php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66499 strace segfault with opcache > php 5.5.7
Submitted: 2014-01-16 19:10 UTC Modified: 2014-01-17 16:40 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: spam2 at rhsoft dot net Assigned:
Status: Analyzed Package: opcache
PHP Version: 5.5.8 OS: Linux
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2014-01-16 19:10 UTC] spam2 at rhsoft dot net
Description:
------------
strace below, for more informations:
https://bugs.php.net/bug.php?id=66460

and yes this is opcache-head and not 5.5.8 source
 
thank you for closing the bugreport as first action after some 
days because *others* reported all is fine...  what about wait
after the reporter confirms this and what about consider that 
any opcache commit after 55.6 has it's own bugs?

[root@asterisk:~]$ strace -vf -p 17235
Process 17235 attached
accept4(3, {sa_family=AF_INET, sin_port=htons(38214), sin_addr=inet_addr("91.118.73.6")}, [16], SOCK_CLOEXEC) = 8
getsockname(8, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("85.124.176.242")}, [16]) = 0
fcntl(8, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(8, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f095dcbe000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f095dcbc000
read(8, "GET /channels.php?html=1 HTTP/1."..., 8000) = 35
read(8, 0x7f095dcbc048, 8000)           = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=8, events=POLLIN}], 1, 5069)  = 1 ([{fd=8, revents=POLLIN}])
read(8, "Host: voip.thelounge.net\r\nUser-A"..., 8000) = 110
stat("/var/www/htdocs/channels.php", {st_dev=makedev(8, 17), st_ino=147731, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4065, st_atime=2011/12/14-16:41:25, st_mtime=2012/11/27-16:39:26, st_ctime=2012/11/27-16:39:26}) = 0
lstat("/var/www/htdocs/channels.php", {st_dev=makedev(8, 17), st_ino=147731, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4065, st_atime=2011/12/14-16:41:25, st_mtime=2012/11/27-16:39:26, st_ctime=2012/11/27-16:39:26}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f095dcba000
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={60, 0}}, NULL) = 0
rt_sigaction(SIGPROF, {0x7f095b8d6810, [PROF], SA_RESTORER|SA_RESTART, 0x7f095c1c4a60}, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
getcwd("/", 4095)                       = 2
chdir("/var/www/htdocs")                = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={120, 0}}, NULL) = 0
fcntl(6, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=1, len=1}) = 0
getcwd("/var/www/htdocs", 4096)         = 16
lstat("/var/www/htdocs", {st_dev=makedev(8, 17), st_ino=147474, st_mode=S_IFDIR|0755, st_nlink=2, st_uid=0, st_gid=48, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2011/12/14-16:41:25, st_mtime=2011/01/25-13:52:36, st_ctime=2011/12/14-16:41:25}) = 0
lstat("/var/www", {st_dev=makedev(8, 17), st_ino=148415, st_mode=S_IFDIR|0755, st_nlink=7, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2013/03/02-12:12:17, st_mtime=2013/05/08-17:01:15, st_ctime=2013/05/08-17:01:15}) = 0
lstat("/var", {st_dev=makedev(8, 17), st_ino=24577, st_mode=S_IFDIR|0755, st_nlink=20, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2013/07/08-10:56:45, st_mtime=2014/01/07-13:16:15, st_ctime=2014/01/07-13:16:15}) = 0
lstat("/var/www/htdocs", {st_dev=makedev(8, 17), st_ino=147474, st_mode=S_IFDIR|0755, st_nlink=2, st_uid=0, st_gid=48, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2011/12/14-16:41:25, st_mtime=2011/01/25-13:52:36, st_ctime=2011/12/14-16:41:25}) = 0
lstat("/var/www", {st_dev=makedev(8, 17), st_ino=148415, st_mode=S_IFDIR|0755, st_nlink=7, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2013/03/02-12:12:17, st_mtime=2013/05/08-17:01:15, st_ctime=2013/05/08-17:01:15}) = 0
lstat("/var", {st_dev=makedev(8, 17), st_ino=24577, st_mode=S_IFDIR|0755, st_nlink=20, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2013/07/08-10:56:45, st_mtime=2014/01/07-13:16:15, st_ctime=2014/01/07-13:16:15}) = 0
lstat("/var/www/htdocs", {st_dev=makedev(8, 17), st_ino=147474, st_mode=S_IFDIR|0755, st_nlink=2, st_uid=0, st_gid=48, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2011/12/14-16:41:25, st_mtime=2011/01/25-13:52:36, st_ctime=2011/12/14-16:41:25}) = 0
lstat("/var/www", {st_dev=makedev(8, 17), st_ino=148415, st_mode=S_IFDIR|0755, st_nlink=7, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2013/03/02-12:12:17, st_mtime=2013/05/08-17:01:15, st_ctime=2013/05/08-17:01:15}) = 0
lstat("/var", {st_dev=makedev(8, 17), st_ino=24577, st_mode=S_IFDIR|0755, st_nlink=20, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2013/07/08-10:56:45, st_mtime=2014/01/07-13:16:15, st_ctime=2014/01/07-13:16:15}) = 0
chdir("/var/www/htdocs")                = 0
getcwd("/var/www/htdocs", 4096)         = 16
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x41} ---
chdir("/etc/httpd")                     = 0
rt_sigaction(SIGSEGV, {SIG_DFL, [], SA_RESTORER|SA_INTERRUPT, 0x7f095c971f90}, {SIG_DFL, [], SA_RESTORER|SA_RESETHAND, 0x7f095c971f90}, 8) = 0
kill(17235, SIGSEGV)                    = 0
rt_sigreturn()                          = 139678171845640
--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_USER, si_pid=17235, si_uid=490} ---
+++ killed by SIGSEGV +++



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-17 00:30 UTC] rasmus@php.net
-Status: Open +Status: Analyzed
 [2014-01-17 00:30 UTC] rasmus@php.net
An strace is not useful. We need a reproducing code snippet or a gdb backtrace.
 [2014-01-17 09:31 UTC] spam2 at rhsoft dot net
if you *really* would be interested in solve that problem someone would provide tarballs of opcache-source from 5.5.6 to 5.5.7 containing only one commit or simply would review the code changes as otehr upstream projects do

> An strace is not useful

why is it for other upstream projects and not for PHP?

> We need a reproducing code snippet 

there is no "code snippet", there are whole applications
there is a 3000 LOC large library and there is a script using it, MySQL and a Asterisk phonebox via passthru() and the other application are 250000 LOC

> or a gdb backtrace

you are aware that this means compile apache, apache-modules, php-core again without strip debug symbols and install hundrets of megabytes debug-packages and that we are talking about a production machine?

you could provide opcache-tarballs from 5.5.6 to 5.5.7 each containing only one change - the extension-build takes a few seconds and it should be easy that way to identify
 
by knowing now it is the optimizer someone could also review the changes from 5.5.6 to 5.5.7 critical or even try to solve the intention of the changes in a different way - sadly there are too few upstream-developers like dbmail where you find a problem and most of the time need not more to say then between which commits in case of only a few change lines of code
 [2014-01-17 16:22 UTC] rasmus@php.net
Nope, we are only interested in the symbols from opcache and possibly php, so it is sufficient to not strip opcache.so and get us the gdb backtrace from that to start with.

As for one-commit per tarball. Who does that? That's what git bisect is for.
 [2014-01-17 16:40 UTC] spam2 at rhsoft dot net
i tried that, running with gdb it does not happen :-(

however, opcache.optimization_level = 0 does not crash at all, 
so obviously the optimizer is broken after 5.5.6 and as you 
said "it wasn't noticed because many people run with the 
optimization_level set to 0" the main question is why this 
is not the default if nobody cares about?

> As for one-commit per tarball. Who does that? 
> That's what git bisect is for

i do not work with GIT at all nor i am C developer
i am a pure php-developer wokring with subversion
and a sysadmin knowing to handle rpmbuild well
________________________________________________________________

gdb /usr/sbin/httpd
GNU gdb (GDB) Fedora 7.6.1-46.fc19
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/httpd...(no debugging symbols found)...done.
(gdb) run -X
Starting program: /usr/sbin/httpd -X
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 13712.
Detaching after fork from child process 13714.
Detaching after fork from child process 13723.
Detaching after fork from child process 13725.
Detaching after fork from child process 13727.
Detaching after fork from child process 13729.
Detaching after fork from child process 13755.
Detaching after fork from child process 13757.
Detaching after fork from child process 13759.
Detaching after fork from child process 13761.
Detaching after fork from child process 13770.
Detaching after fork from child process 13772.
Detaching after fork from child process 13774.
Detaching after fork from child process 13776.
Detaching after fork from child process 13789.
Detaching after fork from child process 13791.
Detaching after fork from child process 13796.
 
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Mon Jun 15 18:01:54 2015 UTC