php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35315 Apache2 childs segfaulting
Submitted: 2005-11-21 17:24 UTC Modified: 2005-11-23 13:22 UTC
From: maddog2k at maddog2k dot net Assigned: pollita (profile)
Status: Closed Package: Apache2 related
PHP Version: 5CVS, 4CVS (2005-11-21) (snap) OS: Linux
Private report: No CVE-ID: None
 [2005-11-21 17:24 UTC] maddog2k at maddog2k dot net
Description:
------------
Despite the fixes of bug #35264 and #35278, I now still see a few Apache2 child processes segfaulting in error_log, with PHP4CVS (+snap 2005-11-21)
PHP5-latest seems not affected...

I finally was able to make a backtrace this time, but the problem is that I wasn't able to find the PHP-code that is causing these crashes. Also, this is with Apache 2.0.54.
When upgrading machines to 2.0.55 that don't show problems with 2.0.54 now, I get segfaulting child processes on them too.

The backtrace points to php_fopen_wrapper.c:81 
which is also modified 3 days ago in CVS...
And always shows a MySQL header. (either 4.1.7 or 5.0.15)

[Also, I haven't been able to get a segfault with running 'httpd -X', I only see 'Program received signal SIGPIPE, Broken pipe.' then (despite .gdbinit: handle SIGPIPE nostop)]

However, here the backtrace for PHP4CVS (-RC2-dev/200511211410) : 

~:/tmp>/usr/local/gdb/bin/gdb /usr/local/apache2/bin/httpd /tmp/core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1".

Core was generated by `/usr/local/apache2/bin/httpd -DSSL'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/ssl/lib/libssl.so.0.9.7...done.
Loaded symbols for /usr/local/ssl/lib/libssl.so.0.9.7
Reading symbols from /usr/local/ssl/lib/libcrypto.so.0.9.7...done.
Loaded symbols for /usr/local/ssl/lib/libcrypto.so.0.9.7
Reading symbols from /usr/local/apache2/lib/libaprutil-0.so.0...done.
Loaded symbols for /usr/local/apache2/lib/libaprutil-0.so.0
Reading symbols from /usr/lib/libgdbm.so.2...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libgdbm.so.2
Reading symbols from /usr/lib/libdb-4.1.so...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libdb-4.1.so
Reading symbols from /usr/local/lib/libexpat.so.0...done.
Loaded symbols for /usr/local/lib/libexpat.so.0
Reading symbols from /usr/lib/libiconv.so.2...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libiconv.so.2
Reading symbols from /usr/local/apache2/lib/libapr-0.so.0...done.
Loaded symbols for /usr/local/apache2/lib/libapr-0.so.0
Reading symbols from /usr/lib/libstdc++.so.5...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libstdc++.so.5
Reading symbols from /lib/librt.so.1...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/local/apache2/modules/libphp4.so...done.
Loaded symbols for /usr/local/apache2/modules/libphp4.so
Reading symbols from /usr/lib/libzzip-0.so.13...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libzzip-0.so.13
Reading symbols from /usr/local/lib/libsablot.so.0...done.
Loaded symbols for /usr/local/lib/libsablot.so.0
Reading symbols from /usr/local/pgsql/lib/libpq.so.4...done.
Loaded symbols for /usr/local/pgsql/lib/libpq.so.4
Reading symbols from /usr/local/lib/libpdf.so.2...done.
Loaded symbols for /usr/local/lib/libpdf.so.2
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libz.so.1
Reading symbols from /usr/lib/libpng.so.3...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libpng.so.3
Reading symbols from /opt/mysql/lib/mysql/libmysqlclient.so.14...done.
Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.14
Reading symbols from /usr/local/lib/libmhash.so.2...done.
Loaded symbols for /usr/local/lib/libmhash.so.2
Reading symbols from /usr/local/lib/libmcrypt.so.4...done.
Loaded symbols for /usr/local/lib/libmcrypt.so.4
Reading symbols from /usr/lib/libltdl.so.3...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libltdl.so.3
Reading symbols from /usr/lib/libldap-2.3.so.0...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libldap-2.3.so.0
Reading symbols from /usr/lib/liblber-2.3.so.0...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../liblber-2.3.so.0
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /usr/lib/libfreetype.so.6...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libfreetype.so.6
Reading symbols from /usr/lib/libjpeg.so.62...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libjpeg.so.62
Reading symbols from /usr/local/lib/libexslt.so.0...done.
Loaded symbols for /usr/local/lib/libexslt.so.0
Reading symbols from /usr/local/lib/libxsltbreakpoint.so.1...done.
Loaded symbols for /usr/local/lib/libxsltbreakpoint.so.1
Reading symbols from /usr/local/lib/libxslt.so.1...done.
Loaded symbols for /usr/local/lib/libxslt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /usr/local/lib/libcurl.so.3...done.
Loaded symbols for /usr/local/lib/libcurl.so.3
Reading symbols from /usr/local/lib/libxml2.so.2...done.
Loaded symbols for /usr/local/lib/libxml2.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0  0x4082aa3d in php_stream_input_read (stream=0x84642cc,
    buf=0x846a58c "?>\n\n<charsets max-id=\"94\">\n\n<copyright>\n Copyright (C) 2003 MySQL AB\n\n  This program is free software; you can redistribute it and/or modify\n  it under the terms of the GNU General Public License as p"..., count=8192)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/ext/standard/php_fopen_wrapper.c:81
81                              read_bytes = SG(request_info).raw_post_data_length - *position;
(gdb) bt
#0  0x4082aa3d in php_stream_input_read (stream=0x84642cc,
    buf=0x846a58c "?>\n\n<charsets max-id=\"94\">\n\n<copyright>\n Copyright (C) 2003 MySQL AB\n\n  This program is free software; you can redistribute it and/or modify\n  it under the terms of the GNU General Public License as p"..., count=8192)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/ext/standard/php_fopen_wrapper.c:81
#1  0x4085f225 in php_stream_fill_read_buffer (stream=0x84642cc, size=100)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/main/streams.c:584
#2  0x4085f355 in _php_stream_read (stream=0x84642cc, buf=0x84643ec "", size=100)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/main/streams.c:632
#3  0x407f1e9e in zif_fread (ht=2, return_value=0x846420c, this_ptr=0x0, return_value_used=1)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/ext/standard/file.c:2243
#4  0x408982ac in execute (op_array=0x8465048)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/Zend/zend_execute.c:1675
#5  0x40898495 in execute (op_array=0x840d924)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/Zend/zend_execute.c:1719
#6  0x40886345 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/Zend/zend.c:934
#7  0x408538fc in php_execute_script (primary_file=0xbfffdad0)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/main/main.c:1743
#8  0x4089dfc9 in php_handler (r=0x8404eb0)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/sapi/apache2handler/sapi_apache2.c:581
#9  0x080af51e in ap_run_handler (r=0x8404eb0) at config.c:152
#10 0x080afc8d in ap_invoke_handler (r=0x8404eb0) at config.c:364
#11 0x08090155 in ap_process_request (r=0x8404eb0) at http_request.c:249
#12 0x0808a7eb in ap_process_http_connection (c=0x83f1c88) at http_core.c:251
#13 0x080bbf5a in ap_run_process_connection (c=0x83f1c88) at connection.c:43
#14 0x080bc348 in ap_process_connection (c=0x83f1c88, csd=0x83f1bb0) at connection.c:176
#15 0x080addbb in child_main (child_num_arg=133) at prefork.c:610
#16 0x080adf45 in make_child (s=0x8108b90, slot=133) at prefork.c:704
#17 0x080ae1a4 in perform_idle_server_maintenance (p=0x8102e58) at prefork.c:839
#18 0x080ae5f9 in ap_mpm_run (_pconf=0x8102e58, plog=0x813ef48, s=0x8108b90) at prefork.c:1040
#19 0x080b4ff1 in main (argc=2, argv=0xbfffdf84) at main.c:618
(gdb)

Reproduce code:
---------------
Unfortunately none.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-21 17:38 UTC] maddog2k at maddog2k dot net
Correction, PHP 5.1.0 latest (PHP 5.1.0RC7-dev) also suffers from segfaulting...

:>/usr/local/gdb/bin/gdb /usr/local/apache2/bin/httpd /tmp/core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1".

Core was generated by `/usr/local/apache2/bin/httpd -DSSL'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/ssl/lib/libssl.so.0.9.7...done.
Loaded symbols for /usr/local/ssl/lib/libssl.so.0.9.7
Reading symbols from /usr/local/ssl/lib/libcrypto.so.0.9.7...done.
Loaded symbols for /usr/local/ssl/lib/libcrypto.so.0.9.7
Reading symbols from /usr/local/apache2/lib/libaprutil-0.so.0...done.
Loaded symbols for /usr/local/apache2/lib/libaprutil-0.so.0
Reading symbols from /usr/lib/libgdbm.so.2...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libgdbm.so.2
Reading symbols from /usr/lib/libdb-4.1.so...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libdb-4.1.so
Reading symbols from /usr/local/lib/libexpat.so.0...done.
Loaded symbols for /usr/local/lib/libexpat.so.0
Reading symbols from /usr/lib/libiconv.so.2...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libiconv.so.2
Reading symbols from /usr/local/apache2/lib/libapr-0.so.0...done.
Loaded symbols for /usr/local/apache2/lib/libapr-0.so.0
Reading symbols from /usr/lib/libstdc++.so.5...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libstdc++.so.5
Reading symbols from /lib/librt.so.1...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/local/apache2/modules/libphp5.so...done.
Loaded symbols for /usr/local/apache2/modules/libphp5.so
Reading symbols from /usr/local/pgsql/lib/libpq.so.4...done.
Loaded symbols for /usr/local/pgsql/lib/libpq.so.4
Reading symbols from /usr/local/lib/libmhash.so.2...done.
Loaded symbols for /usr/local/lib/libmhash.so.2
Reading symbols from /usr/local/lib/libmcrypt.so.4...done.
Loaded symbols for /usr/local/lib/libmcrypt.so.4
Reading symbols from /usr/lib/libltdl.so.3...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libltdl.so.3
Reading symbols from /usr/lib/libldap-2.3.so.0...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libldap-2.3.so.0
Reading symbols from /usr/lib/liblber-2.3.so.0...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../liblber-2.3.so.0
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /usr/lib/libfreetype.so.6...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libfreetype.so.6
Reading symbols from /usr/lib/libpng.so.3...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libpng.so.3
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libz.so.1
Reading symbols from /usr/lib/libjpeg.so.62...done.
Loaded symbols for /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/../../../libjpeg.so.62
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /usr/local/lib/libcurl.so.3...done.
Loaded symbols for /usr/local/lib/libcurl.so.3
Reading symbols from /opt/mysql/lib/mysql/libmysqlclient.so.14...done.
Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.14
Reading symbols from /usr/local/lib/libxml2.so.2...done.
Loaded symbols for /usr/local/lib/libxml2.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0  0x409545a6 in _efree (ptr=0x8561f94) at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.1.0/php-5.1.0/Zend/zend_alloc.c:303
303             REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0  0x409545a6 in _efree (ptr=0x8561f94) at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.1.0/php-5.1.0/Zend/zend_alloc.c:303
#1  0x4095cced in _zval_ptr_dtor (zval_ptr=0x84c9a20) at zend_variables.h:35
#2  0x409843b8 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff7cb0) at zend_execute.h:146
#3  0x40984069 in execute (op_array=0x854995c) at zend_vm_execute.h:88
#4  0x409844f7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff9600) at zend_vm_execute.h:222
#5  0x40984069 in execute (op_array=0x84ecbe0) at zend_vm_execute.h:88
#6  0x409844f7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffa060) at zend_vm_execute.h:222
#7  0x40984069 in execute (op_array=0x84b5d50) at zend_vm_execute.h:88
#8  0x409844f7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffb3f0) at zend_vm_execute.h:222
#9  0x40984069 in execute (op_array=0x84c232c) at zend_vm_execute.h:88
#10 0x40966646 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.1.0/php-5.1.0/Zend/zend.c:1090
#11 0x40935920 in php_execute_script (primary_file=0xbfffd730)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.1.0/php-5.1.0/main/main.c:1704
#12 0x409c6a75 in php_handler (r=0x84b2818)
    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.1.0/php-5.1.0/sapi/apache2handler/sapi_apache2.c:584
#13 0x080af51e in ap_run_handler (r=0x84b2818) at config.c:152
#14 0x080afc8d in ap_invoke_handler (r=0x84b2818) at config.c:364
#15 0x08090155 in ap_process_request (r=0x84b2818) at http_request.c:249
#16 0x0808a7eb in ap_process_http_connection (c=0x8455b48) at http_core.c:251
#17 0x080bbf5a in ap_run_process_connection (c=0x8455b48) at connection.c:43
#18 0x080bc348 in ap_process_connection (c=0x8455b48, csd=0x8455a70) at connection.c:176
#19 0x080addbb in child_main (child_num_arg=95) at prefork.c:610
#20 0x080adf45 in make_child (s=0x8108b90, slot=95) at prefork.c:704
#21 0x080ae1a4 in perform_idle_server_maintenance (p=0x8102e58) at prefork.c:839
#22 0x080ae5f9 in ap_mpm_run (_pconf=0x8102e58, plog=0x813ef48, s=0x8108b90) at prefork.c:1040
#23 0x080b4ff1 in main (argc=2, argv=0xbfffdbc4) at main.c:618
(gdb)
 [2005-11-21 18:25 UTC] sniper@php.net
Do NOT add such long backtraces here before asked to!!
Another thing: you didn't tell what your configure line was.
Are you sure you don't have PHP 4 and 5 loaded the same time in your httpd.conf? (assuming you're compiling them as DSOs)

 [2005-11-22 11:01 UTC] maddog2k at maddog2k dot net
W00ps, sorry 'bout the backtraces, thought it might help.

The configure line is pretty big, and I doubt it's of help since I found that the change in php_fopen_wrapper.c is causing all the trouble... (with PHP4CVS for sure).
In every bt I've seen, php_fopen_wrapper.c failed on line 81, combined with MySQL. Often I also see a 'No such file or directory' message:

    at /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/ext/standard/php_fopen_wrapper.c:81
81      /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/ext/standard/php_fopen_wrapper.c: No such file or directory.
        in /opt/install/apache-2.0.54_apache-1.3.34_php-4.4.2-RC2-dev-WideXS-02_php-5.0.5/php-4.4.2/ext/standard/php_fopen_wrapper.c

I downloaded revision 1.29.2.4 of this file, and the segmentation faults are now gone with PHP4CVS and Apache 2.0.54

Hopefully this is enough info for you :)
 [2005-11-22 12:46 UTC] sniper@php.net
Sara, you changed php_fopen_wrapper.c last time.
 [2005-11-22 23:37 UTC] pollita@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

The backtrace *was* helpful.  And yes, I introduced this bug.  Silly thinko really.... stream->abstract is not the same thing as stream->position... :)

 [2005-11-23 13:22 UTC] maddog2k at maddog2k dot net
Many thanks, this seems solved indeed ! :)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 06:01:29 2024 UTC