Edit report at https://bugs.php.net/bug.php?id=60990&edit=1
ID: 60990 Updated by: ses...@php.net Reported by: flatline at hardwired dot hu Summary: Segfault when trying to allocate more memory Status: Open Type: Bug Package: FPM related Operating System: Debian Squeeze x86_64 PHP Version: 5.3.10 Block user comment: N Private report: N New Comment: "I don't know what you mean under "Do you have NO PHP code running on the system?" I just wanted to know how this crash happens: a) one specific PHP file b) nearly all files c) by just requesting any file (in case of C the most obvious reason would be some extension being compiled in a different way than PHP itself - Debian e.g. for a long time compiled their PHP with LFS support, but forgot to set this flag in PHP-DEV so all compiled extensions had different struct sizes for some structs. And this caused crashes e.g. in Suhosin.so) Previous Comments: ------------------------------------------------------------------------ [2012-02-07 07:42:31] s...@php.net Full backtrace (or even better, a run under valgrind if it's reproduceable) would be helpful. I'd also recommend trying without suhosin.so just to ensure the problem is not there (second trace still shows it loading). >From the trace it looks like the fault is in _zval_ptr_dtor which doesn't look like segfault as a result of allocator returning null - the argument is not null and _zval_ptr_dtor is not usually called right after allocator. Does it also crash if you set envt variable USE_ZEND_MM to 0 (that turns off Zend MM)? ------------------------------------------------------------------------ [2012-02-06 18:05:12] flatline at hardwired dot hu When I remove the suhosin.so extension it still segfaults. I don't know what you mean under "Do you have NO PHP code running on the system?". It's a quite complex script, but I can reproduce the problem each and every time. If I'm not mistaken when Zend tries to allocate some more memory and it bumps into the memory_limit parameter, it blindly uses the resulting (NULL) pointer, so that causes this segfault. Here is the new backtrace, without suhosin.so loaded, with the env parameter you suggested: gdb /usr/sbin/php5-fpm ./core-fpm GNU gdb (GDB) 7.0.1-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/sbin/php5-fpm...Reading symbols from /usr/lib/debug/usr/sbin/php5-fpm...done. (no debugging symbols found)...done. warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libcrypt.so.1 Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /usr/lib/libonig.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libonig.so.2 Reading symbols from /usr/lib/libcrypto.so.0.9.8...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libcrypto.so.0.9.8 Reading symbols from /usr/lib/libssl.so.0.9.8...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libssl.so.0.9.8 Reading symbols from /usr/lib/libdb-4.8.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libdb-4.8.so Reading symbols from /usr/lib/libqdbm.so.14...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libqdbm.so.14 Reading symbols from /lib/libbz2.so.1.0...(no debugging symbols found)...done. Loaded symbols for /lib/libbz2.so.1.0 Reading symbols from /lib/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /lib/libm.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/libm.so.6 Reading symbols from /lib/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /usr/lib/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgssapi_krb5.so.2 Reading symbols from /usr/lib/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libkrb5.so.3 Reading symbols from /usr/lib/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libk5crypto.so.3 Reading symbols from /lib/libcom_err.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libcom_err.so.2 Reading symbols from /usr/lib/libxml2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libxml2.so.2 Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libpthread.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /usr/lib/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libkrb5support.so.0 Reading symbols from /lib/libkeyutils.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libkeyutils.so.1 Reading symbols from /usr/lib/php5/20090626/apc.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/apc.so Reading symbols from /usr/lib/php5/20090626/curl.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/curl.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/curl.so Reading symbols from /usr/lib/libcurl.so.4...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libcurl.so.4 Reading symbols from /usr/lib/libidn.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libidn.so.11 Reading symbols from /usr/lib/libssh2.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libssh2.so.1 Reading symbols from /usr/lib/liblber-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/liblber-2.4.so.2 Reading symbols from /usr/lib/libldap_r-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libldap_r-2.4.so.2 Reading symbols from /usr/lib/libgcrypt.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgcrypt.so.11 Reading symbols from /usr/lib/libsasl2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsasl2.so.2 Reading symbols from /usr/lib/libgnutls.so.26...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgnutls.so.26 Reading symbols from /usr/lib/libgpg-error.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgpg-error.so.0 Reading symbols from /usr/lib/libtasn1.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libtasn1.so.3 Reading symbols from /usr/lib/php5/20090626/gd.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/gd.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/gd.so Reading symbols from /usr/lib/libt1.so.5...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libt1.so.5 Reading symbols from /usr/lib/libfreetype.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libfreetype.so.6 Reading symbols from /usr/lib/libX11.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libX11.so.6 Reading symbols from /usr/lib/libXpm.so.4...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXpm.so.4 Reading symbols from /lib/libpng12.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/libpng12.so.0 Reading symbols from /usr/lib/libjpeg.so.62...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libjpeg.so.62 Reading symbols from /usr/lib/libxcb.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libxcb.so.1 Reading symbols from /usr/lib/libXau.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXau.so.6 Reading symbols from /usr/lib/libXdmcp.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXdmcp.so.6 Reading symbols from /usr/lib/php5/20090626/imagick.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/imagick.so Reading symbols from /usr/lib/libMagickWand.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libMagickWand.so.3 Reading symbols from /usr/lib/libMagickCore.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libMagickCore.so.3 Reading symbols from /usr/lib/liblcms.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/liblcms.so.1 Reading symbols from /usr/lib/libtiff.so.4...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libtiff.so.4 Reading symbols from /usr/lib/liblqr-1.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/liblqr-1.so.0 Reading symbols from /lib/libglib-2.0.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/libglib-2.0.so.0 Reading symbols from /usr/lib/libfontconfig.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libfontconfig.so.1 Reading symbols from /usr/lib/libXext.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXext.so.6 Reading symbols from /usr/lib/libSM.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libSM.so.6 Reading symbols from /usr/lib/libICE.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libICE.so.6 Reading symbols from /usr/lib/libXt.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXt.so.6 Reading symbols from /usr/lib/libgomp.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgomp.so.1 Reading symbols from /usr/lib/libltdl.so.7...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libltdl.so.7 Reading symbols from /lib/libpcre.so.3...(no debugging symbols found)...done. Loaded symbols for /lib/libpcre.so.3 Reading symbols from /usr/lib/libexpat.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libexpat.so.1 Reading symbols from /lib/libuuid.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libuuid.so.1 Reading symbols from /usr/lib/php5/20090626/mysql.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/mysql.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/mysql.so Reading symbols from /usr/lib/php5/20090626/mysqli.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/mysqli.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/mysqli.so Reading symbols from /usr/lib/php5/20090626/pdo.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/pdo.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/pdo.so Reading symbols from /usr/lib/php5/20090626/pdo_mysql.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/pdo_mysql.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/pdo_mysql.so Reading symbols from /usr/lib/php5/20090626/pdo_sqlite.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/pdo_sqlite.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/pdo_sqlite.so Reading symbols from /usr/lib/libsqlite3.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsqlite3.so.0 Reading symbols from /usr/lib/php5/20090626/sqlite.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/sqlite.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/sqlite.so Reading symbols from /usr/lib/libsqlite.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsqlite.so.0 Reading symbols from /usr/lib/php5/20090626/sqlite3.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/sqlite3.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/sqlite3.so Reading symbols from /usr/lib/php5/20090626/suhosin.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/suhosin.so Reading symbols from /lib/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /lib/libnss_compat.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libnss_compat.so.2 Reading symbols from /lib/libnss_nis.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libnss_nis.so.2 Core was generated by `php-fpm: pool xxxxx '. Program terminated with signal 11, Segmentation fault. #0 _zval_ptr_dtor (zval_ptr=0xa1) at /usr/src/php5/source/php5-5.3.10/Zend/zend_execute_API.c:436 436 /usr/src/php5/source/php5-5.3.10/Zend/zend_execute_API.c: No such file or directory. in /usr/src/php5/source/php5-5.3.10/Zend/zend_execute_API.c (gdb) x/8i $pc 0x6b74c1 <_zval_ptr_dtor+1>: mov (%rdi),%rbx 0x6b74c4 <_zval_ptr_dtor+4>: mov 0x10(%rbx),%eax 0x6b74c7 <_zval_ptr_dtor+7>: sub $0x1,%eax 0x6b74ca <_zval_ptr_dtor+10>: test %eax,%eax 0x6b74cc <_zval_ptr_dtor+12>: mov %eax,0x10(%rbx) 0x6b74cf <_zval_ptr_dtor+15>: jne 0x6b7508 <_zval_ptr_dtor+72> 0x6b74d1 <_zval_ptr_dtor+17>: mov 0x750ea8(%rip),%rax # 0xe08380 <_GLOBAL_OFFSET_TABLE_+8512> 0x6b74d8 <_zval_ptr_dtor+24>: add $0x8,%rax (gdb) x/8x $sp 0x3c20910fbf0: 0x01221730 0x00000000 0x006d0a78 0x00000000 0x3c20910fc00: 0x01bb0d90 0x00000000 0x0115ee48 0x00000000 (gdb) info reg rax 0x6b74c0 7042240 rbx 0x1221730 19011376 rcx 0x3654f0c3590 3733652780432 rdx 0x6c34f0 7091440 rsi 0x3654f0c6cb0 3733652794544 rdi 0xa1 161 rbp 0x1bb0de0 0x1bb0de0 rsp 0x3c20910fbf0 0x3c20910fbf0 r8 0x223e440faf29a69f 2467484479999551135 r9 0x11676b8 18249400 r10 0x3654c5a4e90 3733607566992 r11 0x3654c64fb20 3733608266528 r12 0x6c70ac1e0aa0fa2d 7813934598515128877 r13 0x10ca4c0 17605824 r14 0x10ca4c0 17605824 r15 0xe41a60 14948960 rip 0x6b74c1 0x6b74c1 <_zval_ptr_dtor+1> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 fctrl 0x27f 639 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x6c2150 7086416 foseg 0x3c2 962 fooff 0x910d590 152098192 fop 0x0 0 mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ] ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60990 -- Edit this bug report at https://bugs.php.net/bug.php?id=60990&edit=1
