php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70360 Segmentation fault for every request
Submitted: 2015-08-25 17:41 UTC Modified: 2017-11-05 04:22 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:2 (66.7%)
From: atippett at gmail dot com Assigned: cmb (profile)
Status: No Feedback Package: opcache
PHP Version: 5.6.12 OS: Linux fenrir 3.16.0-4-amd64 #1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
26 - 12 = ?
Subscribe to this entry?

 
 [2015-08-25 17:41 UTC] atippett at gmail dot com
Description:
------------
Segmentation fault.

version: PHP 5.6.9-0+deb8u1 (cli) (built: Jun  5 2015 11:03:27) 


Any help on how to diagnose this would be appreciated.

Actual result:
--------------
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fe60d50658a in gc_remove_from_buffer (root=0x7fe5fdf7b030) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_gc.h:190
190     /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_gc.h: No such file or directory.
(gdb) bt
#0  0x00007fe60d50658a in gc_remove_from_buffer (root=0x7fe5fdf7b030) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_gc.h:190
#1  gc_remove_zval_from_buffer (zv=zv@entry=0x7fe5fdf7b078) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_gc.c:260
#2  0x00007fe60d4d5018 in i_zval_ptr_dtor (zval_ptr=0x7fe5fdf7b078) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_execute.h:78
#3  _zval_ptr_dtor (zval_ptr=<optimized out>) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_execute_API.c:424
#4  0x00007fe60d4f43b8 in zend_hash_destroy (ht=0x7fe617242ac8) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_hash.c:548
#5  0x00007fe60d4e4d6b in _zval_dtor_func (zvalue=0x7fe5fdf7b078) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_variables.c:45
#6  0x00007fe60d594610 in _zval_dtor (zvalue=<optimized out>) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_variables.h:35
#7  i_zval_ptr_dtor (zval_ptr=<optimized out>) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_execute.h:79
#8  zend_vm_stack_clear_multiple (nested=<optimized out>) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_execute.h:308
#9  zend_do_fcall_common_helper_SPEC (execute_data=0x7fe616a96478) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:650
#10 0x00007fe60d523020 in execute_ex (execute_data=0x7fe616a96478) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:363
#11 0x00007fe60d4d4cf8 in dtrace_execute_ex (execute_data=0x7fe616a96478) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_dtrace.c:73
#12 0x00007fe6025ac18d in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1056
#13 0x00007fe6025ac982 in nr_php_execute () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1167
#14 0x00007fe60d594b1e in zend_do_fcall_common_helper_SPEC (execute_data=0x7fe616a962e0) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:592
#15 0x00007fe60d523020 in execute_ex (execute_data=0x7fe616a962e0) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:363
#16 0x00007fe60d4d4cf8 in dtrace_execute_ex (execute_data=0x7fe616a962e0) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_dtrace.c:73
#17 0x00007fe6025ac18d in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1056
#18 0x00007fe6025ac982 in nr_php_execute () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1167
#19 0x00007fe60d594b1e in zend_do_fcall_common_helper_SPEC (execute_data=0x7fe616a96118) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:592
#20 0x00007fe60d523020 in execute_ex (execute_data=0x7fe616a96118) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:363
#21 0x00007fe60d4d4cf8 in dtrace_execute_ex (execute_data=0x7fe616a96118) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_dtrace.c:73
#22 0x00007fe6025ac18d in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1056
#23 0x00007fe6025ac982 in nr_php_execute () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1167
#24 0x00007fe60d594b1e in zend_do_fcall_common_helper_SPEC (execute_data=0x7fe616a95fd0) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:592
#25 0x00007fe60d523020 in execute_ex (execute_data=0x7fe616a95fd0) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:363
#26 0x00007fe60d4d4cf8 in dtrace_execute_ex (execute_data=0x7fe616a95fd0) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_dtrace.c:73
#27 0x00007fe6025ac18d in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1056
#28 0x00007fe6025ac982 in nr_php_execute () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1167
#29 0x00007fe60d594b1e in zend_do_fcall_common_helper_SPEC (execute_data=0x7fe616a95ee8) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:592
#30 0x00007fe60d523020 in execute_ex (execute_data=0x7fe616a95ee8) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:363
#31 0x00007fe60d4d4cf8 in dtrace_execute_ex (execute_data=0x7fe616a95ee8) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_dtrace.c:73
#32 0x00007fe6025ac18d in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1056
#33 0x00007fe6025ac982 in nr_php_execute () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1167
#34 0x00007fe60d594b1e in zend_do_fcall_common_helper_SPEC (execute_data=0x7fe616a95d30) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:592
#35 0x00007fe60d523020 in execute_ex (execute_data=0x7fe616a95d30) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:363
#36 0x00007fe60d4d4cf8 in dtrace_execute_ex (execute_data=0x7fe616a95d30) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_dtrace.c:73
#37 0x00007fe6025ac18d in nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1056
#38 0x00007fe6025ac982 in nr_php_execute () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1167
#39 0x00007fe60d594b1e in zend_do_fcall_common_helper_SPEC (execute_data=0x7fe616a95bd0) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:592
#40 0x00007fe60d523020 in execute_ex (execute_data=0x7fe616a95bd0) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_vm_execute.h:363
#41 0x00007fe60d4d4cf8 in dtrace_execute_ex (execute_data=0x7fe616a95bd0) at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend_dtrace.c:73
#42 0x00007fe6025ac402 in nr_php_execute_file () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:889
#43 nr_php_execute_enabled () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:921
#44 0x00007fe6025ac982 in nr_php_execute () at /home/hudson/slave-workspace/workspace/PHP_Release_Agent/label/centos5-64-nrcamp/agent/php_execute.c:1167
#45 0x00007fe60d4e77f0 in zend_execute_scripts (type=-34099080, type@entry=8, retval=0x7fe600000000, retval@entry=0x0, file_count=231379392, file_count@entry=3)
    at /tmp/buildd/php5-5.6.9+dfsg/Zend/zend.c:1341
#46 0x00007fe60d483560 in php_execute_script (primary_file=primary_file@entry=0x7ffc9cbfda60) at /tmp/buildd/php5-5.6.9+dfsg/main/main.c:2597
#47 0x00007fe60d5961ca in php_handler (r=<optimized out>) at /tmp/buildd/php5-5.6.9+dfsg/sapi/apache2handler/sapi_apache2.c:667
#48 0x00007fe614fab290 in ap_run_handler (r=r@entry=0x7fe6150900a0) at config.c:169
#49 0x00007fe614fab7d9 in ap_invoke_handler (r=0x7fe6150900a0) at config.c:433
#50 0x00007fe614fc1672 in ap_process_async_request (r=0x7fe6150900a0) at http_request.c:317
#51 0x00007fe614fc1810 in ap_process_request (r=0x7fe6150900a0) at http_request.c:363
#52 0x00007fe614fbe112 in ap_process_http_sync_connection (c=0x7fe6150a1290) at http_core.c:190
#53 ap_process_http_connection (c=0x7fe6150a1290) at http_core.c:231
#54 0x00007fe614fb4b00 in ap_run_process_connection (c=0x7fe6150a1290) at connection.c:41
#55 0x00007fe60deb87ba in child_main (child_num_arg=-34099080) at prefork.c:704
#56 0x00007fe60deb8a01 in make_child (s=0x7fe6151a8de0, slot=65) at prefork.c:800
#57 0x00007fe60deb9667 in perform_idle_server_maintenance (p=<optimized out>) at prefork.c:902
#58 prefork_run (_pconf=0x7fe6151f1f38 <ap_server_conf>, plog=0x7ffc9cbfdecc, s=0x7ffc9cbfded0) at prefork.c:1090
#59 0x00007fe614f90e7e in ap_run_mpm (pconf=0x7fe6151e0028, plog=0x7fe6151ae028, s=0x7fe6151a8de0) at mpm_common.c:94
#60 0x00007fe614f8a3c3 in main (argc=3, argv=0x7ffc9cbfe1b8) at main.c:777


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-08-25 17:56 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2015-08-25 17:56 UTC] requinix@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2015-08-26 06:35 UTC] atippett at gmail dot com
-Status: Feedback +Status: Open
 [2015-08-26 06:35 UTC] atippett at gmail dot com
Please advice:

After much poking, turning off opcache (7.0.4) fixes the issues.  It's terrible hard to diagnosis what's going on and any recommendations are welcome.  The code runs fine after an apache2ctl restart for sometimes a 1/2 day or so but if we stress test the system with a lots of connections we can reproduce a segmentation fault when opcache is on.  Other sites under the same webserver continue to work but any access to the url we stress test produces a core dump on every request until we restart apache.  We've tried to narrow down what code is causing it but have been unsuccessful at finding a code example that we can pass on.  Any recommendations?
 [2015-08-26 06:35 UTC] atippett at gmail dot com
Please advice:

After much poking, turning off opcache (7.0.4) fixes the issues.  It's terrible hard to diagnosis what's going on and any recommendations are welcome.  The code runs fine after an apache2ctl restart for sometimes a 1/2 day or so but if we stress test the system with a lots of connections we can reproduce a segmentation fault when opcache is on.  Other sites under the same webserver continue to work but any access to the url we stress test produces a core dump on every request until we restart apache.  We've tried to narrow down what code is causing it but have been unsuccessful at finding a code example that we can pass on.  Any recommendations?
 [2015-08-26 06:37 UTC] atippett at gmail dot com
-Package: Reproducible crash +Package: opcache
 [2015-08-26 06:37 UTC] atippett at gmail dot com
changing to package opcache
 [2015-08-28 10:11 UTC] steve at stephenorr dot co dot uk
Same issue for me on PHP 5.6.12-1+deb.sury.org~vivid+1 (as provided in ondrej PPA on Ubuntu).

Disabling opcache initially appeared to resolve the problem, but it looks like my actual issue was that I also had the xcache extension enabled, and the two were conflicting.

Uninstalling xcache and re-enabling opcache seems to work.
 [2015-08-28 18:17 UTC] atippett at gmail dot com
I believe this might be related to https://bugs.php.net/bug.php?id=69549  I'll run some tests tonight with the updated version of php on fenrir.
 [2015-09-04 07:14 UTC] aliis dot jh at gmail dot com
After updating fenrir to opcache: Zend OPcache v7.0.6-dev
We're still getting segfaults with the php.ini setting:
opcache.optimization_level=0xffffffff

As soon as we set opcache.optimization_level=0 the segfaults stop.
 [2015-09-04 08:37 UTC] aliis dot jh at gmail dot com
After further testing on fenrir, we have that all bitmask settings for:
opcache.optimization_level do NOT produce segfaults EXCEPT the first bit.
Working: 0xXXXXXXXX0 // where 'X'=f|0
Segfault: 0xXXXXXXXXf // where 'X'=f|0

So only combinations of bit flags with the first bit enabled result in segfaults, all other combinations work fine.

From reference, I believe this is the flag for pass 1, operations:
	 * - substitute persistent constants (true, false, null, etc)
	 * - perform compile-time evaluation of constant binary and unary operations
	 * - optimize series of ADD_STRING and/or ADD_CHAR
	 * - convert CAST(IS_BOOL,x) into BOOL(x)
	 * - convert INTI_FCALL_BY_NAME + DO_FCALL_BY_NAME into DO_FCALL

Reference:
http://stackoverflow.com/questions/21181045/php-opcache-optimization-levels-what-are-they
https://github.com/zendtech/ZendOptimizerPlus/blob/master/Optimizer/zend_optimizer.c
 [2015-09-04 10:01 UTC] nikic@php.net
@aliis: 0xf == 0b1111, so this will enable the first four passes (which is pass 1_5, pass 2 and pass 3 in practice). To further narrow this down you can try 0x1, 0x2 and 0x4.
 [2015-09-30 15:59 UTC] aliis dot jh at gmail dot com
Thanks nikic, we've now tested incrementally in the range:
opcache.optimization_level = [0xfffffff0 - 0xffffffff]

All, but the last bit flag work without segfaulting, i.e., 

opcache.optimization_level = [0xfffffff0 - 0xfffffffe] (OK - No Segfaults)
This is equiv:
[0b0000 0000 1111 1111 1111 1111 1111 1111 1111 0000]
to
[0b0000 0000 1111 1111 1111 1111 1111 1111 1111 1110]

Likewise, incrementing from other direction:
0x00000001 - FAIL (segfaults)
0x00000002 - PASS (segfaults)
0x00000003 - FAIL (segfaults)
...
for all bitmasks containing / including the first bit 0x0...1

So only the pass for bit flag: 0x00000001 is causing segfaults.

Any thoughts or solutions for fixing this issue would be greatly appreciated.
 [2015-10-26 21:14 UTC] nikic@php.net
As this issue is caused by pass 1_5 and happens in gc_remove_from_buffer() this may be the same issue as https://bugs.php.net/bug.php?id=70601. Could you check if 5.6.15RC1 (or 5.6-dev) resolves this issue?
 [2017-09-20 12:00 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2017-09-20 12:00 UTC] cmb@php.net
Could you check if 5.6.31 resolves this issue?
 [2017-11-05 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 15:01:28 2024 UTC