) at /root/setup/php5-200404191230/Zend/zend_variables.c:156
156                                     Z_OBJ_HT_P(zvalue)->add_ref(zvalue TSRMLS_CC);
(gdb) bt
#0  0x081bc82f in _zval_copy_ctor (zvalue=0x407d2ddc) at /root/setup/php5-200404191230/Zend/zend_variables.c:156
#1  0x081c7d62 in debug_backtrace_get_args (curpos=0x0) at /root/setup/php5-200404191230/Zend/zend_builtin_functions.c:1411
#2  0x081c82e5 in zend_fetch_debug_backtrace (return_value=0x407d383c, skip_last=0)
    at /root/setup/php5-200404191230/Zend/zend_builtin_functions.c:1634
#3  0x081cac6f in zend_default_exception_new (class_type=0x4051d27c) at /root/setup/php5-200404191230/Zend/zend_exceptions.c:93
#4  0x081bf42e in _object_and_properties_init (arg=0x407d41e4, class_type=0x4051d27c, properties=0x0)
    at /root/setup/php5-200404191230/Zend/zend_API.c:714
#5  0x081bf494 in _object_init_ex (arg=0x407d41e4, class_type=0x4051d27c) at /root/setup/php5-200404191230/Zend/zend_API.c:721
#6  0x081dcd4c in zend_new_handler (execute_data=0xbfff99a0, opline=0x40561564, op_array=0x4055dc74)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:3246
#7  0x081d8583 in execute (op_array=0x4055dc74) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391
#8  0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffa020, opline=0x4055f874, op_array=0x405584ec)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#9  0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0, opline=0x4055f874, op_array=0x405584ec)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#10 0x081d8583 in execute (op_array=0x405584ec) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391
#11 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffc570, opline=0x40792e74, op_array=0x407774dc)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#12 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0, opline=0x40792e74, op_array=0x407774dc)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#13 0x081d8583 in execute (op_array=0x407774dc) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391
#14 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffced0, opline=0x40761520, op_array=0x4075ec34)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#15 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0, opline=0x40761520, op_array=0x4075ec34)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#16 0x081d8583 in execute (op_array=0x4075ec34) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391
#17 0x081db61e in zend_do_fcall_common_helper (execute_data=0xbfffd680, opline=0x404fc0b0, op_array=0x404eeb9c)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2728
#18 0x081db8f8 in zend_do_fcall_by_name_handler (execute_data=0x0, opline=0x404fc0b0, op_array=0x404eeb9c)
    at /root/setup/php5-200404191230/Zend/zend_execute.c:2810
#19 0x081d8583 in execute (op_array=0x404eeb9c) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391
#20 0x081be151 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/setup/php5-200404191230/Zend/zend.c:1058
#21 0x0818d997 in php_execute_script (primary_file=0xbffffa60) at /root/setup/php5-200404191230/main/main.c:1630
#22 0x081eb694 in main (argc=3, argv=0xbffffaf4) at /root/setup/php5-200404191230/sapi/cli/php_cli.c:943
#23 0x403ccbb4 in __libc_start_main () from /lib/libc.so.6
(gdb) frame 7
#7  0x081d8583 in execute (op_array=0x4055dc74) at /root/setup/php5-200404191230/Zend/zend_execute.c:1391
1391                    if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) {
(gdb)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-04-19 20:11 UTC] derick@php.net 
We really need a short reproducing script, otherwise there is no way to figure out what goes wrong. An additional help might be by using valgrind to check memory allocations etc. Please run apache with:

valgrind /path/to/apache_1.3 -X

and request your script, this should give you some information about bad memory access.
 [2004-04-28 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 03:01:27 2024 UTC