php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43476 5.2.5 keeps crashing while 5.2.4 works fine
Submitted: 2007-12-02 13:29 UTC Modified: 2007-12-03 16:19 UTC
From: erno dot kovacs at freemail dot hu Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5.2.5 OS: Debian etch, Linux 2.6
Private report: No CVE-ID:
 [2007-12-02 13:29 UTC] erno dot kovacs at freemail dot hu
Description:
------------
I have used PHP 5.2.4 for a long while without any problems. Recently I upgraded to 5.2.5, and it segfaults like 15-20 times a day.
Configuration is exactly the same with the two versions, no extensions loaded.
I run PHP in FastCGI mode binding to a TCP socket (-b), webserver is Apache2/mod_fastcgi.
I moved back to 5.2.4 so problem is gone...


Reproduce code:
---------------
./configure --disable-all --prefix=/usr/local/php5 --enable-fastcgi --enable-discard-path --with-jpeg-dir --with-png-dir --with-freetype-dir --with-gd --with-mysql=/usr --with-mm --with-zlib-dir --enable-mbstring=all --with-mcrypt --with-iconv --enable-mbregex --with-gettext --enable-ctype --with-imap --with-imap-ssl --with-openssl --with-kerberos --with-mime-magic=/usr/share/file/magic.mime --with-pcre-regex --enable-mbregex --enable-xml --enable-libxml --enable-simplexml --enable-dom --enable-calendar --enable-tokenizer --enable-session --with-pear --with-tsrm-pthreads --enable-inline-optimization --enable-json --enable-short-tags


Expected result:
----------------
Dec  1 16:37:07 foobar kernel: php-cgi[17725]: segfault at b514e338 eip 08214865 esp bfb7c940 error 4
Dec  1 16:37:09 foobar kernel: php-cgi[17728]: segfault at 0000000c eip 08214c27 esp bfb7c940 error 4
Dec  1 16:37:14 foobar kernel: php-cgi[17726]: segfault at b4fdc234 eip 08214865 esp bfb7c940 error 4
Dec  1 16:37:17 foobar kernel: php-cgi[28333]: segfault at b521d6c4 eip 08214865 esp bfb7c940 error 4


Actual result:
--------------
I have many core files and the backtrace is the same in them:
(gdb) bt
#0  _zend_mm_free_int (heap=0x84fb178, p=0xb521d744) at /home/rsctm/php-5.2.5/Zend/zend_alloc.c:1914
#1  0x081f6d3b in sapi_deactivate () at /home/rsctm/php-5.2.5/main/SAPI.c:445
#2  0x081eedd5 in php_request_shutdown (dummy=0x0) at /home/rsctm/php-5.2.5/main/main.c:1494
#3  0x082a92c6 in main (argc=6, argv=0xbfb7fdc4) at /home/rsctm/php-5.2.5/sapi/cgi/cgi_main.c:1972

Unfortunately -e didnt generate any more debugging information.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-12-02 16:00 UTC] iliaa@php.net
Please recompile with --enable-debug and try generating a backtrace 
then.
 [2007-12-03 10:04 UTC] erno dot kovacs at freemail dot hu
Core was generated by `/usr/local/php5/bin/php-cgi -e -b localhost:9001 -c /usr/local/apachehoste/conf'.
Program terminated with signal 11, Segmentation fault.
#0  0x082a6e05 in zend_mm_check_ptr (heap=0x85b7178, ptr=0xb4dce2f0, silent=1,
    __zend_filename=0x855d3fc "/home/rsctm/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /home/rsctm/php-5.2.5/Zend/zend_alloc.c:1276
1276            if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) {
(gdb) bt
#0  0x082a6e05 in zend_mm_check_ptr (heap=0x85b7178, ptr=0xb4dce2f0, silent=1,
    __zend_filename=0x855d3fc "/home/rsctm/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /home/rsctm/php-5.2.5/Zend/zend_alloc.c:1276
#1  0x082a834d in _zend_mm_free_int (heap=0x85b7178, p=0xb4dce2f0, __zend_filename=0x855d3fc "/home/rsctm/php-5.2.5/main/SAPI.c",
    __zend_lineno=445, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/rsctm/php-5.2.5/Zend/zend_alloc.c:1909
#2  0x082a948d in _efree (ptr=0xb4dce2f0, __zend_filename=0x855d3fc "/home/rsctm/php-5.2.5/main/SAPI.c", __zend_lineno=445,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/rsctm/php-5.2.5/Zend/zend_alloc.c:2277
#3  0x0827c0de in sapi_deactivate () at /home/rsctm/php-5.2.5/main/SAPI.c:445
#4  0x0827432c in php_request_shutdown (dummy=0x0) at /home/rsctm/php-5.2.5/main/main.c:1494
#5  0x083431c9 in main (argc=6, argv=0xbfa60cb4) at /home/rsctm/php-5.2.5/sapi/cgi/cgi_main.c:1972


Most of the backtraces are the same, there is one which differ, it segfaulted in line 1284 instead of 1276.
 [2007-12-03 10:51 UTC] jani@php.net
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.

See bug #43387
 [2007-12-03 16:19 UTC] dmitry@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 04:01:55 2014 UTC