php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43459 Segfault on graceful restart
Submitted: 2007-11-29 21:15 UTC Modified: 2007-12-12 01:00 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: ch at westend dot com Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.2.5 OS: Debian 4.0 'etch' Linux
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2007-11-29 21:15 UTC] ch at westend dot com
Description:
------------
I have lots of segfaults in the error.log of a new apache installation using a Debian shipped Apache2 with prefork mpm and the very latest PHP5. Below is the backtrace.

Reproduce code:
---------------
I guess it comes sometimes from graceful restarts or from idle threads that apache kills himself.

PHP was compiled using:
./configure \
        --with-apxs2=/usr/bin/apxs2 \
        --prefix=/usr/local/php5 \
        \
        --enable-shared \
        --enable-exif \
        --enable-ftp \
        --enable-gd-native-ttf \
        --enable-mbstring \
        --enable-simplexml \
        --enable-soap \
        --enable-pdo \
        --enable-spl \
        --enable-zip \
        --with-bz2 \
        --with-curl \
        --with-curl=/usr \
        --with-freetype-dir=/usr \
        --with-gd=shared \
        --with-gettext \
        --with-iconv \
        --with-mime-magic \
        --with-mysql=shared,/usr \
        --with-mysql-sock=/var/run/mysqld/mysqld.sock \
        --with-pdo-mysql=/usr \
        --with-t1lib \
        --with-jpeg-dir=/usr \
        --with-ttf=/usr \
        --with-zlib=/usr \
        --with-xsl=/usr \


Expected result:
----------------
-

Actual result:
--------------
$ gdb /usr/sbin/apache2 core
...
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal 11, Segmentation fault.
#0  _zend_mm_free_int (heap=0x744dd0, p=0x2ab8a7c272a0) at /usr/local/src/php5/php-5.2.5/Zend/zend_alloc.c:1944
1944            if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt 
#0  _zend_mm_free_int (heap=0x744dd0, p=0x2ab8a7c272a0) at /usr/local/src/php5/php-5.2.5/Zend/zend_alloc.c:1944
#1  0x00002ab89d7e3735 in destroy_op_array (op_array=0x2ab8abe89260) at /usr/local/src/php5/php-5.2.5/Zend/zend_opcode.c:232
#2  0x00002ab89d7f6cb8 in zend_hash_destroy (ht=0x2ab8abe84760) at /usr/local/src/php5/php-5.2.5/Zend/zend_hash.c:526
#3  0x00002ab89d7e3465 in destroy_zend_class (pce=<value optimized out>) at /usr/local/src/php5/php-5.2.5/Zend/zend_opcode.c:184
#4  0x00002ab89d7f69a2 in zend_hash_apply_deleter (ht=0x745710, p=0x9dbba0) at /usr/local/src/php5/php-5.2.5/Zend/zend_hash.c:611
#5  0x00002ab89d7f6aa9 in zend_hash_reverse_apply (ht=0x745710, apply_func=0x2ab89d7dee70 <clean_non_persistent_class>)
    at /usr/local/src/php5/php-5.2.5/Zend/zend_hash.c:760
#6  0x00002ab89d7dfe96 in shutdown_executor () at /usr/local/src/php5/php-5.2.5/Zend/zend_execute_API.c:291
#7  0x00002ab89d7ec232 in zend_deactivate () at /usr/local/src/php5/php-5.2.5/Zend/zend.c:860
#8  0x00002ab89d7aa9be in php_request_shutdown (dummy=<value optimized out>) at /usr/local/src/php5/php-5.2.5/main/main.c:1485
#9  0x00002ab89d86b08e in php_handler (r=0x968488) at /usr/local/src/php5/php-5.2.5/sapi/apache2handler/sapi_apache2.c:471
#10 0x0000000000432c89 in ap_run_handler ()
#11 0x0000000000435e02 in ap_invoke_handler ()
#12 0x0000000000441ed8 in ap_process_request ()
#13 0x000000000043f3bc in ap_register_input_filter ()
#14 0x00000000004397e1 in ap_run_process_connection ()
#15 0x0000000000445851 in ap_graceful_stop_signalled ()
#16 0x0000000000445ac4 in ap_graceful_stop_signalled ()
#17 0x0000000000446366 in ap_mpm_run ()
#18 0x0000000000420e00 in main ()



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-11-30 06:23 UTC] jani@php.net
Note for developers: See bug #43387 (crash in same place)

 [2007-12-12 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 10:02:09 2014 UTC