PHP 5.3.6 SIGSEGV（使用Zend_语言环境？）

我们有一个具有7GB内存的64位web服务器，PHP在周末运行我们的网站时崩溃，该网站由Codeigniter和选择性Zend类提供支持。几乎所有PHP请求都会进入我们的站点，从而导致SIGSGV。我们运行该站点的同一规格的其他服务器的这些功能要少得多。不确定这是否相关，我们运行的是APC（PHP5.3.6附带的版本，我认为是3.1.3p1），我们发现错误日志中有很多“无法为池分配内存”。运行APC统计时，我发现缓存已满

所以我的第一个问题，我认为拥有一个完整的APC缓存不应该导致SIGSEGV

标题为PHP 5.3.6，gdb It I提供了以下回溯：

Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f9d259007e0 (LWP 6020)] strlen () at ../sysdeps/x86_64/strlen.S:31 31 pcmpeqb (%rdi), %xmm2 (gdb) backtrace #0 strlen () at ../sysdeps/x86_64/strlen.S:31 #1 0x00007f9d1e14e274 in xbuf_format_converter (xbuf=0x7fffa8560f10, fmt=0x7f9d1e26d0df "s, %s%s given, called in %s on line %d and defined", ap=0x7fffa8560fb0) at /usr/src/debug/php-5.3.6/main/spprintf.c:574 #2 0x00007f9d1e14f164 in vspprintf (pbuf=0x7f9d270327d8, max_len=0, format=, ap=) at /usr/src/debug/php-5.3.6/main/spprintf.c:797 #3 0x00007f9d1e19b56f in zend_error (type=4096, format=0x7f9d1e26d0b8 "Argument %d passed to %s%s%s() must %s%s, %s%s given, called in %s on line %d and defined") at /usr/src/debug/php-5.3.6/Zend/zend.c:1051 #4 0x00007f9d1e1eac56 in zend_verify_arg_error (execute_data=0x7f9d257e88f8) at /usr/src/debug/php-5.3.6/Zend/zend_execute.c:471 #5 zend_verify_arg_type (execute_data=0x7f9d257e88f8) at /usr/src/debug/php-5.3.6/Zend/zend_execute.c:505 #6 ZEND_RECV_SPEC_HANDLER (execute_data=0x7f9d257e88f8) at /usr/src/debug/php-5.3.6/Zend/zend_vm_execute.h:449 #7 0x00007f9d1e1c0e30 in execute (op_array=0x7f9d26ffe998) at /usr/src/debug/php-5.3.6/Zend/zend_vm_execute.h:107 #8 0x00007f9d1e19b0fd in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/debug/php-5.3.6/Zend/zend.c:1194 #9 0x00007f9d1e1487c8 in php_execute_script (primary_file=0x7fffa8563640) at /usr/src/debug/php-5.3.6/main/main.c:2268 #10 0x00007f9d1e2246a5 in php_handler (r=0x7f9d26dbc8c0) at /usr/src/debug/php-5.3.6/sapi/apache2handler/sapi_apache2.c:669 #11 0x00007f9d2593d8b0 in ap_run_handler (r=0x7f9d26dbc8c0) at /usr/src/debug/httpd-2.2.16/server/config.c:158 #12 0x00007f9d2594116e in ap_invoke_handler (r=0x7f9d26dbc8c0) at /usr/src/debug/httpd-2.2.16/server/config.c:376 #13 0x00007f9d2594c5fc in ap_internal_redirect (new_uri=, r=) at /usr/src/debug/httpd-2.2.16/modules/http/http_request.c:502 #14 0x00007f9d1f3637a5 in handler_redirect (r=0x7f9d26dcad38) at /usr/src/debug/httpd-2.2.16/modules/mappers/mod_rewrite.c:4831 #15 0x00007f9d2593d8b0 in ap_run_handler (r=0x7f9d26dcad38) at /usr/src/debug/httpd-2.2.16/server/config.c:158 #16 0x00007f9d2594116e in ap_invoke_handler (r=0x7f9d26dcad38) at /usr/src/debug/httpd-2.2.16/server/config.c:376 #17 0x00007f9d2594c7c0 in ap_process_request (r=0x7f9d26dcad38) at /usr/src/debug/httpd-2.2.16/modules/http/http_request.c:282 #18 0x00007f9d25949698 in ap_process_http_connection (c=0x7f9d26dabf78) at /usr/src/debug/httpd-2.2.16/modules/http/http_core.c:190 #19 0x00007f9d259453c8 in ap_run_process_connection (c=0x7f9d26dabf78) at /usr/src/debug/httpd-2.2.16/server/connection.c:43 #20 0x00007f9d259510b7 in child_main (child_num_arg=) at /usr/src/debug/httpd-2.2.16/server/mpm/prefork/prefork.c:662 #21 0x00007f9d259513ca in make_child (s=0x7f9d268a8860, slot=17) at /usr/src/debug/httpd-2.2.16/server/mpm/prefork/prefork.c:758 #22 0x00007f9d2595204c in perform_idle_server_maintenance (_pconf=, plog=, s=) at /usr/src/debug/httpd-2.2.16/server/mpm/prefork/prefork.c:893 #23 ap_mpm_run (_pconf=, plog=, s=) at /usr/src/debug/httpd-2.2.16/server/mpm/prefork/prefork.c:1097 #24 0x00007f9d25929840 in main (argc=1, argv=0x7fffa8563c88) at /usr/src/debug/httpd-2.2.16/server/main.c:740 程序接收信号SIGSEGV，分段故障。 [切换到线程0x7f9d259007e0（LWP 6020）] strlen（）位于../sysdeps/x86_64/strlen.S:31 31 pcmpeqb（%rdi），%xmm2 （gdb）回溯 #0 strlen（）位于../sysdeps/x86_64/strlen.S:31 #1个xbuf格式转换器中的0x00007f9d1e14e274（xbuf=0x7fffa8560f10，fmt=0x7f9d1e26d0df“s，%s%s给定，在第%d行的%s中调用并定义”，ap=0x7fffa8560fb0） at/usr/src/debug/php-5.3.6/main/spprintf.c:574 #在/usr/src/debug/php-5.3.6/main/spprintf.c:797处的vspprintf中有2个0x00007f9d1e14f164（pbuf=0x7f9d270327d8，max_len=0，format=，ap=） #3 0x00007f9d1e19b56f出现zend_错误（类型=4096，格式=0x7f9d1e26d0b8“传递给%s%s%s（）的参数%d（）必须%s%s，给定%s%s，在%s第%d行调用并定义”） at/usr/src/debug/php-5.3.6/Zend/Zend.c:1051 #4 0x00007f9d1e1eac56位于/usr/src/debug/php-5.3.6/zend/zend\u execute.c:471的zend\u verify\u arg\u error（execute\u data=0x7f9d257e88f8）中 #5在/usr/src/debug/php-5.3.6/zend/zend_execute.c:505处验证zend_参数类型（执行数据=0x7f9d257e88f8） #6 ZEND_RECV_SPEC_处理程序（execute_data=0x7f9d257e88f8）位于/usr/src/debug/php-5.3.6/ZEND/ZEND_vm_execute.h:449 #7 0x00007f9d1e1c0e30在/usr/src/debug/php-5.3.6/Zend/Zend_vm_execute.h处执行（op_数组=0x7f9d26ffe998）：107 #zend\u中的8 0x00007f9d1e19b0fd在/usr/src/debug/php-5.3.6/zend/zend.c:1194执行脚本（类型=8，retval=0x0，文件\u count=3） #9在/usr/src/debug/php-5.3.6/main/main.c:2268处的php_execute_脚本（主_文件=0x7fffa8563640）中的0x00007f9d1e1487c8 #在php_handler（r=0x7f9d26dbc8c0）的/usr/src/debug/php-5.3.6/sapi/apache2handler/sapi_apache2.c:669中，输入10 0x00007f9d1e2246a5 #11在/usr/src/debug/httpd-2.2.16/server/config.c:158的ap_run_处理程序（r=0x7f9d26dbc8c0）中的0x00007f9d2593d8b0 #12在/usr/src/debug/httpd-2.2.16/server/config.c:376处的ap_invoke_处理程序（r=0x7f9d26dbc8c0）中的0x00007f9d2594116e #13 0x00007f9d2594c5fc在/usr/src/debug/httpd-2.2.16/modules/http/http_request.c:502的ap_内部_重定向（新_uri=，r=）中 #14 0x00007f9d1f3637a5在/usr/src/debug/httpd-2.2.16/modules/mappers/mod_rewrite.c:4831处的处理程序_重定向（r=0x7f9d26dcad38）中 #15在/usr/src/debug/httpd-2.2.16/server/config.c:158的ap_run_处理程序（r=0x7f9d26dcad38）中的0x00007f9d2593d8b0 #在/usr/src/debug/httpd-2.2.16/server/config.c:376的ap_invoke_处理程序（r=0x7f9d26dcad38）中的16 0x00007f9d2594116e #17在/usr/src/debug/httpd-2.2.16/modules/http/http_请求中的ap_进程请求（r=0x7f9d26dcad38）中的0x00007f9d2594c7c0。c:282 #18 0x00007f9d25949698在/usr/src/debug/httpd-2.2.16/modules/http/http\u core.c:190的ap\u进程\u http\u连接（c=0x7f9d26dabf78）中 #19 0x00007f9d259453c8在/usr/src/debug/httpd-2.2.16/server/connection处的ap运行进程连接（c=0x7f9d26dabf78）中。c:43 #20 0x00007f9d259510b7位于/usr/src/debug/httpd-2.2.16/server/mpm/prefork/prefork.c的child_main（child_num_arg=）中：662 #21 0x00007f9d259513ca位于/usr/src/debug/httpd-2.2.16/server/mpm/prefork/prefork.c:758的make_child（s=0x7f9d268a8860，插槽=17）中 #22 0x00007f9d2595204c在/usr/src/debug/httpd-2.2.16/server/mpm/prefork/prefork.c:893执行空闲服务器维护（\u pconf=，plog=，s=） #23 ap_mpm_run（_pconf=，plog=，s=）位于/usr/src/debug/httpd-2.2.16/server/mpm/prefork/prefork.c:1097 #24 0x00007f9d25929840位于/usr/src/debug/httpd-2.2.16/server/main.c:740的main（argc=1，argv=0x7fffa8563c88）中 通过一些简单的gdb，我发现执行似乎已经到达Zend_Locale:：_prepareLocale（），显然，当PHP试图输出错误消息时，一些错误的指针导致了SIGSEGV：

(gdb) frame 9 #9 0x00007f9d1e1487c8 in php_execute_script (primary_file=0x7fffa8563640) at /usr/src/debug/php-5.3.6/main/main.c:2268 2268 retval = (zend_execute_scripts(ZEND_REQUIRE TSRMLS_CC, NULL, 3, prepend_file_p, primary_file, append_file_p) == SUCCESS); (gdb) p *primary_file $1 = {type = ZEND_HANDLE_FILENAME, filename = 0x7f9d26dcd2d0 "/mnt/goserver/goanimate.com/index.php", opened_path = 0x0, handle = {fd = 646922536, fp = 0x7f9d268f4128, stream = {handle = 0x7f9d268f4128, isatty = 0, mmap = {len = 140312938585584, pos = 140312938463096, map = 0x7f9d26dca068, buf = 0x7f9d26dabff8 "\310\307\332&\235\177", old_handle = 0x7f9d25948971, old_closer = 0}, reader = 0xc, fsizer = 0x7f9d26dc3840, closer = 0x7f9d26dca078}}, free_filename = 0 '\000'} (gdb) frame 7 #7 0x00007f9d1e1c0e30 in execute (op_array=0x7f9d27000c40) at /usr/src/debug/php-5.3.6/Zend/zend_vm_execute.h:107 107 if ((ret = EX(opline)->handler(execute_data TSRMLS_CC)) > 0) { (gdb) p *op_array $2 = {type = 2 '\002', function_name = 0x7f9d0ef9aec0 "_prepareLocale", scope = 0x7f9d26ffd228, fn_flags = 1025, prototype = 0x0, num_args = 2, required_num_args = 1, arg_info = 0x7f9d0ef9ae68, pass_rest_by_reference = 0 '\000', return_reference = 0 '\000', done_pass_two = 1 '\001', refcount = 0x7f9d27000d38, opcodes = 0x7f9d0efad760, last = 161, size = 161, vars = 0x7f9d0efb2540, last_var = 12, size_var = 16, T = 94, brk_cont_array = 0x7f9d0efb2530, last_brk_cont = 1, current_brk_cont = -1, try_catch_array = 0x0, last_try_catch = 0, static_variables = 0x0, start_op = 0x0, backpatch_count = 0, this_var = 4294967295, filename = 0x7f9d0ef9aed0 "/mnt/goserver/gslib/include/Zend/Locale.php", line_start = 1003, line_end = 1069, doc_comment = 0x7f9d0ef9af08 "/**\n * Internal function, returns a single locale on detection\n *\n * @param string|Zend_Locale $locale (Optional) Locale to work on\n * @param boolean", ' ' , "$strict (Optional) St"..., doc_comment_len = 362, early_binding = 4294967295, reserved = {0x1, 0x0, 0x0, 0x0}} (gdb) p op_array->arg_info $3 = (zend_arg_info *) 0x7f9d0ef9ae68 (gdb) p *(op_array->arg_info) $4 = {name = 0x7f9d0ef9c3b0 "locale", name_len = 6, class_name = 0xffffffff , class_name_len = 0, array_type_hint = 0 '\000', allow_null = 1 '\001', pass_by_reference = 0 '\000', return_reference = 0 '\000', required_num_args = 0} (gdb) frame 2 #2 0x00007f9d1e14f164 in vspprintf (pbuf=0x7f9d27034a98, max_len=0, format=, ap=) at /usr/src/debug/php-5.3.6/main/spprintf.c:797 797 xbuf_format_converter(&xbuf, format, ap); (gdb) frame 1 #1 0x00007f9d1e14e274 in xbuf_format_converter (xbuf=0x7fffa8560f10, fmt=0x7f9d1e26d0df "s, %s%s given, called in %s on line %d and defined", ap=0x7fffa8560fb0) at /usr/src/debug/php-5.3.6/main/spprintf.c:574 574 s_len = strlen(s); (gdb) p s $7 = 0xffffffff （gdb）第9帧 #php中的9 0x00007F7D1E1487C8在/usr/src/debug/php-5.3.6/main/main.c:2268执行\u脚本（primary\u file=0x7fffa8563640） 2268 retval=（zend_execute_脚本（zend_REQUIRE TSRMLS_CC，NULL，3，prepend_file_p，primary_file，append_file_p）=成功）； （gdb）p*主_文件 $1={type=ZEND\u HANDLE\u FILENAME，FILENAME=0x7f9d26dcd2d0”/mnt/goserver/goanimate.com/index.php”，opened\u path=0x0，HANDLE={fd=646922536，fp=0x7f9d268f4128，stream={HANDLE=0x7f9d268f4128， isatty=0，mmap={len=14031293858584，pos=140312938463096，map=0x7f9d26dca068，buf=0x7f9d26dabff8“\310\307\332&\235\177”，旧_手柄=0x7f9d25948971，旧_闭合器=0}，读卡器=0xc， fsizer=0x7f9d26dc3840，closer=0x7f9d26dca078}，free_filename=0'\000'} （gdb）第7帧 #7 0x00007f9d1e1c0e30在/usr/src/debug/php-5.3.6/Zend/Zend_vm_execute.h处执行（op_数组=0x7f9d27000c40）：107 107如果（（ret=EX（opline）->处理程序（execute_data TSRMLS_CC））>0）{ （gdb）p*op_数组 $2={type=2'\002'，function\u name=0x7f9d0ef9aec0“\u prepareScale”，scope=0x7f9d26ffd228，fn\u flags=1025，prototype=0x0，num\u args=2，required\u num\u args=1，arg\u info=0x7f9d0ef9ae68， 按引用传递剩余值=0'\000'，返回引用值=0'\000'，完成传递两个值=1'\001'，引用计数=0x7f9d27000d38，操作码=0x7f9d0efad760，最后一个=161，大小=161，变量=0x7f9d0efb2540， last_var=12，size_var=16，T=94，brk_cont_array=0x7f9d0efb2530，last_brk_cont=1，current_brk_cont=-1，try_catch_array=0x0，last_try_catch=0，static_variables=0x0，start_op=0x0， backpatch_count=0，this_var=4294967295，filename=0x7f9d0ef9aed0“/mnt/goserver/gslib/include/Zend/Locale.php”，l