[PHP-BUG] Bug #64047 [NEW]: segfault in request shutdown (server_context is NULL)

Tue, 22 Jan 2013 06:00:48 -0800 

From:             remi
Operating system: GNU/Linux
PHP version:      Irrelevant
Package:          Apache2 related
Bug Type:         Bug
Bug description:segfault in request shutdown (server_context is NULL)

Description:
------------
We encounter, in specific race condition (seems http/500 error) a segfault
in php_request_shutdown.

According to backtrace, server_context is NULL.

This backtrace is from php 5.3.3, but as I don't see any change in git
history, I think it could occurs in latest php 5.3.

Core was generated by `/usr/sbin/httpd'.
Program terminated with signal 11, Segmentation fault.
#0  php_apache_sapi_header_handler (sapi_header=<value optimized out>,
op=SAPI_HEADER_ADD, sapi_headers=<value optimized out>)
    at /usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:124
124                                     if (ctx->content_type) {

(gdb) bt
#0  php_apache_sapi_header_handler (sapi_header=<value optimized out>,
op=SAPI_HEADER_ADD, sapi_headers=<value optimized out>)
    at /usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:124
#1  0x00007fe16f2127ce in sapi_header_op (op=<value optimized out>,
arg=<value optimized out>) at /usr/src/debug/php-5.3.3/main/SAPI.c:756
#2  0x00007fe16f212d98 in sapi_add_header_ex (header_line=0x7fe17ddff728
"Content-type: text/html", header_line_len=<value optimized out>, 
    duplicate=0 '\000', replace=<value optimized out>) at
/usr/src/debug/php-5.3.3/main/SAPI.c:515
#3  0x00007fe16f2135e2 in sapi_send_headers () at
/usr/src/debug/php-5.3.3/main/SAPI.c:796
#4  0x00007fe16f1bbdd9 in php_header () at
/usr/src/debug/php-5.3.3/ext/standard/head.c:69
#5  0x00007fe16f21b3e3 in php_ub_body_write (str=0x7fe17f65b400 "",
str_length=0) at /usr/src/debug/php-5.3.3/main/output.c:719
#6  0x00007fe16f21b998 in php_end_ob_buffer (send_buffer=1 '\001',
just_flush=0 '\000') at /usr/src/debug/php-5.3.3/main/output.c:298
#7  0x00007fe16f21c249 in php_end_ob_buffers (send_buffer=1 '\001') at
/usr/src/debug/php-5.3.3/main/output.c:337
#8  0x00007fe16f20873f in php_request_shutdown (dummy=<value optimized
out>) at /usr/src/debug/php-5.3.3/main/main.c:1598
#9  0x00007fe16f2e2997 in php_apache_request_dtor (r=0x7fe17db8dd18) at
/usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:509
#10 php_handler (r=0x7fe17db8dd18) at
/usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:681
#11 0x00007fe17c46ab00 in ap_run_handler (r=0x7fe17db8dd18) at
/usr/src/debug/httpd-2.2.15/server/config.c:158
#12 0x00007fe17c46e3be in ap_invoke_handler (r=0x7fe17db8dd18) at
/usr/src/debug/httpd-2.2.15/server/config.c:376
#13 0x00007fe17c479a30 in ap_process_request (r=0x7fe17db8dd18) at
/usr/src/debug/httpd-2.2.15/modules/http/http_request.c:282
#14 0x00007fe17c4768f8 in ap_process_http_connection (c=0x7fe17da29518) at
/usr/src/debug/httpd-2.2.15/modules/http/http_core.c:190
#15 0x00007fe17c472608 in ap_run_process_connection (c=0x7fe17da29518) at
/usr/src/debug/httpd-2.2.15/server/connection.c:43
#16 0x00007fe17c47e807 in child_main (child_num_arg=<value optimized out>)
at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:667
#17 0x00007fe17c47eb1a in make_child (s=0x7fe17d1d4860, slot=1) at
/usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:763
#18 0x00007fe17c47f79c in perform_idle_server_maintenance (_pconf=<value
optimized out>, plog=<value optimized out>, s=<value optimized out>)
    at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:898
#19 ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>,
s=<value optimized out>)
    at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:1102
#20 0x00007fe17c456900 in main (argc=1, argv=0x7fff82467b78) at
/usr/src/debug/httpd-2.2.15/server/main.c:760
(gdb) print sapi_globals
$1 = {server_context = 0x0, request_info = {request_method = 0x7fe17db8f638
"GET", 
    query_string = 0x7fe17d734d88
"option=###############&view=main&article-id=################################################",
post_data = 0x0, 
    raw_post_data = 0x0, cookie_data = 0x0, content_length = 0,
post_data_length = 0, raw_post_data_length = 0, 
    path_translated = 0x7fe17d734df8 "/var/www/html/index.php", request_uri
= 0x7fe17d734de8 "/index.php", content_type = 0x0, 
    headers_only = 0 '\000', no_headers = 0 '\000', headers_read = 0
'\000', post_entry = 0x0, content_type_dup = 0x0, auth_user = 0x0, 
    auth_password = 0x0, auth_digest = 0x0, argv0 = 0x0, current_user =
0x0, current_user_length = 0, argc = 0, argv = 0x0, proto_num = 1000}, 
  sapi_headers = {headers = {head = 0x7fe17f0ecb70, tail = 0x7fe17e588a48,
count = 3, size = 16, dtor = 0x7fe16f212270 <sapi_free_header>, 
      persistent = 0 '\000', traverse_ptr = 0x0}, http_response_code = 500,
send_default_content_type = 0 '\000', 
    mimetype = 0x7fe17ddff980 "text/html", http_status_line =
0x7fe17ddfb750 "HTTP/1.0 500 Internal Server Error"}, read_post_bytes = 0,

  headers_sent = 0 '\000', global_stat = {st_dev = 0, st_ino = 0, st_nlink
= 0, st_mode = 0, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, 
    st_size = 0, st_blksize = 0, st_blocks = 0, st_atim = {tv_sec = 0,
tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, 
      tv_nsec = 0}, __unused = {0, 0, 0}}, default_mimetype =
0x7fe17d8be530 "text/html", default_charset = 0x7fe16f2ea939 "", 
  rfc1867_uploaded_files = 0x0, post_max_size = 16777216, options = 0,
sapi_started = 1 '\001', global_request_time = 1357194727, 
  known_post_content_types = {nTableSize = 8, nTableMask = 7,
nNumOfElements = 2, nNextFreeElement = 0, pInternalPointer =
0x7fe17d43d9c0, 
    pListHead = 0x7fe17d43d9c0, pListTail = 0x7fe17d93e850, arBuckets =
0x7fe17d43b6b0, pDestructor = 0, persistent = 1 '\001', 
    nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}}



-- 
Edit bug report at https://bugs.php.net/bug.php?id=64047&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=64047&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=64047&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=64047&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=64047&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=64047&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=64047&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=64047&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=64047&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=64047&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=64047&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=64047&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=64047&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=64047&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64047&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=64047&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=64047&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=64047&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=64047&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=64047&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=64047&r=mysqlcfg

Reply via email to