[Bug 1389378] [NEW] Apache + mod_php5 SIGSEGV in i_create_execute_data_from_op_array
Vince Valenti
vince at blue-box.net
Tue Nov 4 20:05:41 UTC 2014
Public bug reported:
VERSIONS:
# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
# dpkg -l|egrep php\|apache
ii apache2 2.4.7-1ubuntu4.1 amd64 Apache HTTP Server
ii apache2-bin 2.4.7-1ubuntu4.1 amd64 Apache HTTP Server (binary files and modules)
ii apache2-data 2.4.7-1ubuntu4.1 all Apache HTTP Server (common files)
ii apache2-dbg 2.4.7-1ubuntu4.1 amd64 Apache debugging symbols
ii libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.5 amd64 server-side, HTML-embedded scripting language (Apache 2 module)
ii php5-cli 5.5.9+dfsg-1ubuntu4.5 amd64 command-line interpreter for the php5 scripting language
ii php5-common 5.5.9+dfsg-1ubuntu4.5 amd64 Common files for packages built from the php5 source
ii php5-json 1.3.2-2build1 amd64 JSON module for php5
ii php5-readline 5.5.9+dfsg-1ubuntu4.5 amd64 Readline module for php5
ERROR LOG:
# cat /var/log/apache2/error.log
[Tue Nov 04 06:52:13.979932 2014] [mpm_prefork:notice] [pid 13205] AH00163: Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f configured -- resuming normal operations
[Tue Nov 04 06:52:13.979953 2014] [core:notice] [pid 13205] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 04 07:24:52.316293 2014] [core:notice] [pid 13205] AH00051: child pid 32634 exit signal Segmentation fault (11), possible coredump in /tmp
[Tue Nov 04 07:24:53.318237 2014] [core:notice] [pid 13205] AH00051: child pid 32652 exit signal Segmentation fault (11), possible coredump in /tmp
BACKTRACE:
# gdb /usr/sbin/apache2 core.1
GNU gdb (Ubuntu 7.7-0ubuntu3.1) 7.7
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/apache2...Reading symbols from /usr/lib/debug//usr/sbin/apache2...done.
done.
[New LWP 32652]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fefb0a22d12 in i_create_execute_data_from_op_array (nested=0 '\000', op_array=0x7fefb4973868) at /build/buildd/php5-5.5.9+dfsg/Zend/zend_execute.c:1631
1631 /build/buildd/php5-5.5.9+dfsg/Zend/zend_execute.c: No such file or directory.
(gdb) bt full
#0 0x00007fefb0a22d12 in i_create_execute_data_from_op_array (nested=0 '\000', op_array=0x7fefb4973868) at /build/buildd/php5-5.5.9+dfsg/Zend/zend_execute.c:1631
execute_data = 0xa7a783c280aaca1b
CVs_size = 16
Ts_size = <optimized out>
stack_size = <optimized out>
total_size = <optimized out>
call_slots_size = <optimized out>
#1 zend_execute (op_array=0x7fefb4973868) at /build/buildd/php5-5.5.9+dfsg/Zend/zend_vm_execute.h:388
op_array = 0x7fefb4973868
#2 0x00007fefb09765f0 in zend_execute_scripts (type=type at entry=2, retval=retval at entry=0x0, file_count=file_count at entry=1)
at /build/buildd/php5-5.5.9+dfsg/Zend/zend.c:1316
files = {{gp_offset = 32, fp_offset = 32751, overflow_arg_area = 0x7fff47b76ae0, reg_save_area = 0x7fff47b76a70}}
i = 0
file_handle = 0x7fff47b76b10
orig_op_array = 0x0
orig_retval_ptr_ptr = 0x0
orig_interactive = 0
#3 0x00007fefb0a264fd in php_handler (r=<optimized out>) at /build/buildd/php5-5.5.9+dfsg/sapi/apache2handler/sapi_apache2.c:669
zfd = {type = ZEND_HANDLE_FILENAME, filename = 0x7fefb331f660 "/www/proxy/htdocs/index.php", opened_path = 0x0, handle = {fd = -1287884760,
fp = 0x7fefb33c7028, stream = {handle = 0x7fefb33c7028, isatty = -1288571296, mmap = {len = 0, pos = 4294967296, map = 0x7fef00000000,
buf = 0x7fefb33c7858 "", old_handle = 0x7fefb33c7028, old_closer = 0x7fefb33c7028}, reader = 0x7fefb331f538, fsizer = 0x7fefb33314d0,
closer = 0x7fefb33c7190}}, free_filename = 0 '\000'}
__orig_bailout = 0x0
__bailout = {{__jmpbuf = {140667480380624, 5815155511085053436, 140667480380624, 140667484372864, 0, 140667480400528, -5814962620446198276,
-5805997107896699396}, __mask_was_saved = 0, __saved_mask = {__val = {0, 140667480307296, 140667480306168, 140667480307296, 140667404757974,
140667480380624, 140734396591152, 0, 0, 27, 140667480306928, 140667480306195, 140667480380624, 0, 0, 1}}}}
ctx = 0x7fefb332e3d0
conf = <optimized out>
brigade = 0x7fefb3325188
bucket = <optimized out>
rv = <optimized out>
parent_req = 0x7fefb332d388
#4 0x00007fefb34bb680 in ap_run_handler (r=0x7fefb33314d0) at config.c:169
pHook = 0x7fefb33bda90
n = 0
rv = 0
#5 0x00007fefb34bbbc9 in ap_invoke_handler (r=r at entry=0x7fefb33314d0) at config.c:439
handler = <optimized out>
p = <optimized out>
result = <optimized out>
old_handler = 0x7fefb33d5be8 "application/x-httpd-php"
ignore = <optimized out>
#6 0x00007fefb34d0c2c in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:644
new = 0x7fefb33314d0
access_status = <optimized out>
#7 0x00007fefaeb0bcfc in handler_redirect (r=0x7fefb332f0a0) at mod_rewrite.c:5063
No locals.
#8 0x00007fefb34bb680 in ap_run_handler (r=0x7fefb332f0a0) at config.c:169
pHook = 0x7fefb33bdab8
n = 1
rv = 0
#9 0x00007fefb34bbbc9 in ap_invoke_handler (r=r at entry=0x7fefb332f0a0) at config.c:439
handler = <optimized out>
p = <optimized out>
result = <optimized out>
old_handler = 0x7fefaeb141e9 "redirect-handler"
ignore = <optimized out>
#10 0x00007fefb34d116a in ap_process_async_request (r=r at entry=0x7fefb332f0a0) at http_request.c:317
access_status = 0
#11 0x00007fefb34d1444 in ap_process_request (r=r at entry=0x7fefb332f0a0) at http_request.c:363
bb = <optimized out>
b = <optimized out>
c = 0x7fefb3336290
rv = <optimized out>
#12 0x00007fefb34cdf02 in ap_process_http_sync_connection (c=0x7fefb3336290) at http_core.c:190
r = 0x7fefb332f0a0
cs = 0x0
csd = 0x7fefb33360a0
mpm_state = 1
#13 ap_process_http_connection (c=0x7fefb3336290) at http_core.c:231
No locals.
#14 0x00007fefb34c4cc0 in ap_run_process_connection (c=0x7fefb3336290) at connection.c:41
pHook = 0x7fefb33bdf38
n = 0
rv = 0
#15 0x00007fefb34c50a8 in ap_process_connection (c=c at entry=0x7fefb3336290, csd=<optimized out>) at connection.c:202
rc = <optimized out>
#16 0x00007fefb113d767 in child_main (child_num_arg=child_num_arg at entry=11) at prefork.c:704
current_conn = 0x7fefb3336290
csd = 0x7fefb33360a0
thd = 0x7fefb33380a0
osthd = 140667481577344
ptrans = 0x7fefb3336028
allocator = 0x7fefb4d4b160
status = <optimized out>
i = <optimized out>
lr = <optimized out>
pollset = 0x7fefb3338158
sbh = 0x7fefb3338150
bucket_alloc = 0x7fefb3332028
last_poll_idx = 1
lockfile = <optimized out>
#17 0x00007fefb113d9a6 in make_child (s=0x7fefb3421de0, slot=11) at prefork.c:800
pid = 0
#18 0x00007fefb113e60e in perform_idle_server_maintenance (p=<optimized out>) at prefork.c:902
i = <optimized out>
idle_count = <optimized out>
ws = <optimized out>
free_length = <optimized out>
free_slots = {5, 11, 21, 22, 22, 23, 24, 25, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84}
last_non_dead = <optimized out>
total_non_dead = <optimized out>
#19 prefork_run (_pconf=<optimized out>, plog=<optimized out>, s=<optimized out>) at prefork.c:1090
status = 0
pid = {pid = -1, in = 0x7fefb34dc048, out = 0xa, err = 0x7fefb2bbaff6 <find_entry+134>}
child_slot = <optimized out>
exitwhy = APR_PROC_EXIT
processed_status = <optimized out>
index = <optimized out>
remaining_children_to_start = 0
rv = <optimized out>
#20 0x00007fefb34a269e in ap_run_mpm (pconf=0x7fefb3451028, plog=0x7fefb3425028, s=0x7fefb3421de0) at mpm_common.c:96
pHook = 0x7fefb33be320
n = 0
rv = 0
#21 0x00007fefb349be36 in main (argc=3, argv=0x7fff47b772b8) at main.c:777
c = 0 '\000'
showcompile = 0
showdirectives = 0
confname = 0x7fefb34db607 "apache2.conf"
def_server_root = 0x7fefb34db5fa "/etc/apache2"
temp_error_log = 0x0
error = <optimized out>
process = 0x7fefb3453118
pconf = 0x7fefb3451028
plog = 0x7fefb3425028
ptemp = 0x7fefb341f028
pcommands = 0x7fefb342f028
opt = 0x7fefb342f118
rv = <optimized out>
mod = 0x7fefb36fd160 <ap_prelinked_modules+64>
opt_arg = 0x7fefb3453028 "(àE³ï\177"
signal_server = <optimized out>
(gdb)
** Affects: php5 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1389378
Title:
Apache + mod_php5 SIGSEGV in i_create_execute_data_from_op_array
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1389378/+subscriptions
More information about the Ubuntu-server-bugs
mailing list