From: proforg at maloletka dot ru
Operating system: Debian Lenny 2.6.26-2-amd64
PHP version: 5.2SVN-2009-11-02 (snap)
PHP Bug Type: Reproducible crash
Bug description: crash in _php_pgsql_notice_ptr_dtor -> efree with Horde
Description:
------------
php5.2-200911021930 + apache2 / fpm sapi frequently crashes on debian
horde3 + imp4 installation.
Reproduce code:
---------------
Current debian horde and imp packages.
Actual result:
--------------
fpm log output:
Nov 03 01:51:13.738647 [WARNING] fpm_children_bury(), line 217: child
19892 (pool www-data) exited on signal 11 SIGSEGV (core
dumped) after 2377.432524 seconds from start
Nov 03 01:51:13.738687 [WARNING] fpm_stdio_child_said(), line 167:
child 19892 (pool www-data) said into stderr: "[Tue Nov 3
01:36:48 2009] Script: '/usr/share/horde3//index.php'"
Nov 03 01:51:13.738716 [WARNING] fpm_stdio_child_said(), line 167:
child 19892 (pool www-data) said into stderr:
"/usr/local/src/php5.2-200911021930/ext/pgsql/pgsql.c(289) : Freeing
0x029A97C0 (46 bytes),
script=/usr/share/horde3//index.php", pipe is closed
Nov 03 01:51:13.738738 [WARNING] fpm_stdio_child_said(), line 167:
child 19892 (pool www-data) said into stderr: "[Tue Nov 3
01:36:48 2009] Script: '/usr/share/horde3//index.php'", pipe is
closed
Nov 03 01:51:13.738758 [WARNING] fpm_stdio_child_said(), line 167:
child 19892 (pool www-data) said into stderr:
"/usr/local/src/php5.2-200911021930/ext/pgsql/pgsql.c(361) : Freeing
0x02540370 (16 bytes),
script=/usr/share/horde3//index.php", pipe is closed
Nov 03 01:51:13.738779 [WARNING] fpm_stdio_child_said(), line 167:
child 19892 (pool www-data) said into stderr: "=== Total 2
memory leaks detected ===", pipe is closed
backtrace:
[New process 19892]
#0 0x0000000000734d34 in zend_mm_check_ptr (heap=0x1e392a0,
ptr=0x69766f7270207469, silent=1,
__zend_filename=0x8913f8 "/usr/local/src/php5.2-
200911021930/ext/pgsql/pgsql.c", __zend_lineno=379,
__zend_orig_filename=0x0, __zend_orig_lineno=0)
at /usr/local/src/php5.2-200911021930/Zend/zend_alloc.c:1304
1304 if (p->info._size != ZEND_MM_NEXT_BLOCK(p)-
>info._prev) {
(gdb) bt
#0 0x0000000000734d34 in zend_mm_check_ptr (heap=0x1e392a0,
ptr=0x69766f7270207469, silent=1,
__zend_filename=0x8913f8 "/usr/local/src/php5.2-
200911021930/ext/pgsql/pgsql.c", __zend_lineno=379,
__zend_orig_filename=0x0, __zend_orig_lineno=0)
at /usr/local/src/php5.2-200911021930/Zend/zend_alloc.c:1304
#1 0x00000000007367da in _zend_mm_free_int (heap=0x1e392a0,
p=0x69766f7270207469, __zend_filename=0x8913f8
"/usr/local/src/php5.2-200911021930/ext/pgsql/pgsql.c",
__zend_lineno=379, __zend_orig_filename=0x0, __zend_orig_lineno=0)
at /usr/local/src/php5.2-
200911021930/Zend/zend_alloc.c:1943
#2 0x0000000000737d76 in _efree (ptr=0x69766f7270207469,
__zend_filename=0x8913f8 "/usr/local/src/php5.2-
200911021930/ext/pgsql/pgsql.c", __zend_lineno=379,
__zend_orig_filename=0x0, __zend_orig_lineno=0) at
/usr/local/src/php5.2-200911021930/Zend/zend_alloc.c:2311
#3 0x00000000005a7ba0 in _php_pgsql_notice_ptr_dtor (ptr=0x1fe2928)
at /usr/local/src/php5.2-
200911021930/ext/pgsql/pgsql.c:379
#4 0x000000000076503d in zend_hash_clean (ht=0xb83a88) at
/usr/local/src/php5.2-200911021930/Zend/zend_hash.c:552
#5 0x00000000005a843e in zm_deactivate_pgsql (type=1,
module_number=18) at /usr/local/src/php5.2-
200911021930/ext/pgsql/pgsql.c:578
#6 0x000000000075f9c5 in module_registry_cleanup (module=0x1e70e80)
at /usr/local/src/php5.2-
200911021930/Zend/zend_API.c:1976
#7 0x00000000007658a5 in zend_hash_reverse_apply (ht=0xb87e60,
apply_func=0x75f98a <module_registry_cleanup>) at
/usr/local/src/php5.2-200911021930/Zend/zend_hash.c:755
#8 0x0000000000756f2d in zend_deactivate_modules () at
/usr/local/src/php5.2-200911021930/Zend/zend.c:838
#9 0x00000000006fed04 in php_request_shutdown (dummy=0x0) at
/usr/local/src/php5.2-200911021930/main/main.c:1474
#10 0x00000000007de90f in main (argc=6, argv=0x7fff4f59af58) at
/usr/local/src/php5.2-
200911021930/sapi/fpm/cgi/cgi_main.c:1589
php build options:
--with-fpm --with-libevent=shared,/usr --with-pgsql --with-gd --with-
mhash --with-mcrypt --with-pear=/usr/share/php/ --enable-
debug --with-imap --with-kerberos --with-imap-ssl --with-gettext
same result with apache2 sapi
--
Edit bug report at http://bugs.php.net/?id=50057&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=50057&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=50057&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=50057&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=50057&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=50057&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=50057&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=50057&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=50057&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=50057&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=50057&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=50057&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=50057&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=50057&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=50057&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50057&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=50057&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=50057&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=50057&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=50057&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=50057&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=50057&r=mysqlcfg
