ID: 31624 Updated by: [EMAIL PROTECTED] Reported By: ericvanblokland at gmail dot com -Status: Open +Status: Feedback Bug Type: Session related Operating System: Fedora Core 2 PHP Version: 4CVS-2005-01-22 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip We're still waiting for reproduce script.. Previous Comments: ------------------------------------------------------------------------ [2005-02-05 18:00:17] ericvanblokland at gmail dot com This is indeed very interesting, I haven't examined your code thoroughly yet, but my objects tend to do memory consuming data processing operations on wakeup. So this issue might be related as well. Perhaps you want to post your own bug-report about this, because your issue is very precise and has its own example code. If you do, please post a link to your report here, because your issue might as well be mine. ------------------------------------------------------------------------ [2005-02-05 15:45:05] bertrand at toggg dot com I'm experiencing a simpler segfault on PHP4.3.10 FC2 too this way, just trying to double and again an array: $arr = array (str_repeat('X', 65536)); $mem = 0; while ($loop--) { for ($i = count($arr); $i; $i--) { $arr[] = $arr[0]; if ($i%16) { continue; } if ( ( ($nmem = memory_get_usage()) - $mem) > 1000000) { $mem = $nmem; echo 'Count:'.count($arr)." ($mem bytes)<br>\n"; flush(); } } echo $loop.':'.count($arr).'/'.memory_get_usage() . " bytes<br>\n"; flush(); } echo "<br>\n OK <br>\n"; flush(); For 18 loops it breaks my default memory limit of 8 Mo: Allowed memory size of 8388608 bytes exhausted as expected. If I add before the loop: if (ini_set ('memory_limit', 16*1048576)) { echo "Set memory limit to 16 Mo<br>\n"; } It's taking an incredible amount of time and I get segfault. What is strange, I get the output: Set memory limit to 16 Mo 17:2/87456 <...snip...> Count:256113 (11380680 bytes) 0:262144/11621952 bytes what means the end of last loop reached. But I never get the final acknowledgement. I understand it's much more simpler as yours, but result is quite near. ------------------------------------------------------------------------ [2005-01-22 16:26:23] ericvanblokland at gmail dot com Sorry I took so long, apache was annoying me. maxservers was set to 1 but it kept spawning children. It took me a while to attach the right one to gdb. Also I recall having to set the maximum allowed memory size to *sick amount* again. Over 32M! Does an object that takes serialized 3M over 32M during runtime? I might be copying that object somewhere, but not more than once or twice. Backtrace for project environment _zval_ptr_dtor (zval_ptr=0x6) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute_API.c:287 287 (*zval_ptr)->refcount--; (gdb) bt #0 _zval_ptr_dtor (zval_ptr=0x6) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute_API.c:287 #1 0x037c8234 in zend_hash_clean (ht=0x8a301cc) at /usr/src/php4-STABLE-200501211330/Zend/zend_hash.c:582 #2 0x037d0e24 in execute (op_array=0x876d23c) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1712 #3 0x037d0d8d in execute (op_array=0x8ac0764) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696 #4 0x037d2000 in execute (op_array=0x8abf7dc) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:2222 #5 0x037c4b83 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php4-STABLE-200501211330/Zend/zend.c:900 #6 0x037a0b50 in php_execute_script (primary_file=0xfefc1940) at /usr/src/php4-STABLE-200501211330/main/main.c:1739 #7 0x037d4c05 in php_handler (r=0x87336f0) at /usr/src/php4-STABLE-200501211330/sapi/apache2handler/sapi_apache2.c:550 #8 0x004bac88 in ap_run_handler () from /usr/sbin/httpd #9 0x085339f8 in ?? () #10 0x00000000 in ?? () Backtrace for simulated environment (manual imported session) _zval_ptr_dtor (zval_ptr=0x6e616863) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute_API.c:287 287 (*zval_ptr)->refcount--; (gdb) bt #0 _zval_ptr_dtor (zval_ptr=0x6e616863) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute_API.c:287 #1 0x028c5170 in zend_hash_destroy (ht=0x883950c) at /usr/src/php4-STABLE-200501211330/Zend/zend_hash.c:556 #2 0x028c0980 in _zval_dtor (zvalue=0x88129a4) at /usr/src/php4-STABLE-200501211330/Zend/zend_variables.c:60 #3 0x028d08f2 in zend_assign_to_variable (result=0x8a6939c, op1=0x88129a4, op2=0x8a693bc, value=0x8782c4c, type=4, Ts=0xfeeb8e90) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:480 #4 0x028ccc3e in execute (op_array=0x899e354) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1388 #5 0x028cdd8d in execute (op_array=0x8a4b7ac) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696 #6 0x028cdd8d in execute (op_array=0x8838aac) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696 #7 0x028cf000 in execute (op_array=0x86f1aa0) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:2222 #8 0x028cdd8d in execute (op_array=0x8a2fa0c) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696 #9 0x028cdd8d in execute (op_array=0x8a321bc) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696 #10 0x028cdd8d in execute (op_array=0x8a385bc) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696 #11 0x028cdd8d in execute (op_array=0x8a3a8e4) at /usr/src/php4-STABLE-200501211330/Zend/zend_execute.c:1696 #12 0x028c1b83 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php4-STABLE-200501211330/Zend/zend.c:900 #13 0x0289db50 in php_execute_script (primary_file=0xfeec9360) at /usr/src/php4-STABLE-200501211330/main/main.c:1739 #14 0x028d1c05 in php_handler (r=0x89e4870) at /usr/src/php4-STABLE-200501211330/sapi/apache2handler/sapi_apache2.c:550 #15 0x00337c88 in ap_run_handler () from /usr/sbin/httpd #16 0x084679f8 in ?? () #17 0x00000000 in ?? () ------------------------------------------------------------------------ [2005-01-20 17:00:33] ericvanblokland at gmail dot com Description: ------------ PHP seems to crash on complex objects at exit or on session_start(); I suspect the php internal session_encode, session_decode, serialize and unserialize functions. Ive not been able to reproduce this as it only seems to occur with *VERY* complex objects like my code generates. Some strange facts I've found out about while trying to pinpoint the exact cause: - In some occasions, escaping a foreach on $this->property in an objects __wakeup(); made the problem disappear. - When manually decoding a session file, (about 3M) I also got a segmentation fault. After increasing the available memory to over 64M the session got correctly decoded. With this *SICK* amount of memory, the actual script kept segfaulting, however, it took longer to segfault so expect a memory leak or infinite loop. - This problem occurs on a Fedora Core 2, Apache 2.0, PHP 4.3.10 machine, while on RedHat 7.3, Apache 1.3.29, PHP 4.3.6 everything works fine. So suspect the bugfix (4.3.9->4.3.10) on session handling for spooky behaviour. I will try to keep you all up to date. Thank you, Eric van Blokland Reproduce code: --------------- Contact me for access to code. The code is very large and complex, I haven't been able to pinpoint to exact cause of this problem Actual result: -------------- Suspect internal session_encode to puke, all output correct though #0 0x005086ae in malloc_consolidate () from /lib/tls/libc.so.6 #1 0x0050854d in _int_free () from /lib/tls/libc.so.6 #2 0x0050972b in free () from /lib/tls/libc.so.6 #3 0x01eea6af in shutdown_memory_manager (silent=0, clean_cache=0) at /usr/src/redhat/BUILD/php-4.3.10/Zend/zend_alloc.c:492 #4 0x01eca73a in php_request_shutdown (dummy=0x0) at /usr/src/redhat/BUILD/php-4.3.10/main/main.c:1003 #5 0x01f0ec10 in php_apache_request_dtor (r=0x945d6c0) at /usr/src/redhat/BUILD/php-4.3.10/sapi/apache2handler/sapi_apache2.c:453 #6 0x01f0eeda in php_handler (r=0x945d6c0) at /usr/src/redhat/BUILD/php-4.3.10/sapi/apache2handler/sapi_apache2.c:577 #7 0x0094ec88 in ap_run_handler () from /usr/sbin/httpd #8 0x0925f9f8 in ?? () #9 0x00000000 in ?? () Might by 31106 Related http://bugs.php.net/bug.php?id=31106 Error occurs with session_start(); suspect session_decode to puke. No output generated #0 _zval_ptr_dtor (zval_ptr=0x6) at /usr/src/redhat/BUILD/php-4.3.10/Zend/zend_execute_API.c:287 #1 0x0177d898 in zend_hash_clean (ht=0x8832aac) at /usr/src/redhat/BUILD/php-4.3.10/Zend/zend_hash.c:582 #2 0x01788dcb in execute (op_array=0x862b22c) at /usr/src/redhat/BUILD/php-4.3.10/Zend/zend_execute.c:1702 #3 0x01788d15 in execute (op_array=0x8703514) at /usr/src/redhat/BUILD/php-4.3.10/Zend/zend_execute.c:1686 #4 0x0178a3fa in execute (op_array=0x8881b4c) at /usr/src/redhat/BUILD/php-4.3.10/Zend/zend_execute.c:2212 #5 0x01778d51 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/redhat/BUILD/php-4.3.10/Zend/zend.c:900 #6 0x0174b0af in php_execute_script (primary_file=0xfee57db0) at /usr/src/redhat/BUILD/php-4.3.10/main/main.c:1736 #7 0x0178e07f in php_handler (r=0x869e170) at /usr/src/redhat/BUILD/php-4.3.10/sapi/apache2handler/sapi_apache2.c:557 #8 0x00e18c88 in ap_run_handler () from /usr/sbin/httpd #9 0x0832d9f8 in ?? () #10 0x00000000 in ?? () Might be 31313 Related, crash can be avoided by disabling foreach on $this->property http://bugs.php.net/bug.php?id=31313 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31624&edit=1
