From:
Operating system: Linux 2.6.18-194.17.1
PHP version: 5.3.5
Package: Reproducible crash
Bug Type: Bug
Bug description:Segfault at zend_vm_execute.h:428 in shutdown function
Description:
------------
Just upgraded to 5.3.5 and PHP segfaults in a shutdown function (which is a
closure) that calls session_write_close which has a registered callback for
write (which is also a closure).
I have APC enabled but I disabled it and got the same problem. The line of
PHP causing the segfault is basically a $object->function() call. Otherwise
no weird extensions installed.
Test script:
---------------
I haven't bothered isolating the bug to a small testcase. It's not a single
call or small piece of data causing the segfault but rather a complex code
context. The actual line is a call to a class instance function of a
database abstraction object instance in a closure.. in a session callback..
in a shutdown function closure... in a shutdown function closure. Just
replacing the instance with a foo bar class instance makes the bug go away.
It's also only happens in a production environment which is hard to
interact with. Isolating it to a small testcase could take me hours, I hope
you can figure it out by looking at the backtrace.
Expected result:
----------------
No segfault.
Actual result:
--------------
Backtrace from gdb:
Program received signal SIGSEGV, Segmentation fault.
ZEND_RECV_SPEC_HANDLER (execute_data=0x2af31f8d5250) at
/root/php/php/php-5.3.5/Zend/zend_vm_execute.h:428
428 zval **param = zend_vm_stack_get_arg(arg_num TSRMLS_CC);
(gdb) backtrace
#0 ZEND_RECV_SPEC_HANDLER (execute_data=0x2af31f8d5250) at
/root/php/php/php-5.3.5/Zend/zend_vm_execute.h:428
#1 0x00002af3234d2da0 in execute (op_array=0x10396ed0) at
/root/php/php/php-5.3.5/Zend/zend_vm_execute.h:107
#2 0x00002af3234a1dff in zend_call_function (fci=0x7fff5cf09480,
fci_cache=<value optimized out>) at
/root/php/php/php-5.3.5/Zend/zend_execute_API.c:964
#3 0x00002af3234a21a0 in call_user_function_ex (function_table=<value
optimized out>, object_pp=<value optimized out>, function_name=0xffffffff,
retval_ptr_ptr=0x4,
param_count=32, params=0x101010101010101, no_separation=1,
symbol_table=0x0) at /root/php/php/php-5.3.5/Zend/zend_execute_API.c:754
#4 0x00002af3234a38b2 in call_user_function (function_table=0xfea9ac0,
object_pp=0x0, function_name=0xffffffff, retval_ptr=0x7fff5cf09540,
param_count=32,
params=<value optimized out>) at
/root/php/php/php-5.3.5/Zend/zend_execute_API.c:727
#5 0x00002af3233d98d7 in user_shutdown_function_call
(shutdown_function_entry=0x10561610) at
/root/php/php/php-5.3.5/ext/standard/basic_functions.c:4984
#6 0x00002af3234b9915 in zend_hash_apply (ht=0x102d8df0,
apply_func=0x2af3233d9880 <user_shutdown_function_call>) at
/root/php/php/php-5.3.5/Zend/zend_hash.c:676
#7 0x00002af3233d79b6 in php_call_shutdown_functions () at
/root/php/php/php-5.3.5/ext/standard/basic_functions.c:5076
#8 0x00002af32345aefa in php_request_shutdown (dummy=<value optimized
out>) at /root/php/php/php-5.3.5/main/main.c:1582
#9 0x00002af323536fe7 in php_apache_request_dtor (r=<value optimized out>)
at /root/php/php/php-5.3.5/sapi/apache2handler/sapi_apache2.c:509
#10 php_handler (r=<value optimized out>) at
/root/php/php/php-5.3.5/sapi/apache2handler/sapi_apache2.c:681
#11 0x0000000000443075 in ap_run_handler ()
#12 0x0000000000443966 in ap_invoke_handler ()
#13 0x000000000046661c in ap_internal_redirect ()
#14 0x00002af329166cd5 in ?? () from
/usr/lib/apache2/modules/mod_rewrite.so
#15 0x0000000000443075 in ap_run_handler ()
#16 0x0000000000443966 in ap_invoke_handler ()
#17 0x0000000000465aeb in ap_process_request ()
#18 0x0000000000462a37 in ap_process_http_connection ()
#19 0x000000000044cdb6 in ap_run_process_connection ()
#20 0x000000000044d2a3 in ap_process_connection ()
#21 0x0000000000480348 in process_socket ()
#22 0x0000000000482241 in child_main ()
#23 0x00000000004831d4 in make_child ()
#24 0x0000000000483529 in create_new_childs ()
#25 0x000000000048358d in check_for_new_childs ()
#26 0x0000000000483fcd in ap_mpm_run ()
#27 0x00000000004297e9 in main ()
--
Edit bug report at http://bugs.php.net/bug.php?id=53768&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=53768&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=53768&r=trysnapshot53
Try a snapshot (trunk):
http://bugs.php.net/fix.php?id=53768&r=trysnapshottrunk
Fixed in SVN:
http://bugs.php.net/fix.php?id=53768&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=53768&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=53768&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=53768&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=53768&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=53768&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=53768&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=53768&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=53768&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=53768&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=53768&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=53768&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=53768&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=53768&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=53768&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=53768&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=53768&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=53768&r=mysqlcfg
