Edit report at https://bugs.php.net/bug.php?id=61728&edit=1
ID: 61728 Updated by: larue...@php.net Reported by: frederik_php at vanrenterghem dot biz Summary: php-fpm SIGSEGV running friendica on nginx -Status: Open +Status: Verified Type: Bug Package: Reproducible crash Operating System: Linux Debian Wheezy PHP Version: 5.4.0 Block user comment: N Private report: N Previous Comments: ------------------------------------------------------------------------ [2012-04-14 16:59:05] larue...@php.net if you try to start a user output handler in session_write. then it will crash. I have attach a simple reproduce script. and also made a simple fix. ------------------------------------------------------------------------ [2012-04-14 16:58:03] larue...@php.net The following patch has been added/updated: Patch Name: bug61728.patch Revision: 1334422683 URL: https://bugs.php.net/patch-display.php?bug=61728&patch=bug61728.patch&revision=1334422683 ------------------------------------------------------------------------ [2012-04-14 16:57:46] larue...@php.net The following patch has been added/updated: Patch Name: bug61728.phpt Revision: 1334422666 URL: https://bugs.php.net/patch-display.php?bug=61728&patch=bug61728.phpt&revision=1334422666 ------------------------------------------------------------------------ [2012-04-14 15:13:47] frederik_php at vanrenterghem dot biz I get the same error on apache2: Core was generated by `/usr/sbin/apache2 -k start'. Program terminated with signal 11, Segmentation fault. #0 0xb5cf371d in zend_stack_push (stack=<error reading variable: Unknown argument list address for `stack'.>, element=<error reading variable: Unknown argument list address for `element'.>, size=<error reading variable: Unknown argument list address for `size'.>) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/Zend/zend_stack.c:42 42 /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/Zend/zend_stack.c: No such file or directory. (gdb) bt #0 0xb5cf371d in zend_stack_push (stack=<error reading variable: Unknown argument list address for `stack'.>, element=<error reading variable: Unknown argument list address for `element'.>, size=<error reading variable: Unknown argument list address for `size'.>) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/Zend/zend_stack.c:42 #1 0xb5ca1c1c in php_output_handler_start (handler=0xb5ca06d0) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/main/output.c:563 #2 0xb5ca413b in php_output_start_default () at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/main/output.c:412 #3 0xb5c0a0dd in zif_print_r (ht=-1295141216, return_value=0x0, return_value_ptr=0x0, this_ptr=0x1, return_value_used=-1228621212) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/ext/standard/basic_functions.c:5496 #4 0xb5da40b1 in zend_do_fcall_common_helper_SPEC (execute_data=0xb6c1e908) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/Zend/zend_vm_execute.h:642 #5 0xb5d5fc75 in execute (op_array=0xb5ce70c6) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/Zend/zend_vm_execute.h:410 #6 0xb5ce70c6 in zend_call_function (fci=0x7, fci_cache=0xb61cc7c4) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/Zend/zend_execute_API.c:958 #7 0xb5ce7463 in call_user_function_ex (function_table=0xb82d57f8, object_pp=0x0, function_name=0xb2c89c18, retval_ptr_ptr=0xbfbeb81c, param_count=<unknown type>, params=0xb6c361a4, no_separation=1, symbol_table=0x0) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/Zend/zend_execute_API.c:750 #8 0xb5ce74d8 in call_user_function (function_table=0x0, object_pp=0xb2c89c18, function_name=0xb2d59274, retval_ptr=0x2, param_count=<unknown type>, params=0xb) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/Zend/zend_execute_API.c:723 #9 0xb5b76fa0 in ps_call_handler (func=0xb2c89c18, argc=2, argv=0x13b) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/ext/session/mod_user.c:53 #10 0xb5b771fe in ps_write_user (mod_data=0xb5b6f4e5, key=0xb61c8a94 "", val=0xb6c41214 "qm2ukkgs12n6ftusrqrihd9qo2", vallen=-1296104456) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/ext/session/mod_user.c:144 #11 0xb5b6f4e5 in php_session_flush () at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/ext/session/session.c:489 #12 0xb5b703b5 in zm_deactivate_session (type=-1239763244, module_number=-1078019424) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/ext/session/session.c:2144 #13 0xb5cfc684 in zend_deactivate_modules () at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/Zend/zend_API.c:2328 #14 0xb5c8e5d5 in php_request_shutdown (dummy=0xb630c838) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/main/main.c:1755 #15 0xb5da6824 in php_handler (r=0xb630f4c0) at /build/buildd-php5_5.4.1~rc1-1-i386-2yRNQU/php5-5.4.1~rc1/sapi/apache2handler/sapi_apache2.c:520 #16 0xb77945be in ap_run_handler (r=0xb630f4c0) at config.c:159 #17 0xb7794a36 in ap_invoke_handler (r=0xb630f4c0) at config.c:377 #18 0xb77a5efc in ap_internal_redirect (new_uri=0xb630f490 "/index.php?q=admin/plugins/facebook/&a=t", r=0xb631d058) at http_request.c:554 #19 0xb6c93d96 in handler_redirect (r=0xb631d058) at mod_rewrite.c:4860 #20 0xb77945be in ap_run_handler (r=0xb631d058) at config.c:159 #21 0xb7794a36 in ap_invoke_handler (r=0xb631d058) at config.c:377 #22 0xb77a6878 in ap_process_request (r=0xb631d058) at http_request.c:282 #23 0xb77a3350 in ap_process_http_connection (c=0xb6bb81f0) at http_core.c:190 #24 0xb779bbce in ap_run_process_connection (c=0xb6bb81f0) at connection.c:43 #25 0xb77ac125 in child_main (child_num_arg=<optimized out>) at prefork.c:667 #26 0xb77aca83 in make_child (slot=0, s=<optimized out>) at prefork.c:768 #27 make_child (s=<optimized out>, slot=0) at prefork.c:696 #28 0xb77acb5c in startup_children (number_to_start=5) at prefork.c:786 #29 0xb77ad730 in ap_mpm_run (_pconf=0xb7730018, plog=0xb747c018, s=0xb74aa880) at prefork.c:1007 #30 0xb777d5d2 in main (argc=3, argv=0xbfbec334) at main.c:755 ------------------------------------------------------------------------ [2012-04-14 07:15:59] frederik_php at vanrenterghem dot biz Ok, here's the updated backtrace with the debugging package installed: Reading symbols from /usr/sbin/php5-fpm...Reading symbols from /usr/lib/debug/usr/sbin/php5-fpm...done. done. [New LWP 8194] warning: Can't read pathname for load map: Input/output error. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1". warning: the debug information found in "/usr/lib/debug//usr/lib/php5/20100525+lfs/mysql.so" does not match "/usr/lib/php5/20100525+lfs/mysql.so" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib/php5/20100525+lfs/mysql.so" does not match "/usr/lib/php5/20100525+lfs/mysql.so" (CRC mismatch). warning: the debug information found in "/usr/lib/debug//usr/lib/php5/20100525+lfs/mysqli.so" does not match "/usr/lib/php5/20100525+lfs/mysqli.so" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib/php5/20100525+lfs/mysqli.so" does not match "/usr/lib/php5/20100525+lfs/mysqli.so" (CRC mismatch). warning: the debug information found in "/usr/lib/debug//usr/lib/php5/20100525+lfs/pdo_mysql.so" does not match "/usr/lib/php5/20100525+lfs/pdo_mysql.so" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib/php5/20100525+lfs/pdo_mysql.so" does not match "/usr/lib/php5/20100525+lfs/pdo_mysql.so" (CRC mismatch). Core was generated by `php-fpm: pool www '. Program terminated with signal 11, Segmentation fault. #0 0x0832239d in zend_stack_push (stack=<error reading variable: Unknown argument list address for `stack'.>, element=<error reading variable: Unknown argument list address for `element'.>, size=<error reading variable: Unknown argument list address for `size'.>) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/Zend/zend_stack.c:42 42 /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/Zend/zend_stack.c: No such file or directory. (gdb) bt #0 0x0832239d in zend_stack_push (stack=<error reading variable: Unknown argument list address for `stack'.>, element=<error reading variable: Unknown argument list address for `element'.>, size=<error reading variable: Unknown argument list address for `size'.>) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/Zend/zend_stack.c:42 #1 0x082d0e5c in php_output_handler_start (handler=0x82cf910) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/main/output.c:563 #2 0x082d337b in php_output_start_default () at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/main/output.c:412 #3 0x0823953d in zif_print_r (ht=-1226425644, return_value=0x0, return_value_ptr=0x0, this_ptr=0x1, return_value_used=-1269958144) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/ext/standard/basic_functions.c:5485 #4 0x083d2c31 in zend_do_fcall_common_helper_SPEC (execute_data=0xb6e39450) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/Zend/zend_vm_execute.h:642 #5 0x0838e6d5 in execute (op_array=0x8315e36) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/Zend/zend_vm_execute.h:410 #6 0x08315e36 in zend_call_function (fci=0x7, fci_cache=0x878ff54) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/Zend/zend_execute_API.c:958 #7 0x083161b3 in call_user_function_ex (function_table=0xa04b450, object_pp=0x0, function_name=0xb6e5b010, retval_ptr_ptr=0xbfe4facc, param_count=<unknown type>, params=0xb6e50d20, no_separation=1, symbol_table=0x0) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/Zend/zend_execute_API.c:750 #8 0x08316228 in call_user_function (function_table=0x0, object_pp=0xb6e5b010, function_name=0xb6e619a0, retval_ptr=0x2, param_count=<unknown type>, params=0x6) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/Zend/zend_execute_API.c:723 #9 0x081a67a0 in ps_call_handler (func=0xb6e5b010, argc=2, argv=0x13b) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/ext/session/mod_user.c:53 #10 0x081a69fe in ps_write_user (mod_data=0x819ecc4, key=0x878c294 "", val=0xb6e5c048 "qm2ukkgs12n6ftusrqrihd9qo2", vallen=170073760) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/ext/session/mod_user.c:144 #11 0x0819ecc4 in php_session_flush () at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/ext/session/session.c:489 #12 0x0819ef55 in zm_deactivate_session (type=137540484, module_number=1) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/ext/session/session.c:2145 #13 0x0832b384 in zend_deactivate_modules () at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/Zend/zend_API.c:2325 #14 0x082bd905 in php_request_shutdown (dummy=0xa) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/main/main.c:1755 #15 0x0806fd70 in main (argc=3, argv=0xbfe521b4) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/sapi/fpm/fpm/fpm_main.c:1884 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=61728 -- Edit this bug report at https://bugs.php.net/bug.php?id=61728&edit=1
