php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70843 Segmentation fault on MacOSX with opcache.file_cache_only=1
Submitted: 2015-11-03 14:32 UTC Modified: 2015-11-04 09:10 UTC
From: for-bugs at hnw dot jp Assigned: laruence
Status: Closed Package: opcache
PHP Version: 7.0.0RC6 OS: MacOSX 10.9.5
Private report: No CVE-ID:
 [2015-11-03 14:32 UTC] for-bugs at hnw dot jp
Description:
------------
I tried file-based opcache with PHP 7.0.0RC6(cli) on MacOSX.

OPcache settings:

opcache.enable_cli=1
opcache.file_cache=/var/tmp/php/opcache
opcache.file_cache_only=1

All scripts run fine, however test script crashes after execution.

In addition, no problem occurs with same script on Linux.


Test script:
---------------
<?php
$sum = array(); // No segv if commented out this line
$sum[0] = 0;
var_dump($sum);

Expected result:
----------------
array(1) {
  [0]=>
  int(0)
}

Actual result:
--------------
array(1) {
  [0]=>
  int(0)
}
Segmentation fault: 11

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-03 16:05 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2015-11-03 16:05 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2015-11-04 07:18 UTC] for-bugs at hnw dot jp
-Status: Feedback +Status: Open
 [2015-11-04 07:18 UTC] for-bugs at hnw dot jp
Here is the backtrace:

(lldb) run -dopcache.huge_code_pages=0 -dopcache.enable_cli=1 -dopcache.file_cache=/var/tmp/php/opcache -dopcache.file_cache_only=1 /tmp/foo.php
Process 24230 launched: '/Users/hnw/.phpenv/versions/7.0.0RC6-debug/bin/php' (x86_64)
array(1) {
  [0]=>
  int(0)
}
Process 24230 stopped
* thread #1: tid = 0x629ba3, 0x0000000106b5e0e0, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x106b5e0e0)
    frame #0: 0x0000000106b5e0e0
error: memory read failed for 0x106b5e000
(lldb) bt
* thread #1: tid = 0x629ba3, 0x0000000106b5e0e0, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x106b5e0e0)
  * frame #0: 0x0000000106b5e0e0
    frame #1: 0x000000010078fbbd php`zend_hash_destroy(ht=0x0000000103001420) + 189 at zend_hash.c:1191
    frame #2: 0x000000010078fff3 php`zend_array_destroy(ht=0x0000000103001420) + 163 at zend_hash.c:1251
    frame #3: 0x00000001007726a0 php`_zval_dtor_func_for_ptr(p=0x0000000103001420, __zend_filename="/var/tmp/php-build/source/7.0.0RC6-debug/Zend/zend_variables.c", __zend_lineno=260) + 176 at zend_variables.c:96
    frame #4: 0x00000001007725d4 php`i_zval_ptr_dtor(zval_ptr=0x00007fff5fbfcd38, __zend_filename="/var/tmp/php-build/source/7.0.0RC6-debug/Zend/zend_variables.c", __zend_lineno=260) + 84 at zend_variables.h:58
    frame #5: 0x0000000100773101 php`_zval_ptr_dtor_wrapper(zval_ptr=0x00007fff5fbfcd38) + 33 at zend_variables.c:260
    frame #6: 0x000000010078f11f php`_zend_hash_del_el_ex(ht=0x0000000100eb9b38, idx=7, p=0x000000010305b1e0, prev=0x0000000000000000) + 639 at zend_hash.c:958
    frame #7: 0x000000010078ece8 php`_zend_hash_del_el(ht=0x0000000100eb9b38, idx=7, p=0x000000010305b1e0) + 216 at zend_hash.c:982
    frame #8: 0x0000000100790b01 php`zend_hash_graceful_reverse_destroy(ht=0x0000000100eb9b38) + 177 at zend_hash.c:1428
    frame #9: 0x0000000100756c15 php`shutdown_executor + 165 at zend_execute_API.c:277
    frame #10: 0x00000001007758ab php`zend_deactivate + 123 at zend.c:967
    frame #11: 0x00000001006c37f0 php`php_request_shutdown(dummy=0x0000000000000000) + 864 at main.c:1810
    frame #12: 0x0000000100871594 php`do_cli(argc=6, argv=0x00007fff5fbfe910) + 7060 at php_cli.c:1142
    frame #13: 0x000000010086f7ae php`main(argc=6, argv=0x00007fff5fbfe910) + 1838 at php_cli.c:1345
    frame #14: 0x00007fff91ef95c9 libdyld.dylib`start + 1
(lldb)
 [2015-11-04 09:10 UTC] laruence@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: laruence
 [2015-11-04 09:10 UTC] laruence@php.net
hmm, looks like we are facing the ASLR problems, you mean try to edit the Makefile and add -Wl,-no-pie to CFLAGS to disable it to verify this.

however, I am not a MACOS developer, not sure how to safely disable ASLR for all verisons of Mac.

also read: http://stackoverflow.com/questions/23897963/documented-way-to-disable-aslr-on-os-x
 [2015-11-04 11:01 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fe0af271c66260fedcb4b44fad85e18dd0dd0af6
Log: Fixed bug #70843 (Segmentation fault on MacOSX with opcache.file_cache_only=1)
 [2015-11-04 11:01 UTC] laruence@php.net
-Status: Feedback +Status: Closed
 [2015-11-09 18:12 UTC] ab@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=849ef6db447512036f8c16755754769e5f86b00a
Log: Fixed bug #70843 (Segmentation fault on MacOSX with opcache.file_cache_only=1)
 [2016-07-20 11:35 UTC] davey@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fe0af271c66260fedcb4b44fad85e18dd0dd0af6
Log: Fixed bug #70843 (Segmentation fault on MacOSX with opcache.file_cache_only=1)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Wed Feb 22 15:01:37 2017 UTC