Edit report at http://bugs.php.net/bug.php?id=51405&edit=1
ID: 51405
User updated by: miha dot vrhovnik at domenca dot com
Reported by: miha dot vrhovnik at domenca dot com
Summary: segmentation fault at the "engine shutdown"
Status: Open
Type: Bug
Package: Reproducible crash
Operating System: Linux
PHP Version: 5.3.2
New Comment:
Just so there won't be any excuses that this is because I'm running
under php-fpm Here is backtrace from apache2.
a bit different configure -- removed fpm and added apache:
./configure '--with-apxs2=/usr/bin/apxs2' '--with-openssl' '--with-zlib'
'--enable-bcmath' '--with-bz2' '--enable-calendar' '--with-curl'
'--enable-exif' '--enable-ftp' '--with-gd' '--with-imap'
'--with-imap-ssl' '--enable-mbstring' '--with-mcrypt' '--enable-pcntl'
'--with-pdo-mysql' '--with-pdo-pgsql' '--with-pgsql' '--with-readline'
'--with-mysql' '--enable-soap' '--enable-sockets' '--enable-sqlite-utf8'
'--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy'
'--enable-wddx' '--with-xmlrpc' '--with-xsl' '--enable-zip'
'--with-kerberos' '--with-mysqli'
'--with-config-file-path=/usr/local/etc'
'--with-config-file-scan-dir=/usr/local/etc/php.d' '--with-pear'
'--with-jpeg-dir=/usr/lib' --with-freetype-dir=/usr/lib
and now the actual backtrace
(gdb) continue
Continuing.
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0xb979d180, p=0xb9946290)
at /projects/php53/php-fpm-5.3.2/Zend/zend_alloc.c:2018
2018 /projects/php53/php-fpm-5.3.2/Zend/zend_alloc.c: No such file or
directory.
in /projects/php53/php-fpm-5.3.2/Zend/zend_alloc.c
(gdb) bt
#0 _zend_mm_free_int (heap=0xb979d180, p=0xb9946290)
at /projects/php53/php-fpm-5.3.2/Zend/zend_alloc.c:2018
#1 0xb6ff2498 in zend_hash_destroy (ht=0xba189ca0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#2 0xb7003fc3 in zend_object_std_dtor (object=0xba193830)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:45
#3 0xb7003ff2 in zend_objects_free_object_storage (object=0xba193830)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:114
#4 0xb70075fc in zend_objects_store_del_ref_by_handle_ex (handle=127,
handlers=0xb74c65c0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:220
#5 0xb700762f in zend_objects_store_del_ref (zobject=0xba189ff0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:172
#6 0xb6fdbedf in _zval_dtor (zval_ptr=0xba1a6238)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.h:35
#7 _zval_ptr_dtor (zval_ptr=0xba1a6238)
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:439
#8 0xb6ff2498 in zend_hash_destroy (ht=0xba19273c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#9 0xb6fe6945 in _zval_dtor_func (zvalue=0xba197ef4)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.c:43
#10 0xb6fdbedf in _zval_dtor (zval_ptr=0xba106080)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.h:35
---Type <return> to continue, or q <return> to quit---
#11 _zval_ptr_dtor (zval_ptr=0xba106080)
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:439
#12 0xb6ff2498 in zend_hash_destroy (ht=0xba12276c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#13 0xb7003fc3 in zend_object_std_dtor (object=0xb5e7013c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:45
#14 0xb7003ff2 in zend_objects_free_object_storage (object=0xb5e7013c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:114
#15 0xb70075fc in zend_objects_store_del_ref_by_handle_ex (handle=120,
handlers=0xb74c65c0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:220
#16 0xb700762f in zend_objects_store_del_ref (zobject=0xba051424)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:172
#17 0xb6fdbedf in _zval_dtor (zval_ptr=0xba1ac560)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.h:35
#18 _zval_ptr_dtor (zval_ptr=0xba1ac560)
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:439
#19 0xb6ff2498 in zend_hash_destroy (ht=0xb9dbc140)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#20 0xb6fe6945 in _zval_dtor_func (zvalue=0xb9d45c40)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.c:43
#21 0xb6fdbedf in _zval_dtor (zval_ptr=0xb9dc1130)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.h:35
---Type <return> to continue, or q <return> to quit---
#22 _zval_ptr_dtor (zval_ptr=0xb9dc1130)
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:439
#23 0xb6ff2498 in zend_hash_destroy (ht=0xb9d4a5fc)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#24 0xb7003fc3 in zend_object_std_dtor (object=0xb9dc3df4)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:45
#25 0xb7003ff2 in zend_objects_free_object_storage (object=0xb9dc3df4)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:114
#26 0xb70075fc in zend_objects_store_del_ref_by_handle_ex (handle=62,
handlers=0xb74c65c0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:220
#27 0xb700762f in zend_objects_store_del_ref (zobject=0xb9d45ab4)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:172
#28 0xb6fdbedf in _zval_dtor (zval_ptr=0xb9a84614)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.h:35
#29 _zval_ptr_dtor (zval_ptr=0xb9a84614)
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:439
#30 0xb6ff2498 in zend_hash_destroy (ht=0xb9a52b6c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#31 0xb7003fc3 in zend_object_std_dtor (object=0xb9a2fd1c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:45
#32 0xb7003ff2 in zend_objects_free_object_storage (object=0xb9a2fd1c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:114
---Type <return> to continue, or q <return> to quit---
#33 0xb700714e in zend_objects_store_free_object_storage
(objects=0xb74e29b0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:92
#34 0xb6fdde25 in shutdown_executor ()
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:302
#35 0xb6fe7453 in zend_deactivate ()
at /projects/php53/php-fpm-5.3.2/Zend/zend.c:890
#36 0xb6f961e3 in php_request_shutdown (dummy=0x0)
at /projects/php53/php-fpm-5.3.2/main/main.c:1633
#37 0xb706680c in php_apache_request_dtor (r=0xb99387e8)
at
/projects/php53/php-fpm-5.3.2/sapi/apache2handler/sapi_apache2.c:495
#38 php_handler (r=0xb99387e8)
at
/projects/php53/php-fpm-5.3.2/sapi/apache2handler/sapi_apache2.c:667
#39 0xb77e3f51 in ap_run_handler () from /usr/sbin/apache2
#40 0xb77e7d2f in ap_invoke_handler () from /usr/sbin/apache2
#41 0xb77f75a8 in ap_process_request () from /usr/sbin/apache2
#42 0xb77f4118 in ?? () from /usr/sbin/apache2
#43 0xb77ec7c1 in ap_run_process_connection () from /usr/sbin/apache2
#44 0xb77fcac1 in ?? () from /usr/sbin/apache2
#45 0xb77fcda1 in ?? () from /usr/sbin/apache2
#46 0xb77fd52f in ap_mpm_run () from /usr/sbin/apache2
#47 0xb77cea92 in main () from /usr/sbin/apache2
Same stack trace just different memory locations.
Previous Comments:
------------------------------------------------------------------------
[2010-03-26 21:04:56] miha dot vrhovnik at domenca dot com
Description:
------------
I have a repeatable crash in a project consisting from Zend Framework
1.10.2, Doctrine 1.2.1, and Dwoo 1.1.1. Unfortunately I'm unable to
strip it down to a small enough test case. But the bug is very
specific.
./configure '--enable-fpm' '--with-openssl' '--with-zlib'
'--enable-bcmath' '--with-bz2' '--enable-calendar' '--with-curl'
'--enable-exif' '--enable-ftp' '--with-gd' '--with-imap'
'--with-imap-ssl' '--enable-mbstring' '--with-mcrypt' '--enable-pcntl'
'--with-pdo-mysql' '--with-pdo-pgsql' '--with-pgsql' '--with-readline'
'--with-mysql' '--enable-soap' '--enable-sockets' '--enable-sqlite-utf8'
'--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy'
'--enable-wddx' '--with-xmlrpc' '--with-xsl' '--enable-zip'
'--with-kerberos' '--with-mysqli'
'--with-config-file-path=/usr/local/etc'
'--with-config-file-scan-dir=/usr/local/etc/php.d' '--with-pear'
'--with-jpeg-dir=/usr/lib' --with-freetype-dir=/usr/lib
r...@mvubdevel:/usr/local/etc# diff php.ini php.ini-production
25c25
< ; they might mean something in the future.
---
> ; they might mean something in the future.
201c201
< user_ini.filename =
---
> ;user_ini.filename =
414c414
< realpath_cache_size = 16k
---
> ;realpath_cache_size = 16k
420c420
< realpath_cache_ttl = 120
---
> ;realpath_cache_ttl = 120
444c444
< ; long running scripts.
---
> ; long running scripts.
514c514
< error_reporting = E_ALL | E_STRICT
---
> error_reporting = E_ALL & ~E_DEPRECATED
524,525c524,525
< ; Off = Do not display any errors
< ; stderr = Display errors to STDERR (affects only CGI/CLI
binaries!)
---
> ; Off = Do not display any errors
> ; stderr = Display errors to STDERR (affects only CGI/CLI
binaries!)
531c531
< display_errors = On
---
> display_errors = Off
542c542
< display_startup_errors = On
---
> display_startup_errors = Off
586c586
< track_errors = On
---
> track_errors = Off
604c604
< html_errors = On
---
> html_errors = Off
636c636
< error_log = /var/log/php_errors.log
---
> ;error_log = php_errors.log
644,645d643
< ; Note - track_vars is ALWAYS enabled
<
677c675
< ; Leaving this value empty will cause PHP to use the value set in the
---
> ; Leaving this value empty will cause PHP to use the value set in the
688,690c686
< ; with user data. This makes most sense when coupled with track_vars
- in which
< ; case you can access all of the GPC variables through the
$HTTP_*_VARS[],
< ; variables.
---
> ; with user data.
811c807
< extension_dir = "/usr/local/lib/php/extensions/"
---
> ; extension_dir = "./"
883c879,882
< upload_max_filesize = 6M
---
> upload_max_filesize = 2M
>
> ; Maximum number of files that can be uploaded via a single request
> max_file_uploads = 20
947c946
< ;
---
> ;
997c996
< date.timezone = Europe/Ljubljana
---
> ;date.timezone =
1019,1021c1018,1020
< iconv.input_encoding = UTF-8
< iconv.internal_encoding = UTF-8
< iconv.output_encoding = UTP-8
---
> ;iconv.input_encoding = ISO-8859-1
> ;iconv.internal_encoding = ISO-8859-1
> ;iconv.output_encoding = ISO-8859-1
1024c1023,1027
< ;intl.default_locale =
---
> ;intl.default_locale =
> ; This directive allows you to produce PHP errors when some error
> ; happens within intl functions. The value is the level of the error
produced.
> ; Default is 0, which does not produce any errors.
> ;intl.error_level = E_WARNING
1038,1040c1041,1043
< ;PCRE library recursion limit.
< ;Please note that if you set this value to a high number you may
consume all
< ;the available process stack and eventually crash PHP (due to reaching
the
---
> ;PCRE library recursion limit.
> ;Please note that if you set this value to a high number you may
consume all
> ;the available process stack and eventually crash PHP (due to reaching
the
1064c1067
< phar.readonly = On
---
> ;phar.readonly = On
1102c1105
< mail.log = /var/log/php-mail.log
---
> ;mail.log =
1118c1121
< ; Controls the ODBC cursor model.
---
> ; Controls the ODBC cursor model.
1245a1249,1256
> ; Allow accessing, from PHP's perspective, local files with LOAD DATA
statements
> ; http://php.net/mysqli.allow_local_infile
> ;mysqli.allow_local_infile = On
>
> ; Allow or prevent persistent links.
> ; http://php.net/mysqli.allow-persistent
> mysqli.allow_persistent = On
>
1294c1305
< mysqlnd.collect_memory_statistics = On
---
> mysqlnd.collect_memory_statistics = Off
1504c1515
< session.cookie_httponly =
---
> session.cookie_httponly =
1523c1534
< ; session initialization. The probability is calculated by using the
following equation:
---
> ; session initialization. The probability is calculated by using the
following equation:
1572c1583
< session.bug_compat_warn = ffn
---
> session.bug_compat_warn = Off
1614c1625
< ; Possible Values
---
> ; Possible Values
1616a1628,1630
> ; This option may also be set to the name of any hash function
supported by
> ; the hash extension. A list of available hashes is returned by the
hash_alogs()
> ; function.
1690c1704
< ; Specify client character set.
---
> ; Specify client character set.
1751c1765
< mbstring.internal_encoding = UTF-8
---
> ;mbstring.internal_encoding = EUC-JP
1854c1868
< ; (time to live) Sets the number of second while cached file will be
used
---
> ; (time to live) Sets the number of second while cached file will be
used
Test script:
---------------
this snippet is from my model, getDbTable returns a class extending
Doctrine_Table
$ret = new stdClass();
$ret->aliases = $this->getDbTable()->findByUser($id);
if ((false !== $ret->aliases) && count($ret->aliases) > 0) {
//this is the line that gets executed, but there is no difference even
if put
$ret->user = $ret->aliases[0]->User;
} else {
$ret->user =
$this->getDbTable('App_Data_User')->findOneByid_user($id);
}
return $ret;
I thought that the cyclic reference is the culprit but there is no
difference even if i put the else part up.
I assign most of the data directly to zend view and use some of it to
format some strings.
Here comes the offending view script:
{$user->local_pa...@{$domain}
{$alias_form|safe}
upper script is "compiled" by dwoo into the following php code
<?php
/* template head */
/* end template head */ ob_start(); /* template body */ ;
echo (is_string($tmp=$this->readVarInto(array ( 1 => array ( 0 =>
'->', ), 2 => array ( 0 => 'local_part', ), 3 => array ( 0
=> '', 1 => '', ),), $this->scope["user"], false)) ?
htmlspecialchars($tmp, ENT_QUOTES, $this->charset) : $tmp);?>@<?php echo
(is_string($tmp=$this->scope["domain"]) ? htmlspecialchars($tmp,
ENT_QUOTES, $this->charset) : $tmp);?>
<?php echo (isset($this->scope["alias_form"]) ?
$this->scope["alias_form"] : null);?>
<?php /* end template body */
return $this->buffer . ob_get_clean();
?>
now the interesting part. I can do one of the following.
remove {$domain}, remove |safe from {$alias_form|safe} or add additional
{$user} at the beginning of the script and the crash is gone.
The real question here is what I can do to help you debug this?
Expected result:
----------------
no segmentation fault
Actual result:
--------------
(gdb) continue
Continuing.
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0x8d5d1c8, p=0x8f0b7d4)
at /projects/php53/php-5.3.2/Zend/zend_alloc.c:2018
2018 /projects/php53/php-5.3.2/Zend/zend_alloc.c: No such file or
directory.
in /projects/php53/php-5.3.2/Zend/zend_alloc.c
(gdb) where
#0 _zend_mm_free_int (heap=0x8d5d1c8, p=0x8f0b7d4)
at /projects/php53/php-5.3.2/Zend/zend_alloc.c:2018
#1 0x08412dc8 in zend_hash_destroy (ht=0x99e2c64)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#2 0x084248f3 in zend_object_std_dtor (object=0x99edab4)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:45
#3 0x08424922 in zend_objects_free_object_storage (object=0x99edab4)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:114
#4 0x08427f2c in zend_objects_store_del_ref_by_handle_ex (handle=123,
handlers=0x88f4a40)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:220
#5 0x08427f5f in zend_objects_store_del_ref (zobject=0x99d958c)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:172
#6 0x083fc80f in _zval_dtor (zval_ptr=0x9a03dd8)
at /projects/php53/php-5.3.2/Zend/zend_variables.h:35
#7 _zval_ptr_dtor (zval_ptr=0x9a03dd8)
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439
#8 0x08412dc8 in zend_hash_destroy (ht=0x99f54f4)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#9 0x08407275 in _zval_dtor_func (zvalue=0x99f49b8)
at /projects/php53/php-5.3.2/Zend/zend_variables.c:43
#10 0x083fc80f in _zval_dtor (zval_ptr=0x9887154)
at /projects/php53/php-5.3.2/Zend/zend_variables.h:35
---Type <return> to continue, or q <return> to quit---
#11 _zval_ptr_dtor (zval_ptr=0x9887154)
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439
#12 0x08412dc8 in zend_hash_destroy (ht=0x984543c)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#13 0x084248f3 in zend_object_std_dtor (object=0x9966d98)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:45
#14 0x08424922 in zend_objects_free_object_storage (object=0x9966d98)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:114
#15 0x08427f2c in zend_objects_store_del_ref_by_handle_ex (handle=111,
handlers=0x88f4a40)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:220
#16 0x08427f5f in zend_objects_store_del_ref (zobject=0x980877c)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:172
#17 0x083fc80f in _zval_dtor (zval_ptr=0x9a0ccd0)
at /projects/php53/php-5.3.2/Zend/zend_variables.h:35
#18 _zval_ptr_dtor (zval_ptr=0x9a0ccd0)
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439
#19 0x08412dc8 in zend_hash_destroy (ht=0x9488590)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#20 0x08407275 in _zval_dtor_func (zvalue=0x9439ac4)
at /projects/php53/php-5.3.2/Zend/zend_variables.c:43
#21 0x083fc80f in _zval_dtor (zval_ptr=0x94933b0)
at /projects/php53/php-5.3.2/Zend/zend_variables.h:35
---Type <return> to continue, or q <return> to quit---
#22 _zval_ptr_dtor (zval_ptr=0x94933b0)
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439
#23 0x08412dc8 in zend_hash_destroy (ht=0x9461440)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#24 0x084248f3 in zend_object_std_dtor (object=0x948a64c)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:45
#25 0x08424922 in zend_objects_free_object_storage (object=0x948a64c)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:114
#26 0x08427f2c in zend_objects_store_del_ref_by_handle_ex (handle=63,
handlers=0x88f4a40)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:220
#27 0x08427f5f in zend_objects_store_del_ref (zobject=0x93fb604)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:172
#28 0x083fc80f in _zval_dtor (zval_ptr=0x9060248)
at /projects/php53/php-5.3.2/Zend/zend_variables.h:35
#29 _zval_ptr_dtor (zval_ptr=0x9060248)
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439
#30 0x08412dc8 in zend_hash_destroy (ht=0x90a1cd4)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#31 0x084248f3 in zend_object_std_dtor (object=0x905b748)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:45
#32 0x08424922 in zend_objects_free_object_storage (object=0x905b748)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:114
---Type <return> to continue, or q <return> to quit---
#33 0x08427a7e in zend_objects_store_free_object_storage
(objects=0x8911f50)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:92
#34 0x083fe755 in shutdown_executor ()
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:302
#35 0x08407d83 in zend_deactivate ()
at /projects/php53/php-5.3.2/Zend/zend.c:890
#36 0x083b6b13 in php_request_shutdown (dummy=0x0)
at /projects/php53/php-5.3.2/main/main.c:1633
#37 0x0848bc5e in main (argc=3, argv=0xbf8725c4)
at /projects/php53/php-5.3.2/sapi/fpm/fpm/fpm_main.c:1864
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=51405&edit=1
