php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74392 exited on signal 11 (SIGSEGV - core dumped)
Submitted: 2017-04-08 14:11 UTC Modified: 2017-04-23 04:22 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: herb123456 at gmail dot com Assigned:
Status: No Feedback Package: *Encryption and hash functions
PHP Version: 7.1.3 OS: CentOS 7
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-04-08 14:11 UTC] herb123456 at gmail dot com
Description:
------------
PHP 7.1.3 (cli) (built: Apr  8 2017 18:52:22) ( NTS DEBUG )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.1.3, Copyright (c) 1999-2017, by Zend Technologies

WordPress 4.7.3

When I installed Jetpack plugin made by wordpress.com, the jetpack service will send a lot of request to xmlrpc.php on my server, and one of them crashed my php-fpm process.

Here is backtrace content:

gdb /opt/remi/php71-debug/root/usr/sbin/php-fpm /tmp/core.1974                                                                                  [21:43:31]
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /opt/remi/php71-debug/root/usr/sbin/php-fpm...done.
[New LWP 1974]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `php-fpm: pool www                          '.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f027b1adce8 in __memcpy_ssse3_back () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-13.el7.x86_64 cyrus-sasl-lib-2.1.26-20.el7_2.x86_64 freetype-2.4.11-12.el7.x86_64 glibc-2.17-157.el7_3.1.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.14.1-27.el7_3.x86_64 libX11-1.6.3-3.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 libXpm-3.5.11-3.el7.x86_64 libcom_err-1.42.9-9.el7.x86_64 libcurl-7.29.0-35.el7.centos.x86_64 libedit-3.0-12.20121213cvs.el7.x86_64 libgcc-4.8.5-11.el7.x86_64 libgcrypt-1.5.3-13.el7_3.1.x86_64 libgpg-error-1.12-3.el7.x86_64 libicu-50.1.2-15.el7.x86_64 libidn-1.28-4.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libmcrypt-2.5.8-13.el7.x86_64 libpng-1.5.13-7.el7_2.x86_64 libselinux-2.5-6.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 libstdc++-4.8.5-11.el7.x86_64 libtidy-0.99.0-31.20091203.el7.x86_64 libtool-ltdl-2.4.2-21.el7_2.x86_64 libxcb-1.11-4.el7.x86_64 libxml2-2.9.1-6.el7_2.3.x86_64 libxslt-1.1.28-5.el7.x86_64 ncurses-libs-5.9-13.20130511.el7.x86_64 nspr-4.13.1-1.0.el7_3.x86_64 nss-3.28.2-1.6.el7_3.x86_64 nss-softokn-3.16.2.3-14.4.el7.x86_64 nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64 nss-sysinit-3.28.2-1.6.el7_3.x86_64 nss-util-3.28.2-1.1.el7_3.x86_64 openldap-2.4.40-13.el7.x86_64 openssl-libs-1.0.1e-60.el7_3.1.x86_64 pcre-8.32-15.el7_2.1.x86_64 sqlite-3.7.17-8.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb) bt
#0  0x00007f027b1adce8 in __memcpy_ssse3_back () from /lib64/libc.so.6
#1  0x00000000006d4884 in zend_hash_packed_to_hash (ht=0x7f025f8a4480) at /root/php-7.1.3/Zend/zend_hash.c:214
#2  0x00000000006d5b05 in _zend_hash_add_or_update_i (ht=0x7f025f8a4480, key=0x7f0260e24968, pData=0x7f026397bb60, flag=1,
    __zend_filename=0xbd4100 "/root/php-7.1.3/Zend/zend_vm_execute.h", __zend_lineno=5886) at /root/php-7.1.3/Zend/zend_hash.c:554
#3  0x00000000006d5ebb in _zend_hash_update (ht=0x7f025f8a4480, key=0x7f0260e24968, pData=0x7f026397bb60,
    __zend_filename=0xbd4100 "/root/php-7.1.3/Zend/zend_vm_execute.h", __zend_lineno=5886) at /root/php-7.1.3/Zend/zend_hash.c:627
#4  0x000000000072dbeb in ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_CONST_HANDLER () at /root/php-7.1.3/Zend/zend_vm_execute.h:5886
#5  0x0000000000721c72 in execute_ex (ex=0x7f0279c14030) at /root/php-7.1.3/Zend/zend_vm_execute.h:429
#6  0x0000000000721d84 in zend_execute (op_array=0x7f0279c77000, return_value=0x0) at /root/php-7.1.3/Zend/zend_vm_execute.h:474
#7  0x00000000006c353d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php-7.1.3/Zend/zend.c:1476
#8  0x00000000006331b3 in php_execute_script (primary_file=0x7ffd9f159140) at /root/php-7.1.3/main/main.c:2537
#9  0x00000000007b1d2d in main (argc=1, argv=0x7ffd9f159368) at /root/php-7.1.3/sapi/fpm/fpm/fpm_main.c:1966



Test script:
---------------
no test script.

Actual result:
--------------
(gdb) bt
#0  0x00007f027b1adce8 in __memcpy_ssse3_back () from /lib64/libc.so.6
#1  0x00000000006d4884 in zend_hash_packed_to_hash (ht=0x7f025f8a4480) at /root/php-7.1.3/Zend/zend_hash.c:214
#2  0x00000000006d5b05 in _zend_hash_add_or_update_i (ht=0x7f025f8a4480, key=0x7f0260e24968, pData=0x7f026397bb60, flag=1,
    __zend_filename=0xbd4100 "/root/php-7.1.3/Zend/zend_vm_execute.h", __zend_lineno=5886) at /root/php-7.1.3/Zend/zend_hash.c:554
#3  0x00000000006d5ebb in _zend_hash_update (ht=0x7f025f8a4480, key=0x7f0260e24968, pData=0x7f026397bb60,
    __zend_filename=0xbd4100 "/root/php-7.1.3/Zend/zend_vm_execute.h", __zend_lineno=5886) at /root/php-7.1.3/Zend/zend_hash.c:627
#4  0x000000000072dbeb in ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_CONST_HANDLER () at /root/php-7.1.3/Zend/zend_vm_execute.h:5886
#5  0x0000000000721c72 in execute_ex (ex=0x7f0279c14030) at /root/php-7.1.3/Zend/zend_vm_execute.h:429
#6  0x0000000000721d84 in zend_execute (op_array=0x7f0279c77000, return_value=0x0) at /root/php-7.1.3/Zend/zend_vm_execute.h:474
#7  0x00000000006c353d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php-7.1.3/Zend/zend.c:1476
#8  0x00000000006331b3 in php_execute_script (primary_file=0x7ffd9f159140) at /root/php-7.1.3/main/main.c:2537
#9  0x00000000007b1d2d in main (argc=1, argv=0x7ffd9f159368) at /root/php-7.1.3/sapi/fpm/fpm/fpm_main.c:1966

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-10 03:16 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2017-04-10 03:16 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2017-04-10 16:53 UTC] herb123456 at gmail dot com
hello Laruence:

This issue happened when I installed wordpress plugin named Jetpack.

So, I don't know which file or which code cause this issue.

Can I use xdebug remote mode to find the point? But I need to make the time first.
 [2017-04-23 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Wed May 24 13:01:42 2017 UTC