PHP 5.2.3 segfault with syslog standard extension

17 years ago by Rachmel — view source

unread

Hi,

I am running PHP 5.2.3 as a statically compiled module for a web server
(appWeb, which is an embbeded apache-like server).
My platform is a ppc processor, running Windriver Linux.

The problem I encounter is, that when printing many syslogs to the
system my web-server crashes.

I have backtraced the problem to a specific call to a 'free' system call
in the syslog.c extension:

PHP_FUNCTION(openlog)
{
char *ident;
long option, facility;
int ident_len;

if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sll", &ident,
&ident_len, &option, &facility) == FAILURE) {
return;
}
if (BG(syslog_device)) {
free(BG(syslog_device));
}
BG(syslog_device) = zend_strndup(ident, ident_len);
openlog(BG(syslog_device), option, facility); RETURN_TRUE; }

has anyone run into a same problem... or have any ideas as to how to
resolve this?

	Thanks in advance, 

			Nir.

17 years ago by Antony Dovgal — view source

unread

Hi,

I am running PHP 5.2.3 as a statically compiled module for a web server
(appWeb, which is an embbeded apache-like server).
My platform is a ppc processor, running Windriver Linux.

The problem I encounter is, that when printing many syslogs to the
system my web-server crashes.

I have backtraced the problem to a specific call to a 'free' system call
in the syslog.c extension:

<skip> > has anyone run into a same problem... or have any ideas as to how to > resolve this?

I'm afraid there are not much Windriver Linux users here.
Do you have GDB there and what does the backtrace look like?

--
Wbr,
Antony Dovgal

17 years ago by Rachmel — view source

unread

Here is a bt, produced from gdb:

frame #: stack_frame_ptr backchain_ptr LR_save_word
frame 0: 0xXXXXXXXX: 0xXXXXXXXX $165 = 0xfe1ca60
<free+116>
frame 1: 0x33ae66f0: 0x33ae6710 $166 = 0x33ae6718
frame 2: 0x33ae6710: 0x33ae6740 $167 = 0xf8b8288
<zif_openlog+248>
frame 3: 0x33ae6740: 0x33ae67c0 $168 = 0xf9838dc
<zend_do_fcall_common_helper_SPEC+3032>
frame 4: 0x33ae67c0: 0x33ae6c20 $169 = 0xf982bd8
<execute+484>
frame 5: 0x33ae6c20: 0x33ae6ca0 $170 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 6: 0x33ae6ca0: 0x33ae7250 $171 = 0xf982bd8
<execute+484>
frame 7: 0x33ae7250: 0x33ae72d0 $172 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 8: 0x33ae72d0: 0x33ae7f00 $173 = 0xf982bd8
<execute+484>
frame 9: 0x33ae7f00: 0x33ae7f80 $174 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 10: 0x33ae7f80: 0x33ae86c0 $175 = 0xf982bd8
<execute+484>
frame 11: 0x33ae86c0: 0x33ae8740 $176 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 12: 0x33ae8740: 0x33ae90f0 $177 = 0xf982bd8
<execute+484>
frame 13: 0x33ae90f0: 0x33ae9170 $178 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 14: 0x33ae9170: 0x33ae9480 $179 = 0xf982bd8
<execute+484>
frame 15: 0x33ae9480: 0x33ae9500 $180 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 16: 0x33ae9500: 0x33ae9750 $181 = 0xf982bd8
<execute+484>
frame 17: 0x33ae9750: 0x33ae97d0 $182 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 18: 0x33ae97d0: 0x33ae9ae0 $183 = 0xf982bd8
<execute+484>
frame 19: 0x33ae9ae0: 0x33ae9b60 $184 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 20: 0x33ae9b60: 0x33aead50 $185 = 0xf982bd8
<execute+484>
frame 21: 0x33aead50: 0x33aeadd0 $186 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 22: 0x33aeadd0: 0x33aeb830 $187 = 0xf982bd8
<execute+484>
frame 23: 0x33aeb830: 0x33aeb8b0 $188 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 24: 0x33aeb8b0: 0x33aebb80 $189 = 0xf982bd8
<execute+484>
frame 25: 0x33aebb80: 0x33aebc00 $190 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 26: 0x33aebc00: 0x33aebec0 $191 = 0xf982bd8
<execute+484>
frame 27: 0x33aebec0: 0x33aebf40 $192 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 28: 0x33aebf40: 0x33aec210 $193 = 0xf982bd8
<execute+484>
frame 29: 0x33aec210: 0x33aec290 $194 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 30: 0x33aec290: 0x33aec610 $195 = 0xf982bd8
<execute+484>
frame 31: 0x33aec610: 0x33aec690 $196 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 32: 0x33aec690: 0x33aec960 $197 = 0xf982bd8
<execute+484>
frame 33: 0x33aec960: 0x33aec9e0 $198 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 34: 0x33aec9e0: 0x33aed0d0 $199 = 0xf982bd8
<execute+484>
frame 35: 0x33aed0d0: 0x33aed150 $200 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 36: 0x33aed150: 0x33aed420 $201 = 0xf982bd8
<execute+484>
frame 37: 0x33aed420: 0x33aed4a0 $202 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 38: 0x33aed4a0: 0x33aed830 $203 = 0xf982bd8
<execute+484>
frame 39: 0x33aed830: 0x33aed8b0 $204 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 40: 0x33aed8b0: 0x33aedb80 $205 = 0xf982bd8
<execute+484>
frame 41: 0x33aedb80: 0x33aedc00 $206 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 42: 0x33aedc00: 0x33aee280 $207 = 0xf982bd8
<execute+484>
frame 43: 0x33aee280: 0x33aee300 $208 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 44: 0x33aee300: 0x33aee5d0 $209 = 0xf982bd8
<execute+484>
---Type <return> to continue, or q <return> to quit---
frame 45: 0x33aee5d0: 0x33aee650 $210 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 46: 0x33aee650: 0x33aeec10 $211 = 0xf982bd8
<execute+484>
frame 47: 0x33aeec10: 0x33aeec90 $212 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 48: 0x33aeec90: 0x33aeef60 $213 = 0xf982bd8
<execute+484>
frame 49: 0x33aeef60: 0x33aeefe0 $214 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 50: 0x33aeefe0: 0x33aefa70 $215 = 0xf982bd8
<execute+484>
frame 51: 0x33aefa70: 0x33aefaf0 $216 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 52: 0x33aefaf0: 0x33af07f0 $217 = 0xf982bd8
<execute+484>
frame 53: 0x33af07f0: 0x33af0870 $218 = 0xf982f6c
<zend_do_fcall_common_helper_SPEC+616>
frame 54: 0x33af0870: 0x33af10b0 $219 = 0xf982bd8
<execute+484>
frame 55: 0x33af10b0: 0x33af1190 $220 = 0xf951fa0
<zend_execute_scripts+384>
frame 56: 0x33af1190: 0x33af3490 $221 = 0xf8f0150
<php_execute_script+656>
frame 57: 0x33af3490: 0x33af3750 $222 = 0xfc88460
<_ZN13MaPhp5Handler10execScriptEP9MaRequest+220>
frame 58: 0x33af3750: 0x33af3c60 $223 = 0xfc881ec
<_ZN13MaPhp5Handler3runEP9MaRequest+1480>
frame 59: 0x33af3c60: 0x33af3ca0 $224 = 0xffbd12c
<_ZN9MaRequest11runHandlersEv+312>
frame 60: 0x33af3ca0: 0x33af3ce0 $225 = 0xffb8518
<_ZN9MaRequest14processRequestEv+1520>
frame 61: 0x33af3ce0: 0x33af3d20 $226 = 0xffb7ec8
<_ZN9MaRequest9readEventEv+860>
frame 62: 0x33af3d20: 0x33af3d50 $227 = 0xffb7ae4
<_ZN9MaRequest11acceptEventEPvP9MprSocketPciS2_i+856>
frame 63: 0x33af3d50: 0x33af3d70 $228 = 0xffc9e80
<_ZN9MprSocket6ioProcEii+316>
frame 64: 0x33af3d70: 0x33af3d90 $229 = 0xef84728
<_ZN11MaSslSocket6ioProcEii+144>
frame 65: 0x33af3d90: 0x33af3db0 $230 = 0xffc9d28
<_ZN9MprSocket7getPortEv+120>
frame 66: 0x33af3db0: 0x33af3dd0 $231 = 0xffc3418
<_ZN16MprSelectHandler10selectProcEP7MprTask+200>
frame 67: 0x33af3dd0: 0x33af3df0 $232 = 0xffc3318
<_ZN16MprSelectHandler4stopEi+668>
frame 68: 0x33af3df0: 0x33af3e10 $233 = 0xffccb44
<_ZN13MprPoolThread10threadMainEv+420>
frame 69: 0x33af3e10: 0x33af3e40 $234 = 0xffcc944
<_ZN13MprPoolThread7setTaskEP7MprTask+236>
frame 70: 0x33af3e40: 0x33af3e60 $235 = 0xffce854
<_ZN9MprThread10threadProcEv+88>
frame 71: 0x33af3e60: 0x33af3e80 $236 = 0xffce7b8
<_ZN9MprThread5startEv+336>
frame 72: 0x33af3e80: 0x33af4090 $237 = 0xff3ef48
<start_thread+132>

Thanks, Nir.

-----Original Message-----
From: Antony Dovgal [mailto:tony@daylessday.org]
Sent: Wednesday, November 14, 2007 9:32 AM
To: Rachmel, Nir (Nir)
Cc: internals@lists.php.net
Subject: Re: [PHP-DEV] PHP 5.2.3 segfault with syslog standard extension

Hi,

I am running PHP 5.2.3 as a statically compiled module for a web
server (appWeb, which is an embbeded apache-like server).
My platform is a ppc processor, running Windriver Linux.

The problem I encounter is, that when printing many syslogs to the
system my web-server crashes.

I have backtraced the problem to a specific call to a 'free' system
call in the syslog.c extension:

<skip> > has anyone run into a same problem... or have any ideas as to how to > resolve this?

I'm afraid there are not much Windriver Linux users here.
Do you have GDB there and what does the backtrace look like?

--
Wbr,
Antony Dovgal

17 years ago by Antony Dovgal — view source

unread

Is this what you get after typing 'bt' in GDB console?
This doesn't look like a bt I'm used to.
Also don't forget to --enable-debug, generating bt without debug symbols makes little sense.

It might also help if you print basic_globals contents:
(gdb) p basic_globals

Here is a bt, produced from gdb:

frame #: stack_frame_ptr backchain_ptr LR_save_word
frame 0: 0xXXXXXXXX: 0xXXXXXXXX $165 = 0xfe1ca60
<free+116>
frame 1: 0x33ae66f0: 0x33ae6710 $166 = 0x33ae6718
frame 2: 0x33ae6710: 0x33ae6740 $167 = 0xf8b8288
<zif_openlog+248>
frame 3: 0x33ae6740: 0x33ae67c0 $168 = 0xf9838dc

--
Wbr,
Antony Dovgal