Edit report at http://bugs.php.net/bug.php?id=51405&edit=1
ID: 51405
User updated by: miha dot vrhovnik at domenca dot com
Reported by: miha dot vrhovnik at domenca dot com
Summary: segmentation fault at the "engine shutdown"
-Status: Feedback
+Status: Open
Type: Bug
Package: Reproducible crash
Operating System: Linux
PHP Version: 5.3.2
New Comment:
Hi, Mike....
I've tried to strip it down to simple script, but without success. Would
downloadable VmWare image where I'd strip away as much as I can, help?
Previous Comments:
------------------------------------------------------------------------
[2010-05-19 15:47:13] m...@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
No reproduce case, no chance to do anything, sorry.
------------------------------------------------------------------------
[2010-03-27 19:46:56] miha dot vrhovnik at domenca dot com
Just so there won't be any excuses that this is because I'm running
under php-fpm Here is backtrace from apache2.
a bit different configure -- removed fpm and added apache:
./configure '--with-apxs2=/usr/bin/apxs2' '--with-openssl' '--with-zlib'
'--enable-bcmath' '--with-bz2' '--enable-calendar' '--with-curl'
'--enable-exif' '--enable-ftp' '--with-gd' '--with-imap'
'--with-imap-ssl' '--enable-mbstring' '--with-mcrypt' '--enable-pcntl'
'--with-pdo-mysql' '--with-pdo-pgsql' '--with-pgsql' '--with-readline'
'--with-mysql' '--enable-soap' '--enable-sockets' '--enable-sqlite-utf8'
'--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy'
'--enable-wddx' '--with-xmlrpc' '--with-xsl' '--enable-zip'
'--with-kerberos' '--with-mysqli'
'--with-config-file-path=/usr/local/etc'
'--with-config-file-scan-dir=/usr/local/etc/php.d' '--with-pear'
'--with-jpeg-dir=/usr/lib' --with-freetype-dir=/usr/lib
and now the actual backtrace
(gdb) continue
Continuing.
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0xb979d180, p=0xb9946290)
at /projects/php53/php-fpm-5.3.2/Zend/zend_alloc.c:2018
2018 /projects/php53/php-fpm-5.3.2/Zend/zend_alloc.c: No such file or
directory.
in /projects/php53/php-fpm-5.3.2/Zend/zend_alloc.c
(gdb) bt
#0 _zend_mm_free_int (heap=0xb979d180, p=0xb9946290)
at /projects/php53/php-fpm-5.3.2/Zend/zend_alloc.c:2018
#1 0xb6ff2498 in zend_hash_destroy (ht=0xba189ca0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#2 0xb7003fc3 in zend_object_std_dtor (object=0xba193830)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:45
#3 0xb7003ff2 in zend_objects_free_object_storage (object=0xba193830)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:114
#4 0xb70075fc in zend_objects_store_del_ref_by_handle_ex (handle=127,
handlers=0xb74c65c0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:220
#5 0xb700762f in zend_objects_store_del_ref (zobject=0xba189ff0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:172
#6 0xb6fdbedf in _zval_dtor (zval_ptr=0xba1a6238)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.h:35
#7 _zval_ptr_dtor (zval_ptr=0xba1a6238)
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:439
#8 0xb6ff2498 in zend_hash_destroy (ht=0xba19273c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#9 0xb6fe6945 in _zval_dtor_func (zvalue=0xba197ef4)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.c:43
#10 0xb6fdbedf in _zval_dtor (zval_ptr=0xba106080)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.h:35
---Type <return> to continue, or q <return> to quit---
#11 _zval_ptr_dtor (zval_ptr=0xba106080)
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:439
#12 0xb6ff2498 in zend_hash_destroy (ht=0xba12276c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#13 0xb7003fc3 in zend_object_std_dtor (object=0xb5e7013c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:45
#14 0xb7003ff2 in zend_objects_free_object_storage (object=0xb5e7013c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:114
#15 0xb70075fc in zend_objects_store_del_ref_by_handle_ex (handle=120,
handlers=0xb74c65c0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:220
#16 0xb700762f in zend_objects_store_del_ref (zobject=0xba051424)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:172
#17 0xb6fdbedf in _zval_dtor (zval_ptr=0xba1ac560)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.h:35
#18 _zval_ptr_dtor (zval_ptr=0xba1ac560)
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:439
#19 0xb6ff2498 in zend_hash_destroy (ht=0xb9dbc140)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#20 0xb6fe6945 in _zval_dtor_func (zvalue=0xb9d45c40)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.c:43
#21 0xb6fdbedf in _zval_dtor (zval_ptr=0xb9dc1130)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.h:35
---Type <return> to continue, or q <return> to quit---
#22 _zval_ptr_dtor (zval_ptr=0xb9dc1130)
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:439
#23 0xb6ff2498 in zend_hash_destroy (ht=0xb9d4a5fc)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#24 0xb7003fc3 in zend_object_std_dtor (object=0xb9dc3df4)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:45
#25 0xb7003ff2 in zend_objects_free_object_storage (object=0xb9dc3df4)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:114
#26 0xb70075fc in zend_objects_store_del_ref_by_handle_ex (handle=62,
handlers=0xb74c65c0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:220
#27 0xb700762f in zend_objects_store_del_ref (zobject=0xb9d45ab4)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:172
#28 0xb6fdbedf in _zval_dtor (zval_ptr=0xb9a84614)
at /projects/php53/php-fpm-5.3.2/Zend/zend_variables.h:35
#29 _zval_ptr_dtor (zval_ptr=0xb9a84614)
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:439
#30 0xb6ff2498 in zend_hash_destroy (ht=0xb9a52b6c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_hash.c:526
#31 0xb7003fc3 in zend_object_std_dtor (object=0xb9a2fd1c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:45
#32 0xb7003ff2 in zend_objects_free_object_storage (object=0xb9a2fd1c)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects.c:114
---Type <return> to continue, or q <return> to quit---
#33 0xb700714e in zend_objects_store_free_object_storage
(objects=0xb74e29b0)
at /projects/php53/php-fpm-5.3.2/Zend/zend_objects_API.c:92
#34 0xb6fdde25 in shutdown_executor ()
at /projects/php53/php-fpm-5.3.2/Zend/zend_execute_API.c:302
#35 0xb6fe7453 in zend_deactivate ()
at /projects/php53/php-fpm-5.3.2/Zend/zend.c:890
#36 0xb6f961e3 in php_request_shutdown (dummy=0x0)
at /projects/php53/php-fpm-5.3.2/main/main.c:1633
#37 0xb706680c in php_apache_request_dtor (r=0xb99387e8)
at
/projects/php53/php-fpm-5.3.2/sapi/apache2handler/sapi_apache2.c:495
#38 php_handler (r=0xb99387e8)
at
/projects/php53/php-fpm-5.3.2/sapi/apache2handler/sapi_apache2.c:667
#39 0xb77e3f51 in ap_run_handler () from /usr/sbin/apache2
#40 0xb77e7d2f in ap_invoke_handler () from /usr/sbin/apache2
#41 0xb77f75a8 in ap_process_request () from /usr/sbin/apache2
#42 0xb77f4118 in ?? () from /usr/sbin/apache2
#43 0xb77ec7c1 in ap_run_process_connection () from /usr/sbin/apache2
#44 0xb77fcac1 in ?? () from /usr/sbin/apache2
#45 0xb77fcda1 in ?? () from /usr/sbin/apache2
#46 0xb77fd52f in ap_mpm_run () from /usr/sbin/apache2
#47 0xb77cea92 in main () from /usr/sbin/apache2
Same stack trace just different memory locations.
------------------------------------------------------------------------
[2010-03-26 21:04:56] miha dot vrhovnik at domenca dot com
Description:
------------
I have a repeatable crash in a project consisting from Zend Framework
1.10.2, Doctrine 1.2.1, and Dwoo 1.1.1. Unfortunately I'm unable to
strip it down to a small enough test case. But the bug is very
specific.
./configure '--enable-fpm' '--with-openssl' '--with-zlib'
'--enable-bcmath' '--with-bz2' '--enable-calendar' '--with-curl'
'--enable-exif' '--enable-ftp' '--with-gd' '--with-imap'
'--with-imap-ssl' '--enable-mbstring' '--with-mcrypt' '--enable-pcntl'
'--with-pdo-mysql' '--with-pdo-pgsql' '--with-pgsql' '--with-readline'
'--with-mysql' '--enable-soap' '--enable-sockets' '--enable-sqlite-utf8'
'--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy'
'--enable-wddx' '--with-xmlrpc' '--with-xsl' '--enable-zip'
'--with-kerberos' '--with-mysqli'
'--with-config-file-path=/usr/local/etc'
'--with-config-file-scan-dir=/usr/local/etc/php.d' '--with-pear'
'--with-jpeg-dir=/usr/lib' --with-freetype-dir=/usr/lib
r...@mvubdevel:/usr/local/etc# diff php.ini php.ini-production
25c25
< ; they might mean something in the future.
---
> ; they might mean something in the future.
201c201
< user_ini.filename =
---
> ;user_ini.filename =
414c414
< realpath_cache_size = 16k
---
> ;realpath_cache_size = 16k
420c420
< realpath_cache_ttl = 120
---
> ;realpath_cache_ttl = 120
444c444
< ; long running scripts.
---
> ; long running scripts.
514c514
< error_reporting = E_ALL | E_STRICT
---
> error_reporting = E_ALL & ~E_DEPRECATED
524,525c524,525
< ; Off = Do not display any errors
< ; stderr = Display errors to STDERR (affects only CGI/CLI
binaries!)
---
> ; Off = Do not display any errors
> ; stderr = Display errors to STDERR (affects only CGI/CLI
binaries!)
531c531
< display_errors = On
---
> display_errors = Off
542c542
< display_startup_errors = On
---
> display_startup_errors = Off
586c586
< track_errors = On
---
> track_errors = Off
604c604
< html_errors = On
---
> html_errors = Off
636c636
< error_log = /var/log/php_errors.log
---
> ;error_log = php_errors.log
644,645d643
< ; Note - track_vars is ALWAYS enabled
<
677c675
< ; Leaving this value empty will cause PHP to use the value set in the
---
> ; Leaving this value empty will cause PHP to use the value set in the
688,690c686
< ; with user data. This makes most sense when coupled with track_vars
- in which
< ; case you can access all of the GPC variables through the
$HTTP_*_VARS[],
< ; variables.
---
> ; with user data.
811c807
< extension_dir = "/usr/local/lib/php/extensions/"
---
> ; extension_dir = "./"
883c879,882
< upload_max_filesize = 6M
---
> upload_max_filesize = 2M
>
> ; Maximum number of files that can be uploaded via a single request
> max_file_uploads = 20
947c946
< ;
---
> ;
997c996
< date.timezone = Europe/Ljubljana
---
> ;date.timezone =
1019,1021c1018,1020
< iconv.input_encoding = UTF-8
< iconv.internal_encoding = UTF-8
< iconv.output_encoding = UTP-8
---
> ;iconv.input_encoding = ISO-8859-1
> ;iconv.internal_encoding = ISO-8859-1
> ;iconv.output_encoding = ISO-8859-1
1024c1023,1027
< ;intl.default_locale =
---
> ;intl.default_locale =
> ; This directive allows you to produce PHP errors when some error
> ; happens within intl functions. The value is the level of the error
produced.
> ; Default is 0, which does not produce any errors.
> ;intl.error_level = E_WARNING
1038,1040c1041,1043
< ;PCRE library recursion limit.
< ;Please note that if you set this value to a high number you may
consume all
< ;the available process stack and eventually crash PHP (due to reaching
the
---
> ;PCRE library recursion limit.
> ;Please note that if you set this value to a high number you may
consume all
> ;the available process stack and eventually crash PHP (due to reaching
the
1064c1067
< phar.readonly = On
---
> ;phar.readonly = On
1102c1105
< mail.log = /var/log/php-mail.log
---
> ;mail.log =
1118c1121
< ; Controls the ODBC cursor model.
---
> ; Controls the ODBC cursor model.
1245a1249,1256
> ; Allow accessing, from PHP's perspective, local files with LOAD DATA
statements
> ; http://php.net/mysqli.allow_local_infile
> ;mysqli.allow_local_infile = On
>
> ; Allow or prevent persistent links.
> ; http://php.net/mysqli.allow-persistent
> mysqli.allow_persistent = On
>
1294c1305
< mysqlnd.collect_memory_statistics = On
---
> mysqlnd.collect_memory_statistics = Off
1504c1515
< session.cookie_httponly =
---
> session.cookie_httponly =
1523c1534
< ; session initialization. The probability is calculated by using the
following equation:
---
> ; session initialization. The probability is calculated by using the
following equation:
1572c1583
< session.bug_compat_warn = ffn
---
> session.bug_compat_warn = Off
1614c1625
< ; Possible Values
---
> ; Possible Values
1616a1628,1630
> ; This option may also be set to the name of any hash function
supported by
> ; the hash extension. A list of available hashes is returned by the
hash_alogs()
> ; function.
1690c1704
< ; Specify client character set.
---
> ; Specify client character set.
1751c1765
< mbstring.internal_encoding = UTF-8
---
> ;mbstring.internal_encoding = EUC-JP
1854c1868
< ; (time to live) Sets the number of second while cached file will be
used
---
> ; (time to live) Sets the number of second while cached file will be
used
Test script:
---------------
this snippet is from my model, getDbTable returns a class extending
Doctrine_Table
$ret = new stdClass();
$ret->aliases = $this->getDbTable()->findByUser($id);
if ((false !== $ret->aliases) && count($ret->aliases) > 0) {
//this is the line that gets executed, but there is no difference even
if put
$ret->user = $ret->aliases[0]->User;
} else {
$ret->user =
$this->getDbTable('App_Data_User')->findOneByid_user($id);
}
return $ret;
I thought that the cyclic reference is the culprit but there is no
difference even if i put the else part up.
I assign most of the data directly to zend view and use some of it to
format some strings.
Here comes the offending view script:
{$user->local_pa...@{$domain}
{$alias_form|safe}
upper script is "compiled" by dwoo into the following php code
<?php
/* template head */
/* end template head */ ob_start(); /* template body */ ;
echo (is_string($tmp=$this->readVarInto(array ( 1 => array ( 0 =>
'->', ), 2 => array ( 0 => 'local_part', ), 3 => array ( 0
=> '', 1 => '', ),), $this->scope["user"], false)) ?
htmlspecialchars($tmp, ENT_QUOTES, $this->charset) : $tmp);?>@<?php echo
(is_string($tmp=$this->scope["domain"]) ? htmlspecialchars($tmp,
ENT_QUOTES, $this->charset) : $tmp);?>
<?php echo (isset($this->scope["alias_form"]) ?
$this->scope["alias_form"] : null);?>
<?php /* end template body */
return $this->buffer . ob_get_clean();
?>
now the interesting part. I can do one of the following.
remove {$domain}, remove |safe from {$alias_form|safe} or add additional
{$user} at the beginning of the script and the crash is gone.
The real question here is what I can do to help you debug this?
Expected result:
----------------
no segmentation fault
Actual result:
--------------
(gdb) continue
Continuing.
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_free_int (heap=0x8d5d1c8, p=0x8f0b7d4)
at /projects/php53/php-5.3.2/Zend/zend_alloc.c:2018
2018 /projects/php53/php-5.3.2/Zend/zend_alloc.c: No such file or
directory.
in /projects/php53/php-5.3.2/Zend/zend_alloc.c
(gdb) where
#0 _zend_mm_free_int (heap=0x8d5d1c8, p=0x8f0b7d4)
at /projects/php53/php-5.3.2/Zend/zend_alloc.c:2018
#1 0x08412dc8 in zend_hash_destroy (ht=0x99e2c64)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#2 0x084248f3 in zend_object_std_dtor (object=0x99edab4)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:45
#3 0x08424922 in zend_objects_free_object_storage (object=0x99edab4)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:114
#4 0x08427f2c in zend_objects_store_del_ref_by_handle_ex (handle=123,
handlers=0x88f4a40)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:220
#5 0x08427f5f in zend_objects_store_del_ref (zobject=0x99d958c)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:172
#6 0x083fc80f in _zval_dtor (zval_ptr=0x9a03dd8)
at /projects/php53/php-5.3.2/Zend/zend_variables.h:35
#7 _zval_ptr_dtor (zval_ptr=0x9a03dd8)
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439
#8 0x08412dc8 in zend_hash_destroy (ht=0x99f54f4)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#9 0x08407275 in _zval_dtor_func (zvalue=0x99f49b8)
at /projects/php53/php-5.3.2/Zend/zend_variables.c:43
#10 0x083fc80f in _zval_dtor (zval_ptr=0x9887154)
at /projects/php53/php-5.3.2/Zend/zend_variables.h:35
---Type <return> to continue, or q <return> to quit---
#11 _zval_ptr_dtor (zval_ptr=0x9887154)
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439
#12 0x08412dc8 in zend_hash_destroy (ht=0x984543c)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#13 0x084248f3 in zend_object_std_dtor (object=0x9966d98)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:45
#14 0x08424922 in zend_objects_free_object_storage (object=0x9966d98)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:114
#15 0x08427f2c in zend_objects_store_del_ref_by_handle_ex (handle=111,
handlers=0x88f4a40)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:220
#16 0x08427f5f in zend_objects_store_del_ref (zobject=0x980877c)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:172
#17 0x083fc80f in _zval_dtor (zval_ptr=0x9a0ccd0)
at /projects/php53/php-5.3.2/Zend/zend_variables.h:35
#18 _zval_ptr_dtor (zval_ptr=0x9a0ccd0)
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439
#19 0x08412dc8 in zend_hash_destroy (ht=0x9488590)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#20 0x08407275 in _zval_dtor_func (zvalue=0x9439ac4)
at /projects/php53/php-5.3.2/Zend/zend_variables.c:43
#21 0x083fc80f in _zval_dtor (zval_ptr=0x94933b0)
at /projects/php53/php-5.3.2/Zend/zend_variables.h:35
---Type <return> to continue, or q <return> to quit---
#22 _zval_ptr_dtor (zval_ptr=0x94933b0)
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439
#23 0x08412dc8 in zend_hash_destroy (ht=0x9461440)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#24 0x084248f3 in zend_object_std_dtor (object=0x948a64c)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:45
#25 0x08424922 in zend_objects_free_object_storage (object=0x948a64c)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:114
#26 0x08427f2c in zend_objects_store_del_ref_by_handle_ex (handle=63,
handlers=0x88f4a40)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:220
#27 0x08427f5f in zend_objects_store_del_ref (zobject=0x93fb604)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:172
#28 0x083fc80f in _zval_dtor (zval_ptr=0x9060248)
at /projects/php53/php-5.3.2/Zend/zend_variables.h:35
#29 _zval_ptr_dtor (zval_ptr=0x9060248)
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:439
#30 0x08412dc8 in zend_hash_destroy (ht=0x90a1cd4)
at /projects/php53/php-5.3.2/Zend/zend_hash.c:526
#31 0x084248f3 in zend_object_std_dtor (object=0x905b748)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:45
#32 0x08424922 in zend_objects_free_object_storage (object=0x905b748)
at /projects/php53/php-5.3.2/Zend/zend_objects.c:114
---Type <return> to continue, or q <return> to quit---
#33 0x08427a7e in zend_objects_store_free_object_storage
(objects=0x8911f50)
at /projects/php53/php-5.3.2/Zend/zend_objects_API.c:92
#34 0x083fe755 in shutdown_executor ()
at /projects/php53/php-5.3.2/Zend/zend_execute_API.c:302
#35 0x08407d83 in zend_deactivate ()
at /projects/php53/php-5.3.2/Zend/zend.c:890
#36 0x083b6b13 in php_request_shutdown (dummy=0x0)
at /projects/php53/php-5.3.2/main/main.c:1633
#37 0x0848bc5e in main (argc=3, argv=0xbf8725c4)
at /projects/php53/php-5.3.2/sapi/fpm/fpm/fpm_main.c:1864
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=51405&edit=1
