php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #51091 Persistent PDO Connections Crash
Submitted: 2010-02-19 15:29 UTC Modified: 2010-10-12 00:50 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: achristianson at yakabod dot com Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5.3.1 OS: CentOS 5.4
Private report: No CVE-ID:
 [2010-02-19 15:29 UTC] achristianson at yakabod dot com
Description:
------------
* create persistent connection to database; store it to a variable
* create an additional persistent connection to database: store it in 
the same variable
* allocate a bunch of memory
* PHP segfaults

Reproduce code:
---------------
<?php
$db = connect();
$db = connect();

for($i = 0; $i < 10000; $i++)
{
  $exampleArray[] = new ExampleObject();
}

class ExampleObject { }

function connect()
{
  return new PDO( 'mysql:host=<db host>;dbname=<db name>', '<db user>', '<db password>',
      array( PDO::ATTR_PERSISTENT => true ));
}

Expected result:
----------------
no segmentation fault

Actual result:
--------------
[New Thread 0xb7f396c0 (LWP 3416)]

Program received signal SIGSEGV, Segmentation fault.
0x0853a746 in zobj_mark_grey (obj=0xb7b8e07c, pz=0xbfd1f0c8) at 
/root/php-5.3.1/Zend/zend_gc.c:383
383                             p = Z_OBJPROP_P(pz)->pListHead;
(gdb) bt
#0  0x0853a746 in zobj_mark_grey (obj=0xb7b8e07c, pz=0xbfd1f0c8) at 
/root/php-5.3.1/Zend/zend_gc.c:383
#1  0x0853a81e in gc_mark_roots () at /root/php-
5.3.1/Zend/zend_gc.c:410
#2  0x0853af64 in gc_collect_cycles () at /root/php-
5.3.1/Zend/zend_gc.c:628
#3  0x0853a1a9 in gc_zobj_possible_root (zv=0xa06bac8) at /root/php-
5.3.1/Zend/zend_gc.c:221
#4  0x08539f78 in gc_zval_possible_root (zv=0xa06bac8) at /root/php-
5.3.1/Zend/zend_gc.c:143
#5  0x08508570 in _zval_ptr_dtor (zval_ptr=0xbfd1f1ec, 
__zend_filename=0x88fb070 "/root/php-5.3.1/Zend/zend_vm_execute.h", 
__zend_lineno=28199) at /root/php-5.3.1/Zend/zend_gc.h:183
#6  0x085d7d24 in ZEND_ASSIGN_DIM_SPEC_CV_UNUSED_HANDLER 
(execute_data=0x9cccd20) at /root/php-
5.3.1/Zend/zend_vm_execute.h:28199
#7  0x08543e68 in execute (op_array=0x9d12f70) at /root/php-
5.3.1/Zend/zend_vm_execute.h:104
#8  0x08518b68 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /root/php-5.3.1/Zend/zend.c:1194
#9  0x084aecdb in php_execute_script (primary_file=0xbfd216a4) at 
/root/php-5.3.1/main/main.c:2225
#10 0x085e4fa0 in main (argc=2, argv=0xbfd21804) at /root/php-
5.3.1/sapi/cli/php_cli.c:1190

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-19 15:34 UTC] rasmus@php.net
Looks like a gc issue.  Confirm by setting:

zend.enable_gc = Off

in your php.ini
 [2010-02-19 16:09 UTC] achristianson at yakabod dot com
I gave it a try with

zend.enable_gc = Off

The segmentation fault no longer occurs
 [2010-02-19 16:47 UTC] johannes@php.net
-Status: Open
+Status: Assigned
-Assigned To: 
+Assigned To: dmitry

Dmitry, can you take a look? - Thanks.
 [2010-04-20 18:11 UTC] dmitry@php.net
-Status: Assigned +Status: Feedback
 [2010-04-20 18:11 UTC] dmitry@php.net
I'm not able to reproduce it. May be it's already fixed. Could you verify?
 [2010-06-28 05:15 UTC] dxm007 at gmail dot com
Hi, I've been trying to setup Menalto Gallery and after I got through entire setup 
of a fresh installation (to verify php, MSSQL, IIS were working fine), I pointed 
the gallery to my existing database and flat files.  Because my data came from an 
older version of the Gallery, it invokes upgrade wizard which dies every single 
time on step 2.  I've created a crash dump with adplus and it appears to be 
exactly the same bug as what's reported here.

This is 100% repeatable on my machine.  I'm using PHP 5.3.2 with Windows 2008 
Server R2, IIS7 and MSSQL 2008 R2.  I've also been able to get past the crash by 
adding "zend.enable_gc = Off" to php.ini
 [2010-08-09 01:28 UTC] felipe@php.net
-Status: Feedback +Status: Assigned
 [2010-09-09 23:54 UTC] matth+php at mlalonde dot net
I can replicate under Ubuntu Server LTS 10.04 running nginx and php-fcgi (using spawn fcgi).

Reading symbols from /usr/lib/gconv/ISO8859-1.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/gconv/ISO8859-1.so
Core was generated by `/usr/bin/php5-cgi'.
Program terminated with signal 11, Segmentation fault.
#0  0x00000000006b2ea9 in gc_zval_possible_root (zv=0x4c7d018) at /build/buildd/php5-5.3.2/Zend/zend_gc.c:143
143	/build/buildd/php5-5.3.2/Zend/zend_gc.c: No such file or directory.
	in /build/buildd/php5-5.3.2/Zend/zend_gc.c
(gdb) bt
#0  0x00000000006b2ea9 in gc_zval_possible_root (zv=0x4c7d018) at /build/buildd/php5-5.3.2/Zend/zend_gc.c:143
#1  0x00000000006a1698 in zend_hash_destroy (ht=0x4c7ce20) at /build/buildd/php5-5.3.2/Zend/zend_hash.c:726
#2  0x000000000054e1ed in sxe_object_free_storage (object=0x4c7bcc0) at /build/buildd/php5-5.3.2/ext/simplexml/simplexml.c:2016
#3  0x00000000006b9aec in zend_objects_store_free_object_storage (objects=0xd8fd18) at /build/buildd/php5-5.3.2/Zend/zend_objects_API.c:92
#4  0x0000000000688ac5 in shutdown_executor () at /build/buildd/php5-5.3.2/Zend/zend_execute_API.c:302
#5  0x00000000006953e2 in zend_deactivate () at /build/buildd/php5-5.3.2/Zend/zend.c:962
#6  0x0000000000641095 in php_request_shutdown (dummy=0x4c7d018) at /build/buildd/php5-5.3.2/main/main.c:1649
#7  0x0000000000722550 in main (argc=32767, argv=0x0) at /build/buildd/php5-5.3.2/sapi/cgi/cgi_main.c:2160
 [2010-09-10 00:01 UTC] matth+php at mlalonde dot net
For the record, we are using Doctrine 2.0 (which uses the PDO) and PostgreSQL.
 [2010-10-12 00:50 UTC] felipe@php.net
-Status: Assigned +Status: Closed
 [2010-10-12 00:50 UTC] felipe@php.net
I can't reproduce this as well. (probably already fixed...)
 [2010-12-27 23:03 UTC] lsmith@php.net
I am also seeing segfaults/bus errors, which go away after disabling GC on PHP 
5.3.4 using PostgreSQL via Doctrine 2.0. Though the issues only appeared when I 
added ext intl. I am seeing these issues on OSX and Debian.
 [2010-12-27 23:05 UTC] lsmith@php.net
I should add that I have only seen this issue when running my entire test suite on 
the CLI. Running the crashing unit tests individually makes the issue go away.
 [2011-08-03 11:25 UTC] henri dot bergius at iki dot fi
We have the same crash with PHPCR unit tests with Midgard2. Some backtraces in:

https://github.com/midgardproject/midgard-php5/issues/50
 [2011-08-25 16:27 UTC] ryan dot pendergast at gmail dot com
I run php5-fpm (php v 5.3.3) on 32bit ubuntu 10.10 and am seeing the same issue 
- even when 
disabling garbage collection.  It seems as if fpm is not obeying the disabling 
of 
garbage collection.  I'm using mysql_pconnect()..

/usr/sbin/php5-fpm -i | grep -i zend.enable_gc
zend.enable_gc => Off => Off

Still produces (Here is my backtrace):

Core was generated by `/usr/sbin/php5-fpm --fpm-config /etc/php5/fpm/main.conf'.
Program terminated with signal 11, Segmentation fault.
#0  0x0832d235 in gc_zval_possible_root ()
(gdb) bt
#0  0x0832d235 in gc_zval_possible_root ()
#1  0x08300af1 in _zval_ptr_dtor ()
#2  0x0831aa94 in zend_hash_destroy ()
#3  0x08330ba3 in zend_object_std_dtor ()
#4  0x08330be2 in zend_objects_free_object_storage ()
#5  0x0833489d in zend_objects_store_del_ref_by_handle_ex ()
#6  0x083348df in zend_objects_store_del_ref ()
#7  0x0830d2d9 in _zval_dtor_func ()
#8  0x08300abd in _zval_ptr_dtor ()
#9  0x08333d46 in ?? ()
#10 0x0837e609 in ?? ()
#11 0x0837ee98 in ?? ()
#12 0x0833781e in execute ()
#13 0xb6133570 in ?? () from /usr/lib/php5/20090626+lfs/suhosin.so
#14 0x08360a1e in ?? ()
#15 0x0833781e in execute ()
#16 0xb6133570 in ?? () from /usr/lib/php5/20090626+lfs/suhosin.so
#17 0x08360a1e in ?? ()
#18 0x0833781e in execute ()
#19 0xb6133570 in ?? () from /usr/lib/php5/20090626+lfs/suhosin.so
#20 0x0830d5a6 in zend_execute_scripts ()
#21 0x082b1cb4 in php_execute_script ()
#22 0x083a6169 in ?? ()
#23 0xb71e2ce7 in __libc_start_main () from /lib/libc.so.6
#24 0x08066bc1 in _start ()
 [2011-08-25 19:19 UTC] ryan dot pendergast at gmail dot com
Sorry forgot to mention, when i use mysql_connect() instead f mysql_pconnect() I 
do not get this segfault. I also tried removing suhosin, same results.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 13:01:59 2014 UTC