PHP :: Bug #37197 :: PHP module in apache crashes in session (de)serializer

Bug #37197

PHP module in apache crashes in session (de)serializer

Submitted:

2006-04-25 12:07 UTC

Modified:

2006-06-28 01:00 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

ivoras at gmail dot com

Assigned:

Status:

No Feedback

Package:

Reproducible crash

PHP Version:

5.1.4

OS:

FreeBSD 6.1

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	ivoras at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2006-04-25 12:07 UTC] ivoras at gmail dot com

Description:
------------
PHP module in apache randomly crashes. Tried building debug version of PHP, but it doesn't change anything (there is no significant additional data in apache error logs). Attached is the result of Apache modules mod_whatkilledus and mod_backtrace.

The problem seems to be this: "httpd in malloc(): error: recursive call" Talking to FreeBSD developers, this most likely happens if an application tries to use malloc() from a signal handler, while another malloc() is in progress, which apparently is allowed by GNU malloc() but not by BSD malloc().

Reproduce code:
---------------
Cannot pinpoint crash location - possibly random or before/after PHP code starts to execute.

Expected result:
----------------
Normal operation.

Actual result:
--------------
[Tue Apr 25 13:46:26 2006] pid 28734 mod_whatkilledus sig 6 crash
[Tue Apr 25 13:46:26 2006] pid 28734 mod_whatkilledus active connection: 194.213.26.11:60632->161.53.72.111:80 (conn_rec 8498128)
[Tue Apr 25 13:46:26 2006] pid 28734 mod_whatkilledus active request (request_rec 849e050):
GET /zvne/alumni?_v1=U-7HlKuFSMHIHduAAExHdmGM_tcn2Vp3MqonoAYek-3EDnfH4VQDVQjKNRBSm6hh&_lid=10213 HTTP/1.1|User-Agent:Mozilla/5.0 (compatib
le; Pogodak.hr/3.1)|Cookie:phpbb2mysql_sid=c61f99db46b5a2b837340e294ccb5a5a; phpbb2mysql_data=a%253A2%253A%257Bs%253A11%253A%2522autologin
id%2522%253Bs%253A0%253A%2522%2522%253Bs%253A6%253A%2522userid%2522%253Bi%253A-1%253B%257D; CMS=6c9d1e5a98c7927a10ff0d0d47e902e1; CMS=6c9d
1e5a98c7927a10ff0d0d47e902e1|Accept-Language:hr|Cache-Control:no-cache|Pragma:no-cache|Host:www.zvne.fer.hr|Accept:text/html, image/gif, i
mage/jpeg, *; q=.2, */*; q=.2|Connection:keep-alive|Content-type:application/x-www-form-urlencoded
[Tue Apr 25 13:46:26 2006] pid 28734 mod_whatkilledus end of report
[Tue Apr 25 13:46:26 2006] pid 28734 mod_backtrace backtrace for sig 6 (thread "pid" 28734)
[Tue Apr 25 13:46:26 2006] pid 28734 mod_backtrace main() is at 806a950
0x8071e65 <ap_run_fatal_exception+53> at /usr/local/sbin/httpd
^@0x8071f2f <ap_run_fatal_exception+255> at /usr/local/sbin/httpd
^@0xbfbfff94
0x284133d4 <abort+84> at /lib/libc.so.6
0x283b9b03 <_UTF8_init+1875> at /lib/libc.so.6
0x283b9b31 <_UTF8_init+1921> at /lib/libc.so.6
0x283babb8 <_UTF8_init+6152> at /lib/libc.so.6
0x28653915 <_emalloc+197> at /usr/local/libexec/apache2/libphp5.so
0x28632152 <vspprintf+382> at /usr/local/libexec/apache2/libphp5.so
0x2862e68b <php_set_error_handling+159> at /usr/local/libexec/apache2/libphp5.so
0x28669809 <zend_error+165> at /usr/local/libexec/apache2/libphp5.so
0x2865f60d <zend_timeout+53> at /usr/local/libexec/apache2/libphp5.so
0xbfbfff94
0x28653cb7 <_erealloc+179> at /usr/local/libexec/apache2/libphp5.so
0x28611c63 <zif_var_export+4139> at /usr/local/libexec/apache2/libphp5.so
0x28611abd <zif_var_export+3717> at /usr/local/libexec/apache2/libphp5.so
0x28611abd <zif_var_export+3717> at /usr/local/libexec/apache2/libphp5.so
0x28614a87 <php_var_serialize+23> at /usr/local/libexec/apache2/libphp5.so
0x2894ec16 <ps_srlzr_encode_php+290> at /usr/local/lib/php/20050922-debug/session.so
0x2894f117 <ps_srlzr_decode_php+507> at /usr/local/lib/php/20050922-debug/session.so
[Tue Apr 25 13:46:26 2006] pid 28734 mod_backtrace end of backtrace
[Tue Apr 25 13:46:27 2006] [notice] child pid 28734 exit signal Abort trap (6)
httpd in malloc(): error: recursive call

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-04-25 12:09 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip

[2006-04-25 12:38 UTC] ivoras at gmail dot com

Do you have a reason to believe this will help me - are there any changes in the session serializing code between the two versions?

(This is a production machine and I can't risk downtime when I try the snapshot).

[2006-04-25 13:04 UTC] tony2001@php.net

Yes, I do have a reason.
You don't have to touch the production PHP and Apache - you can always install it into different location and listening on another port.

[2006-05-03 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2006-05-12 17:08 UTC] ivoras at gmail dot com

It seems the error has shifted a little in 5.1.4:

[Fri May 12 13:03:58 2006] pid 3810 mod_whatkilledus sig 11 crash
[Fri May 12 13:03:58 2006] pid 3810 mod_whatkilledus active connection: 66.249.65.69:62198->161.53.72.111:80 (conn_rec 849a128)
[Fri May 12 13:03:58 2006] pid 3810 mod_whatkilledus active request (request_rec 84a0050):
GET /xxxx?_v1=UiaTP11W-xj-_aMLa-IM-s3dNpKkD1N18MeEdd3lK1Fbv52UWpuATJG4sunCs2irObY6-B8xOL6GJbN1EuDH6GmE7NixIfomlpN0tRuL_yX0qynVi
cTREmixmUl-AXf8uShbk4UXEftRJxYeH-jB7Qryjgj1MIwy1tFvtNPTd8mHH6L9nObm7vZ0PH5Q881NL7qw7pFXsgc8M_rNOYdIvk88e6EHO70PAT-AIHVIqZPn66jXkisr05B3hm_t
dMYP5t9L4g03tFV6r6i7bWxcgihn3F4tTHzCX-Szg3XiCro=&_lid=6562 HTTP/1.1|Host:xxxx|Connection:Keep-alive|Accept:*/*|From:googlebot(at)goog
lebot.com|User-Agent:Mozilla/5.0 (compatible; Googlebot/2.1; +http%3a//www.google.com/bot.html)|Accept-Encoding:gzip
[Fri May 12 13:03:58 2006] pid 3810 mod_whatkilledus end of report
[Fri May 12 13:03:58 2006] pid 3810 mod_backtrace backtrace for sig 11 (thread "pid" 3810)
[Fri May 12 13:03:58 2006] pid 3810 mod_backtrace main() is at 806a950
0x8071e65 <ap_run_fatal_exception+53> at /usr/local/sbin/httpd
^@0x8071f2f <ap_run_fatal_exception+255> at /usr/local/sbin/httpd
^@0xbfbfff94
0x2864287d <_zval_ptr_dtor+65> at /usr/local/libexec/apache2/libphp5.so
0x28656874 <zend_hash_destroy+144> at /usr/local/libexec/apache2/libphp5.so
0x2864d5ef <_zval_dtor_func+115> at /usr/local/libexec/apache2/libphp5.so
0x2864287d <_zval_ptr_dtor+65> at /usr/local/libexec/apache2/libphp5.so
0x28656944 <zend_hash_clean+184> at /usr/local/libexec/apache2/libphp5.so
0x286676a5 <execute+2025> at /usr/local/libexec/apache2/libphp5.so
0x28666f99 <execute+221> at /usr/local/libexec/apache2/libphp5.so
0x286671d9 <execute+797> at /usr/local/libexec/apache2/libphp5.so
0x28666f99 <execute+221> at /usr/local/libexec/apache2/libphp5.so
0x286671d9 <execute+797> at /usr/local/libexec/apache2/libphp5.so
0x28666f99 <execute+221> at /usr/local/libexec/apache2/libphp5.so
0x286acf0c <execute+286800> at /usr/local/libexec/apache2/libphp5.so
0x28666f99 <execute+221> at /usr/local/libexec/apache2/libphp5.so
0x286671d9 <execute+797> at /usr/local/libexec/apache2/libphp5.so
0x28666f99 <execute+221> at /usr/local/libexec/apache2/libphp5.so
0x286671d9 <execute+797> at /usr/local/libexec/apache2/libphp5.so
0x28666f99 <execute+221> at /usr/local/libexec/apache2/libphp5.so
[Fri May 12 13:03:58 2006] pid 3810 mod_backtrace end of backtrace
[Fri May 12 13:03:58 2006] [notice] child pid 3810 exit signal Segmentation fault (11)

[2006-06-20 14:57 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

[2006-06-28 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat May 18 10:01:32 2024 UTC