PHP :: Bug #71147 :: opcache.enable=1 leads to crash in zend

Bug #71147	opcache.enable=1 leads to crash in zend_alloc.c
Submitted:	2015-12-17 10:33 UTC	Modified:	2015-12-20 02:46 UTC
From:	ta-sdz at deshammer dot net	Assigned:
Status:	Duplicate	Package:	opcache
PHP Version:	5.6.16	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ta-sdz at deshammer dot net
New email:
PHP Version:		OS:

New Comment:

[2015-12-17 10:33 UTC] ta-sdz at deshammer dot net

Description:
------------
When opcache.enable is 1, a segfault (sig11) occures in zend_alloc.c:2075 reproducibly. 

opcache.enable=0 did not throw any of this segfaults.

Tried so far without effect on the bug:
opcache.optimization_level=0xfffffff0
opcache.optimization_level=0xfffffffe

Operating system is CentOS7 using Remis RPMs.

But I'm having similar backtraces as well from Ubuntu 14.04.3 server using ondreys PPA repo.


Full backtrace follows:

#0  _zend_mm_free_int (heap=0x7f6cd84ca480, p=0x7f6cb2935b30) at /usr/src/debug/php-5.6.16/Zend/zend_alloc.c:2075
        mm_block = <optimized out>
        next_block = <optimized out>
        size = <optimized out>
#1  0x00007f6cc82199c7 in zif_accel_chdir (ht=<optimized out>, return_value=<optimized out>, return_value_ptr=<optimized out>, 
    this_ptr=<optimized out>, return_value_used=<optimized out>) at /usr/src/debug/php-5.6.16/ext/opcache/ZendAccelerator.c:162
        cwd = "/daten/www/htdocs/PHP_WEB_APP/admin\000l\177\000\000\005\000\000\000l\177\000\000\001\000\000\000\001\000\000\000?\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\022\000\000\000l\177\000\000\001\000\000\000l\177\000\000\001\000\000\000\001\000\000\000?\000\000\000\000\000\000\000\004\000\000\000\000\000\000\000\200\377\377\377\000\000\000\000\n\000\000\000l\177\000\000\001\000\000\000\006\000\000\000\b\000\000\000\000\000\000\000\004\000\000\000\000\000\000\000\200\377\377\377\000\000\000\000\n\000\000\000l\177\000\000\001\000\000\000\006\000\000\000\b\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000&5\247\327l\177\000\000"...
#2  0x00007f6cca7f0ecb in dtrace_execute_internal (execute_data_ptr=<optimized out>, fci=<optimized out>, return_value_used=<optimized out>)
    at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:97
        lineno = <optimized out>
        filename = <optimized out>
#3  0x00007f6cca8ab318 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:560
        ret = 0x7f6cd7a2f868
        opline = <optimized out>
        should_change_scope = <optimized out>
        fbc = 0x7f6cd8515f70
        num_args = <optimized out>
#4  0x00007f6cca83f4d8 in execute_ex (execute_data=0x7f6cd7a2f8c8) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 1 '\001'
#5  0x00007f6cca7f0da9 in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:73
        lineno = <optimized out>
        scope = 0x0
        filename = <optimized out>
        funcname = <optimized out>
        classname = <optimized out>
#6  0x00007f6cca7f2b93 in zend_call_function (fci=fci@entry=0x7fff9b4199e0, fci_cache=<optimized out>, fci_cache@entry=0x7fff9b4199b0)
    at /usr/src/debug/php-5.6.16/Zend/zend_execute_API.c:829
        i = <optimized out>
        original_return_value = 0x0
        calling_symbol_table = 0x0
        original_op_array = 0x7f6cd89377b0
        original_opline_ptr = 0x7f6cd7a2c680
        current_scope = 0x0
        current_called_scope = 0x0
        calling_scope = 0x0
        called_scope = 0x0
        current_this = 0x0
        execute_data = {opline = 0x0, function_state = {function = 0x7f6cd892c500, arguments = 0x7f6cd7a2c760}, op_array = 0x0, object = 0x0, 
          symbol_table = 0x0, prev_execute_data = 0x7fff9b419be0, old_error_reporting = 0x0, nested = 0 '\000', original_return_value = 0x0, 
          current_scope = 0x0, current_called_scope = 0x0, current_this = 0x0, fast_ret = 0x0, delayed_exception = 0x0, 
          call_slots = 0x7f6cd7a2c728, call = 0x7f6cd7a2c708}
        fci_cache_local = {initialized = 1 '\001', function_handler = 0x7f6ccabf20e0 <executor_globals+576>, calling_scope = 0x7f6c00000000, 
          called_scope = 0x1ca83f4d8, object_ptr = 0x0}
#7  0x00007f6cca81ac58 in zend_call_method (object_pp=0x0, obj_ce=<optimized out>, fn_proxy=0x7f6cd9078478, 
    function_name=0x7f6cd9078620 "__autoloading", function_name_len=<optimized out>, retval_ptr_ptr=retval_ptr_ptr@entry=0x7fff9b419ab0, 
    param_count=param_count@entry=1, arg1=0x7f6cd91ac340, arg2=arg2@entry=0x0) at /usr/src/debug/php-5.6.16/Zend/zend_interfaces.c:97
        fcic = {initialized = 1 '\001', function_handler = 0x7f6cd892c500, calling_scope = 0x0, called_scope = 0x0, object_ptr = 0x0}
        result = <optimized out>
        fci = {size = 72, function_table = 0x7f6cca83f4d8 <execute_ex+56>, function_name = 0x7fff9b419990, symbol_table = 0x0, 
          retval_ptr_ptr = 0x7fff9b419ab0, param_count = 1, params = 0x7fff9b419980, object_ptr = 0x0, no_separation = 1 '\001'}
        z_fname = {value = {lval = 140735798155680, dval = 6.9532723008769353e-310, str = {val = 0x7fff9b4199a0 "xL\325\330l\177", 
              len = -1887984384}, ht = 0x7fff9b4199a0, obj = {handle = 2604767648, handlers = 0xcc57c1db8f77a500}, ast = 0x7fff9b4199a0}, 
          refcount__gc = 3637857400, type = 108 'l', is_ref__gc = 127 '\177'}
        retval = 0x7f6cd7a2d7e0
        function_table = <optimized out>
        params = {0x7fff9b419968, 0x7fff9b419960}
#8  0x00007f6cca70437a in zif_spl_autoload_call (ht=<optimized out>, return_value=<optimized out>, return_value_ptr=<optimized out>, 
    this_ptr=<optimized out>, return_value_used=<optimized out>) at /usr/src/debug/php-5.6.16/ext/spl/php_spl.c:436
        l_autoload_running = 0
        class_name = 0x7f6cd91ac340
        retval = 0x0
        class_name_len = 11
        func_name = 0x7f6cd9078620 "__autoloading" 
        lc_name = 0x7f6cd8d4cf88 "cshttputils" 
        func_name_len = 14
        dummy = 5
        function_pos = 0x7f6cd90785d8
        alfi = 0x7f6cd9078478
#9  0x00007f6cca7f0ecb in dtrace_execute_internal (execute_data_ptr=<optimized out>, fci=<optimized out>, return_value_used=<optimized out>)
    at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:97
        lineno = <optimized out>
        filename = <optimized out>
#10 0x00007f6cca7f2ca4 in zend_call_function (fci=fci@entry=0x7fff9b419d70, fci_cache=fci_cache@entry=0x7fff9b419d40)
    at /usr/src/debug/php-5.6.16/Zend/zend_execute_API.c:849
        call_via_handler = 0
        i = <optimized out>
        original_return_value = <optimized out>
        calling_symbol_table = <optimized out>
        original_op_array = <optimized out>
        original_opline_ptr = <optimized out>
        current_scope = 0x0
        current_called_scope = 0x0
        calling_scope = <optimized out>
        called_scope = 0x0
        current_this = 0x0
        execute_data = {opline = 0x0, function_state = {function = 0x7f6cd84f1810, arguments = 0x7f6cd7a2c750}, op_array = 0x0, object = 0x0, 
          symbol_table = 0x0, prev_execute_data = 0x7f6cd7a2c680, old_error_reporting = 0x0, nested = 0 '\000', original_return_value = 0x0, 
          current_scope = 0x0, current_called_scope = 0x0, current_this = 0x0, fast_ret = 0x0, delayed_exception = 0x0, 
          call_slots = 0x7f6cd7a2c728, call = 0x7f6cd7a2c708}
        fci_cache_local = {initialized = 0 '\000', function_handler = 0x0, calling_scope = 0x0, called_scope = 0x0, object_ptr = 0x0}
#11 0x00007f6cca7f34a2 in zend_lookup_class_ex (name=name@entry=0x7f6cd9193930 "CSHttpUtils", name_length=<optimized out>, key=0x7f6cd91959b0, 
    use_autoload=use_autoload@entry=1, ce=ce@entry=0x7fff9b419e00) at /usr/src/debug/php-5.6.16/Zend/zend_execute_API.c:1005
        args = {0x7fff9b419d10}
        autoload_function = {value = {lval = 140105231415629, dval = 6.9221181645100047e-310, str = {val = 0x7f6cca8cb94d "__autoload", 
              len = 10}, ht = 0x7f6cca8cb94d, obj = {handle = 3398220109, handlers = 0x7f6c0000000a}, ast = 0x7f6cca8cb94d}, 
          refcount__gc = 3401510080, type = 6 '\006', is_ref__gc = 127 '\177'}
        class_name_ptr = 0x7f6cd91ac340
        retval_ptr = 0x7f6cd8d54c18
        retval = <optimized out>
        lc_length = <optimized out>
        lc_name = 0x7f6cd9193a10 "cshttputils" 
        lc_free = <optimized out>
        fcall_info = {size = 72, function_table = 0x7f6cd84cad40, function_name = 0x7fff9b419d20, symbol_table = 0x0,
          retval_ptr_ptr = 0x7fff9b419d18, param_count = 1, params = 0x7fff9b419d00, object_ptr = 0x0, no_separation = 1 '\001'}
        fcall_cache = {initialized = 1 '\001', function_handler = 0x7f6cd84f1810, calling_scope = 0x0, called_scope = 0x0, object_ptr = 0x0}
        dummy = 1 '\001'
        hash = 14980655298215975820
        use_heap = <optimized out>
#12 0x00007f6cca7f3c00 in zend_fetch_class_by_name (class_name=0x7f6cd9193930 "CSHttpUtils", class_name_len=<optimized out>, 
    key=<optimized out>, fetch_type=0) at /usr/src/debug/php-5.6.16/Zend/zend_execute_API.c:1415
        pce = 0x7f6cd91ac340
        use_autoload = 1
#13 0x00007f6cca84e054 in ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CONST_HANDLER (execute_data=0x7f6cd7a2c680)
    at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:3833
        opline = 0x7f6cd9198548
        ce = <optimized out>
        call = 0x7f6cd7a2c728
#14 0x00007f6cca83f4d8 in execute_ex (execute_data=0x7f6cd7a2c680) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 1 '\001'
#15 0x00007f6cca7f0da9 in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:73
        lineno = <optimized out>
        scope = 0x0
        filename = <optimized out>
        funcname = <optimized out>
        classname = <optimized out>
#16 0x00007f6cca8ab7c9 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:592
        ret = 0x7f6cd7a2be60
        opline = 0x7f6cd903c878
        should_change_scope = <optimized out>
        fbc = 0x7f6cd89377b0
        num_args = <optimized out>
#17 0x00007f6cca83f4d8 in execute_ex (execute_data=0x7f6cd7a2bec0) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 1 '\001'
#18 0x00007f6cca7f0da9 in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:73
        lineno = <optimized out>
        scope = 0x0
        filename = <optimized out>
        funcname = <optimized out>
        classname = <optimized out>
#19 0x00007f6cca8ab7c9 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:592
        ret = 0x7f6cd7a2bce8
        opline = 0x7f6cd9099070
        should_change_scope = <optimized out>
        fbc = 0x7f6cd8940220
        num_args = <optimized out>
#20 0x00007f6cca83f4d8 in execute_ex (execute_data=0x7f6cd7a2bd08) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 1 '\001'
#21 0x00007f6cca7f0da9 in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:73
        lineno = <optimized out>
        scope = 0x0
        filename = <optimized out>
        funcname = <optimized out>
        classname = <optimized out>
#22 0x00007f6cca8ab7c9 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:592
        ret = 0x7f6cd7a2bb48
        opline = 0x7f6cd909d450
        should_change_scope = <optimized out>
        fbc = 0x7f6cd9098478
        num_args = <optimized out>
#23 0x00007f6cca83f4d8 in execute_ex (execute_data=0x7f6cd7a2bbe8) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 1 '\001'
#24 0x00007f6cca7f0da9 in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:73
        lineno = <optimized out>
        scope = 0x0
        filename = <optimized out>
        funcname = <optimized out>
        classname = <optimized out>
#25 0x00007f6cca8ab7c9 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:592
        ret = 0x7f6cd7a2b5a0
        opline = 0x7f6cd900b9a8
        should_change_scope = <optimized out>
        fbc = 0x7f6cd909acc8
        num_args = <optimized out>
#26 0x00007f6cca83f4d8 in execute_ex (execute_data=0x7f6cd7a2b740) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 1 '\001'
#27 0x00007f6cca7f0da9 in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:73
        lineno = <optimized out>
        scope = 0x0
        filename = <optimized out>
        funcname = <optimized out>
        classname = <optimized out>
#28 0x00007f6cca8ab7c9 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:592
        ret = 0x7f6cd7a29fa8
        opline = 0x7f6cd9091718
        should_change_scope = <optimized out>
        fbc = 0x7f6cd8ff8ba8
        num_args = <optimized out>
#29 0x00007f6cca83f4d8 in execute_ex (execute_data=0x7f6cd7a2a128) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 1 '\001'
#30 0x00007f6cca7f0da9 in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:73
        lineno = <optimized out>
        scope = 0x0
        filename = <optimized out>
        funcname = <optimized out>
        classname = <optimized out>
#31 0x00007f6cca8ab7c9 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:592
        ret = 0x7f6cd7a29790
        opline = 0x7f6cd90a6d80
        should_change_scope = <optimized out>
        fbc = 0x7f6cd9090268
        num_args = <optimized out>
#32 0x00007f6cca83f4d8 in execute_ex (execute_data=0x7f6cd7a29e50) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 1 '\001'
#33 0x00007f6cca7f0da9 in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:73
        lineno = <optimized out>
        scope = 0x0
        filename = <optimized out>
        funcname = <optimized out>
        classname = <optimized out>
#34 0x00007f6cca8ab7c9 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:592
        ret = 0x7f6cd7a29160
        opline = 0x7f6cd91745a8
        should_change_scope = <optimized out>
        fbc = 0x7f6cd90a49b8
        num_args = <optimized out>
#35 0x00007f6cca83f4d8 in execute_ex (execute_data=0x7f6cd7a291a0) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 1 '\001'
#36 0x00007f6cca7f0da9 in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:73
        lineno = <optimized out>
        scope = 0x0
        filename = <optimized out>
        funcname = <optimized out>
        classname = <optimized out>
#37 0x00007f6cca8aa61d in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0x7f6cd7a29070)
    at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:8392
        opline = 0x7f6cd91725a0
        new_op_array = 0x7f6cd919e9a0
        free_op1 = {var = 0x7f6cd7a279d0}
        inc_filename = 0x7f6cd7a279d0
        tmp_inc_filename = <optimized out>
        failure_retval = 0 '\000'
#38 0x00007f6cca83f4d8 in execute_ex (execute_data=0x7f6cd7a29070) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 1 '\001'
#39 0x00007f6cca7f0da9 in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:73
        lineno = <optimized out>
        scope = 0x0
        filename = <optimized out>
        funcname = <optimized out>
        classname = <optimized out>
#40 0x00007f6cca8aa61d in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0x7f6cd7a271e8)
    at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:8392
        opline = 0x7f6cd7a5da00
        new_op_array = 0x7f6cd7a60638
        free_op1 = {var = 0x7f6cd7a271a8}
        inc_filename = 0x7f6cd7a271a8
        tmp_inc_filename = <optimized out>
        failure_retval = 0 '\000'
#41 0x00007f6cca83f4d8 in execute_ex (execute_data=0x7f6cd7a271e8) at /usr/src/debug/php-5.6.16/Zend/zend_vm_execute.h:363
        ret = <optimized out>
        original_in_execution = 0 '\000'
#42 0x00007f6cca7f0da9 in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php-5.6.16/Zend/zend_dtrace.c:73
        lineno = <optimized out>
        scope = 0x0
        filename = <optimized out>
        funcname = <optimized out>
        classname = <optimized out>
#43 0x00007f6cca803e3b in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3)
    at /usr/src/debug/php-5.6.16/Zend/zend.c:1341
        files = {{gp_offset = 40, fp_offset = 32620, overflow_arg_area = 0x7fff9b41ae20, reg_save_area = 0x7fff9b41adb0}}
        i = 1
        file_handle = 0x7fff9b41d0a0
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
        orig_interactive = 0
#44 0x00007f6cca79f092 in php_execute_script (primary_file=primary_file@entry=0x7fff9b41d0a0) at /usr/src/debug/php-5.6.16/main/main.c:2597
        realfile = "\000\000\000\000l\177\000\000\f\000\000\000\001", '\000' <repeats 11 times>, "\215\222}\312\002\000\000\000\000\000\000\000\377\177\000\000茠\262\001", '\000' <repeats 11 times>, "\225\272{\312\001\000\000\000\200\302A\233\377\177\000\000\230\361\\\331l\177", '\000' <repeats 11 times>, "\245w\217\333\301W\314\000\000\000\000\000\000\000\000\000\245w\217\333\301W\314\000\000\000\000\000\000\000\000\000\245w\217\333\301W\314", '\000' <repeats 24 times>, "\200\301A\233\377\177\000\000\001", '\000' <repeats 15 times>, "\001\000\000\000\000\000\000\000\065ʀ\312l\177\000\000\002\375\000\000\002\000\000\000\240\036\277"...
        __orig_bailout = 0x7fff9b41d120
        __bailout = {{__jmpbuf = {140105466598096, -2324744247055324148, 140105466598096, 140105453897536, 140735798170372, 140105466547584, 
              -2324744248204563444, -2406475686972986356}, __mask_was_saved = 0, __saved_mask = {__val = {140104830283680, 140105234613728, 
                140105479939880, 140104823951672, 140105230659260, 140105479942552, 4294967298, 2, 14724450655460107520, 0, 0, 0,
                140105230659662, 140105479942552, 140105230277298, 0}}}}
        prepend_file_p = <optimized out>
        append_file_p = 0x0
        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, 
              isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, 
              closer = 0x0}}, free_filename = 0 '\000'}
        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, 
              isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, 
              closer = 0x0}}, free_filename = 0 '\000'}
        old_cwd = 0x7fff9b41ae30 "/daten/www/htdocs/PHP_WEB_APP/admin" 
        retval = 0
#45 0x00007f6cca8acefd in php_handler (r=<optimized out>) at /usr/src/debug/php-5.6.16/sapi/apache2handler/sapi_apache2.c:667
        zfd = {type = ZEND_HANDLE_MAPPED, filename = 0x7f6cd891e3c0 "/daten/www/htdocs/PHP_WEB_APP/admin/forward.php", opened_path = 0x0, 
          handle = {fd = -677009400, fp = 0x7f6cd7a5a808, stream = {handle = 0x7f6cd7a5a808, isatty = 0, mmap = {len = 3023, pos = 0, map = 0x0, 
                buf = 0x7f6cd7a73000 <Address 0x7f6cd7a73000 out of bounds>, old_handle = 0x0, old_closer = 0x0}, 
              reader = 0x7f6cca7b5fe0 <_php_stream_read>, fsizer = 0x7f6cca79b440 <php_zend_stream_fsizer>, 
              closer = 0x7f6cca79b420 <php_zend_stream_mmap_closer>}}, free_filename = 0 '\000'}
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {140105466598096, 2324965642437553164, 140105466598096, 140105453897536, 140735798170372, 140105466547584, 
              -2324744247057421300, -2406475834265801716}, __mask_was_saved = 0, __saved_mask = {__val = {140105466627592, 140105466654984, 
                18446744073048018568, 1, 140105466654984, 0, 18446744069414584320, 140105453897536, 140735798170372, 140105466547584, 
                14724450655460107520, 140105453897536, 140105461943464, 11, 140105466598096, 140105453897536}}}}
        ctx = 0x7f6cd891cfc8
        conf = <optimized out>
        brigade = 0x7f6cd89207c0
        bucket = <optimized out>
        rv = <optimized out>
        parent_req = 0x0
#46 0x00007f6cd7abc010 in ap_run_handler (r=0x7f6cd89152d0) at config.c:169
        pHook = 0x7f6cd84a4cd0
        n = 12
        rv = 0
#47 0x00007f6cd7abc559 in ap_invoke_handler (r=r@entry=0x7f6cd89152d0) at config.c:433
        handler = <optimized out>
        p = <optimized out>
        result = <optimized out>
        old_handler = 0x7f6cd84a03a0 "application/x-httpd-php" 
        ignore = <optimized out>
#48 0x00007f6cd7ad224a in ap_process_async_request (r=r@entry=0x7f6cd89152d0) at http_request.c:338
        access_status = 0
#49 0x00007f6cd7ad2524 in ap_process_request (r=r@entry=0x7f6cd89152d0) at http_request.c:373
        bb = <optimized out>
        b = <optimized out>
        c = 0x7f6cd8908d80
        rv = <optimized out>
#50 0x00007f6cd7ace76e in ap_process_http_sync_connection (c=0x7f6cd8908d80) at http_core.c:210
        keep_alive_timeout = 5000000
        r = 0x7f6cd89152d0
        cs = 0x0
        csd = 0x7f6cd8908b90
        mpm_state = 1
#51 ap_process_http_connection (c=0x7f6cd8908d80) at http_core.c:251
No locals.
#52 0x00007f6cd7ac6120 in ap_run_process_connection (c=0x7f6cd8908d80) at connection.c:41
        pHook = 0x7f6cd84a55a8
        n = 2
        rv = 0
#53 0x00007f6cd7ac6538 in ap_process_connection (c=c@entry=0x7f6cd8908d80, csd=<optimized out>) at connection.c:213
        rc = <optimized out>
#54 0x00007f6cccc7280f in child_main (child_num_arg=child_num_arg@entry=0) at prefork.c:707
        current_conn = 0x7f6cd8908d80
        csd = 0x7f6cd8908b90
        thd = 0x7f6cd8906b80
        osthd = 140105451198528
        ptrans = 0x7f6cd8908b18
        allocator = 0x7f6cd8906a10
        status = <optimized out>
        i = <optimized out>
        lr = <optimized out>
        pollset = 0x7f6cd8906fb8
        sbh = 0x7f6cd8906fb0
        last_poll_idx = 0
        lockfile = <optimized out>
#55 0x00007f6cccc72a55 in make_child (s=0x7f6cd841b340, slot=slot@entry=0) at prefork.c:810
        pid = 0
#56 0x00007f6cccc72ab6 in startup_children (number_to_start=5) at prefork.c:828
        i = 0
#57 0x00007f6cccc737c0 in prefork_run (_pconf=<optimized out>, plog=0x7f6cd8421358, s=0x7f6cd841b340) at prefork.c:986
        index = <optimized out>
        remaining_children_to_start = <optimized out>
        rv = <optimized out>
#58 0x00007f6cd7aa13ae in ap_run_mpm (pconf=0x7f6cd83f4138, plog=0x7f6cd8421358, s=0x7f6cd841b340) at mpm_common.c:94
        pHook = 0x7f6cd84a5e60
        n = 0
        rv = 0
#59 0x00007f6cd7a9a966 in main (argc=2, argv=0x7fff9b41d7e8) at main.c:777
        c = 68 'D'
        showcompile = 0
        showdirectives = 0
        confname = 0x7f6cd7ad88cf "conf/httpd.conf" 
        def_server_root = 0x7f6cd7ad88c4 "/etc/httpd" 
        temp_error_log = 0x0
        error = <optimized out>
        process = 0x7f6cd83f2218
        pconf = 0x7f6cd83f4138
        plog = 0x7f6cd8421358
        ptemp = 0x7f6cd841f348
        pcommands = 0x7f6cd8416248
        opt = 0x7f6cd8416338
        rv = <optimized out>
        mod = 0x7f6cd7cf7098 <ap_prelinked_modules+24>
        opt_arg = 0x7fff9b41df6f "FOREGROUND" 
        signal_server = <optimized out>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-12-18 02:55 UTC] laruence@php.net

-Status: Open +Status: Feedback

[2015-12-18 02:55 UTC] laruence@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2015-12-19 10:26 UTC] ta-sdz at deshammer dot net

-Status: Feedback +Status: Open

[2015-12-19 10:26 UTC] ta-sdz at deshammer dot net

Hi Laruence,


is there a slight possibility that the opcache.so does not check whether it is already loaded?


Reason:
======= 
I had a "zend_extension=opcache.so" in my php.ini as well as in my "/etc/php.d/10-opcache.ini"

This would lead to two opcache instances concurrently modifying the cache causing heap-havoc.

Had no more SIG11 since I removed the one in php.ini.

The debug machine is still open for you for to reproduce the crash as well as to reproduce the effect of removing the zend_extension=opcache.so in the php.ini.


Best regards and many thanks

[2015-12-19 23:17 UTC] rasmus@php.net

-Status: Open +Status: Duplicate

[2015-12-19 23:17 UTC] rasmus@php.net

Yes, we were missing that check for zend_extensions and it was fixed recently. It will be in 7.0.2. See https://bugs.php.net/bug.php?id=71089

[2015-12-20 02:46 UTC] laruence@php.net

Ah, that one, yeah, it was fixed.. thanks

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Dec 27 01:01:28 2024 UTC