Bug #64047 [Com]: segfault in request shutdown (server_context is NULL)

r...@php.net Tue, 22 Jan 2013 06:03:06 -0800

Edit report at https://bugs.php.net/bug.php?id=64047&edit=1


 ID:                 64047
 Comment by:         r...@php.net
 Reported by:        r...@php.net
 Summary:            segfault in request shutdown (server_context is
                     NULL)
 Status:             Open
 Type:               Bug
 Package:            Apache2 related
 Operating System:   GNU/Linux
 PHP Version:        Irrelevant
 Block user comment: N
 Private report:     N

 New Comment:

We are currently trying to run with the temporary patch applied to get more 
information about the segfault context.

I will update this bug as soon as I will get more debug information.


Previous Comments:
------------------------------------------------------------------------
[2013-01-22 14:01:14] r...@php.net

The following patch has been added/updated:

Patch Name: temporary.patch
Revision:   1358863274
URL:        
https://bugs.php.net/patch-display.php?bug=64047&patch=temporary.patch&revision=1358863274

------------------------------------------------------------------------
[2013-01-22 14:00:33] r...@php.net

Description:
------------
We encounter, in specific race condition (seems http/500 error) a segfault in 
php_request_shutdown.

According to backtrace, server_context is NULL.

This backtrace is from php 5.3.3, but as I don't see any change in git history, 
I think it could occurs in latest php 5.3.

Core was generated by `/usr/sbin/httpd'.
Program terminated with signal 11, Segmentation fault.
#0  php_apache_sapi_header_handler (sapi_header=<value optimized out>, 
op=SAPI_HEADER_ADD, sapi_headers=<value optimized out>)
    at /usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:124
124                                     if (ctx->content_type) {

(gdb) bt
#0  php_apache_sapi_header_handler (sapi_header=<value optimized out>, 
op=SAPI_HEADER_ADD, sapi_headers=<value optimized out>)
    at /usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:124
#1  0x00007fe16f2127ce in sapi_header_op (op=<value optimized out>, arg=<value 
optimized out>) at /usr/src/debug/php-5.3.3/main/SAPI.c:756
#2  0x00007fe16f212d98 in sapi_add_header_ex (header_line=0x7fe17ddff728 
"Content-type: text/html", header_line_len=<value optimized out>, 
    duplicate=0 '\000', replace=<value optimized out>) at 
/usr/src/debug/php-5.3.3/main/SAPI.c:515
#3  0x00007fe16f2135e2 in sapi_send_headers () at 
/usr/src/debug/php-5.3.3/main/SAPI.c:796
#4  0x00007fe16f1bbdd9 in php_header () at 
/usr/src/debug/php-5.3.3/ext/standard/head.c:69
#5  0x00007fe16f21b3e3 in php_ub_body_write (str=0x7fe17f65b400 "", 
str_length=0) at /usr/src/debug/php-5.3.3/main/output.c:719
#6  0x00007fe16f21b998 in php_end_ob_buffer (send_buffer=1 '\001', just_flush=0 
'\000') at /usr/src/debug/php-5.3.3/main/output.c:298
#7  0x00007fe16f21c249 in php_end_ob_buffers (send_buffer=1 '\001') at 
/usr/src/debug/php-5.3.3/main/output.c:337
#8  0x00007fe16f20873f in php_request_shutdown (dummy=<value optimized out>) at 
/usr/src/debug/php-5.3.3/main/main.c:1598
#9  0x00007fe16f2e2997 in php_apache_request_dtor (r=0x7fe17db8dd18) at 
/usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:509
#10 php_handler (r=0x7fe17db8dd18) at 
/usr/src/debug/php-5.3.3/sapi/apache2handler/sapi_apache2.c:681
#11 0x00007fe17c46ab00 in ap_run_handler (r=0x7fe17db8dd18) at 
/usr/src/debug/httpd-2.2.15/server/config.c:158
#12 0x00007fe17c46e3be in ap_invoke_handler (r=0x7fe17db8dd18) at 
/usr/src/debug/httpd-2.2.15/server/config.c:376
#13 0x00007fe17c479a30 in ap_process_request (r=0x7fe17db8dd18) at 
/usr/src/debug/httpd-2.2.15/modules/http/http_request.c:282
#14 0x00007fe17c4768f8 in ap_process_http_connection (c=0x7fe17da29518) at 
/usr/src/debug/httpd-2.2.15/modules/http/http_core.c:190
#15 0x00007fe17c472608 in ap_run_process_connection (c=0x7fe17da29518) at 
/usr/src/debug/httpd-2.2.15/server/connection.c:43
#16 0x00007fe17c47e807 in child_main (child_num_arg=<value optimized out>) at 
/usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:667
#17 0x00007fe17c47eb1a in make_child (s=0x7fe17d1d4860, slot=1) at 
/usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:763
#18 0x00007fe17c47f79c in perform_idle_server_maintenance (_pconf=<value 
optimized out>, plog=<value optimized out>, s=<value optimized out>)
    at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:898
#19 ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, 
s=<value optimized out>)
    at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:1102
#20 0x00007fe17c456900 in main (argc=1, argv=0x7fff82467b78) at 
/usr/src/debug/httpd-2.2.15/server/main.c:760
(gdb) print sapi_globals
$1 = {server_context = 0x0, request_info = {request_method = 0x7fe17db8f638 
"GET", 
    query_string = 0x7fe17d734d88 
"option=###############&view=main&article-id=################################################",
 post_data = 0x0, 
    raw_post_data = 0x0, cookie_data = 0x0, content_length = 0, 
post_data_length = 0, raw_post_data_length = 0, 
    path_translated = 0x7fe17d734df8 "/var/www/html/index.php", request_uri = 
0x7fe17d734de8 "/index.php", content_type = 0x0, 
    headers_only = 0 '\000', no_headers = 0 '\000', headers_read = 0 '\000', 
post_entry = 0x0, content_type_dup = 0x0, auth_user = 0x0, 
    auth_password = 0x0, auth_digest = 0x0, argv0 = 0x0, current_user = 0x0, 
current_user_length = 0, argc = 0, argv = 0x0, proto_num = 1000}, 
  sapi_headers = {headers = {head = 0x7fe17f0ecb70, tail = 0x7fe17e588a48, 
count = 3, size = 16, dtor = 0x7fe16f212270 <sapi_free_header>, 
      persistent = 0 '\000', traverse_ptr = 0x0}, http_response_code = 500, 
send_default_content_type = 0 '\000', 
    mimetype = 0x7fe17ddff980 "text/html", http_status_line = 0x7fe17ddfb750 
"HTTP/1.0 500 Internal Server Error"}, read_post_bytes = 0, 
  headers_sent = 0 '\000', global_stat = {st_dev = 0, st_ino = 0, st_nlink = 0, 
st_mode = 0, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, 
    st_size = 0, st_blksize = 0, st_blocks = 0, st_atim = {tv_sec = 0, tv_nsec 
= 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, 
      tv_nsec = 0}, __unused = {0, 0, 0}}, default_mimetype = 0x7fe17d8be530 
"text/html", default_charset = 0x7fe16f2ea939 "", 
  rfc1867_uploaded_files = 0x0, post_max_size = 16777216, options = 0, 
sapi_started = 1 '\001', global_request_time = 1357194727, 
  known_post_content_types = {nTableSize = 8, nTableMask = 7, nNumOfElements = 
2, nNextFreeElement = 0, pInternalPointer = 0x7fe17d43d9c0, 
    pListHead = 0x7fe17d43d9c0, pListTail = 0x7fe17d93e850, arBuckets = 
0x7fe17d43b6b0, pDestructor = 0, persistent = 1 '\001', 
    nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}}




------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=64047&edit=1

Bug #64047 [Com]: segfault in request shutdown (server_context is NULL)

Reply via email to