php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #42395 httpd crashes near file uploading
Submitted: 2007-08-23 10:03 UTC Modified: 2007-09-07 01:00 UTC
Votes:3
Avg. Score:3.7 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: jille at hexon dot cx Assigned:
Status: No Feedback Package: Apache related
PHP Version: 5.2.3 OS: MacOS 10.4.9
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jille at hexon dot cx
New email:
PHP Version: OS:

 

 [2007-08-23 10:03 UTC] jille at hexon dot cx
Description:
------------
I have found these 2 lines in my syslog,
this crash happens nearly a few times a day.

Aug 23 10:37:00 hillsbrad crashdump[10305]: httpd crashed
Aug 23 10:37:00 hillsbrad crashdump[10305]: crash report written to: /Library/Logs/CrashReporter/httpd.crash.log

My website is being used by 400 users a day,
on the 'crashing page' several images can be uploaded.

Reproduce code:
---------------
I tried to reproduce the crash, but it didn`t work out.

I`ve added some debug code,
some debuglines appear about 30 seconds before the crash.
Some a few seconds after (they are not reported in the same way).

It might also be that the debugging lines are not even reached.

Expected result:
----------------
I don`t know what exactly happens to the user on the website.
I`ve never got any complaints about it or something.

It could be a delayed crash or something
(eg: the uploads create some buffer overflow, and apache crashes on the next request or something.)

But I would expect not to see a crash happen

Actual result:
--------------
Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0x310074f4

Thread 0 Crashed:
0   libphp5.so  0x022f2010 _zend_mm_free_int + 544
1   libphp5.so  0x02323808 zend_hash_destroy + 168
2   libphp5.so  0x023161b4 _zval_dtor_func + 164
3   libphp5.so  0x02304100 _zval_ptr_dtor + 80
4   libphp5.so  0x0207f4ec zm_deactivate_filter + 140
5   libphp5.so  0x0231a95c module_registry_cleanup + 44
6   libphp5.so  0x02323ce8 zend_hash_apply + 152
7   libphp5.so  0x02316c1c zend_deactivate_modules + 92
8   libphp5.so  0x022c1298 php_request_shutdown + 328
9   libphp5.so  0x023ca1cc apache_php_module_main + 236
10  libphp5.so  0x023cb8bc send_php + 1212
11  libphp5.so  0x023cb968 send_parsed_php + 56
12  httpd       0x0000dd18 ap_invoke_handler + 232
13  httpd       0x00017dd4 process_request_internal + 640
14  httpd       0x00017e54 ap_process_request + 72
15  httpd       0x00006b60 child_main + 1832
16  httpd       0x00006dc4 make_child + 312
17  httpd       0x00007660 standalone_main + 852
18  httpd       0x00007d74 main + 1052
19  httpd       0x0000238c _start + 348
20  httpd       0x0000222c start + 60

Thread 0 crashed with PPC Thread State 64:
  srr0: 0x00000000022f2010 srr1: 0x100000000200f030                        vrsave: 0x0000000000000000
    cr: 0x48000448          xer: 0x0000000000000000   lr: 0x00000000022f1e90  ctr: 0x0000000000003ddc
    r0: 0x0000000000000000   r1: 0x00000000bfffe220   r2: 0x0000000000000001   r3: 0x000000000185e800
    r4: 0x00000000002c74b0   r5: 0x0000000000000002   r6: 0x00000000002c74a8   r7: 0x0000000000000000
    r8: 0x0000000000000010   r9: 0x00000000002c74e8  r10: 0x00000000002c74e8  r11: 0x00000000310074e8
   r12: 0x0000000000003ddc  r13: 0x0000000000000000  r14: 0x0000000000000000  r15: 0x0000000000000000
   r16: 0x0000000000000000  r17: 0x0000000000000000  r18: 0x0000000000000000  r19: 0x0000000000000000
   r20: 0x0000000000000000  r21: 0x0000000000000000  r22: 0x0000000000057314  r23: 0x0000000000057314
   r24: 0x0000000000057314  r25: 0x0000000000057314  r26: 0x000000000187a638  r27: 0x000000000231a930
   r28: 0x000000000185e800  r29: 0x0000000000000040  r30: 0x00000000002c74a8  r31: 0x00000000022f1e04

Binary Images Description:
    0x1000 -    0x4ffff httpd   /usr/sbin/httpd
   0x65000 -    0x67fff mod_log_config.so   /usr/libexec/httpd/mod_log_config.so
   0x6a000 -    0x6bfff mod_mime.so   /usr/libexec/httpd/mod_mime.so
   0x6e000 -    0x70fff mod_status.so   /usr/libexec/httpd/mod_status.so
   0x73000 -    0x75fff mod_info.so   /usr/libexec/httpd/mod_info.so
   0x78000 -    0x81fff mod_rewrite.so  /usr/libexec/httpd/mod_rewrite.so
   0x85000 -    0x86fff mod_access.so   /usr/libexec/httpd/mod_access.so
   0x89000 -    0x8afff mod_auth_apple.so   /usr/libexec/httpd/mod_auth_apple.so
   0x8d000 -    0x8dfff mod_setenvif.so   /usr/libexec/httpd/mod_setenvif.so
   0x90000 -    0x90fff mod_hfs_apple.so  /usr/libexec/httpd/mod_hfs_apple.so
   0x93000 -    0x95fff mod_digest_apple.so   /usr/libexec/httpd/mod_digest_apple.so
   0x98000 -    0xb4fff libssl.so   /usr/libexec/httpd/libssl.so
   0xd1000 -    0xeefff libjpeg.62.dylib  /sw/lib/libjpeg.62.dylib
   0xf6000 -    0xf7fff ZendExtensionManager.so   /usr/local/Zend/lib/ZendExtensionManager.so
  0x205000 -   0x223fff libpng.3.dylib  /sw/lib/libpng.3.dylib
  0x282000 -   0x286fff libmnogocharset-3.3.dylib   /usr/local/mnogosearch/lib/libmnogocharset-3.3.dylib
  0x405000 -   0x4fefff libiconv.2.dylib  /sw/lib/libiconv.2.dylib
 0x1008000 -  0x1048fff libfreetype.6.dylib   /sw/lib/libfreetype.6.dylib
 0x118f000 -  0x129ffff libxml2.2.dylib   /sw/lib/libxml2.2.dylib
 0x14d5000 -  0x1600fff ZendOptimizer.so  /usr/local/Zend/lib/Optimizer-3.2.8/php-5.2.x/ZendOptimizer.so
 0x2008000 -  0x2660fff libphp5.so  /usr/libexec/httpd/libphp5.so
 0x287d000 -  0x2947fff libmnogosearch-3.3.dylib  /usr/local/mnogosearch/lib/libmnogosearch-3.3.dylib
0x8fe00000 - 0x8fe52fff dyld 46.12  /usr/lib/dyld
0x90000000 - 0x901bcfff libSystem.B.dylib   /usr/lib/libSystem.B.dylib
0x90214000 - 0x90219fff libmathCommon.A.dylib   /usr/lib/system/libmathCommon.A.dylib
0x907bb000 - 0x90894fff com.apple.CoreFoundation 6.4.7 (368.28) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x908df000 - 0x909e1fff libicucore.A.dylib  /usr/lib/libicucore.A.dylib
0x90a3b000 - 0x90abffff libobjc.A.dylib   /usr/lib/libobjc.A.dylib
0x90b6f000 - 0x90b81fff libauto.dylib   /usr/lib/libauto.dylib
0x9110f000 - 0x9111dfff libz.1.dylib  /usr/lib/libz.1.dylib
0x91120000 - 0x912dbfff com.apple.security 4.6 (29770)  /System/Library/Frameworks/Security.framework/Versions/A/Security
0x91431000 - 0x9143cfff libgcc_s.1.dylib  /usr/lib/libgcc_s.1.dylib
0x91a19000 - 0x91ae0fff libcrypto.0.9.7.dylib   /usr/lib/libcrypto.0.9.7.dylib
0x93701000 - 0x93721fff com.apple.DirectoryService.Framework 3.1  /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x95040000 - 0x9506ffff libssl.0.9.7.dylib  /usr/lib/libssl.0.9.7.dylib
0x95784000 - 0x957acfff libcurl.3.dylib   /usr/lib/libcurl.3.dylib

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-08-23 10:26 UTC] jani@php.net
First get the latst 5.2.4-dev snapshot:
http://snaps.php.net/php4-STABLE-latest.tar.gz

Then compile it with using --enable-debug in your configure line.
Before you launch Apache, disable all Zend extensions in your php.ini.

Run Apache under GDB:

# gdb --arg httpd -X
(gdb) run

Then do the things required to crash it and:

<segfault>
(gdb) bt

And you should have better backtrace. Although it seems to be coming from the filter extension by looking at the current backtrace, it's easier to pinpoint the exact place when the debug symbols are around.

 [2007-08-23 11:33 UTC] jille at hexon dot cx
I can't run 5.2.4-dev in gdb on a live server.
That will slow down about 1000+ sites i`m hosting.

But I will try to run one server without Zend extensions.
Let`s see whether I still get crashes on that one
 [2007-08-23 11:46 UTC] jani@php.net
Nobody asked you to run it on live site..
 [2007-08-23 11:48 UTC] jille at hexon dot cx
true, but I can't reproduce it on my dev server...
 [2007-08-23 14:12 UTC] jani@php.net
So it crashes but you can't build a debug version of PHP for your live site to get better backtraces so that we could actually fix it and you don't know how to reproduce it reliably..quite a chicken'n'egg problem here. :)
 [2007-08-30 12:55 UTC] jille at hexon dot cx
Well, I disabled the zend extensions on one server, but it crashed anyway...
Got any other ideas to try to locate the problem (without slowing down the entire server) ?
 [2007-08-30 13:17 UTC] jani@php.net
Did you build PHP with --enable-debug or not? As long as you're not able to provide any useful way for anybody to reproduce this or a decent backtrace there's not much we can do about it. And you need to do it using PHP 5.2.4. (it's the one you get from snaps.php.net atm)
 [2007-09-07 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Nov 25 09:01:23 2020 UTC