ID: 31624
User updated by: ericvanblokland at gmail dot com
Reported By: ericvanblokland at gmail dot com
Status: Open
Bug Type: Session related
Operating System: Fedora Core 2
PHP Version: 4CVS-2005-01-22
New Comment:
Some replies seem to be missing in my report...
Previous Comments:
------------------------------------------------------------------------
[2005-01-22 16:26:23] ericvanblokland at gmail dot com
Sorry I took so long, apache was annoying me. maxservers was set to 1
but it kept spawning children. It took me a while to attach the right
one to gdb.
Also I recall having to set the maximum allowed memory size to *sick
amount* again. Over 32M! Does an object that takes serialized 3M over
32M during runtime? I might be copying that object somewhere, but not
more than once or twice.
Backtrace for project environment
_zval_ptr_dtor (zval_ptr=0x6) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute_API.c:287
287 (*zval_ptr)->refcount--;
(gdb) bt
#0 _zval_ptr_dtor (zval_ptr=0x6) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute_API.c:287
#1 0x037c8234 in zend_hash_clean (ht=0x8a301cc) at
/usr/src/php4-STABLE-200501211330/Zend/zend_hash.c:582
#2 0x037d0e24 in execute (op_array=0x876d23c) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1712
#3 0x037d0d8d in execute (op_array=0x8ac0764) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696
#4 0x037d2000 in execute (op_array=0x8abf7dc) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:2222
#5 0x037c4b83 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /usr/src/php4-STABLE-200501211330/Zend/zend.c:900
#6 0x037a0b50 in php_execute_script (primary_file=0xfefc1940) at
/usr/src/php4-STABLE-200501211330/main/main.c:1739
#7 0x037d4c05 in php_handler (r=0x87336f0) at
/usr/src/php4-STABLE-200501211330/sapi/apache2handler/sapi_apache2.c:550
#8 0x004bac88 in ap_run_handler () from /usr/sbin/httpd
#9 0x085339f8 in ?? ()
#10 0x00000000 in ?? ()
Backtrace for simulated environment (manual imported session)
_zval_ptr_dtor (zval_ptr=0x6e616863) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute_API.c:287
287 (*zval_ptr)->refcount--;
(gdb) bt
#0 _zval_ptr_dtor (zval_ptr=0x6e616863) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute_API.c:287
#1 0x028c5170 in zend_hash_destroy (ht=0x883950c) at
/usr/src/php4-STABLE-200501211330/Zend/zend_hash.c:556
#2 0x028c0980 in _zval_dtor (zvalue=0x88129a4) at
/usr/src/php4-STABLE-200501211330/Zend/zend_variables.c:60
#3 0x028d08f2 in zend_assign_to_variable (result=0x8a6939c,
op1=0x88129a4, op2=0x8a693bc, value=0x8782c4c, type=4,
Ts=0xfeeb8e90) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:480
#4 0x028ccc3e in execute (op_array=0x899e354) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1388
#5 0x028cdd8d in execute (op_array=0x8a4b7ac) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696
#6 0x028cdd8d in execute (op_array=0x8838aac) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696
#7 0x028cf000 in execute (op_array=0x86f1aa0) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:2222
#8 0x028cdd8d in execute (op_array=0x8a2fa0c) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696
#9 0x028cdd8d in execute (op_array=0x8a321bc) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696
#10 0x028cdd8d in execute (op_array=0x8a385bc) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696
#11 0x028cdd8d in execute (op_array=0x8a3a8e4) at
/usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696
#12 0x028c1b83 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /usr/src/php4-STABLE-200501211330/Zend/zend.c:900
#13 0x0289db50 in php_execute_script (primary_file=0xfeec9360) at
/usr/src/php4-STABLE-200501211330/main/main.c:1739
#14 0x028d1c05 in php_handler (r=0x89e4870) at
/usr/src/php4-STABLE-200501211330/sapi/apache2handler/sapi_apache2.c:550
#15 0x00337c88 in ap_run_handler () from /usr/sbin/httpd
#16 0x084679f8 in ?? ()
#17 0x00000000 in ?? ()
------------------------------------------------------------------------
[2005-01-20 17:00:33] ericvanblokland at gmail dot com
Description:
------------
PHP seems to crash on complex objects at exit or on session_start();
I suspect the php internal session_encode, session_decode, serialize
and unserialize functions.
Ive not been able to reproduce this as it only seems to occur with
*VERY* complex objects like my code generates.
Some strange facts I've found out about while trying to pinpoint the
exact cause:
- In some occasions, escaping a foreach on $this->property in an
objects __wakeup(); made the problem disappear.
- When manually decoding a session file, (about 3M) I also got a
segmentation fault. After increasing the available memory to over 64M
the session got correctly decoded. With this *SICK* amount of memory,
the actual script kept segfaulting, however, it took longer to segfault
so expect a memory leak or infinite loop.
- This problem occurs on a Fedora Core 2, Apache 2.0, PHP 4.3.10
machine, while on RedHat 7.3, Apache 1.3.29, PHP 4.3.6 everything works
fine. So suspect the bugfix (4.3.9->4.3.10) on session handling for
spooky behaviour.
I will try to keep you all up to date.
Thank you,
Eric van Blokland
Reproduce code:
---------------
Contact me for access to code. The code is very large and complex, I
haven't been able to pinpoint to exact cause of this problem
Actual result:
--------------
Suspect internal session_encode to puke, all output correct though
#0 0x005086ae in malloc_consolidate () from /lib/tls/libc.so.6
#1 0x0050854d in _int_free () from /lib/tls/libc.so.6
#2 0x0050972b in free () from /lib/tls/libc.so.6
#3 0x01eea6af in shutdown_memory_manager (silent=0, clean_cache=0) at
/usr/src/redhat/BUILD/php-4.3.10/Zend/zend_alloc.c:492
#4 0x01eca73a in php_request_shutdown (dummy=0x0) at
/usr/src/redhat/BUILD/php-4.3.10/main/main.c:1003
#5 0x01f0ec10 in php_apache_request_dtor (r=0x945d6c0)
at
/usr/src/redhat/BUILD/php-4.3.10/sapi/apache2handler/sapi_apache2.c:453
#6 0x01f0eeda in php_handler (r=0x945d6c0) at
/usr/src/redhat/BUILD/php-4.3.10/sapi/apache2handler/sapi_apache2.c:577
#7 0x0094ec88 in ap_run_handler () from /usr/sbin/httpd
#8 0x0925f9f8 in ?? ()
#9 0x00000000 in ?? ()
Might by 31106 Related
http://bugs.php.net/bug.php?id=31106
Error occurs with session_start(); suspect session_decode to puke. No
output generated
#0 _zval_ptr_dtor (zval_ptr=0x6) at
/usr/src/redhat/BUILD/php-4.3.10/Zend/zend_execute_API.c:287
#1 0x0177d898 in zend_hash_clean (ht=0x8832aac) at
/usr/src/redhat/BUILD/php-4.3.10/Zend/zend_hash.c:582
#2 0x01788dcb in execute (op_array=0x862b22c) at
/usr/src/redhat/BUILD/php-4.3.10/Zend/zend_execute.c:1702
#3 0x01788d15 in execute (op_array=0x8703514) at
/usr/src/redhat/BUILD/php-4.3.10/Zend/zend_execute.c:1686
#4 0x0178a3fa in execute (op_array=0x8881b4c) at
/usr/src/redhat/BUILD/php-4.3.10/Zend/zend_execute.c:2212
#5 0x01778d51 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/redhat/BUILD/php-4.3.10/Zend/zend.c:900
#6 0x0174b0af in php_execute_script (primary_file=0xfee57db0) at
/usr/src/redhat/BUILD/php-4.3.10/main/main.c:1736
#7 0x0178e07f in php_handler (r=0x869e170) at
/usr/src/redhat/BUILD/php-4.3.10/sapi/apache2handler/sapi_apache2.c:557
#8 0x00e18c88 in ap_run_handler () from /usr/sbin/httpd
#9 0x0832d9f8 in ?? ()
#10 0x00000000 in ?? ()
Might be 31313 Related, crash can be avoided by disabling foreach on
$this->property
http://bugs.php.net/bug.php?id=31313
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=31624&edit=1
