Ubuntu
php5 package

Apache + mod_php5 SIGSEGV in i_create_execute_data_from_op_array

Bug #1389378 reported by Vince Valenti
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php5 (Ubuntu)
New
Undecided
Unassigned

Bug Description

VERSIONS:

# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04

# dpkg -l|egrep php\|apache
ii apache2 2.4.7-1ubuntu4.1 amd64 Apache HTTP Server
ii apache2-bin 2.4.7-1ubuntu4.1 amd64 Apache HTTP Server (binary files and modules)
ii apache2-data 2.4.7-1ubuntu4.1 all Apache HTTP Server (common files)
ii apache2-dbg 2.4.7-1ubuntu4.1 amd64 Apache debugging symbols
ii libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.5 amd64 server-side, HTML-embedded scripting language (Apache 2 module)
ii php5-cli 5.5.9+dfsg-1ubuntu4.5 amd64 command-line interpreter for the php5 scripting language
ii php5-common 5.5.9+dfsg-1ubuntu4.5 amd64 Common files for packages built from the php5 source
ii php5-json 1.3.2-2build1 amd64 JSON module for php5
ii php5-readline 5.5.9+dfsg-1ubuntu4.5 amd64 Readline module for php5

ERROR LOG:

# cat /var/log/apache2/error.log
[Tue Nov 04 06:52:13.979932 2014] [mpm_prefork:notice] [pid 13205] AH00163: Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f configured -- resuming normal operations
[Tue Nov 04 06:52:13.979953 2014] [core:notice] [pid 13205] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 04 07:24:52.316293 2014] [core:notice] [pid 13205] AH00051: child pid 32634 exit signal Segmentation fault (11), possible coredump in /tmp
[Tue Nov 04 07:24:53.318237 2014] [core:notice] [pid 13205] AH00051: child pid 32652 exit signal Segmentation fault (11), possible coredump in /tmp

BACKTRACE:

# gdb /usr/sbin/apache2 core.1
GNU gdb (Ubuntu 7.7-0ubuntu3.1) 7.7
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/apache2...Reading symbols from /usr/lib/debug//usr/sbin/apache2...done.
done.
[New LWP 32652]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fefb0a22d12 in i_create_execute_data_from_op_array (nested=0 '\000', op_array=0x7fefb4973868) at /build/buildd/php5-5.5.9+dfsg/Zend/zend_execute.c:1631
1631 /build/buildd/php5-5.5.9+dfsg/Zend/zend_execute.c: No such file or directory.
(gdb) bt full
#0 0x00007fefb0a22d12 in i_create_execute_data_from_op_array (nested=0 '\000', op_array=0x7fefb4973868) at /build/buildd/php5-5.5.9+dfsg/Zend/zend_execute.c:1631
        execute_data = 0xa7a783c280aaca1b
        CVs_size = 16
        Ts_size = <optimized out>
        stack_size = <optimized out>
        total_size = <optimized out>
        call_slots_size = <optimized out>
#1 zend_execute (op_array=0x7fefb4973868) at /build/buildd/php5-5.5.9+dfsg/Zend/zend_vm_execute.h:388
        op_array = 0x7fefb4973868
#2 0x00007fefb09765f0 in zend_execute_scripts (type=type@entry=2, retval=retval@entry=0x0, file_count=file_count@entry=1)
    at /build/buildd/php5-5.5.9+dfsg/Zend/zend.c:1316
        files = {{gp_offset = 32, fp_offset = 32751, overflow_arg_area = 0x7fff47b76ae0, reg_save_area = 0x7fff47b76a70}}
        i = 0
        file_handle = 0x7fff47b76b10
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
        orig_interactive = 0
#3 0x00007fefb0a264fd in php_handler (r=<optimized out>) at /build/buildd/php5-5.5.9+dfsg/sapi/apache2handler/sapi_apache2.c:669
        zfd = {type = ZEND_HANDLE_FILENAME, filename = 0x7fefb331f660 "/www/proxy/htdocs/index.php", opened_path = 0x0, handle = {fd = -1287884760,
            fp = 0x7fefb33c7028, stream = {handle = 0x7fefb33c7028, isatty = -1288571296, mmap = {len = 0, pos = 4294967296, map = 0x7fef00000000,
                buf = 0x7fefb33c7858 "", old_handle = 0x7fefb33c7028, old_closer = 0x7fefb33c7028}, reader = 0x7fefb331f538, fsizer = 0x7fefb33314d0,
              closer = 0x7fefb33c7190}}, free_filename = 0 '\000'}
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {140667480380624, 5815155511085053436, 140667480380624, 140667484372864, 0, 140667480400528, -5814962620446198276,
              -5805997107896699396}, __mask_was_saved = 0, __saved_mask = {__val = {0, 140667480307296, 140667480306168, 140667480307296, 140667404757974,
                140667480380624, 140734396591152, 0, 0, 27, 140667480306928, 140667480306195, 140667480380624, 0, 0, 1}}}}
        ctx = 0x7fefb332e3d0
        conf = <optimized out>
        brigade = 0x7fefb3325188
        bucket = <optimized out>
        rv = <optimized out>
        parent_req = 0x7fefb332d388
#4 0x00007fefb34bb680 in ap_run_handler (r=0x7fefb33314d0) at config.c:169
        pHook = 0x7fefb33bda90
        n = 0
        rv = 0
#5 0x00007fefb34bbbc9 in ap_invoke_handler (r=r@entry=0x7fefb33314d0) at config.c:439
        handler = <optimized out>
        p = <optimized out>
        result = <optimized out>
        old_handler = 0x7fefb33d5be8 "application/x-httpd-php"
        ignore = <optimized out>
#6 0x00007fefb34d0c2c in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:644
        new = 0x7fefb33314d0
        access_status = <optimized out>
#7 0x00007fefaeb0bcfc in handler_redirect (r=0x7fefb332f0a0) at mod_rewrite.c:5063
No locals.
#8 0x00007fefb34bb680 in ap_run_handler (r=0x7fefb332f0a0) at config.c:169
        pHook = 0x7fefb33bdab8
        n = 1
        rv = 0
#9 0x00007fefb34bbbc9 in ap_invoke_handler (r=r@entry=0x7fefb332f0a0) at config.c:439
        handler = <optimized out>
        p = <optimized out>
        result = <optimized out>
        old_handler = 0x7fefaeb141e9 "redirect-handler"
        ignore = <optimized out>
#10 0x00007fefb34d116a in ap_process_async_request (r=r@entry=0x7fefb332f0a0) at http_request.c:317
        access_status = 0
#11 0x00007fefb34d1444 in ap_process_request (r=r@entry=0x7fefb332f0a0) at http_request.c:363
        bb = <optimized out>
        b = <optimized out>
        c = 0x7fefb3336290
        rv = <optimized out>
#12 0x00007fefb34cdf02 in ap_process_http_sync_connection (c=0x7fefb3336290) at http_core.c:190
        r = 0x7fefb332f0a0
        cs = 0x0
        csd = 0x7fefb33360a0
        mpm_state = 1
#13 ap_process_http_connection (c=0x7fefb3336290) at http_core.c:231
No locals.
#14 0x00007fefb34c4cc0 in ap_run_process_connection (c=0x7fefb3336290) at connection.c:41
        pHook = 0x7fefb33bdf38
        n = 0
        rv = 0
#15 0x00007fefb34c50a8 in ap_process_connection (c=c@entry=0x7fefb3336290, csd=<optimized out>) at connection.c:202
        rc = <optimized out>
#16 0x00007fefb113d767 in child_main (child_num_arg=child_num_arg@entry=11) at prefork.c:704
        current_conn = 0x7fefb3336290
        csd = 0x7fefb33360a0
        thd = 0x7fefb33380a0
        osthd = 140667481577344
        ptrans = 0x7fefb3336028
        allocator = 0x7fefb4d4b160
        status = <optimized out>
        i = <optimized out>
        lr = <optimized out>
        pollset = 0x7fefb3338158
        sbh = 0x7fefb3338150
        bucket_alloc = 0x7fefb3332028
        last_poll_idx = 1
        lockfile = <optimized out>
#17 0x00007fefb113d9a6 in make_child (s=0x7fefb3421de0, slot=11) at prefork.c:800
        pid = 0
#18 0x00007fefb113e60e in perform_idle_server_maintenance (p=<optimized out>) at prefork.c:902
        i = <optimized out>
        idle_count = <optimized out>
        ws = <optimized out>
        free_length = <optimized out>
        free_slots = {5, 11, 21, 22, 22, 23, 24, 25, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84}
        last_non_dead = <optimized out>
        total_non_dead = <optimized out>
#19 prefork_run (_pconf=<optimized out>, plog=<optimized out>, s=<optimized out>) at prefork.c:1090
        status = 0
        pid = {pid = -1, in = 0x7fefb34dc048, out = 0xa, err = 0x7fefb2bbaff6 <find_entry+134>}
        child_slot = <optimized out>
        exitwhy = APR_PROC_EXIT
        processed_status = <optimized out>
        index = <optimized out>
        remaining_children_to_start = 0
        rv = <optimized out>
#20 0x00007fefb34a269e in ap_run_mpm (pconf=0x7fefb3451028, plog=0x7fefb3425028, s=0x7fefb3421de0) at mpm_common.c:96
        pHook = 0x7fefb33be320
        n = 0
        rv = 0
#21 0x00007fefb349be36 in main (argc=3, argv=0x7fff47b772b8) at main.c:777
        c = 0 '\000'
        showcompile = 0
        showdirectives = 0
        confname = 0x7fefb34db607 "apache2.conf"
        def_server_root = 0x7fefb34db5fa "/etc/apache2"
        temp_error_log = 0x0
        error = <optimized out>
        process = 0x7fefb3453118
        pconf = 0x7fefb3451028
        plog = 0x7fefb3425028
        ptemp = 0x7fefb341f028
        pcommands = 0x7fefb342f028
        opt = 0x7fefb342f118
        rv = <optimized out>
        mod = 0x7fefb36fd160 <ap_prelinked_modules+64>
        opt_arg = 0x7fefb3453028 "(àE³ï\177"
        signal_server = <optimized out>
(gdb)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.