php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53869 Random Segmentation Fault (11)
Submitted: 2011-01-28 17:40 UTC Modified: 2013-02-18 00:34 UTC
From: spamhut at gmail dot com Assigned:
Status: No Feedback Package: Apache2 related
PHP Version: 5.3.5 OS: FreeBSD 7.4
Private report: No CVE-ID: None
 [2011-01-28 17:40 UTC] spamhut at gmail dot com
Description:
------------
I was getting random Segfaults in my httpd-error.log.  Occurred rarely (about 12-20 times a day on a site that has about 200,000 page views a day).  Narrowed the problem down to calls to virtual().  I had 3 to 4 per page.  Changing virtual() out with include() or require() completely removed segfaults.

Apache 2.2.17
PHP 5.3.5 from FreeBSD ports (did not occur when using PHP 5.2.17 from source).

Loaded symbols for /libexec/ld-elf.so.1
#0  0x28adf4f1 in _zval_ptr_dtor (zval_ptr=0xbfbfd23c,
    __zend_filename=0x28c61a48 "/usr/ports/lang/php5/work/php-5.3.5/Zend/zend_execute.h", __zend_lineno=318) at zend.h:385
385     zend.h: No such file or directory.
        in zend.h
[New Thread 0x28501040 (LWP 100269)]


(gdb) bt full
#0  0x28adf4f1 in _zval_ptr_dtor (zval_ptr=0xbfbfd23c,
    __zend_filename=0x28c61a48 "/usr/ports/lang/php5/work/php-5.3.5/Zend/zend_execute.h", __zend_lineno=318) at zend.h:385
No locals.
#1  0x28b1d1fd in zend_vm_stack_clear_multiple () at zend_execute.h:318
        q = (zval *) 0x0
        p = (void **) 0x29924ab8
        delete_count = 686419922
#2  0x28b1dc33 in zend_do_fcall_common_helper_SPEC (execute_data=0x29924040) at zend_vm_execute.h:406
        opline = (zend_op *) 0x28e9bc2c
        should_change_scope = 0 '\0'
#3  0x28b22758 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x29924040) at zend_vm_execute.h:1606
        opline = (zend_op *) 0x28e9bc2c
        fname = (zval *) 0x28e9bc48
#4  0x28b1ca6b in execute (op_array=0x28e9f0a0) at zend_vm_execute.h:107
        ret = 0
        execute_data = (zend_execute_data *) 0x29924040
        nested = 1 '\001'
        original_in_execution = 0 '\0'
#5  0x28af0557 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/ports/lang/php5/work/php-5.3.5/Zend/zend.c:1194
        files = 0xbfbfd404 ""
        i = 1
        file_handle = (zend_file_handle *) 0xbfbfe934
        orig_op_array = (zend_op_array *) 0x0
        orig_retval_ptr_ptr = (zval **) 0x0
#6  0x28a843ad in php_execute_script (primary_file=0xbfbfe934) at /usr/ports/lang/php5/work/php-5.3.5/main/main.c:2265
        realfile = "¥¤¬(ìSé(\230eé(l\000\000\000\020\000\000\000\220\214[(À\aå(\bå¿¿\230ج(\000\214[(\024Té(\200àÅ(©\001", '\0' <repeats 14 times>, "\004ʬ(\024eé(\021\000\000\000Èä¿¿¥¤¬(xö\002\000\v\000\000\000\021\000\000\000Èä¿¿y§¬( ö\002\000 ö\002\000\021\000\000\000\024\216[(`yé(|yé(T,\003\000\021\000\000\000À\aå(ð\020ø(\004ʬ(´yé(TÙÇ(\004\000\000\000\bå¿¿y§¬(\b,\003\000\b,\003\000\210yé(\000\000\000\000\021\000\000\0008å¿¿¥¤¬(`yé(X\000\000\000"...
        __orig_bailout = (sigjmp_buf *) 0xbfbfe970
        __bailout = {{_sjb = {682115418, 0, -1077947412, -1077942008, 0, -1077942100, 4735, -1077942168, 682556027, 684203328,
      682590304, 0}}}
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x0
        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {
      handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0,
      fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {
      handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0,
      fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
        old_cwd = 0xbfbfd420 "/"
        use_heap = 0 '\0'
---Type <return> to continue, or q <return> to quit---
        retval = 0
#7  0x28bbbd73 in php_handler (r=0x29918058) at /usr/ports/lang/php5/work/php-5.3.5/sapi/apache2handler/sapi_apache2.c:669
        zfd = {type = ZEND_HANDLE_MAPPED, filename = 0x29919828 "/usr/home/yyy/public_html/folder/page.php", opened_path = 0x0,
  handle = {fd = 686393184, fp = 0x28e98760, stream = {handle = 0x28e98760, isatty = 0, mmap = {len = 11011, pos = 0, map = 0x0,
        buf = 0x295fd000 <Address 0x295fd000 out of bounds>, old_handle = 0x0, old_closer = 0},
      reader = 0x28a9bab0 <_php_stream_read>, fsizer = 0x28a825e0 <php_zend_stream_fsizer>,
      closer = 0x28a825c0 <php_zend_stream_mmap_closer>}}, free_filename = 0 '\0'}
        __orig_bailout = (sigjmp_buf *) 0x0
        __bailout = {{_sjb = {683391806, 0, -1077942004, -1077941800, 0, 686098368, 4735, 676142160, 676141696, 686099352,
      -1077941800, 0}}}
        ctx = (php_struct * volatile) 0x2991c3f0
        conf = (void *) 0x28e4f858
        brigade = (apr_bucket_brigade * volatile) 0x2991cb18
        bucket = (apr_bucket *) 0x2854c760
        rv = 676135291
        parent_req = (request_rec * volatile) 0x0
#8  0x08076a89 in ap_run_handler (r=0x29918058) at config.c:157
        n = 0
        rv = Variable "rv" is not available.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-22 16:50 UTC] iliaa@php.net
-Status: Open +Status: Feedback
 [2011-02-22 16:50 UTC] iliaa@php.net
Have you tried building 5.3.5 from sources?
 [2013-02-18 00:34 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 11:01:30 2024 UTC