Ubuntu
php7.2 package

libapache2-mod-php7.2 crash when apache enmod php5

Bug #1807484 reported by Bui Dinh Bao
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php7.2 (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

trigger: enmod php7.2 first, then enmod php5
vagrant box: https://drive.google.com/file/d/1uQELpsiBaXOAZpXtcHDdciZ_waXHShi8/view?usp=sharing
Core dump file:
https://drive.google.com/file/d/1a-POH6PWldsyAZiGMcqfxctfW7H_bA1B/view?usp=sharing

Backtrace:

vagrant@vagrant-ubuntu-trusty-64:~$ sudo apachectl debug
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.3) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/apache2...(no debugging symbols found)...done.
warning: File "/home/vagrant/.gdbinit" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
To enable execution of this file add
 add-auto-load-safe-path /home/vagrant/.gdbinit
line to your configuration file "$HOME/.gdbinit".
To completely disable this security protection add
 set auto-load safe-path /
line to your configuration file "$HOME/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
 info "(gdb)Auto-loading safe path"
(gdb) source /home/vagrant/peda
/home/vagrant/peda: Success.
(gdb) source /home/vagrant/peda/peda.py
gdb-peda$ bt
No stack.
gdb-peda$ run -k start
Starting program: /usr/sbin/apache2 -k start
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.0.2.15. Set the 'ServerName' directive globally to suppress this message

Program received signal SIGSEGV, Segmentation fault.

[----------------------------------registers-----------------------------------]
RAX: 0x7ffff3e96a50 (<gc_collect_cycles>: push r15)
RBX: 0x7fffffffd180 --> 0x7ffff1e8debe (push r15)
RCX: 0x5f ('_')
RDX: 0x7ffff2058cc0 (<zend_gc_collect_cycles>: push r15)
RSI: 0x7ffff212b6d7 ("E_ZEND_DTRACE")
RDI: 0x7fffffffee86 ("ERNAME=root")
RBP: 0x1
RSP: 0x7fffffffd120 --> 0x0
RIP: 0x7ffff2030d60 (mov QWORD PTR [rax],rdx)
R8 : 0xffff
R9 : 0x1
R10: 0x7ffff71b6440 (<__strncmp_sse2+4608>: pxor xmm0,xmm0)
R11: 0xc ('\x0c')
R12: 0x7ffff4654260 --> 0x7ffff2132003 ("apache2handler")
R13: 0x7ffff241a280 --> 0x7ffff2132003 ("apache2handler")
R14: 0x7ffff7fba028 --> 0x7ffff7ff2028 --> 0x7ffff7ff4028 --> 0x7ffff7ff8028 --> 0x0
R15: 0x7ffff241a3a0 --> 0x133c7de000000a8
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff2030d4b: lea rdx,[rip+0x27f6e] # 0x7ffff2058cc0 <zend_gc_collect_cycles>
   0x7ffff2030d52: mov QWORD PTR [rax],0x0
   0x7ffff2030d59: mov rax,QWORD PTR [rip+0x3d2f90] # 0x7ffff2403cf0
=> 0x7ffff2030d60: mov QWORD PTR [rax],rdx
   0x7ffff2030d63: call 0x7ffff20d6d10
   0x7ffff2030d68: mov edi,0x3f
   0x7ffff2030d6d: call 0x7ffff1e8c260 <malloc@plt>
   0x7ffff2030d72: test rax,rax
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffd120 --> 0x0
0008| 0x7fffffffd128 --> 0x1
0016| 0x7fffffffd130 --> 0x7ffff4654260 --> 0x7ffff2132003 ("apache2handler")
0024| 0x7fffffffd138 --> 0x7ffff1fcf34b (<php_module_startup+379>: lea rsi,[rip+0x1132a6] # 0x7ffff20e25f8)
0032| 0x7fffffffd140 --> 0x1558092c0
0040| 0x7fffffffd148 --> 0x555555809160 --> 0x5555558097c0 --> 0x7ffff72aee73 ("gethostbyaddr_r")
0048| 0x7fffffffd150 --> 0x2d746e610000007c ('|')
0056| 0x7fffffffd158 ("ubuntu-trusty-64")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00007ffff2030d60 in ?? () from /usr/lib/apache2/modules/libphp7.2.so
gdb-peda$ bt
#0 0x00007ffff2030d60 in ?? () from /usr/lib/apache2/modules/libphp7.2.so
#1 0x00007ffff1fcf34b in php_module_startup () from /usr/lib/apache2/modules/libphp7.2.so
#2 0x00007ffff20d81e5 in ?? () from /usr/lib/apache2/modules/libphp7.2.so
#3 0x00007ffff20d8dd5 in ?? () from /usr/lib/apache2/modules/libphp7.2.so
#4 0x00005555555ad259 in ap_run_post_config ()
#5 0x000055555558b398 in main ()
#6 0x00007ffff714df45 in __libc_start_main (main=0x55555558aaf0 <main>, argc=0x3,
    argv=0x7fffffffe688, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
    stack_end=0x7fffffffe678) at libc-start.c:287
#7 0x000055555558b6af in _start ()
gdb-peda$

See original description
Bui Dinh Bao (0xd0ff9)
summary: - libapache2-mod-php7.2 crash when apache was enmoded php5
+ libapache2-mod-php7.2 crash when apache enmod php5
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Trusty: libapache2-mod-php5
(xenial 7.0)
Bionic: libapache2-mod-php (being 7.2)

There never should be a system where both exist at once, even in awkward upgrade scenarios, but you described a case on trusty.

What is the source of the php 7.2 on trusty?
I assume that is not part of the Ubuntu supported archive, but please maybe I overlook something as I'm puzzled?

Changed in php7.2 (Ubuntu):
status: New → Incomplete
Bui Dinh Bao (0xd0ff9)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for php7.2 (Ubuntu) because there has been no activity for 60 days.]

Changed in php7.2 (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.