php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60605 PHP segmentation fault when mysqlnd_ms is enabled
Submitted: 2011-12-24 20:14 UTC Modified: 2013-03-13 15:53 UTC
Votes:4
Avg. Score:4.2 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:3 (75.0%)
From: tomas dot srnka at relbit dot com Assigned: andrey (profile)
Status: Closed Package: mysqlnd_ms (PECL)
PHP Version: 5.3.8 OS: RHEL6 compatible
Private report: No CVE-ID: None
 [2011-12-24 20:14 UTC] tomas dot srnka at relbit dot com
Description:
------------
Hi,

I've been playing around with mysqlnd_ms, unfortunately, I can't make it work. 
I'm getting Segmentation fault when application is trying to connect to mysql 
server(s). I tried to install Joomla! and Wordpress. Both works fine when 
mysqlnd_ms is disabled.

Configuration line:
'./configure' '--build=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-
gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--
exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' 
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--
libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--
mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-
file=../config.cache' '--with-libdir=lib64' '--with-config-file-path=/etc' '--
with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic' '--disable-
rpath' '--without-pear' '--with-bz2' '--with-exec-dir=/usr/bin' '--with-
freetype-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--enable-gd-
native-ttf' '--with-t1lib=/usr' '--without-gdbm' '--with-gettext' '--with-gmp' 
'--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-pcre-regex=/usr' 
'--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-
magic-quotes' '--enable-sockets' '--with-kerberos' '--enable-ucd-snmp-hack' '--
enable-shmop' '--enable-calendar' '--with-libxml-dir=/usr' '--enable-xml' '--
with-system-tzdata' '--with-mhash' '--with-apxs2=/usr/sbin/apxs' '--
libdir=/usr/lib64/php' '--enable-pdo=shared' '--with-mysql=shared,/usr' '--with-
mysqli=shared,/usr/lib64/mysql/mysql_config' '--with-pdo-
mysql=shared,/usr/lib64/mysql/mysql_config' '--with-pdo-sqlite=shared,/usr' '--
without-gd' '--disable-dom' '--disable-dba' '--without-unixODBC' '--disable-
xmlreader' '--disable-xmlwriter' '--without-sqlite' '--without-sqlite3' '--
disable-phar' '--disable-fileinfo' '--disable-json' '--without-pspell' '--
disable-wddx' '--without-curl' '--disable-posix' '--disable-sysvmsg' '--disable-
sysvshm' '--disable-sysvsem'


Here is my mysqlnd_ms.ini configuration:

extension=mysqlnd_ms.so
mysqlnd_ms.enable = 1
mysqlnd_ms.force_config_usage = 1
mysqlnd_ms.ini_file = "/etc/mysqlnd_ms.json"


here is my mysqlnd_ms.json configuration:
{
	"localhost": {
		"master": {
			"master_0": {
				"host": "172.17.255.44",
				"port": 3306
			}
		},
		"slave": {
			"slave_0": {
				"host": "172.17.255.43",
				"port": 3306
			}
		}
	}
}



Expected result:
----------------
All writes are expected to go to Master server and all reads to Slave server.

Actual result:
--------------
Here is a strace log from Apache process:

[pid 11018] <... accept4 resumed> {sa_family=AF_INET6, sin6_port=htons(64054), 
inet_pton(AF_INET6, "::ffff:172.16.104.107", &sin6_addr), sin6_flowinfo=0, 
sin6_scope_id=0}, [28], SOCK_CLOEXEC) = 10
[pid 11018] getsockname(10, {sa_family=AF_INET6, sin6_port=htons(80), 
inet_pton(AF_INET6, "::ffff:172.17.255.44", &sin6_addr), sin6_flowinfo=0, 
sin6_scope_id=0}, [28]) = 0
[pid 11018] fcntl(10, F_GETFL)          = 0x2 (flags O_RDWR)
[pid 11018] fcntl(10, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 11018] read(10, "POST /wordpress/wp-admin/setup-c"..., 8000) = 621
[pid 11018] gettimeofday({1324750516, 568455}, NULL) = 0
[pid 11018] stat("/var/www/html/wordpress/wp-admin/setup-config.php", 
{st_dev=makedev(253, 0), st_ino=1178765, st_mode=S_IFREG|0777, st_nlink=1, 
st_uid=0, st_gid=0, st_blksize=4096, st_blocks=24, st_size=9712, 
st_atime=2011/12/24-18:30:25, st_mtime=2011/11/15-16:47:07, st_ctime=2011/12/24-
18:30:23}) = 0
[pid 11018] mmap(NULL, 528384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 
-1, 0) = 0x7f1ace7cb000
[pid 11018] setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={60, 0}}, NULL) 
= 0
[pid 11018] rt_sigaction(SIGPROF, {0x7f1ac40b7d30, [PROF], 
SA_RESTORER|SA_RESTART, 0x7f1accec8900}, {SIG_DFL, [], 0}, 8) = 0
[pid 11018] rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
[pid 11018] gettimeofday({1324750516, 569673}, NULL) = 0
[pid 11018] lstat("/etc/mysqlnd_ms.json", {st_dev=makedev(253, 0), 
st_ino=785582, st_mode=S_IFREG|0664, st_nlink=1, st_uid=0, st_gid=0, 
st_blksize=4096, st_blocks=8, st_size=190, st_atime=2011/12/24-19:06:12, 
st_mtime=2011/12/24-19:05:59, st_ctime=2011/12/24-19:05:59}) = 0
[pid 11018] lstat("/etc", {st_dev=makedev(253, 0), st_ino=784897, 
st_mode=S_IFDIR|0755, st_nlink=66, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=4096, st_atime=2011/12/24-19:13:13, st_mtime=2011/12/24-
19:07:15, st_ctime=2011/12/24-19:07:15}) = 0
[pid 11018] open("/etc/mysqlnd_ms.json", O_RDONLY) = 11
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=785582, 
st_mode=S_IFREG|0664, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=190, st_atime=2011/12/24-19:06:12, st_mtime=2011/12/24-
19:05:59, st_ctime=2011/12/24-19:05:59}) = 0
[pid 11018] lseek(11, 0, SEEK_CUR)      = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=785582, 
st_mode=S_IFREG|0664, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=190, st_atime=2011/12/24-19:06:12, st_mtime=2011/12/24-
19:05:59, st_ctime=2011/12/24-19:05:59}) = 0
[pid 11018] read(11, "{\n\t\"mysql\": {\n\t\t\"master\": {\n\t\t\t\""..., 8192) 
= 190
[pid 11018] read(11, "", 8192)          = 0
[pid 11018] read(11, "", 8192)          = 0
[pid 11018] close(11)                   = 0
[pid 11018] getcwd("/", 4095)           = 2
[pid 11018] chdir("/var/www/html/wordpress/wp-admin") = 0
[pid 11018] setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={30, 0}}, NULL) 
= 0
[pid 11018] gettimeofday({1324750516, 570837}, NULL) = 0
[pid 11018] lstat("/var/www/html/wordpress/wp-admin/setup-config.php", 
{st_dev=makedev(253, 0), st_ino=1178765, st_mode=S_IFREG|0777, st_nlink=1, 
st_uid=0, st_gid=0, st_blksize=4096, st_blocks=24, st_size=9712, 
st_atime=2011/12/24-18:30:25, st_mtime=2011/11/15-16:47:07, st_ctime=2011/12/24-
18:30:23}) = 0
[pid 11018] lstat("/var/www/html/wordpress/wp-admin", {st_dev=makedev(253, 0), 
st_ino=1178714, st_mode=S_IFDIR|0777, st_nlink=9, st_uid=0, st_gid=0, 
st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2011/12/24-18:41:35, 
st_mtime=2011/12/12-23:30:26, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] lstat("/var/www/html/wordpress", {st_dev=makedev(253, 0), 
st_ino=1178694, st_mode=S_IFDIR|0777, st_nlink=5, st_uid=0, st_gid=0, 
st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2011/12/24-18:41:27, 
st_mtime=2011/12/12-23:30:26, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] lstat("/var/www/html", {st_dev=makedev(253, 0), st_ino=1178206, 
st_mode=S_IFDIR|0755, st_nlink=3, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=4096, st_atime=2011/12/24-18:30:23, st_mtime=2011/12/24-
18:30:09, st_ctime=2011/12/24-18:30:09}) = 0
[pid 11018] lstat("/var/www", {st_dev=makedev(253, 0), st_ino=1178204, 
st_mode=S_IFDIR|0755, st_nlink=6, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=4096, st_atime=2011/12/24-18:03:19, st_mtime=2011/12/24-
18:02:39, st_ctime=2011/12/24-18:02:39}) = 0
[pid 11018] lstat("/var", {st_dev=makedev(253, 0), st_ino=1177345, 
st_mode=S_IFDIR|0755, st_nlink=18, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=4096, st_atime=2011/12/20-03:47:00, st_mtime=2011/12/24-
17:58:09, st_ctime=2011/12/24-17:58:09}) = 0
[pid 11018] open("/var/www/html/wordpress/wp-admin/setup-config.php", O_RDONLY) 
= 11
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1178765, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=24, st_size=9712, st_atime=2011/12/24-18:30:25, st_mtime=2011/11/15-
16:47:07, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1178765, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=24, st_size=9712, st_atime=2011/12/24-18:30:25, st_mtime=2011/11/15-
16:47:07, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1178765, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=24, st_size=9712, st_atime=2011/12/24-18:30:25, st_mtime=2011/11/15-
16:47:07, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] mmap(NULL, 9712, PROT_READ, MAP_SHARED, 11, 0) = 0x7f1ace7c8000
[pid 11018] brk(0x7f1ad0574000)         = 0x7f1ad0574000
[pid 11018] munmap(0x7f1ace7c8000, 9712) = 0
[pid 11018] close(11)                   = 0
[pid 11018] gettimeofday({1324750516, 573226}, NULL) = 0
[pid 11018] lstat("/var/www/html/wordpress/wp-includes/load.php", 
{st_dev=makedev(253, 0), st_ino=1179563, st_mode=S_IFREG|0777, st_nlink=1, 
st_uid=0, st_gid=0, st_blksize=4096, st_blocks=48, st_size=21354, 
st_atime=2011/12/24-18:30:24, st_mtime=2011/09/30-00:57:43, st_ctime=2011/12/24-
18:30:23}) = 0
[pid 11018] lstat("/var/www/html/wordpress/wp-includes", {st_dev=makedev(253, 
0), st_ino=1179071, st_mode=S_IFDIR|0777, st_nlink=8, st_uid=0, st_gid=0, 
st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2011/12/24-18:41:35, 
st_mtime=2011/12/12-23:30:25, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] gettimeofday({1324750516, 573453}, NULL) = 0
[pid 11018] open("/var/www/html/wordpress/wp-includes/load.php", O_RDONLY) = 11
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179563, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=48, st_size=21354, st_atime=2011/12/24-18:30:24, st_mtime=2011/09/30-
00:57:43, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179563, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=48, st_size=21354, st_atime=2011/12/24-18:30:24, st_mtime=2011/09/30-
00:57:43, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179563, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=48, st_size=21354, st_atime=2011/12/24-18:30:24, st_mtime=2011/09/30-
00:57:43, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] mmap(NULL, 21354, PROT_READ, MAP_SHARED, 11, 0) = 0x7f1ace7c5000
[pid 11018] munmap(0x7f1ace7c5000, 21354) = 0
[pid 11018] close(11)                   = 0
[pid 11018] gettimeofday({1324750516, 575634}, NULL) = 0
[pid 11018] lstat("/var/www/html/wordpress/wp-includes/version.php", 
{st_dev=makedev(253, 0), st_ino=1179572, st_mode=S_IFREG|0777, st_nlink=1, 
st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=732, 
st_atime=2011/12/24-18:30:24, st_mtime=2011/12/12-23:20:00, st_ctime=2011/12/24-
18:30:23}) = 0
[pid 11018] gettimeofday({1324750516, 575790}, NULL) = 0
[pid 11018] open("/var/www/html/wordpress/wp-includes/version.php", O_RDONLY) = 
11
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179572, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=732, st_atime=2011/12/24-18:30:24, st_mtime=2011/12/12-
23:20:00, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179572, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=732, st_atime=2011/12/24-18:30:24, st_mtime=2011/12/12-
23:20:00, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179572, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=732, st_atime=2011/12/24-18:30:24, st_mtime=2011/12/12-
23:20:00, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] mmap(NULL, 732, PROT_READ, MAP_SHARED, 11, 0) = 0x7f1ace7ca000
[pid 11018] munmap(0x7f1ace7ca000, 732) = 0
[pid 11018] close(11)                   = 0
[pid 11018] gettimeofday({1324750516, 576791}, NULL) = 0
[pid 11018] lstat("/var/www/html/wordpress/wp-includes/compat.php", 
{st_dev=makedev(253, 0), st_ino=1179570, st_mode=S_IFREG|0777, st_nlink=1, 
st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=2635, 
st_atime=2011/12/24-18:30:25, st_mtime=2011/07/07-01:33:05, st_ctime=2011/12/24-
18:30:23}) = 0
[pid 11018] gettimeofday({1324750516, 577096}, NULL) = 0
[pid 11018] open("/var/www/html/wordpress/wp-includes/compat.php", O_RDONLY) = 
11
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179570, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=2635, st_atime=2011/12/24-18:30:25, st_mtime=2011/07/07-
01:33:05, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179570, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=2635, st_atime=2011/12/24-18:30:25, st_mtime=2011/07/07-
01:33:05, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179570, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=2635, st_atime=2011/12/24-18:30:25, st_mtime=2011/07/07-
01:33:05, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] mmap(NULL, 2635, PROT_READ, MAP_SHARED, 11, 0) = 0x7f1ace7ca000
[pid 11018] munmap(0x7f1ace7ca000, 2635) = 0
[pid 11018] close(11)                   = 0
[pid 11018] gettimeofday({1324750516, 578099}, NULL) = 0
[pid 11018] lstat("/var/www/html/wordpress/wp-includes/functions.php", 
{st_dev=makedev(253, 0), st_ino=1179573, st_mode=S_IFREG|0777, st_nlink=1, 
st_uid=0, st_gid=0, st_blksize=4096, st_blocks=296, st_size=147503, 
st_atime=2011/12/24-18:30:24, st_mtime=2011/11/23-18:29:49, st_ctime=2011/12/24-
18:30:23}) = 0
[pid 11018] gettimeofday({1324750516, 578232}, NULL) = 0
[pid 11018] open("/var/www/html/wordpress/wp-includes/functions.php", O_RDONLY) 
= 11
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179573, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=296, st_size=147503, st_atime=2011/12/24-18:30:24, 
st_mtime=2011/11/23-18:29:49, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179573, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=296, st_size=147503, st_atime=2011/12/24-18:30:24, 
st_mtime=2011/11/23-18:29:49, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179573, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=296, st_size=147503, st_atime=2011/12/24-18:30:24, 
st_mtime=2011/11/23-18:29:49, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] mmap(NULL, 147503, PROT_READ, MAP_SHARED, 11, 0) = 0x7f1ace7a6000
[pid 11018] brk(0x7f1ad05b8000)         = 0x7f1ad05b8000
[pid 11018] brk(0x7f1ad05fa000)         = 0x7f1ad05fa000
[pid 11018] brk(0x7f1ad063e000)         = 0x7f1ad063e000
[pid 11018] brk(0x7f1ad0681000)         = 0x7f1ad0681000
[pid 11018] munmap(0x7f1ace7a6000, 147503) = 0
[pid 11018] close(11)                   = 0
[pid 11018] gettimeofday({1324750516, 588730}, NULL) = 0
[pid 11018] lstat("/var/www/html/wordpress/wp-includes/class-wp-error.php", 
{st_dev=makedev(253, 0), st_ino=1179073, st_mode=S_IFREG|0777, st_nlink=1, 
st_uid=0, st_gid=0, st_blksize=4096, st_blocks=16, st_size=4756, 
st_atime=2011/12/24-18:30:24, st_mtime=2011/09/03-18:02:41, st_ctime=2011/12/24-
18:30:23}) = 0
[pid 11018] gettimeofday({1324750516, 588959}, NULL) = 0
[pid 11018] open("/var/www/html/wordpress/wp-includes/class-wp-error.php", 
O_RDONLY) = 11
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179073, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=16, st_size=4756, st_atime=2011/12/24-18:30:24, st_mtime=2011/09/03-
18:02:41, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179073, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=16, st_size=4756, st_atime=2011/12/24-18:30:24, st_mtime=2011/09/03-
18:02:41, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179073, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=16, st_size=4756, st_atime=2011/12/24-18:30:24, st_mtime=2011/09/03-
18:02:41, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] mmap(NULL, 4756, PROT_READ, MAP_SHARED, 11, 0) = 0x7f1ace7c9000
[pid 11018] munmap(0x7f1ace7c9000, 4756) = 0
[pid 11018] close(11)                   = 0
[pid 11018] access("/var/www/html/wordpress/wp-config-sample.php", F_OK) = 0
[pid 11018] gettimeofday({1324750516, 589775}, NULL) = 0
[pid 11018] lstat("/var/www/html/wordpress/wp-config-sample.php", 
{st_dev=makedev(253, 0), st_ino=1179731, st_mode=S_IFREG|0777, st_nlink=1, 
st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=3177, 
st_atime=2011/12/24-18:30:25, st_mtime=2010/11/01-15:45:11, st_ctime=2011/12/24-
18:30:23}) = 0
[pid 11018] open("/var/www/html/wordpress/wp-config-sample.php", O_RDONLY) = 11
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179731, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=3177, st_atime=2011/12/24-18:30:25, st_mtime=2010/11/01-
15:45:11, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] lseek(11, 0, SEEK_CUR)      = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179731, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=3177, st_atime=2011/12/24-18:30:25, st_mtime=2010/11/01-
15:45:11, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] read(11, "<?php\r\n/**\r\n * The base configur"..., 8192) = 3177
[pid 11018] read(11, "", 8192)          = 0
[pid 11018] read(11, "", 8192)          = 0
[pid 11018] close(11)                   = 0
[pid 11018] access("/var/www/html/wordpress/wp-config.php", F_OK) = -1 ENOENT 
(No such file or directory)
[pid 11018] access("/var/www/html/wordpress/../wp-config.php", F_OK) = -1 ENOENT 
(No such file or directory)
[pid 11018] gettimeofday({1324750516, 590751}, NULL) = 0
[pid 11018] lstat("/var/www/html/wordpress/wp-includes/wp-db.php", 
{st_dev=makedev(253, 0), st_ino=1179562, st_mode=S_IFREG|0777, st_nlink=1, 
st_uid=0, st_gid=0, st_blksize=4096, st_blocks=88, st_size=43627, 
st_atime=2011/12/24-18:30:38, st_mtime=2011/11/15-01:18:41, st_ctime=2011/12/24-
18:30:23}) = 0
[pid 11018] gettimeofday({1324750516, 590988}, NULL) = 0
[pid 11018] open("/var/www/html/wordpress/wp-includes/wp-db.php", O_RDONLY) = 11
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179562, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=88, st_size=43627, st_atime=2011/12/24-18:30:38, st_mtime=2011/11/15-
01:18:41, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179562, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=88, st_size=43627, st_atime=2011/12/24-18:30:38, st_mtime=2011/11/15-
01:18:41, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] fstat(11, {st_dev=makedev(253, 0), st_ino=1179562, 
st_mode=S_IFREG|0777, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=88, st_size=43627, st_atime=2011/12/24-18:30:38, st_mtime=2011/11/15-
01:18:41, st_ctime=2011/12/24-18:30:23}) = 0
[pid 11018] mmap(NULL, 43627, PROT_READ, MAP_SHARED, 11, 0) = 0x7f1ace7c0000
[pid 11018] brk(0x7f1ad06c3000)         = 0x7f1ad06c3000
[pid 11018] brk(0x7f1ad0703000)         = 0x7f1ad0703000
[pid 11018] munmap(0x7f1ace7c0000, 43627) = 0
[pid 11018] close(11)                   = 0
[pid 11018] access("/var/www/html/wordpress/wp-content/db.php", F_OK) = -1 
ENOENT (No such file or directory)
[pid 11018] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
[pid 11018] chdir("/etc/httpd")         = 0
[pid 11018] rt_sigaction(SIGSEGV, {SIG_DFL, [], SA_RESTORER|SA_INTERRUPT, 
0x7f1acd2464a0}, {SIG_DFL, [], SA_RESTORER|SA_RESETHAND, 0x7f1acd2464a0}, 8) = 0
[pid 11018] kill(11018, SIGSEGV)        = 0
[pid 11018] rt_sigreturn(0x2b0a)        = 0
[pid 11018] --- SIGSEGV (Segmentation fault) @ 0 (0) ---

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-12-25 15:32 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2011-12-25 15:32 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2011-12-25 17:08 UTC] tomas dot srnka at relbit dot com
-Status: Feedback +Status: Open
 [2011-12-25 17:08 UTC] tomas dot srnka at relbit dot com
Hi, 

here is the backtrace from httpd/php (I hope that it's correct, my first time 
using gdb):

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff655a9c1 in __strlen_sse2 () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff655a9c1 in __strlen_sse2 () from /lib64/libc.so.6
#1  0x00007fffdda2c9c0 in zif_mysql_get_server_info (ht=1, 
return_value=0x7ffff890d770, 
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /root/rpmbuild/BUILD/php-5.3.8/ext/mysql/php_mysql.c:1202
#2  0x00007fffed6d0b3a in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7ffff7e12100)
    at /root/rpmbuild/BUILD/php-5.3.8/Zend/zend_vm_execute.h:320
#3  0x00007fffed6d551b in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x7ffff7e12100)
    at /root/rpmbuild/BUILD/php-5.3.8/Zend/zend_vm_execute.h:1640
#4  0x00007fffed6cfeb4 in execute (op_array=0x7ffff890a5e8)
    at /root/rpmbuild/BUILD/php-5.3.8/Zend/zend_vm_execute.h:107
#5  0x00007fffed699720 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3)
    at /root/rpmbuild/BUILD/php-5.3.8/Zend/zend.c:1236
#6  0x00007fffed6184f0 in php_execute_script (primary_file=0x7fffffffe070)
    at /root/rpmbuild/BUILD/php-5.3.8/main/main.c:2284
#7  0x00007fffed789b6e in php_handler (r=0x7ffff8643298)
    at /root/rpmbuild/BUILD/php-5.3.8/sapi/apache2handler/sapi_apache2.c:669
#8  0x00007ffff7fd7970 in ap_run_handler ()
#9  0x00007ffff7fdb22e in ap_invoke_handler ()
#10 0x00007ffff7fe6890 in ap_process_request ()
#11 0x00007ffff7fe3758 in ?? ()
#12 0x00007ffff7fdf488 in ap_run_process_connection ()
#13 0x00007ffff7feb667 in ?? ()
#14 0x00007ffff7feb936 in ?? ()
#15 0x00007ffff7febf83 in ap_mpm_run ()
#16 0x00007ffff7fc3840 in main ()
 [2011-12-25 17:14 UTC] tomas dot srnka at relbit dot com
Hi,

this code will crash PHP, when mysqlnd_ms is used. The crash is caused by 
mysql_get_server_info() function:

<?php
$link = mysql_connect('localhost', 'root', 'new-password');
if (!$link) {
    die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
printf("MySQL server version: %s\n", mysql_get_server_info()); 
mysql_close($link);
?>
 [2012-01-04 09:41 UTC] uw@php.net
Automatic comment from SVN on behalf of uw
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=321755
Log: Test für bug#60605, no crash with PHP 5.3 trunk on CLI
 [2012-01-04 09:45 UTC] uw@php.net
Thank you for the bug report! We'll look into it. 

Please, provide some additional information:

 - which version of mysqlnd_ms is being used?
 - which version of MySQL is used?
 - can you enable a mysqlnd debug trace (requires PHP debug build) and provide it, see http://docs.php.net/manual/en/mysqlnd-ms.debugging.php?


I've done a quick check on CLI and I can't reproduce with PHP 5.3 trunk on CLI, which does not mean too much.

Thanks,
Ulf
 [2012-01-04 09:45 UTC] uw@php.net
-Assigned To: +Assigned To: uw
 [2012-01-04 15:23 UTC] uw@php.net
-Status: Assigned +Status: Feedback
 [2012-01-04 15:24 UTC] uw@php.net
According to your configure line, you have not enabled mysqlnd but you are trying to use a mysqlnd plugin. That does not work out.
 [2012-02-21 18:34 UTC] phpbugs at linuxhosted dot ca
Hi, I am experiencing the same problem and I most definitely do have mysqlnd support compiled in, the backtrace is nearly identical. One thing to note is that I am using MariaDB as the backend server (a binary compatible fork of MySQL). The crash happens on the same function in the mysqli module as well:

my php configure line is:
'./configure' '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--prefix=/usr/local/php5' '--with-libdir=lib64' '--with-openssl=shared,/usr' '--with-zlib=shared,/usr' '--with-mysqli=shared,mysqlnd' '--enable-ftp=shared' '--with-pear' '--enable-mbstring=shared,all' '--enable-exif=shared' '--with-bz2=shared,/usr' '--with-mysql=shared,mysqlnd' '--with-mcrypt=shared,/usr' '--with-iconv=shared' '--with-gd=shared' '--enable-sqlite-utf8' '--enable-zend-multibyte' '--with-zlib-dir=/usr' '--enable-fpm' '--with-fpm-user=www' '--with-fpm-group=www' '--enable-zip=shared' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-recode=shared,/usr' '--with-readline=shared,/usr' '--with-libedit=shared,/usr' '--enable-pcntl=shared' '--with-gmp=shared,/usr' '--with-gettext=shared,/usr' '--with-curl=shared,/usr' '--enable-pdo=shared' '--with-pdo-pgsql=shared,/usr' '--with-pdo-mysql=shared,mysqlnd' '--with-pgsql=shared,/usr' '--with-pdo-sqlite=shared' '--enable-phar=shared' '--enable-posix=shared' '--with-sqlite=shared' '--enable-tokenizer=shared' '--enable-session=shared' '--enable-simplexml=shared' '--enable-xml=shared' '--with-libxml-dir=/usr' '--enable-xmlreader=shared' '--enable-xmlwriter=shared' '--with-xsl=shared,/usr' '--with-tidy=shared,/usr' '--enable-shmop=shared' '--with-sqlite3=shared' '--enable-dom=shared' '--enable-fileinfo=shared' '--enable-soap=shared' '--enable-sockets=shared' '--enable-json=shared' '--enable-dom=shared' '--enable-gd-native-ttf' '--enable-calendar=shared' '--enable-ctype=shared' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--with-freetype-dir=/usr' '--with-t1lib=/usr' '--enable-gd-jis-conv'

gdb backtrace:
(gdb) bt
#0  0x00007ffff02c69b5 in zif_mysql_get_server_info (ht=0, return_value=0xea7be8, return_value_ptr=0x0, this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /home/dev/src/php/php-5.3.10/ext/mysql/php_mysql.c:1202
#1  0x0000000000676ac2 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ee0310) at /home/dev/src/php/php-5.3.10/Zend/zend_vm_execute.h:320
#2  0x000000000067b21b in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7ffff7ee0310) at /home/dev/src/php/php-5.3.10/Zend/zend_vm_execute.h:1640
#3  0x0000000000675edf in execute (op_array=0xf4b588) at /home/dev/src/php/php-5.3.10/Zend/zend_vm_execute.h:107
#4  0x000000000064271a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/dev/src/php/php-5.3.10/Zend/zend.c:1236
#5  0x00000000005c98a0 in php_execute_script (primary_file=0x7fffffffe310) at /home/dev/src/php/php-5.3.10/main/main.c:2308
#6  0x0000000000728e8d in main (argc=2, argv=0x7fffffffe568) at /home/dev/src/php/php-5.3.10/sapi/cli/php_cli.c:1184

Valgrind:
==1617==
==1617== Invalid read of size 1
==1617==    at 0xCD6D9B5: zif_mysql_get_server_info (php_mysql.c:1202)
==1617==    by 0x5642EC: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:320)
==1617==    by 0x577E9E: execute (zend_vm_execute.h:107)
==1617==    by 0x5454CB: zend_execute_scripts (zend.c:1236)
==1617==    by 0x5048EC: php_execute_script (main.c:2308)
==1617==    by 0x5A28FD: main (php_cli.c:1184)
==1617==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==1617==
==1617==
==1617== Process terminating with default action of signal 11 (SIGSEGV)
==1617==  Access not within mapped region at address 0x0
==1617==    at 0xCD6D9B5: zif_mysql_get_server_info (php_mysql.c:1202)
==1617==    by 0x5642EC: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:320)
==1617==    by 0x577E9E: execute (zend_vm_execute.h:107)
==1617==    by 0x5454CB: zend_execute_scripts (zend.c:1236)
==1617==    by 0x5048EC: php_execute_script (main.c:2308)
==1617==    by 0x5A28FD: main (php_cli.c:1184)
==1617==  If you believe this happened as a result of a stack
==1617==  overflow in your program's main thread (unlikely but
==1617==  possible), you can try to increase the size of the
==1617==  main thread stack using the --main-stacksize= flag.
==1617==  The main thread stack size used in this run was 10485760.
==1617==
==1617== HEAP SUMMARY:
==1617==     in use at exit: 5,897,779 bytes in 25,147 blocks
==1617==   total heap usage: 28,227 allocs, 3,080 frees, 6,328,051 bytes allocated
 [2012-10-07 06:51 UTC] chunlei at pipapai dot com
Hi I'm experiencing exact same issue. My environment is: 
1. php 5.4.8 RC, built with mysqlnd 
2. php-pecl-mysqlnd-ms 1.4.2 
3. mysql 5.2.28 
4. centos 6.3 

configuration: 
extension=mysqlnd_ms.so
mysqlnd_ms.enable = 1
mysqlnd_ms.force_config_usage = 1
mysqlnd_ms.config_file = "/etc/mysqlnd_ms.json"

configuration of /etc/mysqlnd_ms.json: 
{
    "myapp": {
        "master": {
            "master_0": {
                "host": "127.0.0.1"
            }
        },
        "slave": {
            "slave_0": {
                "host": "127.0.0.1"
            }

        }
    }	
}

The php script crashes on mysql_get_server_info (Segmentation fault): 
<?php
$link = mysql_connect('myapp', 'mydb', 'password', true);
if (!$link) {
    die('Could not connect: ' . mysql_error());
}

echo 'Connected successfully, ';
print("MySQL server version: %s\n", mysql_get_server_info($link));
?>
$> php mytest.php 
Connected successfully, Segmentation fault (core dumped)


I'm able to make it work by adding a mysql_query before mysql_get_server_info: 
<?php
$link = mysql_connect('myapp', 'mydb', 'password', true);
if (!$link) {
    die('Could not connect: ' . mysql_error());
}

# now sure why having this link makes it okay ? 
mysql_query("SET @@SESSION.sql_mode = '';", $link);

echo 'Connected successfully, ';
print("MySQL server version: %s\n", mysql_get_server_info($link));
?>

$> php mytest.php 
Connected successfully, MySQL server version: 5.5.28


Expectation: 
The mysql_get_server_info should not crash at first place.
 [2012-10-08 14:52 UTC] andrey@php.net
-Status: Feedback +Status: Assigned -Assigned To: uw +Assigned To: andrey
 [2012-10-08 14:52 UTC] andrey@php.net
andrey@poohie:/work/dev/php/php-src$ ./php -d mysqlnd_ms.enable=1 -d mysqlnd_ms.force_config_usage=1 -d mysqlnd_ms.config_file="/tmp/config.json" a.php 
MySQL server version: %s
Segmentation fault (core dumped)
 [2012-10-12 15:53 UTC] andrey@php.net
Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=328016
Log: fix bug #60605 PHP segmentation fault when mysqlnd_ms is enabled
 [2012-11-27 14:40 UTC] norbutas at emanuelis dot eu
Exactly the same problem with 5.3.19

Workaround - disable lazy connections:
"lazy_connections": 0
 [2013-03-13 15:53 UTC] uw@php.net
-Status: Assigned +Status: Closed
 [2013-03-13 15:53 UTC] uw@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

MS 1.5 tests pass w. 5.3+
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Jun 24 12:01:25 2019 UTC