php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67254 PHP crashes in zend_stack_push
Submitted: 2014-05-12 08:22 UTC Modified: 2015-03-01 13:15 UTC
Votes:4
Avg. Score:4.2 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (25.0%)
From: majo-bugs dot php dot net at pematon dot com Assigned:
Status: Open Package: Reproducible crash
PHP Version: 5.5.19 OS: FreeBSD 9.2-RELEASE-p5
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: majo-bugs dot php dot net at pematon dot com
New email:
PHP Version: OS:

 

 [2014-05-12 08:22 UTC] majo-bugs dot php dot net at pematon dot com
Description:
------------
We are running mod_php 5.4.27 in apache 2.4.9 on FreeBSD 9.2 and PHP is crashing from time to time in zend_stack_push.

Expected result:
----------------
not crash

Actual result:
--------------
(gdb) bt
#0  0x000000080588dc72 in zend_stack_push () from /usr/local/libexec/apache24/libphp5.so
#1  0x0000000805860d2b in compile_file () from /usr/local/libexec/apache24/libphp5.so
#2  0x000000080aab95c4 in phar_compile_file () from /usr/local/lib/php/20100525/phar.so
#3  0x000000080588e45d in zend_execute_scripts () from /usr/local/libexec/apache24/libphp5.so
#4  0x0000000805937c81 in zend_get_zval_ptr () from /usr/local/libexec/apache24/libphp5.so
#5  0x000000000044e91a in ap_run_handler ()
#6  0x0000000000452682 in ap_invoke_handler ()
#7  0x0000000000463baa in ap_internal_redirect ()
#8  0x000000080546b640 in handler_redirect () from /usr/local/libexec/apache24/mod_rewrite.so
#9  0x000000000044e91a in ap_run_handler ()
#10 0x0000000000452682 in ap_invoke_handler ()
#11 0x0000000000463f8e in ap_process_async_request ()
#12 0x00000000004640cf in ap_process_request ()
#13 0x0000000000460815 in ap_process_http_connection ()
#14 0x0000000000458c22 in ap_run_process_connection ()
#15 0x000000000046a327 in child_main ()
#16 0x000000000046a5a4 in make_child ()
#17 0x000000000046af06 in prefork_run ()
#18 0x00000000004360b2 in ap_run_mpm ()
#19 0x000000000043021b in main ()


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-18 22:15 UTC] majo-bugs dot php dot net at pematon dot com
The same problem has occurred even after updating to 5.4.28:

(gdb) bt
#0  0x000000080588dcd2 in zend_stack_push () from /usr/local/libexec/apache24/libphp5.so
#1  0x0000000805860d8b in compile_file () from /usr/local/libexec/apache24/libphp5.so
#2  0x000000080aab95c4 in phar_compile_file () from /usr/local/lib/php/20100525/phar.so
#3  0x000000080588e4bd in zend_execute_scripts () from /usr/local/libexec/apache24/libphp5.so
#4  0x0000000805937ce1 in zend_get_zval_ptr () from /usr/local/libexec/apache24/libphp5.so
#5  0x000000000044e91a in ap_run_handler ()
#6  0x0000000000452682 in ap_invoke_handler ()
#7  0x0000000000463baa in ap_internal_redirect ()
#8  0x000000080546b640 in handler_redirect () from /usr/local/libexec/apache24/mod_rewrite.so
#9  0x000000000044e91a in ap_run_handler ()
#10 0x0000000000452682 in ap_invoke_handler ()
#11 0x0000000000463f8e in ap_process_async_request ()
#12 0x00000000004640cf in ap_process_request ()
#13 0x0000000000460815 in ap_process_http_connection ()
#14 0x0000000000458c22 in ap_run_process_connection ()
#15 0x000000000046a327 in child_main ()
#16 0x000000000046a5a4 in make_child ()
#17 0x000000000046af06 in prefork_run ()
#18 0x00000000004360b2 in ap_run_mpm ()
#19 0x000000000043021b in main ()
 [2014-05-21 17:44 UTC] aharvey@php.net
-Status: Open +Status: Feedback
 [2014-05-21 17:44 UTC] aharvey@php.net
We'll probably need a stack trace with line numbers to be able to diagnose this fully, although it looks like it might be an issue that's getting triggered by PHAR.
 [2014-12-30 10:42 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2015-01-04 01:22 UTC] majo-bugs dot php dot net at pematon dot com
-Status: No Feedback +Status: Closed
 [2015-01-04 01:22 UTC] majo-bugs dot php dot net at pematon dot com
Bellow is the stack trace with line numbers. Meanwhile the PHP has been upgraded to 5.5.19 and apache to 2.4.10.

(gdb) bt
#0  zend_stack_push (stack=0x805aa4640, element=0x805aa4618, size=<value optimized out>)
    at /tmp/portbuild/usr/ports/www/mod_php55/work/php-5.5.19/Zend/zend_stack.c:42
#1  0x00000008056647ab in compile_file (file_handle=0x7fffffffd640, type=2) at zend_language_scanner.l:586
#2  0x000000080c9ce935 in phar_compile_file () from /usr/local/lib/php/20121212/phar.so
#3  0x0000000806c8e95e in persistent_compile_file () from /usr/local/lib/php/20121212/opcache.so
#4  0x000000080569b91d in zend_execute_scripts (type=2, retval=0x0, file_count=1) at /tmp/portbuild/usr/ports/www/mod_php55/work/php-5.5.19/Zend/zend.c:1322
#5  0x0000000805748e01 in php_handler (r=0x8125f0620) at /tmp/portbuild/usr/ports/www/mod_php55/work/php-5.5.19/sapi/apache2handler/sapi_apache2.c:669
#6  0x000000000044f07a in ap_run_handler ()
#7  0x0000000000452de2 in ap_invoke_handler ()
#8  0x000000000046449a in ap_internal_redirect ()
#9  0x000000080526e820 in ?? () from /usr/local/libexec/apache24/mod_rewrite.so
#10 0x000000000044f07a in ap_run_handler ()
#11 0x0000000000452de2 in ap_invoke_handler ()
#12 0x000000000046487e in ap_process_async_request ()
#13 0x00000000004649bf in ap_process_request ()
#14 0x0000000000461115 in ap_expr_yylex ()
#15 0x0000000000459452 in ap_run_process_connection ()
#16 0x000000000046ac27 in ap_set_etag ()
#17 0x000000000046aea4 in ap_set_etag ()
#18 0x000000000046b806 in ap_set_etag ()
#19 0x0000000000436462 in ap_run_mpm ()
#20 0x0000000000430543 in main ()

Please re-open the bug. I'm getting ERROR: You aren't allowed to change a bug to that state.
 [2015-01-04 01:23 UTC] majo-bugs dot php dot net at pematon dot com
-Status: Closed +Status: Open
 [2015-01-04 01:23 UTC] majo-bugs dot php dot net at pematon dot com
Trying to re-open.
 [2015-01-04 01:31 UTC] majo-bugs dot php dot net at pematon dot com
-PHP Version: 5.4.28 +PHP Version: 5.5.19
 [2015-01-04 01:31 UTC] majo-bugs dot php dot net at pematon dot com
The error message is:
Program terminated with signal 11, Segmentation fault.
 [2015-02-16 17:36 UTC] getriebesand at freenet dot de
Same here:
Ubuntu 14.04
PHP 5.5.9-1ubuntu4.5
Apache 2.4.7

This happend every few minutes on a php file with highest requests on our server (8 req/sec)

#0  0x00007ff0931da97d in zend_stack_push (stack=stack@entry=0x7ff0939a0ca0 <compiler_globals+608>, element=element@entry=0x7ff0939a0c78 <compiler_globals+568>, 
    size=size@entry=40) at /build/buildd/php5-5.5.9+dfsg/Zend/zend_stack.c:42
#1  0x00007ff0931a631e in compile_file (file_handle=file_handle@entry=0x7fffe2adee30, type=2) at Zend/zend_language_scanner.l:586
#2  0x00007ff0931cbafa in dtrace_compile_file (file_handle=0x7fffe2adee30, type=<optimized out>) at /build/buildd/php5-5.5.9+dfsg/Zend/zend_dtrace.c:40
#3  0x00007ff093054cb4 in phar_compile_file (file_handle=<optimized out>, type=<optimized out>) at /build/buildd/php5-5.5.9+dfsg/ext/phar/phar.c:3383
#4  0x00007ff0931dd57f in zend_execute_scripts (type=type@entry=2, retval=retval@entry=0x0, file_count=file_count@entry=1) at /build/buildd/php5-5.5.9+dfsg/Zend/zend.c:1308
#5  0x00007ff09328d4fd in php_handler (r=<optimized out>) at /build/buildd/php5-5.5.9+dfsg/sapi/apache2handler/sapi_apache2.c:669
#6  0x00007ff097b8a680 in ap_run_handler ()
#7  0x00007ff097b8abc9 in ap_invoke_handler ()
#8  0x00007ff097ba016a in ap_process_async_request ()
#9  0x00007ff097ba0444 in ap_process_request ()
#10 0x00007ff097b9cf02 in ?? ()
#11 0x00007ff097b93cc0 in ap_run_process_connection ()
#12 0x00007ff093bad767 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#13 0x00007ff093bad9a6 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#14 0x00007ff093bae60e in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#15 0x00007ff097b7169e in ap_run_mpm ()
#16 0x00007ff097b6ae36 in main ()
 [2015-02-16 23:44 UTC] rasmus@php.net
getriebesand dtrace? Try it without dtrace.
 [2015-02-17 13:12 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2015-02-20 20:16 UTC] getriebesand at freenet dot de
I don't know how. I don't use dtrace. Maybe I have to file a bug report to the maintainer of the package. (I use the default packege for ubuntu 14.04 LTS)

then forget my bt and use majo-bugs's bt

But this error is hard to reproduce because it only happens on many requests.

Bofore I had have opcache enabled and got many fatal error that a function can not be redeclared. But I checked the code many times. Even with require_once and  check if function_exists().
Then I disabled opcache and since then I get seg faults.

I use Apache mpm-prefork and have tried to use different configs (reduce MaxConnectionsPerChild...) but it didn't solve anything.
 [2015-03-01 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2015-03-01 13:13 UTC] majo-bugs dot php dot net at pematon dot com
-Status: No Feedback +Status: Closed
 [2015-03-01 13:13 UTC] majo-bugs dot php dot net at pematon dot com
This still happens to me:
PHP 5.5.21
Apache 2.4.12
FreeBSD 9.3

Core was generated by `httpd'.
Program terminated with signal 11, Segmentation fault.
[New Thread 802007400 (LWP 101477/httpd)]
#0  zend_stack_push (stack=0x805aa4660, element=0x805aa4638, size=<value optimized out>) at /tmp/portbuild/usr/ports/www/mod_php55/work/php-5.5.21/Zend/zend_stack.c:42
#1  0x00000008056648fb in compile_file (file_handle=0x7fffffffe690, type=2) at zend_language_scanner.l:586
#2  0x0000000808dce935 in phar_compile_file () from /usr/local/lib/php/20121212/phar.so
#3  0x0000000806c8e8de in persistent_compile_file () from /usr/local/lib/php/20121212/opcache.so
#4  0x000000080569ba0d in zend_execute_scripts (type=2, retval=0x0, file_count=1) at /tmp/portbuild/usr/ports/www/mod_php55/work/php-5.5.21/Zend/zend.c:1319
#5  0x0000000805748ef1 in php_handler (r=0x8073730a0) at /tmp/portbuild/usr/ports/www/mod_php55/work/php-5.5.21/sapi/apache2handler/sapi_apache2.c:669
#6  0x000000000044f4aa in ap_run_handler ()
#7  0x0000000000453202 in ap_invoke_handler ()
#8  0x000000000046522e in ap_process_async_request ()
#9  0x000000000046536f in ap_process_request ()
#10 0x0000000000461a85 in ap_expr_yylex ()
#11 0x0000000000459da2 in ap_run_process_connection ()
#12 0x000000000046b897 in ap_set_etag ()
#13 0x000000000046bb14 in ap_set_etag ()
#14 0x000000000046c476 in ap_set_etag ()
#15 0x0000000000436622 in ap_run_mpm ()
#16 0x0000000000430703 in main ()
 [2015-03-01 13:14 UTC] majo-bugs dot php dot net at pematon dot com
-Status: Closed +Status: Assigned
 [2015-03-01 13:14 UTC] majo-bugs dot php dot net at pematon dot com
Re-openning
 [2015-03-01 13:15 UTC] majo-bugs dot php dot net at pematon dot com
-Status: Assigned +Status: Open
 [2015-03-01 13:15 UTC] majo-bugs dot php dot net at pematon dot com
Re-openning
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Oct 18 09:01:26 2019 UTC