php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73183 Segfaults / zend_mm_heap corrupted
Submitted: 2016-09-27 12:13 UTC Modified: 2016-12-19 12:01 UTC
Votes:8
Avg. Score:4.4 ± 0.9
Reproduced:6 of 6 (100.0%)
Same Version:3 (50.0%)
Same OS:2 (33.3%)
From: schnederle at futureweb dot at Assigned:
Status: Open Package: Reproducible crash
PHP Version: 7.0.11 OS: Centos 7.2.1511
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-09-27 12:13 UTC] schnederle at futureweb dot at
Description:
------------
Hello,

since we switched from PHP 5.3 to PHP 7.0.x (tried multiple Versions of PHP 7 - now we are on 7.0.11) we get random segfaults / zend_mm_heap corrupted with our CMS.

Unfortunately not predictable when they will occur or on which Script. (unfortunately never the same)
Sometimes a few Days no problems - sometimes 5 times a Day ...

Not 100% sure - but I believe that opcache could be the cause of the Problem - as a simple "opcache_reset();" is enough to get everything up & running again - no complete restart of Apache needed.

Error Log / Backtrace: http://temp.in.futureweb.at/php/error.log 

Hope someone can help me on this ...

Thank you
Andreas Schnederle-Wagner



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-28 03:39 UTC] laruence@php.net
you may try to set opcache.protect_memory=1 (please note this will significantly slowdown the server).  and see if there is any unexpected write to shared memory
 [2016-09-28 08:01 UTC] schnederle at futureweb dot at
alright - I activated protect_memory and will report back.

Will I see Errors in the Logs when there are any unexpected writes to shared memory? (unfortunately there is not much documentation available what protect_memory excactly does)
 [2016-09-28 11:25 UTC] schnederle at futureweb dot at
again Segfaults with opcache.protect_memory=1:

[Wed Sep 28 13:22:25.387677 2016] [core:notice] [pid 25800] AH00052: child pid 4680 exit signal Segmentation fault (11)
...
[Wed Sep 28 13:22:46.415573 2016] [core:notice] [pid 25800] AH00052: child pid 4885 exit signal Segmentation fault (11)
 [2016-09-28 15:31 UTC] laruence@php.net
paste the backtrace out (coredump)
 [2016-09-29 08:46 UTC] schnederle at futureweb dot at
Please find BT here: http://temp.in.futureweb.at/php/core.30883.bt.txt
 [2016-09-29 12:52 UTC] schnederle at futureweb dot at
another segfault - BT:

http://temp.in.futureweb.at/php/core.23374.bt.txt
http://temp.in.futureweb.at/php/core.25625.bt.txt
 [2016-09-30 01:42 UTC] laruence@php.net
is this the coredump after you setting opcache.protect_memory?
 [2016-09-30 11:26 UTC] schnederle at futureweb dot at
They were done with opcache.protect_memory=0

This one is with opcache.protect_memory=1 
http://temp.in.futureweb.at/php/core.17683.bt.txt
 [2016-09-30 11:40 UTC] schnederle at futureweb dot at
In case it helps - here a "bt full" with opcache.protect_memory=1: http://temp.in.futureweb.at/php/core.17683.bt_full.txt
 [2016-09-30 19:40 UTC] schnederle at futureweb dot at
again segfault with opcache.protect_memory=1: 
- http://www.futureweb.at/userdata/115/temp/core.bt.29305
- http://www.futureweb.at/userdata/115/temp/core.bt.29468

bt full with opcache.protect_memory=1:
- http://www.futureweb.at/userdata/115/temp/core.bt.full.29305
 [2016-10-04 10:54 UTC] schnederle at futureweb dot at
Don't know if it helps ... some more Segfault BTs:

02.10.2016: http://temp.in.futureweb.at/php/core.25917.bt.txt
03.10.2016: http://temp.in.futureweb.at/php/core.20048.bt.txt
04.10.2016: http://temp.in.futureweb.at/php/core.27118.bt.txt
 [2016-10-20 12:43 UTC] cadonline at gmx dot net
We are facing similar Problems on our Servers - Did you already find a Solution Andreas?

thx
Markus
 [2016-10-28 08:30 UTC] schnederle at futureweb dot at
Unfortunately no News yet ... same Problems occur with 7.0.12
Still hoping for some News on this Topic from PHP Guys! ;-)
 [2016-11-23 08:58 UTC] schnederle at futureweb dot at
still no luck with 7.0.13!

Maybe this additional Information can help?

Followed by the Segfaults I often see those Kind of Errors within Logs:

----------------------------------
error_log-20161116:[Tue Nov 15 14:35:52.478805 2016] [:error] [pid 30926] [client 80.110.0.0:54073] PHP Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 140380662153216 bytes) in /var/www/path/html/templates/path/php/news_nuggets.php on line 218, referer: http://domain

----------------------------------

216 Alle
217 </div>
218 <div class="referenzen_cst_filter_right_entry<?php if(isset($_GET['filter']) && $_GET['filter'] == 2) { ?> active<?php } ?>" id="referenzen_entry_2" rel="2">
219 Tourismus
220 </div>
----------------------------------

As one can see - there is nothing which could take 127TB of Memory on Line 218 ... could it be that OpCache is trying to Output complete nonsense?
 [2016-12-01 16:23 UTC] schnederle at futureweb dot at
Some new Information - Today I set OPCache Log Level to Debug ... no Segfault so far - but some other weird Errors - maybe somehow related to the Segfaults Problem?

At first some of those:
< Thu Dec 1 11:44:34 2016 (12618): Warning Interned string buffer overflow
< Thu Dec 1 11:44:34 2016 (12618): Warning Interned string buffer overflow
< ...
< ...
< ...
< Thu Dec 1 11:44:34 2016 (12618): Warning Interned string buffer overflow
< Thu Dec 1 11:44:34 2016 (12618): Warning Interned string buffer overflow

Right after those Errors - some OOM Errors occured:
< [Thu Dec 01 11:45:52.556057 2016] [:error] [pid 11958] [client 80.110.0.0:50912] PHP Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 6935160699037703352 bytes) in /var/www/path/html/includes/path1/file.php on line 38, referer: http://www.domain.at/admin/menue/fil...111&id_usr=111

Line 38 of the File where OOM occured:
< if (!function_exists("get_galleries")) {

Did increase opcache.interned_strings_buffer from 8 to 16 now ... but there shouldn't be such OOM Troubles when reaching Limit I guess ... (not to speak about 'maybe' Segfaults ...)
 [2016-12-12 14:28 UTC] schnederle at futureweb dot at
Since I increased opcache.interned_strings_buffer from 8 to 16 there was no single SEGFAULT anymore ... guess the Problem must lie somewhere within Interned Strings Buffer Logic then?
 [2016-12-19 12:01 UTC] schnederle at futureweb dot at
I can confirm that raising opcache.interned_strings_buffer from 8 to 16 MB did solve that Segfault issues! ~3 Weeks without a single Segfault ...

Actual OPCache Stats - interned_strings_usage - more than the initial 8MB are used ...

----------------------------------------------------
Array
(
    [opcache_enabled] => 1
    [file_cache] => /var/www/ortsinfo/opcache
    [cache_full] => 
    [restart_pending] => 
    [restart_in_progress] => 
    [memory_usage] => Array
        (
            [used_memory] => 86297760
            [free_memory] => 47915104
            [wasted_memory] => 4864
            [current_wasted_percentage] => 0.0036239624023438
        )

    [interned_strings_usage] => Array
        (
            [buffer_size] => 16777216
            [used_memory] => 8840536
            [free_memory] => 7936680
            [number_of_strings] => 74538
        )

    [opcache_statistics] => Array
        (
            [num_cached_scripts] => 4397
            [num_cached_keys] => 12811
            [max_cached_keys] => 16229
            [hits] => 15118014
            [start_time] => 1482122407
            [last_restart_time] => 0
            [oom_restarts] => 0
            [hash_restarts] => 0
            [manual_restarts] => 0
            [misses] => 7
            [blacklist_misses] => 0
            [blacklist_miss_ratio] => 0
            [opcache_hit_rate] => 99.999953697643
        )

)
----------------------------------------------------

Andreas Schnederle-Wagner
 [2018-06-28 15:06 UTC] t dot motylewski at gmail dot com
similar issues:
https://bugs.php.net/bug.php?id=73598
https://bugs.php.net/bug.php?id=65590
https://bugs.php.net/bug.php?id=66569
 [2018-06-28 15:23 UTC] t dot motylewski at gmail dot com
and a few more:
https://bugs.php.net/bug.php?id=69251
https://bugs.php.net/bug.php?id=59191
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Nov 12 15:01:29 2019 UTC