Debian Bug report logs - #537794
Frequent segfaults from multiple sources

version graph

Package: php5; Maintainer for php5 is (unknown);

Reported by: Jason Wies <jason@xc.net>

Date: Mon, 20 Jul 2009 23:57:02 UTC

Severity: important

Found in version php5/5.2.6.dfsg.1-1+lenny3

Fixed in version 5.3.3-7

Done: Ondřej Surý <ondrej@sury.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#537794; Package php5. (Mon, 20 Jul 2009 23:57:04 GMT) (full text, mbox, link).

Acknowledgement sent to Jason Wies <jason@xc.net>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 20 Jul 2009 23:57:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Jason Wies <jason@xc.net>
To: submit@bugs.debian.org
Subject: Frequent segfaults from multiple sources
Date: Mon, 20 Jul 2009 23:54:17 +0000
Package: php5
Version: 5.2.6.dfsg.1-1+lenny3
Severity: important

We have been experiencing frequent segfaults recently on three different web servers.  The segfaults started occurring at roughly the same time on all of the servers.  The backtraces are included below from two different machines.  At first glance they don't appear related, but it's hard to think that there would suddenly be three different sources of segfaults where there were none before.

These systems have been stable for years, even after upgrading to Lenny recently.  The segfaults happen more frequently during periods of high traffic (e.g. almost never overnight).  A recent sustained increase in traffic may be the root trigger, so it's possible that multiple sources of segfaults were exposed at the same time.  The PHP file being executed is different across the core dumps.

# gdb /usr/sbin/apache2 /tmp/core
GNU gdb 6.8-debian
This GDB was configured as "x86_64-linux-gnu"...

Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal 11, Segmentation fault.
[New process 29275]
#0  0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007f48361a0084 in execute (op_array=0x23b3ee8) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#2  0x00007f48361a3034 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fff45061360)
    at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:2037
#3  0x00007f48361a0084 in execute (op_array=0x23b3b48) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#4  0x00007f483617bec8 in zend_execute_scripts (type=32767, retval=0x0, file_count=1158026376)
    at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend.c:1215
#5  0x00007f4836136788 in php_execute_script (primary_file=Cannot access memory at address 0x8000450603f0
) at /tmp/buildd/php5-5.2.6.dfsg.1/main/main.c:2028
#6  0x00007f48361f1b29 in php_handler (r=0x3024688a0) at /tmp/buildd/php5-5.2.6.dfsg.1/sapi/apache2handler/sapi_apache2.c:648
#7  0x0000000000438ee3 in ap_run_handler (r=0x2450088)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:159
#8  0x000000000043c4af in ap_invoke_handler (r=0x2450088)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:373
#9  0x000000000044964e in ap_process_request (r=0x2450088)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/http/http_request.c:258
#10 0x0000000000446778 in ap_process_http_connection (c=0x243ef88)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/http/http_core.c:190
#11 0x0000000000440403 in ap_run_process_connection (c=0x243ef88)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/connection.c:43
#12 0x000000000044dc50 in child_main (child_num_arg=<value optimized out>)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/mpm/prefork/prefork.c:680
#13 0x000000000044dfa4 in make_child (s=0x1e30968, slot=105)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/mpm/prefork/prefork.c:777
#14 0x000000000044ebe6 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/mpm/prefork/prefork.c:912
#15 0x0000000000425be5 in main (argc=3, argv=0x7fff45063df8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/main.c:732
(gdb) frame 1
#1  0x00007f48361a0084 in execute (op_array=0x23b3ee8) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
92                      if (EX(opline)->handler(&execute_data TSRMLS_CC) > 0) {
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x0
(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x0


---------------------------------------------------------------------------------------------------
# gdb /usr/sbin/apache2 /tmp/core2
GNU gdb 6.8-debian
This GDB was configured as "x86_64-linux-gnu"...

Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal 11, Segmentation fault.
[New process 4432]
#0  0x00007f4831ee417b in mmc_value_handler_single () from /usr/lib/php5/20060613/memcache.so
(gdb) bt
#0  0x00007f4831ee417b in mmc_value_handler_single () from /usr/lib/php5/20060613/memcache.so
#1  0x00007f4831eeae4b in mmc_unpack_value () from /usr/lib/php5/20060613/memcache.so
#2  0x00007f4831eeda2b in ?? () from /usr/lib/php5/20060613/memcache.so
#3  0x00007f4831eea074 in mmc_pool_select () from /usr/lib/php5/20060613/memcache.so
#4  0x00007f4831eea4dd in mmc_pool_run () from /usr/lib/php5/20060613/memcache.so
#5  0x00007f4831ee5bc2 in ?? () from /usr/lib/php5/20060613/memcache.so
#6  0x00007f48361b4b4d in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff4505c640)
    at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:200
#7  0x00007f48361a0084 in execute (op_array=0x24bcf18) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#8  0x00007f48361b445e in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff450612d0)
    at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:234
#9  0x00007f48361a0084 in execute (op_array=0x24bc998) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#10 0x00007f483617bec8 in zend_execute_scripts (type=32767, retval=0x0, file_count=1158026232)
    at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend.c:1215
#11 0x00007f4836136788 in php_execute_script (primary_file=Cannot access memory at address 0x800045060360
) at /tmp/buildd/php5-5.2.6.dfsg.1/main/main.c:2028
#12 0x00007f48361f1b29 in php_handler (r=0x246bfd8) at /tmp/buildd/php5-5.2.6.dfsg.1/sapi/apache2handler/sapi_apache2.c:648
#13 0x0000000000438ee3 in ap_run_handler (r=0x2496a78)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:159
#14 0x000000000043c4af in ap_invoke_handler (r=0x2496a78)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:373
#15 0x00000000004494b0 in ap_internal_redirect (new_uri=<value optimized out>, r=<value optimized out>)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/http/http_request.c:477
#16 0x00007f483571eac5 in handler_redirect (r=0x249bdb8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/mappers/mod_rewrite.c:4787
#17 0x0000000000438ee3 in ap_run_handler (r=0x249bdb8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:159
#18 0x000000000043c4af in ap_invoke_handler (r=0x249bdb8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:373
#19 0x000000000044964e in ap_process_request (r=0x249bdb8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/http/http_request.c:258
#20 0x0000000000446778 in ap_process_http_connection (c=0x243ef88)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/http/http_core.c:190
#21 0x0000000000440403 in ap_run_process_connection (c=0x243ef88)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/connection.c:43
#22 0x000000000044dc50 in child_main (child_num_arg=<value optimized out>)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/mpm/prefork/prefork.c:680
#23 0x000000000044dfa4 in make_child (s=0x1e30968, slot=1)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/mpm/prefork/prefork.c:777
#24 0x000000000044e3f8 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=0x1e30968)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/mpm/prefork/prefork.c:1077
#25 0x0000000000425be5 in main (argc=3, argv=0x7fff45063df8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/main.c:732
#7  0x00007f48361a0084 in execute (op_array=0x24bcf18) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
92                      if (EX(opline)->handler(&execute_data TSRMLS_CC) > 0) {
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x7f4831ef0280 "set"
(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x7f482e3ab748 "Execute"


---------------------------------------------------------------------------------------------------
# gdb /usr/sbin/apache2 /tmp/core3
GNU gdb 6.8-debian
This GDB was configured as "x86_64-linux-gnu"...

Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal 11, Segmentation fault.
[New process 1767]
#0  0x00007fc5c4b74b84 in apc_cache_find_slot () from /usr/lib/php5/20060613/apc.so
(gdb) bt
#0  0x00007fc5c4b74b84 in apc_cache_find_slot () from /usr/lib/php5/20060613/apc.so
#1  0x00007fc5c4b74dd0 in apc_cache_find () from /usr/lib/php5/20060613/apc.so
#2  0x00007fc5c4b79bc7 in ?? () from /usr/lib/php5/20060613/apc.so
#3  0x00007fc5c666f204 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fffd5528a60)
    at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:1991
#4  0x00007fc5c666c084 in execute (op_array=0x250f470) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#5  0x00007fc5c666f034 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fffd552d710)
    at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:2037
#6  0x00007fc5c666c084 in execute (op_array=0x250eee8) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#7  0x00007fc5c6647ec8 in zend_execute_scripts (type=32767, retval=0x0, file_count=-715990984)
    at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend.c:1215
#8  0x00007fc5c6602788 in php_execute_script (primary_file=Cannot access memory at address 0x8000d552c7a0
) at /tmp/buildd/php5-5.2.6.dfsg.1/main/main.c:2028
#9  0x00007fc5c66bdb29 in php_handler (r=0x3026d34a8) at /tmp/buildd/php5-5.2.6.dfsg.1/sapi/apache2handler/sapi_apache2.c:648
#10 0x0000000000438ee3 in ap_run_handler (r=0x2705908)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:159
#11 0x000000000043c4af in ap_invoke_handler (r=0x2705908)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:373
#12 0x00000000004494b0 in ap_internal_redirect (new_uri=<value optimized out>, r=<value optimized out>)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/http/http_request.c:477
#13 0x00007fc5c5beaac5 in handler_redirect (r=0x27027f8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/mappers/mod_rewrite.c:4787
#14 0x0000000000438ee3 in ap_run_handler (r=0x27027f8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:159
#15 0x000000000043c4af in ap_invoke_handler (r=0x27027f8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:373
#16 0x00000000004494b0 in ap_internal_redirect (new_uri=<value optimized out>, r=<value optimized out>)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/http/http_request.c:477
#17 0x00007fc5c5beaac5 in handler_redirect (r=0x270bfc8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/mappers/mod_rewrite.c:4787
#18 0x0000000000438ee3 in ap_run_handler (r=0x270bfc8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:159
#19 0x000000000043c4af in ap_invoke_handler (r=0x270bfc8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/config.c:373
#20 0x000000000044964e in ap_process_request (r=0x270bfc8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/http/http_request.c:258
#21 0x0000000000446778 in ap_process_http_connection (c=0x26af1c8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/modules/http/http_core.c:190
#22 0x0000000000440403 in ap_run_process_connection (c=0x26af1c8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/connection.c:43
#23 0x000000000044dc50 in child_main (child_num_arg=<value optimized out>)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/mpm/prefork/prefork.c:680
#24 0x000000000044dfa4 in make_child (s=0x20a0968, slot=79)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/mpm/prefork/prefork.c:777
#25 0x000000000044ebe6 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/mpm/prefork/prefork.c:912
#26 0x0000000000425be5 in main (argc=3, argv=0x7fffd55302c8)
    at /build/buildd-apache2_2.2.9-10+lenny4-amd64-wTiRUQ/apache2-2.2.9/server/main.c:732
(gdb) frame 4
#4  0x00007fc5c666c084 in execute (op_array=0x250f470) at /tmp/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
92                      if (EX(opline)->handler(&execute_data TSRMLS_CC) > 0) {
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x0
(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x0

Jason

-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages php5 depends on:
ii  libapache2-mod-php 5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripti
ii  php5-common        5.2.6.dfsg.1-1+lenny3 Common files for packages built fr

php5 recommends no packages.

php5 suggests no packages.

-- no debconf information

Reply sent to Ondřej Surý <ondrej@sury.org>:
You have taken responsibility. (Wed, 27 Apr 2011 08:33:48 GMT) (full text, mbox, link).

Notification sent to Jason Wies <jason@xc.net>:
Bug acknowledged by developer. (Wed, 27 Apr 2011 08:33:48 GMT) (full text, mbox, link).

Message #10 received at 537794-done@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>
To: 465081-done@bugs.debian.org, 537794-done@bugs.debian.org, 553048-done@bugs.debian.org, 574610-done@bugs.debian.org, 584885-done@bugs.debian.org, 584957-done@bugs.debian.org, 594613-done@bugs.debian.org, 493045-done@bugs.debian.org, 549492-done@bugs.debian.org, 450581-done@bugs.debian.org, 502174-done@bugs.debian.org, 543177-done@bugs.debian.org, 547134-done@bugs.debian.org, 552089-done@bugs.debian.org, 556523-done@bugs.debian.org, 559273-done@bugs.debian.org, 576147-done@bugs.debian.org, 578754-done@bugs.debian.org, 601602-done@bugs.debian.org, 609355-done@bugs.debian.org, 419649-done@bugs.debian.org, 442063-done@bugs.debian.org, 500567-done@bugs.debian.org, 513429-done@bugs.debian.org, 528600-done@bugs.debian.org, 597650-done@bugs.debian.org, 603641-done@bugs.debian.org, 405067-done@bugs.debian.org, 430397-done@bugs.debian.org, 440775-done@bugs.debian.org, 591759-done@bugs.debian.org, 565387-done@bugs.debian.org, 507762-done@bugs.debian.org, 529278-done@bugs.debian.org, 556459-done@bugs.debian.org
Subject: Closing segfaults (and some other minor bugs) for version older than squeeze (5.3.3)
Date: Wed, 27 Apr 2011 10:28:24 +0200
Version: 5.3.3-7

Hi,

since lenny is oldstable it will not get any updates now (except
security)[1], I am closing all segfault bugs filled against php5 in
lenny. (This is kind of saying that we don't care much about php5 in
lenny anymore).

If you believe the bug is still there, please provide evidence[2] and
a (preferably complete) test case with up-to-date squeeze (and/or
testing or unstable) version of php5 and reopen the bug.

O.
1. http://wiki.debian.org/PHP#Notes_on_PHP_and_security
2. Install php5-dbg and provide backtrace:
http://bugs.php.net/bugs-generating-backtrace.php
-- 
Ondřej Surý <ondrej@sury.org>

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 26 May 2011 07:42:33 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 01:13:27 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.