php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67434 Segfault in _zval_dtor_func
Submitted: 2014-06-13 07:49 UTC Modified: 2015-07-22 13:14 UTC
From: Dessa at gmake dot de Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5.6.0beta4 OS: Gentoo Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: Dessa at gmake dot de
New email:
PHP Version: OS:

 

 [2014-06-13 07:49 UTC] Dessa at gmake dot de 
Description:
------------
./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --prefix=/usr/lib64/php5.6 --mandir=/usr/lib64/php5.6/man --infodir=/usr/lib64/php5.6/info --libdir=/usr/lib64/php5.6/lib --with-libdir=lib64 --without-pear --enable-maintainer-zts --disable-bcmath --with-bz2=/usr --disable-calendar --enable-ctype --with-curl=/usr --enable-dom --without-enchant --enable-exif --enable-fileinfo --enable-filter --disable-ftp --with-gettext=/usr --without-gmp --enable-hash --without-mhash --with-iconv --enable-intl --enable-ipv6 --enable-json --without-kerberos --enable-libxml --with-libxml-dir=/usr --enable-mbstring --with-mcrypt=/usr --without-mssql --with-onig=/usr --with-openssl=/usr --with-openssl-dir=/usr --enable-pcntl --enable-phar --enable-pdo --enable-opcache --without-pgsql --enable-posix --without-pspell --without-recode --enable-simplexml --disable-shmop --without-snmp --enable-soap --enable-sockets --with-sqlite3=/usr --without-sybase-ct --disable-sysvmsg --disable-sysvsem --disable-sysvshm --without-fpm-systemd --without-tidy --enable-tokenizer --disable-wddx --enable-xml --enable-xmlreader --disable-xmlwriter --without-xmlrpc --with-xsl=/usr --disable-zip --with-zlib=/usr --enable-debug --enable-dba --without-cdb --with-db4=/usr --disable-flatfile --with-gdbm=/usr --disable-inifile --without-qdbm --with-freetype-dir=/usr --with-t1lib=/usr --disable-gd-jis-conv --with-jpeg-dir=/usr --with-png-dir=/usr --without-xpm-dir --with-gd --with-ldap=/usr --without-ldap-sasl --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql-sock=/var/run/mysqld/mysqld.sock --without-pdo-dblib --with-pdo-mysql=mysqlnd --without-pdo-pgsql --with-pdo-sqlite=/usr --without-pdo-odbc --with-readline=/usr --without-libedit --without-mm --with-pic --with-pcre-regex=/usr --with-pcre-dir=/usr --with-config-file-path=/etc/php/fpm-php5.6 --with-config-file-scan-dir=/etc/php/fpm-php5.6/ext-active --disable-embed --disable-cli --disable-cgi --enable-fpm --without-apxs2

its happening from a mediawiki from git master, but i have no idea how to reproduce it properly, im afraid (though it seems to happen more often with debug enabled than without)

setting always_populate_raw_post_data to 1 as pointed out by the last line doesn't help either.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fd6740 (LWP 9344)]
0x00000000009f8bfb in _zval_dtor_func (zvalue=0x7ffff7fc8488,
    __zend_filename=0xf5aaf8 "/var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_execute.h", __zend_lineno=79)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_variables.c:36
36                              CHECK_ZVAL_STRING_REL(zvalue);
(gdb) bt full
#0  0x00000000009f8bfb in _zval_dtor_func (zvalue=0x7ffff7fc8488,
    __zend_filename=0xf5aaf8 "/var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_execute.h", __zend_lineno=79)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_variables.c:36
No locals.
#1  0x00000000009e1fe7 in _zval_dtor (zvalue=0x7ffff7fc8488,
    __zend_filename=0xf5aaf8 "/var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_execute.h", __zend_lineno=79)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_variables.h:35
No locals.
#2  0x00000000009e20d2 in i_zval_ptr_dtor (zval_ptr=0x7ffff7fc8488,
    __zend_filename=0xf5ce10 "/var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_variables.c", __zend_lineno=187, tsrm_ls=0x12e6e00)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_execute.h:79
        __PRETTY_FUNCTION__ = "i_zval_ptr_dtor"
#3  0x00000000009e428c in _zval_ptr_dtor (zval_ptr=0x7ffff7fc8780,
    __zend_filename=0xf5ce10 "/var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_variables.c", __zend_lineno=187)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_execute_API.c:427
---Type <return> to continue, or q <return> to quit---
        tsrm_ls = 0x12e6e00
#4  0x00000000009f914e in _zval_ptr_dtor_wrapper (zval_ptr=0x7ffff7fc8780)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_variables.c:187
No locals.
#5  0x0000000000a100d9 in i_zend_hash_bucket_delete (ht=0x12ea5c8,
    p=0x7ffff7fc8768)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_hash.c:182
No locals.
#6  0x0000000000a101b0 in zend_hash_bucket_delete (ht=0x12ea5c8,
    p=0x7ffff7fc8768)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_hash.c:192
No locals.
#7  0x0000000000a11da2 in zend_hash_graceful_reverse_destroy (ht=0x12ea5c8)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_hash.c:613
No locals.
#8  0x00000000009e32df in shutdown_executor (tsrm_ls=0x12e6e00)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend_execute_API.c:247
        __orig_bailout = 0x7fffffffbc80
---Type <return> to continue, or q <return> to quit---
        __bailout = {{__jmpbuf = {0, -5710573567885411517, 4721168,
              140737488347312, 0, 0, -5710573567921063101,
              5710574616515214147}, __mask_was_saved = 0, __saved_mask = {
              __val = {10174605, 3045131812864, 0, 16108904, 4294967395,
                140737353922336, 760, 9964748, 19833832, 140737488337344,
                18446744069424750906, 140737488337328, 10454346,
                140737353922096, 4314788816, 9964748}}}}
#9  0x00000000009fc360 in zend_deactivate (tsrm_ls=0x12e6e00)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/Zend/zend.c:949
No locals.
#10 0x0000000000940e9e in php_request_shutdown (dummy=0x0)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/main/main.c:1884
        report_memleaks = 1 '\001'
        tsrm_ls = 0x12e6e00
#11 0x0000000000ad212a in main (argc=3, argv=0x7fffffffe0b8)
    at /var/tmp/portage/dev-lang/php-5.6.0_beta4/work/sapis-build/fpm/sapi/fpm/fpm/fpm_main.c:1972
        primary_script = 0x7ffff7fc9160 'Z' <repeats 38 times>, "g\304\023\031\304\023\031ZZZ\033\337td\377\177"
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {0, -5710573569160479933, 4721168,
---Type <return> to continue, or q <return> to quit---
              140737488347312, 0, 0, -5710573568036406461,
              5710574488583437123}, __mask_was_saved = 0, __saved_mask = {
              __val = {0 <repeats 16 times>}}}}
        exit_status = 0
        cgi = 0
        c = -1
        use_extended_info = 0
        file_handle = {type = ZEND_HANDLE_FILENAME,
          filename = 0x7ffff7f97ce0 'Z' <repeats 38 times>, "g\304\023\031",
          opened_path = 0x0, handle = {fd = -134431960, fp = 0x7ffff7fcbb28,
            stream = {handle = 0x7ffff7fcbb28, isatty = 0, mmap = {len = 1755,
                pos = 0, map = 0x0,
                buf = 0x7ffff7ff4000 <error: Cannot access memory at address 0x7ffff7ff4000>, old_handle = 0x0, old_closer = 0x0},
              reader = 0x962cd0 <_php_stream_read>,
              fsizer = 0x93eeb9 <php_zend_stream_fsizer>,
              closer = 0x93ee81 <php_zend_stream_mmap_closer>}},
          free_filename = 0 '\000'}
        orig_optind = 1
        orig_optarg = 0x0
        ini_entries_len = 0
        tsrm_ls = 0x12e6e00
        max_requests = 500
---Type <return> to continue, or q <return> to quit---
        requests = 3
        fcgi_fd = 0
        request = {listen_socket = 0, fd = -1, id = 1, keep = 0, closed = 0,
          in_len = 0, in_pad = 0, out_hdr = 0x0,
          out_pos = 0x7fffffffbe70 "\001\003",
          out_buf = "\001\003\000\001\000\b\000\000\000\000\000\000\000essage: PHP Deprecated:  Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '"..., reserved = '\000' <repeats 15 times>,
          env = 0x7ffff7f960d8}
        fpm_config = 0x7fffffffe35f ""
        fpm_prefix = 0x0
        fpm_pid = 0x0
        test_conf = 0
        force_daemon = -1
        force_stderr = 0
        php_information = 0
        php_allow_to_run_a

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-22 13:01 UTC] mike@php.net
-Status: Open +Status: Feedback -Package: FPM related +Package: Scripting Engine problem
 [2015-07-22 13:01 UTC] mike@php.net 
Does it also happen with a current version?
 [2015-07-22 13:14 UTC] Dessa at gmake dot de
-Status: Feedback +Status: Closed
 [2015-07-22 13:14 UTC] Dessa at gmake dot de 
i do not recall anymore when it stopped happening but it definitely did stop with a newer version
 [2016-05-26 22:11 UTC] kenorb+nospam at gmail dot com 
Same SEGV happen here with PHP 5.6.20 (cli) when running builtin server on OS X:

[Thu May 26 22:58:41 2016] 127.0.0.1:53495 [200]: /sites/all/themes/rubik/images/buttons.png
[Thu May 26 22:58:41 2016] PHP Deprecated:  Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0
Segmentation fault: 11

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000000

VM Regions Near 0:
--> 
    __TEXT                 000000010ca0f000-000000010d427000 [ 10.1M] r-x/rwx SM=COW  /usr/local/Cellar/php56/5.6.20/bin/php

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   php                           	0x000000010ce499a5 _zval_dtor_func + 61
1   php                           	0x000000010ce3cca9 _zval_ptr_dtor + 108
2   php                           	0x000000010ce59785 zend_hash_bucket_delete + 148
3   php                           	0x000000010ce5982a zend_hash_graceful_reverse_destroy + 29
4   php                           	0x000000010ce3c909 shutdown_executor + 114
5   php                           	0x000000010ce4c0dc zend_deactivate + 103
6   php                           	0x000000010cdec944 php_request_shutdown + 551
7   php                           	0x000000010cf00569 php_cli_server_recv_event_read_request + 1444
8   php                           	0x000000010cf0108a php_cli_server_do_event_for_each_fd_callback + 186
9   php                           	0x000000010cefe8e2 do_cli_server + 2244
10  php                           	0x000000010cef9570 main + 1260
11  libdyld.dylib                 	0x00007fff9dc7d5ad start + 1

This happened when the site was processing feed with Drupal on the page and it crashed. I won't be able to reproduce easily.
 [2016-05-26 22:32 UTC] kenorb+nospam at gmail dot com 
The same happened again with the same HTTP_RAW_POST_DATA message on batch run. So I assume it's reproducible.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 08:01:34 2025 UTC