PHP :: Bug #73423 :: Reproducible crash with GDB backtrace

Bug #73423

Reproducible crash with GDB backtrace

Submitted:

2016-10-30 22:35 UTC

Modified:

2016-10-31 09:27 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

love at sickpeople dot se

Assigned:

Status:

Closed

Package:

Reproducible crash

PHP Version:

7.1.0RC5

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 50 - 1 = ?
Subscribe to this entry?

[2016-10-30 22:35 UTC] love at sickpeople dot se

Description:
------------
These are the elements involved

 1. I use the RecursiveFilterIterator

 2. I include a file from the destructor

 3. The file has a long filename/path (IMPORTANT)

 4. The file contains a class that extends a class

 5. The parent class does not exist

If all above is applied, this crashes.

NOTE: 3) above is crucial for reproduce. In my case I have "/tmp/uu/abcdefghi/abcdefghi/abcdefghi/abcdefghi/z.php". Moving/changing the "z.php" to "/tmp/uu/z.php" does NOT cause a crash.


====
GDB backtrace

Core was generated by `/usr/local/php7.1-RC5/bin/php -f b.php'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  zend_objects_store_del (object=0x7f1143075150) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_objects_API.c:149
149		if (EG(objects_store).object_buckets &&
(gdb) bt
#0  zend_objects_store_del (object=0x7f1143075150) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_objects_API.c:149
#1  0x000000000084ac05 in zend_iterator_dtor (iter=<optimized out>) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_iterators.c:88
#2  0x000000000070c4b7 in spl_recursive_it_dtor (_iter=0x7f114306a0c0)
    at /home/le/Downloads/php-7.1.0RC5/ext/spl/spl_iterators.c:179
#3  0x000000000086b441 in zend_objects_store_free_object_storage (objects=objects@entry=0x11cabd8 <executor_globals+824>)
    at /home/le/Downloads/php-7.1.0RC5/Zend/zend_objects_API.c:99
#4  0x000000000081c9e3 in shutdown_executor () at /home/le/Downloads/php-7.1.0RC5/Zend/zend_execute_API.c:359
#5  0x000000000082ca4b in zend_deactivate () at /home/le/Downloads/php-7.1.0RC5/Zend/zend.c:987
#6  0x00000000007c8dc2 in php_request_shutdown (dummy=dummy@entry=0x0) at /home/le/Downloads/php-7.1.0RC5/main/main.c:1873
#7  0x00000000008d26cc in do_cli (argc=3, argv=0x1e76ef0) at /home/le/Downloads/php-7.1.0RC5/sapi/cli/php_cli.c:1157
#8  0x000000000044b831 in main (argc=3, argv=0x1e76ef0) at /home/le/Downloads/php-7.1.0RC5/sapi/cli/php_cli.c:1378


Test script:
---------------
====
z.php (the file to be included)

class Crash extends Nonexistent { }


====
b.php

class foo implements \RecursiveIterator
  {
    public $foo = [];

    public Function current ()
      {
        return current ($this->foo);
      }

    public Function key ()
      {
        return key ($this->foo);
      }

    public Function next ()
      {
        next ($this->foo);
      }

    public Function rewind ()
      {
        reset ($this->foo);
      }

    public Function valid ()
      {
        return current ($this->foo) !== false;
      }

    public Function getChildren ()
      {
        return current ($this->foo);
      }

    public Function hasChildren ()
      {
        return (bool) count ($this->foo);
      }
  }


class fooIterator extends \RecursiveFilterIterator
  {
    public Function __destruct ()
      {
        require_once ("./abcdefghi/abcdefghi/abcdefghi/abcdefghi/z.php");

        /* CRASH */
      }

    public Function accept ()
      {
        return true;
      }
  }


$foo = new foo ();

$foo->foo[] = new foo ();

foreach (new \RecursiveIteratorIterator (new fooIterator ($foo)) as $bar) ;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-10-30 23:49 UTC] love at sickpeople dot se

Please note that there are other circumstances for this crash. I've seen several variants. Eg calling a method on the class in "z.php" with no argument crashes if the method has a required argument.

It seems that (more or less) errors caused with the destructor in the stack leads to SEGV (always) at Zend/zend_objects_API.c:149.

I have not however reproduced this without a file inclusion and never with a short path to the file.

[2016-10-31 09:27 UTC] leigh@php.net

I've not been able to reproduce this.

Ubuntu 16.04

Tested with:
* PHP 7.0.8-0ubuntu0.16.04.3
* PHP 7.2.0-dev built from git (nothing special enabled or disabled)
* PHP 7.1.0RC5 built from git (nothing special enabled or disabled)

I tried increasing the path length too.


$ php-src/sapi/cli/php b.php

Fatal error: Class 'Nonexistent' not found in /home/leigh/aaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbb/cccccccccccccccccccc/dddddddddddddddddddd/eeeeeeeeeeeeeeeeeeee/ffffffffffffffffffff/abcdefghi/abcdefghi/abcdefghi/abcdefghi/zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.php on line 2

$ php-src/sapi/cli/php -v      
PHP 7.1.0RC5 (cli) (built: Oct 31 2016 09:18:39) ( NTS )

[2016-10-31 11:56 UTC] love at sickpeople dot se

I've put my setup here: https://dl.dropboxusercontent.com/u/48331969/package.tar.gz

When I download that package → unpack it in ~/Downloads → run it from ~/Downloads/tmp/uu/ I can NOT reproduce. If I move ~/Downloads/tmp/uu/ to /tmp/ii and run it from /tmp/ii, I CAN reproduce.

The coredump is in the package as well.


====
This is what I done:

1. tar xzf php-7.1.0RC5.tar.gz

 - I do not use a directory I've compiled in previously and not `make clean`


2. ./configure --prefix="/tmp/uu/php" --with-config-file-path="/tmp/uu" --with-config-file-scan-dir="/tmp/uu/" --disable-all


3. make -j4


4. make install


5. /tmp/uu/php/bin/php -v
PHP 7.1.0RC5 (cli) (built: Oct 31 2016 12:08:56) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.1.0-dev, Copyright (c) 1998-2016 Zend Technologies


6. ldd -v /tmp/uu/php/bin/php
	linux-vdso.so.1 =>  (0x00007ffe8e169000)
	libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f9961e2d000)
	libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f9961b25000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f9961920000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f9961556000)
	/lib64/ld-linux-x86-64.so.2 (0x000055b0f8e4d000)

	Version information:
	/tmp/uu/php/bin/php:
		libdl.so.2 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libdl.so.2
		libresolv.so.2 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libresolv.so.2
		libm.so.6 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libm.so.6
		libc.so.6 (GLIBC_2.11) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.8) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.14) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.15) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.4) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.7) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.3.4) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.3) => /lib/x86_64-linux-gnu/libc.so.6
	/lib/x86_64-linux-gnu/libresolv.so.2:
		libc.so.6 (GLIBC_2.14) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.4) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_PRIVATE) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.3) => /lib/x86_64-linux-gnu/libc.so.6
	/lib/x86_64-linux-gnu/libm.so.6:
		libc.so.6 (GLIBC_PRIVATE) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libc.so.6
	/lib/x86_64-linux-gnu/libdl.so.2:
		ld-linux-x86-64.so.2 (GLIBC_PRIVATE) => /lib64/ld-linux-x86-64.so.2
		libc.so.6 (GLIBC_PRIVATE) => /lib/x86_64-linux-gnu/libc.so.6
		libc.so.6 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libc.so.6
	/lib/x86_64-linux-gnu/libc.so.6:
		ld-linux-x86-64.so.2 (GLIBC_2.3) => /lib64/ld-linux-x86-64.so.2
		ld-linux-x86-64.so.2 (GLIBC_PRIVATE) => /lib64/ld-linux-x86-64.so.2


7. env -i bash --noprofile --norc

 - Start bash with practically no environment


8. /tmp/uu/php/bin/php -f b.php

Fatal error: Class 'Nonexistent' not found in /tmp/uu/abcdefghi/abcdefghi/abcdefghi/abcdefghi/z.php on line 3
Segmentation fault (core dumped)


9. gdb /tmp/uu/php/bin/php core 
GNU gdb (Ubuntu 7.10-1ubuntu2) 7.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /tmp/uu/php/bin/php...done.
[New LWP 5457]
Core was generated by `/tmp/uu/php/bin/php -f b.php'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  zend_objects_store_del (object=0x7f803646c150) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_objects_API.c:149
149		if (EG(objects_store).object_buckets &&
(gdb) bt full
#0  zend_objects_store_del (object=0x7f803646c150) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_objects_API.c:149
No locals.
#1  0x00000000005c61d5 in zend_iterator_dtor (iter=<optimized out>) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_iterators.c:88
No locals.
#2  0x00000000004adcd7 in spl_recursive_it_dtor (_iter=0x7f803646d000)
    at /home/le/Downloads/php-7.1.0RC5/ext/spl/spl_iterators.c:179
        iter = 0x7f803646d000
        sub_iter = <optimized out>
#3  0x00000000005e6151 in zend_objects_store_free_object_storage (objects=<optimized out>)
    at /home/le/Downloads/php-7.1.0RC5/Zend/zend_objects_API.c:99
        obj_ptr = 0x7f8036453038
        end = 0x7f8036453008
        obj = 0x7f803646d000
#4  0x0000000000598ac2 in shutdown_executor () at /home/le/Downloads/php-7.1.0RC5/Zend/zend_execute_API.c:359
        __bailout = {{__jmpbuf = {100, -1438801544918065221, 19886432, 566935683073, 10737184, 0, 1438402646607142843, 
              -1438802884878786629}, __mask_was_saved = 0, __saved_mask = {__val = {5768377, 32, 5984322, 140734026061408, 
                256, 0, 20185296, 140734026061408, 20187120, 140734026061408, 256, 0, 5972376, 8196032, 0, 20187184}}}}
        func = <optimized out>
        ce = <optimized out>
#5  0x00000000005a822d in zend_deactivate () at /home/le/Downloads/php-7.1.0RC5/Zend/zend.c:987
No locals.
#6  0x0000000000544e06 in php_request_shutdown (dummy=dummy@entry=0x0) at /home/le/Downloads/php-7.1.0RC5/main/main.c:1873
        report_memleaks = 1 '\001'
#7  0x000000000064a904 in do_cli (argc=3, argv=0x12f70f0) at /home/le/Downloads/php-7.1.0RC5/sapi/cli/php_cli.c:1157
        c = <optimized out>
        file_handle = {handle = {fd = 910602256, fp = 0x7f803646b010, stream = {handle = 0x7f803646b010, isatty = 0, mmap = {
                len = 1063, pos = 0, map = 0x7f80373f3000, 
                buf = 0x7f80373f3000 <error: Cannot access memory at address 0x7f80373f3000>, old_handle = 0x13a7310, 
                old_closer = 0x5c5880 <zend_stream_stdio_closer>}, reader = 0x5c58a0 <zend_stream_stdio_reader>, 
              fsizer = 0x5c5800 <zend_stream_stdio_fsizer>, closer = 0x5c5780 <zend_stream_mmap_closer>}}, 
          filename = 0x12f7160 "b.php", opened_path = 0x0, type = ZEND_HANDLE_MAPPED, free_filename = 0 '\000'}
        behavior = <optimized out>
---Type <return> to continue, or q <return> to quit---
        reflection_what = <optimized out>
        request_started = 1
        exit_status = 255
        php_optarg = 0x12f7160 "b.php"
        php_optind = 3
        exec_direct = <optimized out>
        exec_run = <optimized out>
        exec_begin = <optimized out>
        exec_end = <optimized out>
        arg_free = <optimized out>
        arg_excp = <optimized out>
        script_file = <optimized out>
        translated_path = 0x1395a80 "/tmp/uu/b.php"
        lineno = 1
        param_error = <optimized out>
#8  0x000000000041fc6e in main (argc=3, argv=0x12f70f0) at /home/le/Downloads/php-7.1.0RC5/sapi/cli/php_cli.c:1378
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {19887008, 1438802408376361028, 0, 566935683073, 10737184, 0, 1438402647620067259, 
              -1438802950860038213}, __mask_was_saved = 0, __saved_mask = {__val = {4131212846, 4294967295, 140734026069761, 
                140188645864016, 140188659344616, 0, 0, 0, 0, 0, 140734026070360, 3, 140734026070128, 140188659344616, 0, 1}}}}
        c = <optimized out>
        exit_status = 0
        module_started = 1
        sapi_started = 1
        php_optarg = 0x12f7160 "b.php"
        php_optind = 3
        use_extended_info = 0
        ini_path_override = 0x0
        ini_entries = 0x12f73a0 "html_errors=0\nregister_argc_argv=1\nimplicit_flush=1\noutput_buffering=0\nmax_execution_time=0\nmax_input_time=-1\n"
        ini_entries_len = <optimized out>
        ini_ignore = 0
---Type <return> to continue, or q <return> to quit---
        sapi_module = <optimized out>


10. strace -s 2000 /tmp/uu/php/bin/php -f b.php
execve("/tmp/uu/php/bin/php", ["/tmp/uu/php/bin/php", "-f", "b.php"], [/* 4 vars */]) = 0
brk(0)                                  = 0x206a000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1ef472000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=155304, ...}) = 0
mmap(NULL, 155304, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fa1ef44c000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\3209\0\0\0\0\0\0@\0\0\0\0\0\0\0\360\203\1\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0\36\0\35\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\340g\1\0\0\0\0\0\340g\1\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0(t\1\0\0\0\0\0(t!\0\0\0\0\0(t!\0\0\0\0\0\230\16\0\0\0\0\0\0 7\0\0\0\0\0\0\0\0 \0\0\0\0\0\2\0\0\0\6\0\0\0h}\1\0\0\0\0\0h}!\0\0\0\0\0h}!\0\0\0\0\0\20\2\0\0\0\0\0\0\20\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\310\1\0\0\0\0\0\0\310\1\0\0\0\0\0\0\310\1\0\0\0\0\0\0D\0\0\0\0\0\0\0D\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0P\345td\4\0\0\0dB\1\0\0\0\0\0dB\1\0\0\0\0\0dB\1\0\0\0\0\0\214\3\0\0\0\0\0\0\214\3\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0R\345td\4\0\0\0(t\1\0\0\0\0\0(t!\0\0\0\0\0(t!\0\0\0\0\0\330\v\0\0\0\0\0\0\330\v\0\0\0\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0GNU\0x\6\341\4\351)#\232;Li\26\256\320\r\341]<\2y\4\0\0\0\20\0\0\0\1\0\0\0GNU\0\0\0\0\0\2\0\0\0\6\0\0\0 \0\0\0\0\0\0\0\235\0\0\0@\0\0\0\20\0\0\0\n\0\0\0\0\0@\0\0\0\200\0\0F \24\0013\244\232\202\202\20\0\2\5\1\20!\2\30\1 \220T\207\200@\0 \20\0\0\0\200\10\0\26\304\20\0\20\"\0\2\20\20\30H\4`\304 @ \4B1\6Z\34\200<\20H4\200\0\20\221\1\1\10\204\200\0\0\4@\t\0\0D\0\0\200\4\10\20\1\20H\0@\220\224\32\n\0\20Y\20\201\23\0\10\344\f4\4\0\200\6\20\0!\4\7\1\2411\16@\0\0\0\0\0\0\0\0\0\0\0A\0\0\0B\0\0\0C\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0D\0\0\0E\0\0\0G\0\0\0H\0\0\0J\0\0\0\0\0\0\0K\0\0\0L\0\0\0\0\0\0\0M\0\0\0\0\0\0\0N\0\0\0O\0\0\0\0\0\0\0P\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Q\0\0\0\0\0\0\0S\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=101232, ...}) = 0
mmap(NULL, 2206536, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fa1ef036000
mprotect(0x7fa1ef04d000, 2097152, PROT_NONE) = 0
mmap(0x7fa1ef24d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7fa1ef24d000
mmap(0x7fa1ef24f000, 6984, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fa1ef24f000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240U\0\0\0\0\0\0@\0\0\0\0\0\0\0\350\205\20\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0\37\0\36\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\374k\20\0\0\0\0\0\374k\20\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0\220m\20\0\0\0\0\0\220m0\0\0\0\0\0\220m0\0\0\0\0\0\214\3\0\0\0\0\0\0\330\3\0\0\0\0\0\0\0\0 \0\0\0\0\0\2\0\0\0\6\0\0\0\250m\20\0\0\0\0\0\250m0\0\0\0\0\0\250m0\0\0\0\0\0\20\2\0\0\0\0\0\0\20\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\310\1\0\0\0\0\0\0\310\1\0\0\0\0\0\0\310\1\0\0\0\0\0\0D\0\0\0\0\0\0\0D\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0P\345td\4\0\0\0\310\331\17\0\0\0\0\0\310\331\17\0\0\0\0\0\310\331\17\0\0\0\0\0\204\22\0\0\0\0\0\0\204\22\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0R\345td\4\0\0\0\220m\20\0\0\0\0\0\220m0\0\0\0\0\0\220m0\0\0\0\0\0p\2\0\0\0\0\0\0p\2\0\0\0\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\20\356\330\37\364A\220\310\217\315M\200rH\276\21\3R\325\374\4\0\0\0\20\0\0\0\1\0\0\0GNU\0\0\0\0\0\2\0\0\0\6\0\0\0 \0\0\0\0\0\0\0\35\3\0\0\26\0\0\0@\0\0\0\f\0\0\0%\0`\0\0\240.\"\200\0\26\211\0 E\"\2\0\300``i\10\212\0\t\0\0\0\0\0\0\0\0\0\0\0\0\212P\20\1\10\0\0\4\1\302\24\1 \210\"\0\304\243X\240\n\6\216\0\212\0\0\4\0@\0\0 \20\0\5\0\5\r\7\7\22A\0\1\0\10\0\0@\0\t\0\20\4D\30\4\200a(\22@\4\1\nE\221 @\200\f\22\1\0\0\0\0\0\0\0\0\4\2\0\0\0@\0\200\2\20\322\0\1\10\4\301 E\1\0\310\"\0\4\2\0\202\0\4\0\0\0\4\0Y\4\2\0\n\200\1\0\0\4\0\20 \3\0\0\210 \10\20\0\0 \2\0\0\200\10\2\4\0\0HQ\0\0\f\2\0\0 \10 \0\0\0\0 #\4\0\200\0I\2\fc\2 A\221\242@\4\202EL  \0\0\300\2\4\200\10\2\r(\2\0\20\"\0!\22\30\30\24 8\0\210\0\0\260  B,\10\302\0 \200\361)\24A\21 @\220 \4\1P\20\202\0\0\214\0\0`\242\10HA\0\0\0 \202", 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=1084840, ...}) = 0
mmap(NULL, 3174760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fa1eed2e000
mprotect(0x7fa1eee35000, 2093056, PROT_NONE) = 0
mmap(0x7fa1ef034000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x106000) = 0x7fa1ef034000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\16\0\0\0\0\0\0@\0\0\0\0\0\0\0\3001\0\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0\35\0\34\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\340 \0\0\0\0\0\0\340 \0\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0`-\0\0\0\0\0\0`- \0\0\0\0\0`- \0\0\0\0\0@\3\0\0\0\0\0\0\260\3\0\0\0\0\0\0\0\0 \0\0\0\0\0\2\0\0\0\6\0\0\0\210-\0\0\0\0\0\0\210- \0\0\0\0\0\210- \0\0\0\0\0\20\2\0\0\0\0\0\0\20\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\310\1\0\0\0\0\0\0\310\1\0\0\0\0\0\0\310\1\0\0\0\0\0\0D\0\0\0\0\0\0\0D\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0P\345td\4\0\0\0\20\33\0\0\0\0\0\0\20\33\0\0\0\0\0\0\20\33\0\0\0\0\0\0\274\0\0\0\0\0\0\0\274\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0R\345td\4\0\0\0`-\0\0\0\0\0\0`- \0\0\0\0\0`- \0\0\0\0\0\240\2\0\0\0\0\0\0\240\2\0\0\0\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0GNU\0{;\5\366h\377Q\277\375\362\262\265`\223H\23\300\203\251H\4\0\0\0\20\0\0\0\1\0\0\0GNU\0\0\0\0\0\2\0\0\0\6\0\0\0 \0\0\0\0\0\0\0\33\0\0\0\33\0\0\0\2\0\0\0\7\0\0\0\230\2\21\0\200H\0\4\22\0\0@\203(\10\236\33\0\0\0\0\0\0\0\34\0\0\0\0\0\0\0\0\0\0\0\35\0\0\0\0\0\0\0\36\0\0\0\0\0\0\0\37\0\0\0\0\0\0\0 \0\0\0\0\0\0\0!\0\0\0#\0\0\0$\0\0\0&\0\0\0'\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0\0\0\0\0\0\0\0\0\0\0\353\26\251\30a\257\0\371\301S\200\30\273\25sB\257\304M\17\221!\374\370\6\2\4\371\3733\373\17\371\31sB\372\31sB\225\263_\31\177\236\320\30a\242\222\6\5\350\7\371\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\3\0\v\0000\r\0\0\0\0\0\0\0\0\0\0\0\0\0\0F\1\0\0\22\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\375\0\0\0\22\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\337\0\0\0 \0\0\0", 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14592, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1ef44b000
mmap(NULL, 2109712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fa1eeb2a000
mprotect(0x7fa1eeb2d000, 2093056, PROT_NONE) = 0
mmap(0x7fa1eed2c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fa1eed2c000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\v\2\0\0\0\0\0@\0\0\0\0\0\0\0\220t\34\0\0\0\0\0\0\0\0\0@\0008\0\n\0@\0G\0F\0\6\0\0\0\5\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0000\2\0\0\0\0\0\0000\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\3\0\0\0\4\0\0\0\340s\31\0\0\0\0\0\340s\31\0\0\0\0\0\340s\31\0\0\0\0\0\34\0\0\0\0\0\0\0\34\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\324\374\33\0\0\0\0\0\324\374\33\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0@\6\34\0\0\0\0\0@\6<\0\0\0\0\0@\6<\0\0\0\0\0\0R\0\0\0\0\0\0\300\230\0\0\0\0\0\0\0\0 \0\0\0\0\0\2\0\0\0\6\0\0\0\240;\34\0\0\0\0\0\240;<\0\0\0\0\0\240;<\0\0\0\0\0\340\1\0\0\0\0\0\0\340\1\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0p\2\0\0\0\0\0\0p\2\0\0\0\0\0\0p\2\0\0\0\0\0\0D\0\0\0\0\0\0\0D\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\7\0\0\0\4\0\0\0@\6\34\0\0\0\0\0@\6<\0\0\0\0\0@\6<\0\0\0\0\0\20\0\0\0\0\0\0\0\200\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0P\345td\4\0\0\0\374s\31\0\0\0\0\0\374s\31\0\0\0\0\0\374s\31\0\0\0\0\0\274S\0\0\0\0\0\0\274S\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0R\345td\4\0\0\0@\6\34\0\0\0\0\0@\6<\0\0\0\0\0@\6<\0\0\0\0\0\3009\0\0\0\0\0\0\3009\0\0\0\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\\\315\224\304\343H=\360[\342@\377\37\270\243\3657\224\314o\4\0\0\0\20\0\0\0\1\0\0\0GNU\0\0\0\0\0\2\0\0\0\6\0\0\0 \0\0\0\0\0\0\0\363\3\0\0\n\0\0\0\0\1\0\0\16\0\0\0\0000\20D\240 \2\1\210\3\346\220\305E\214\0\300\0\10\0\5\200\0`\300\200\0\r\212\f\0\4\20\0\210D2\10.@\210T<, \0162H&\204\300\214\4\10\0\2\2\16\241\254\32\4f\300\0\3002\0\300\0P\1 \201\10\204\v  ($\0\4 Z\0\20X\200\312DB(\0\6\200\20\30B\0 @\200\0\tP\0Q\212@\20\0\0\0\0\10\0\0\21\20", 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1869392, ...}) = 0
mmap(NULL, 3972864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fa1ee760000
mprotect(0x7fa1ee920000, 2097152, PROT_NONE) = 0
mmap(0x7fa1eeb20000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c0000) = 0x7fa1eeb20000
mmap(0x7fa1eeb26000, 16128, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fa1eeb26000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1ef44a000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1ef449000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1ef448000
arch_prctl(ARCH_SET_FS, 0x7fa1ef449700) = 0
mprotect(0x7fa1eeb20000, 16384, PROT_READ) = 0
mprotect(0x7fa1eed2c000, 4096, PROT_READ) = 0
mprotect(0x7fa1ef034000, 4096, PROT_READ) = 0
mprotect(0x7fa1ef24d000, 4096, PROT_READ) = 0
mprotect(0xa31000, 4096, PROT_READ)     = 0
mprotect(0x7fa1ef474000, 4096, PROT_READ) = 0
munmap(0x7fa1ef44c000, 155304)          = 0
brk(0)                                  = 0x206a000
brk(0x208b000)                          = 0x208b000
rt_sigaction(SIGPIPE, {SIG_IGN, [PIPE], SA_RESTORER|SA_RESTART, 0x7fa1ee795250}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGILL, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTRAP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGABRT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGBUS, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGFPE, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGKILL, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR1, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSEGV, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR2, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, NULL, {SIG_IGN, [PIPE], SA_RESTORER|SA_RESTART, 0x7fa1ee795250}, 8) = 0
rt_sigaction(SIGALRM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSTKFLT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGCONT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSTOP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTSTP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTTIN, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTTOU, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGURG, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGXCPU, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGXFSZ, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGVTALRM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPROF, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGWINCH, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGIO, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPWR, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSYS, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_2, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_3, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_4, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_5, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_6, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_7, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_8, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_9, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_10, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_11, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_12, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_13, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_14, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_15, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_16, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_17, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_18, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_19, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_20, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_21, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_22, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_23, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_24, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_25, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_26, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_27, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_28, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_29, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_30, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_31, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_32, NULL, {SIG_DFL, [], 0}, 8) = 0
mmap(NULL, 2097152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1ee560000
munmap(0x7fa1ee560000, 2097152)         = 0
mmap(NULL, 4190208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1ee361000
munmap(0x7fa1ee361000, 651264)          = 0
munmap(0x7fa1ee600000, 1441792)         = 0
madvise(0x7fa1ee400000, 2097152, MADV_HUGEPAGE) = 0
getcwd("/tmp/uu", 4096)                 = 8
open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1918, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1918, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1ef471000
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0\0\0\0w\0\0\0\5\0\0\0\r\200\0\0\0\233\36\214`\233\325\332\360\23MD\20\0243\372\220\25#\353\220\26\23\334\220\27\3\315\220\27\363\276\220\30\343\257\220\31\323\240\220\32\303\221\220\33\274\275\20\34\254\256\20\35\234\237\20\36\214\220\20\37|\201\20 lr\20!\\c\20\"LT\20#<E\20$,6\20%\34'\20&\f\30\20'\5C\220'\3654\220(\345%\220)\325\26\220*\305\7\220+\264\370\220,\244\351\220-\224\332\220.\204\313\220/t\274\2200d\255\2201]\331\0202r\264\0203=\273\0204R\226\0205\35\235\02062x\0206\375\177\0208\33\224\2208\335a\0209\373v\220:\275C\20;\333X\220<\246_\220=\273:\220>\206A\220?\233\34\220@f#\220A\2049\20BF\5\220Cd\33\20D%\347\220EC\375\20F\5\311\220G#\337\20G\356\346\20I\3\301\20I\316\310\20J\343\243\20K\256\252\20L\314\277\220M\216\214\20N\254\241\220Onn\20P\214\203\220QW\212\220Rle\220S7l\220TLG\220U\27N\220V,)\220V\3670\220X\25F\20X\327\22\220Y\365(\20Z\266\364\220[\325\n\20\\\240\21\20]\264\354\20^\177\363\20_\224\316\20`_\325\20a}\352\220b?\267\20c]\314\220d\37\231\20e=\256\220f\10\265\220g\35\220\220g\350\227\220h\375r\220i\310y\220j\335T\220k\250[\220l\306q\20m\210=\220n\246S\20oh\37\220p\2065\20qQ<\20rf\27\20s1\36\20tE\371\20u\21\0\20v/\25\220v\360\342\20x\16\367\220x\320\304\20y\356\331\220z\260\246\20{\316\273\220|\231\302\220}\256\235\220~y\244\220\177\216\177\220\1\2\1\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\3\4\0\0\16\36\0\0\0\0\16\20\0\4\0\0\34 \1\10\0\0\34 \1\10\0\0\16\20\0\4SET\0CET\0CEST\0\0\0\0\1\1\0\0\0\1\1TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0\0\0\0\0\0\0y\0\0\0\6\0\0\0\21\370\0\0\0\0\0\0\0\377\377\377\377T\325\237\224\377\377\377\377|Usb\377\377\377\377\233\36\214`\377\377\377\377\233\325\332\360\0\0\0\0\23MD\20\0\0\0\0\0243\372\220\0\0\0\0\25#\353\220\0\0\0\0\26\23\334\220\0\0\0\0\27\3\315\220\0\0\0\0\27\363\276\220\0\0\0\0\30\343\257\220\0\0\0\0\31\323\240\220\0\0\0\0\32\303\221\220\0\0\0\0\33\274\275\20\0\0\0\0\34\254\256\20\0\0\0\0\35\234\237\20\0\0\0\0\36\214\220\20\0\0\0\0\37|\201\20\0\0\0\0 lr\20\0\0\0\0!\\c\20\0\0\0\0\"LT\20\0\0\0\0#<E\20\0\0\0\0$,6\20\0\0\0\0%\34'\20\0\0\0\0&\f\30\20\0\0\0\0'\5C\220\0\0\0\0'\3654\220\0\0\0\0(\345%\220\0\0\0\0)\325\26\220\0\0\0\0*\305\7\220\0\0\0\0+\264\370\220\0\0\0\0,\244\351\220\0\0\0\0-\224\332\220\0\0\0\0.\204\313\220\0\0\0\0/t\274\220\0\0\0\0000d\255\220\0\0\0\0001]\331\20\0\0\0\0002r\264\20\0\0\0\0003=\273\20\0\0\0\0004R\226\20\0\0\0\0005\35\235\20\0\0\0\00062x\20\0\0\0\0006\375\177\20\0\0\0\0008\33\224\220\0\0\0\0008\335a\20\0\0\0\0009\373v\220\0\0\0\0:\275C\20\0\0\0\0;\333X\220\0\0\0\0<\246_\220\0\0\0\0=\273:\220\0\0\0\0>\206A\220\0\0\0\0?\233\34\220\0\0\0\0@f#\220\0\0\0\0A\2049\20\0\0\0\0BF\5\220\0\0\0\0Cd\33\20\0\0\0\0D%\347\220\0\0\0\0EC\375\20\0\0\0\0F\5\311\220\0\0\0\0G#\337\20\0\0\0\0G\356\346\20\0\0\0\0I\3\301\20\0\0\0\0I\316\310\20\0\0\0\0J\343\243\20\0\0\0\0K\256\252\20\0\0\0\0L\314\277\220\0\0\0\0M\216\214\20\0\0\0\0N\254\241\220\0\0\0\0Onn\20\0\0\0\0P\214\203\220\0\0\0\0QW\212\220\0\0\0\0Rle\220\0\0\0\0S7l\220\0\0\0\0TLG\220\0\0\0\0U\27N\220\0\0\0\0V,)\220\0\0\0\0V\3670\220\0\0\0\0X\25F\20\0\0\0\0X\327\22\220\0\0\0\0Y\365(\20\0\0\0\0Z\266\364\220\0\0\0\0[\325\n\20\0\0\0\0\\\240\21\20\0\0\0\0]\264\354\20\0\0\0\0^\177\363\20\0\0\0\0_\224\316\20\0\0\0\0`_\325\20\0\0\0\0a}\352\220\0\0\0\0b?\267\20\0\0\0\0c]\314\220\0\0\0\0d\37\231\20\0\0\0\0e=\256\220\0\0\0\0f\10\265\220\0\0\0\0g\35\220\220\0\0\0\0g\350\227\220\0\0\0\0h\375r\220\0\0\0\0i\310y\220\0\0\0\0j\335T\220\0\0\0\0k\250[\220\0\0\0\0l\306q\20\0\0\0\0m\210=\220\0\0\0\0n\246S\20\0\0\0\0oh\37\220\0\0\0\0p\2065\20\0\0\0\0qQ<\20\0\0\0\0rf\27\20\0\0\0\0s1\36\20\0\0\0\0tE\371\20\0\0\0\0u\21\0\20\0\0\0\0v/\25\220\0\0\0\0v\360\342\20\0\0\0\0x\16\367\220\0\0\0\0x\320\304\20\0\0\0\0y\356\331\220\0\0\0\0z\260\246\20\0\0\0\0{\316\273\220\0\0\0\0|\231\302\220\0\0\0\0}\256\235\220\0\0\0\0~y\244\220\0\0\0\0\177\216\177\220\0\1\2\3\2\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\0\0\20\354\0\0\0\0\16\36\0\4\0\0\16\20\0\10\0\0\34 \1\f\0\0\34 \1\f\0\0\16\20\0\10LMT\0SET\0CET\0CEST\0\0\0\0\0\1\1\0\0\0\0\1\1\nCET-1CEST,M3.5.0,M10.5.0/3\n", 4096) = 1918
lseek(3, -1226, SEEK_CUR)               = 692
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0\0\0\0\0\0\0y\0\0\0\6\0\0\0\21\370\0\0\0\0\0\0\0\377\377\377\377T\325\237\224\377\377\377\377|Usb\377\377\377\377\233\36\214`\377\377\377\377\233\325\332\360\0\0\0\0\23MD\20\0\0\0\0\0243\372\220\0\0\0\0\25#\353\220\0\0\0\0\26\23\334\220\0\0\0\0\27\3\315\220\0\0\0\0\27\363\276\220\0\0\0\0\30\343\257\220\0\0\0\0\31\323\240\220\0\0\0\0\32\303\221\220\0\0\0\0\33\274\275\20\0\0\0\0\34\254\256\20\0\0\0\0\35\234\237\20\0\0\0\0\36\214\220\20\0\0\0\0\37|\201\20\0\0\0\0 lr\20\0\0\0\0!\\c\20\0\0\0\0\"LT\20\0\0\0\0#<E\20\0\0\0\0$,6\20\0\0\0\0%\34'\20\0\0\0\0&\f\30\20\0\0\0\0'\5C\220\0\0\0\0'\3654\220\0\0\0\0(\345%\220\0\0\0\0)\325\26\220\0\0\0\0*\305\7\220\0\0\0\0+\264\370\220\0\0\0\0,\244\351\220\0\0\0\0-\224\332\220\0\0\0\0.\204\313\220\0\0\0\0/t\274\220\0\0\0\0000d\255\220\0\0\0\0001]\331\20\0\0\0\0002r\264\20\0\0\0\0003=\273\20\0\0\0\0004R\226\20\0\0\0\0005\35\235\20\0\0\0\00062x\20\0\0\0\0006\375\177\20\0\0\0\0008\33\224\220\0\0\0\0008\335a\20\0\0\0\0009\373v\220\0\0\0\0:\275C\20\0\0\0\0;\333X\220\0\0\0\0<\246_\220\0\0\0\0=\273:\220\0\0\0\0>\206A\220\0\0\0\0?\233\34\220\0\0\0\0@f#\220\0\0\0\0A\2049\20\0\0\0\0BF\5\220\0\0\0\0Cd\33\20\0\0\0\0D%\347\220\0\0\0\0EC\375\20\0\0\0\0F\5\311\220\0\0\0\0G#\337\20\0\0\0\0G\356\346\20\0\0\0\0I\3\301\20\0\0\0\0I\316\310\20\0\0\0\0J\343\243\20\0\0\0\0K\256\252\20\0\0\0\0L\314\277\220\0\0\0\0M\216\214\20\0\0\0\0N\254\241\220\0\0\0\0Onn\20\0\0\0\0P\214\203\220\0\0\0\0QW\212\220\0\0\0\0Rle\220\0\0\0\0S7l\220\0\0\0\0TLG\220\0\0\0\0U\27N\220\0\0\0\0V,)\220\0\0\0\0V\3670\220\0\0\0\0X\25F\20\0\0\0\0X\327\22\220\0\0\0\0Y\365(\20\0\0\0\0Z\266\364\220\0\0\0\0[\325\n\20\0\0\0\0\\\240\21\20\0\0\0\0]\264\354\20\0\0\0\0^\177\363\20\0\0\0\0_\224\316\20\0\0\0\0`_\325\20\0\0\0\0a}\352\220\0\0\0\0b?\267\20\0\0\0\0c]\314\220\0\0\0\0d\37\231\20\0\0\0\0e=\256\220\0\0\0\0f\10\265\220\0\0\0\0g\35\220\220\0\0\0\0g\350\227\220\0\0\0\0h\375r\220\0\0\0\0i\310y\220\0\0\0\0j\335T\220\0\0\0\0k\250[\220\0\0\0\0l\306q\20\0\0\0\0m\210=\220\0\0\0\0n\246S\20\0\0\0\0oh\37\220\0\0\0\0p\2065\20\0\0\0\0qQ<\20\0\0\0\0rf\27\20\0\0\0\0s1\36\20\0\0\0\0tE\371\20\0\0\0\0u\21\0\20\0\0\0\0v/\25\220\0\0\0\0v\360\342\20\0\0\0\0x\16\367\220\0\0\0\0x\320\304\20\0\0\0\0y\356\331\220\0\0\0\0z\260\246\20\0\0\0\0{\316\273\220\0\0\0\0|\231\302\220\0\0\0\0}\256\235\220\0\0\0\0~y\244\220\0\0\0\0\177\216\177\220\0\1\2\3\2\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\4\5\0\0\20\354\0\0\0\0\16\36\0\4\0\0\16\20\0\10\0\0\34 \1\f\0\0\34 \1\f\0\0\16\20\0\10LMT\0SET\0CET\0CEST\0\0\0\0\0\1\1\0\0\0\0\1\1\nCET-1CEST,M3.5.0,M10.5.0/3\n", 4096) = 1226
close(3)                                = 0
munmap(0x7fa1ef471000, 4096)            = 0
lstat("/tmp/uu/php/bin/php", {st_mode=S_IFREG|0755, st_size=18093224, ...}) = 0
lstat("/tmp/uu/php/bin", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
lstat("/tmp/uu/php", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
lstat("/tmp/uu", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
lstat("/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=24576, ...}) = 0
access("/tmp/uu/php/bin/php", X_OK)     = 0
open("/tmp/uu/php/bin/php-cli.ini", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/tmp/uu/php-cli.ini", O_RDONLY)   = -1 ENOENT (No such file or directory)
open("/tmp/uu/php/bin/php.ini", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/tmp/uu/php.ini", O_RDONLY)       = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/tmp/uu/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
brk(0x20ad000)                          = 0x20ad000
getdents(3, /* 7 entries */, 32768)     = 192
getdents(3, /* 0 entries */, 32768)     = 0
close(3)                                = 0
mmap(NULL, 323584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1ef3f9000
brk(0x20ce000)                          = 0x20ce000
brk(0x20f4000)                          = 0x20f4000
brk(0x2115000)                          = 0x2115000
brk(0x2136000)                          = 0x2136000
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
open("b.php", O_RDONLY)                 = 3
fstat(3, {st_mode=S_IFREG|0664, st_size=1063, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1ef471000
read(3, "<?php\n\nclass foo implements \\RecursiveIterator\n  {\n    public $foo = [];\n\n    public Function current ()\n      {\n        return current ($this->foo);\n      }\n\n    public Function key ()\n      {\n        return key ($this->foo);\n      }\n\n    public Function next ()\n      {\n        next ($this->foo);\n      }\n\n    public Function rewind ()\n      {\n        reset ($this->foo);\n      }\n\n    public Function valid ()\n      {\n        return current ($this->foo) !== false;\n      }\n\n    public Function getChildren ()\n      {\n        return current ($this->foo);\n      }\n\n    public Function hasChildren ()\n      {\n        return (bool) count ($this->foo);\n      }\n  }\n\n\nclass fooIterator extends \\RecursiveFilterIterator\n  {\n    public Function __destruct ()\n      {\n        require_once (\"./abcdefghi/abcdefghi/abcdefghi/abcdefghi/z.php\");\n\n        /* CRASH */\n      }\n\n    public Function accept ()\n      {\n        return true;\n      }\n  }\n\n\n$foo = new foo ();\n\n$foo->foo[] = new foo ();\n\nforeach (new \\RecursiveIteratorIterator (new fooIterator ($foo)) as $bar) ;\n\n\n", 4096) = 1063
lseek(3, 0, SEEK_SET)                   = 0
getcwd("/tmp/uu", 4096)                 = 8
lstat("/tmp/uu/b.php", {st_mode=S_IFREG|0664, st_size=1063, ...}) = 0
lstat("/tmp/uu", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
lstat("/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=24576, ...}) = 0
rt_sigaction(SIGPROF, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPROF, {0x5d3f50, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7fa1ee795250}, NULL, 8) = 0
rt_sigaction(SIGHUP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x5d3f50, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7fa1ee795250}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, {0x5d3f50, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7fa1ee795250}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {0x5d3f50, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7fa1ee795250}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x5d3f50, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7fa1ee795250}, NULL, 8) = 0
rt_sigaction(SIGUSR1, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR1, {0x5d3f50, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7fa1ee795250}, NULL, 8) = 0
rt_sigaction(SIGUSR2, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR2, {0x5d3f50, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7fa1ee795250}, NULL, 8) = 0
rt_sigaction(SIGPROF, {0x5d3f50, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7fa1ee795250}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1ef461000
fstat(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 47), ...}) = 0
fstat(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 47), ...}) = 0
lseek(0, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 47), ...}) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 47), ...}) = 0
lseek(1, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
fstat(2, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 47), ...}) = 0
fstat(2, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 47), ...}) = 0
lseek(2, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
getcwd("/tmp/uu", 4096)                 = 8
ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, 0x7fff5992ef90) = -1 ENOTTY (Inappropriate ioctl for device)
fstat(3, {st_mode=S_IFREG|0664, st_size=1063, ...}) = 0
mmap(NULL, 1095, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fa1ef460000
munmap(0x7fa1ef460000, 1095)            = 0
close(3)                                = 0
munmap(0x7fa1ef471000, 4096)            = 0
getcwd("/tmp/uu", 4096)                 = 8
lstat("/tmp/uu/./abcdefghi/abcdefghi/abcdefghi/abcdefghi/z.php", {st_mode=S_IFREG|0664, st_size=44, ...}) = 0
lstat("/tmp/uu/./abcdefghi/abcdefghi/abcdefghi/abcdefghi", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
lstat("/tmp/uu/./abcdefghi/abcdefghi/abcdefghi", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
lstat("/tmp/uu/./abcdefghi/abcdefghi", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
lstat("/tmp/uu/./abcdefghi", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
lstat("/tmp/uu/abcdefghi/abcdefghi/abcdefghi/abcdefghi/z.php", {st_mode=S_IFREG|0664, st_size=44, ...}) = 0
lstat("/tmp/uu/abcdefghi/abcdefghi/abcdefghi/abcdefghi", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
lstat("/tmp/uu/abcdefghi/abcdefghi/abcdefghi", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
lstat("/tmp/uu/abcdefghi/abcdefghi", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
lstat("/tmp/uu/abcdefghi", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
open("/tmp/uu/abcdefghi/abcdefghi/abcdefghi/abcdefghi/z.php", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0664, st_size=44, ...}) = 0
fstat(3, {st_mode=S_IFREG|0664, st_size=44, ...}) = 0
fstat(3, {st_mode=S_IFREG|0664, st_size=44, ...}) = 0
mmap(NULL, 44, PROT_READ, MAP_SHARED, 3, 0) = 0x7fa1ef471000
munmap(0x7fa1ef471000, 44)              = 0
close(3)                                = 0
write(1, "\nFatal error: Class 'Nonexistent' not found in /tmp/uu/abcdefghi/abcdefghi/abcdefghi/abcdefghi/z.php on line 3\n", 111
Fatal error: Class 'Nonexistent' not found in /tmp/uu/abcdefghi/abcdefghi/abcdefghi/abcdefghi/z.php on line 3
) = 111
close(2)                                = 0
close(1)                                = 0
close(0)                                = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x7fa5e8ba35b8} ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault

[2016-11-01 00:23 UTC] love at sickpeople dot se

A different backtrace:

 - Same setup as before but now compiled with --enable-debug


#0  0x00000000006b39b9 in zend_objects_store_del (object=0x7fea9da781e0) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_objects_API.c:150
150		    IS_OBJ_VALID(EG(objects_store).object_buckets[object->handle])) {
(gdb) bt
#0  0x00000000006b39b9 in zend_objects_store_del (object=0x7fea9da781e0) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_objects_API.c:150
#1  0x000000000068c085 in zend_iterator_dtor (iter=0x7fea9da781e0) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_iterators.c:88
#2  0x00000000004f52c6 in spl_recursive_it_dtor (_iter=0x7fea9da6d000) at /home/le/Downloads/php-7.1.0RC5/ext/spl/spl_iterators.c:179
#3  0x000000000068c01a in iter_wrapper_free (object=0x7fea9da6d000) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_iterators.c:69
#4  0x00000000006b37cc in zend_objects_store_free_object_storage (objects=0xb66438 <executor_globals+824>)
    at /home/le/Downloads/php-7.1.0RC5/Zend/zend_objects_API.c:99
#5  0x000000000064bd78 in shutdown_executor () at /home/le/Downloads/php-7.1.0RC5/Zend/zend_execute_API.c:359
#6  0x0000000000663580 in zend_deactivate () at /home/le/Downloads/php-7.1.0RC5/Zend/zend.c:987
#7  0x00000000005d3657 in php_request_shutdown (dummy=0x0) at /home/le/Downloads/php-7.1.0RC5/main/main.c:1873
#8  0x0000000000747b4d in do_cli (argc=3, argv=0x1b7c0d0) at /home/le/Downloads/php-7.1.0RC5/sapi/cli/php_cli.c:1157
#9  0x0000000000748366 in main (argc=3, argv=0x1b7c0d0) at /home/le/Downloads/php-7.1.0RC5/sapi/cli/php_cli.c:1378

(gdb) bt full
#0  0x00000000006b39b9 in zend_objects_store_del (object=0x7fea9da781e0) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_objects_API.c:150
No locals.
#1  0x000000000068c085 in zend_iterator_dtor (iter=0x7fea9da781e0) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_iterators.c:88
No locals.
#2  0x00000000004f52c6 in spl_recursive_it_dtor (_iter=0x7fea9da6d000) at /home/le/Downloads/php-7.1.0RC5/ext/spl/spl_iterators.c:179
        iter = 0x7fea9da6d000
        object = 0x7fea9da5fdc0
        sub_iter = 0x7fea9da781e0
#3  0x000000000068c01a in iter_wrapper_free (object=0x7fea9da6d000) at /home/le/Downloads/php-7.1.0RC5/Zend/zend_iterators.c:69
        iter = 0x7fea9da6d000
#4  0x00000000006b37cc in zend_objects_store_free_object_storage (objects=0xb66438 <executor_globals+824>)
    at /home/le/Downloads/php-7.1.0RC5/Zend/zend_objects_API.c:99
        obj_ptr = 0x7fea9da55038
        end = 0x7fea9da55008
        obj = 0x7fea9da6d000
#5  0x000000000064bd78 in shutdown_executor () at /home/le/Downloads/php-7.1.0RC5/Zend/zend_execute_API.c:359
        __orig_bailout = 0x7ffdac315fd0
        __bailout = {{__jmpbuf = {134217728, -82631801639447364, 4299424, 140727492370816, 0, 0, -82631801398274884, 81406172148356284}, 
            __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 16 times>}}}}
        func = 0x1c2d3c0
        ce = 0x1c2a080
#6  0x0000000000663580 in zend_deactivate () at /home/le/Downloads/php-7.1.0RC5/Zend/zend.c:987
No locals.
#7  0x00000000005d3657 in php_request_shutdown (dummy=0x0) at /home/le/Downloads/php-7.1.0RC5/main/main.c:1873
        report_memleaks = 1 '\001'
#8  0x0000000000747b4d in do_cli (argc=3, argv=0x1b7c0d0) at /home/le/Downloads/php-7.1.0RC5/sapi/cli/php_cli.c:1157
        c = -1
        file_handle = {handle = {fd = -1650016240, fp = 0x7fea9da6c010, stream = {handle = 0x7fea9da6c010, isatty = 0, mmap = {len = 1063, pos = 0, 
                map = 0x7fea9eab4000, buf = 0x7fea9eab4000 <error: Cannot access memory at address 0x7fea9eab4000>, old_handle = 0x1c2d430, 
                old_closer = 0x68b166 <zend_stream_stdio_closer>}, reader = 0x68b137 <zend_stream_stdio_reader>, 
              fsizer = 0x68b195 <zend_stream_stdio_fsizer>, closer = 0x68b2ce <zend_stream_mmap_closer>}}, filename = 0x1b7c140 "b.php", 
          opened_path = 0x0, type = ZEND_HANDLE_MAPPED, free_filename = 0 '\000'}
        behavior = 1
        reflection_what = 0x0
        request_started = 1
        exit_status = 255
        php_optarg = 0x1b7c140 "b.php"
        orig_optarg = 0x0
        php_optind = 3
        orig_optind = 1
---Type <return> to continue, or q <return> to quit---
        exec_direct = 0x0
        exec_run = 0x0
        exec_begin = 0x0
        exec_end = 0x0
        arg_free = 0x1b7c140 "b.php"
        arg_excp = 0x1b7c0e0
        script_file = 0x1b7c140 "b.php"
        translated_path = 0x1c0e1f0 "/tmp/hh/b.php"
        interactive = 0
        lineno = 1
        param_error = 0x0
        hide_argv = 0
#9  0x0000000000748366 in main (argc=3, argv=0x1b7c0d0) at /home/le/Downloads/php-7.1.0RC5/sapi/cli/php_cli.c:1378
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {0, -82631800049806148, 4299424, 140727492370816, 0, 0, -82631800544734020, 81406032904803516}, 
            __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 0, 0, 140727492370856, 3, 140727492370624, 140645661013224, 0, 1, 7676685, 4299424, 
                0, 7676608, 4299424, 140727492370816}}}}
        c = -1
        exit_status = 0
        module_started = 1
        sapi_started = 1
        php_optarg = 0x1b7c140 "b.php"
        php_optind = 3
        use_extended_info = 0
        ini_path_override = 0x0
        ini_entries = 0x1b7c380 "html_errors=0\nregister_argc_argv=1\nimplicit_flush=1\noutput_buffering=0\nmax_execution_time=0\nmax_input_time=-1\n"
        ini_entries_len = 110
        ini_ignore = 0
        sapi_module = 0xb494c0 <cli_sapi_module>

[2016-11-01 22:10 UTC] nullcreations at gmail dot com

I reproduced this as requested by the poster under 7.1.0RC3.  The code provided in the ticket does in fact causes a segfault.

[2016-11-02 04:12 UTC] laruence@php.net

Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1efb9fd32d2618bd603e3bc4dc9adb45d509cada
Log: Fixed bug #73423 (Reproducible crash with GDB backtrace)

[2016-11-02 04:12 UTC] laruence@php.net

-Status: Open +Status: Closed

[2016-11-09 03:33 UTC] krakjoe@php.net

Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1efb9fd32d2618bd603e3bc4dc9adb45d509cada
Log: Fixed bug #73423 (Reproducible crash with GDB backtrace)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Oct 28 03:00:02 2025 UTC