php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50382 garbage collection crashes
Submitted: 2009-12-04 11:08 UTC Modified: 2010-01-13 12:47 UTC
From: dirk at bean-it dot nl Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5.3, 6 OS: Debian 5.0
Private report: No CVE-ID:
 [2009-12-04 11:08 UTC] dirk at bean-it dot nl
Description:
------------
Upgrading to php 5.3 > Application works but apache segfaults

I've upgraded from 5.2.11 to 5.3.1. Our application works fine when accessed from a browser, however the apache error log fills with messages like:

[Fri Dec 04 11:24:59 2009] [notice] child pid 28025 exit signal Segmentation fault (11)

Each request causes a message like this.

This is not happening when using 5.2.11. I've tried to locate the problem by stepping through the code with the Zend debugger. Unfortunately, the problem does not occur when doing this.

I've followed the instructions and created a backtrace (see below). The weird thing is, PHP compiled with --enable-debug, does not crash. I does give tons of "Memory leak" messages in the apache error.log. I'm not very in to this, so I hope this information gives somebody a clue.

I've also tried a snapshot (5.3-200912040930), this doesn't work either, same segfaults.

I'm more than happy to provide more info, test things, change things... Just let me know.

./configure options (I cannot reduce this set, the application will stop working)

'./configure' \
'--with-config-file-path=/etc' \
'--with-apxs2=/usr/bin/apxs2' \
'--with-gettext' \
'--with-libxml-dir=/usr/local' \
'--with-mysqli=/usr/bin/mysql_config' \
'--with-mcrypt' \
'--with-iconv' \
'--enable-mbstring' \
'--with-zlib=/usr' \
'--with-xsl' \
'--with-curl' \
'--with-gd' \
'--with-jpeg-dir=/usr/include' \
'--with-png-dir=/usr/include' \
'--with-openssl' \
'--with-freetype-dir' \
'--enable-gd-native-ttf' \
"$@"

Actual result:
--------------
Backtrace (created running the snapshot, without debug):

(gdb) bt
#0  0xb6e63777 in zval_mark_grey (pz=0x9fd0cf8) at /root/php5.3-200912040930/Zend/zend_gc.c:360
#1  0xb6e63d35 in gc_collect_cycles () at /root/php5.3-200912040930/Zend/zend_gc.c:417
#2  0xb6e48285 in zend_deactivate () at /root/php5.3-200912040930/Zend/zend.c:900
#3  0xb6df767f in php_request_shutdown (dummy=0x0) at /root/php5.3-200912040930/main/main.c:1606
#4  0xb6ec8aa9 in php_handler (r=0x9bc31d0) at /root/php5.3-200912040930/sapi/apache2handler/sapi_apache2.c:493
#5  0x0807a1c9 in ap_run_handler ()
#6  0x0807d5e1 in ap_invoke_handler ()
#7  0x0808af00 in ap_internal_redirect ()
#8  0xb73356c3 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
#9  0x09bc31a0 in ?? ()
#10 0x09bb8d38 in ?? ()
#11 0xb7339bb7 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
#12 0x09bc3138 in ?? ()
#13 0x00000000 in ?? ()


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-12-04 12:25 UTC] dirk at bean-it dot nl
I've compiled the snapshot, gives the same segfaults.
 [2009-12-04 12:56 UTC] dirk at bean-it dot nl
Up till now, I haven't been able to exactly pinpoint the problem. As mentioned below, our application works as expected, it looks likes Apache crashes -after- php has compiled the page. Very strange. The application is quite large, a lot of code. Tried to debug with Zend Debugger, but than things work as expected, no segfault.

As much as I would like to give some example code, I cannot at this moment, since I have no clue where things go wrong (the app works fine!). 

Any suggestions on how to proceed are highly appreciated.
 [2009-12-05 16:14 UTC] srinatar@php.net
from the bt, I guess, there is memory corruption within Zend engine.

if you are able to reproduce this crash by running a modified version of 
your script from the command line, then , to help us more understand the 
problem, will it be possible for you to run it with valgrind --num-
callers=15 --error-limit=no  ./sapi/cli/php <test-script>

alternatively, if you export USE_ZEND_ALLOC=0 in your apachectl script, 
your server might run successfully albeit at decreased performance. 

thanks for your help


 [2009-12-06 15:23 UTC] srinatar@php.net
alternatively, you can also set "zend.enable_gc=Off" within your php.ini 
and this should make the crash go away as well. 
 [2009-12-07 08:43 UTC] dirk at bean-it dot nl
I can confirm that setting: zend.enable_gc=Off makes the crash go away.

I'm still looking to pinpoint the problem. I hope I can provide a short script which crashes php.
 [2009-12-08 08:30 UTC] dmitry@php.net
In case you can provide a long script with instruction it's an option too. It's not easy to identify the reason of crash caused by garbage collector and provide a short script. SSH access to a server where I can play with bug is also an option.
 [2009-12-09 12:35 UTC] dirk at bean-it dot nl
I'm going to prepare a server with the software. Please allow me a few days to arrange this. I'll email the details when things are ready.
 [2009-12-18 18:47 UTC] jani@php.net
See bug #50519 which has identical backtrace with short reproducing script.

 [2009-12-25 13:14 UTC] dmitry@php.net
The bug #50519 is fixed, however, I can't be sure that this crash is caused by the same bug. Please check SVN snapshot.
 [2009-12-31 10:58 UTC] dirk at bean-it dot nl
Tried php5.3-200912310930 but no luck. My PHP also still segfaults with the reproduce code from bug #50519.
 [2009-12-31 18:24 UTC] jani@php.net
You could try with --enable-debug in your configure line, Dmitry's fix was only for debug builds.
 [2010-01-11 10:08 UTC] dmitry@php.net
Please, check once again.
 [2010-01-12 15:59 UTC] dirk at bean-it dot nl
No crashes with version php5.3-200912310930 and --enable-debug in ./config, but I didn't get the crashes with 5.3 and --enable-debug.

The reproduce code from bug #50519 works fine now.

Still inconclusive until I can try it without --enable-debug, I guess.
 [2010-01-13 12:38 UTC] jani@php.net
Well, maybe you should try it and if it works, close this report? :)
 [2010-01-13 12:44 UTC] dirk at bean-it dot nl
The fix only works when compiled with --enable-debug (see your comment below). I'm happy to wait for the next 5.3.* RC of final... I'll test it when it is available and will reopen this call when the problem still exists.
 [2010-01-13 12:47 UTC] jani@php.net
Assumed fixed -> closed. Reopen if next RC (whenever that might be out, propably next century at this pace) does not work.
 [2014-01-06 17:09 UTC] spam2 at rhsoft dot net
they seem to be back with PHP 5.5.7 beause "zend.enable_gc = 0" stops the random segfaults of httpd
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 17:01:58 2014 UTC