php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74369 Random segmentation fault (core dumped)
Submitted: 2017-04-04 10:49 UTC Modified: 2017-04-04 12:40 UTC
From: sexecut at gmail dot com Assigned:
Status: Not a bug Package: Reproducible crash
PHP Version: 7.1.3 OS: Ubuntu 16.04.1 LTS
Private report: No CVE-ID: None
 [2017-04-04 10:49 UTC] sexecut at gmail dot com
Description:
------------
My big php scripts arbitrarily end with such an error: Segmentation fault (core dumped)
The application in which this occurs is very large. It is not possible to download it. To reproduce this bug more compactly it is impossible.

My php.ini is standard.
Configure line:
'./configure'\
    '--enable-debug'\
    '--enable-fpm'\
    '--enable-cli'\
    '--with-imap'\
    '--with-imap-ssl'\
    '--with-readline'\
    '--with-pic' '--disable-rpath' '--without-pear' '--with-bz2' '--with-freetype-dir=/usr'\
    '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext'\
    '--with-gmp=/usr/include/i386-linux-gnu' '--with-iconv' '--with-jpeg-dir=/usr'\
    '--with-openssl' '--with-pcre-regex=/usr/include/' '--with-zlib'\
    '--with-pear'\
    '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-sockets' '--enable-sysvsem'\
    '--enable-sysvshm' '--enable-sysvmsg' '--with-kerberos' '--enable-shmop' '--enable-calendar'\
    '--with-libxml-dir=/usr' '--enable-xml' '--enable-soap'\
    '--enable-pcntl'\
    '--with-pdo-pgsql'\
    '--with-gd' '--disable-dba' '--without-unixODBC'\
    '--with-mcrypt' '--enable-zip'\
    '--enable-mbstring' '--without-pspell' '--disable-wddx' '--with-curl' '--disable-posix' '--disable-sysvmsg'\
    '--disable-sysvshm' '--disable-sysvsem'\
    '--enable-short-tags'\
    '--enable-phpdbg'\
    '--enable-intl'\
    '--enable-libxml';

Expected result:
----------------
$ ulimit -c unlimited; php ./yii import 12600
start
end

Actual result:
--------------
$ ulimit -c unlimited; php ./yii import 12600
start
Segmentation fault (core dumped)

$ gdb /usr/local/bin/php /var/www/debug/core-yii.48714 
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.04) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/bin/php...done.

warning: core file may not match specified executable file.
[New LWP 48714]

warning: Could not load shared library symbols for /usr/lib/libc-client.so.2007e.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/local/bin/php ./yii import 12580'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  zend_mm_alloc_small (bin_num=6, size=56, heap=0x7f7b87000040) at /usr/local/etc/php-7.1.3/Zend/zend_alloc.c:1261
1261			heap->free_slot[bin_num] = p->next_free_slot;
(gdb) bt
#0  zend_mm_alloc_small (bin_num=6, size=56, heap=0x7f7b87000040) at /usr/local/etc/php-7.1.3/Zend/zend_alloc.c:1261
#1  _emalloc_56 () at /usr/local/etc/php-7.1.3/Zend/zend_alloc.c:2336
#2  0x000000000082d1f0 in _array_init (arg=arg@entry=0x7f7b87016120, size=2) at /usr/local/etc/php-7.1.3/Zend/zend_API.c:1060
#3  0x0000000000742b73 in zif_array_map (execute_data=0x7f7b87016130, return_value=0x7f7b87016120) at /usr/local/etc/php-7.1.3/ext/standard/array.c:5342
#4  0x00000000008cc6d2 in ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_USED_HANDLER () at /usr/local/etc/php-7.1.3/Zend/zend_vm_execute.h:876
#5  0x0000000000874a6b in execute_ex (ex=<optimized out>) at /usr/local/etc/php-7.1.3/Zend/zend_vm_execute.h:429
#6  0x000000000081afe7 in zend_call_function (fci=0x7f7b870160a0, fci@entry=0x7ffd24dabe70, fci_cache=fci_cache@entry=0x7ffd24dabe40) at /usr/local/etc/php-7.1.3/Zend/zend_execute_API.c:846
#7  0x00000000006aa674 in zim_reflection_class_newInstanceArgs (execute_data=<optimized out>, return_value=0x7f7b87015b20) at /usr/local/etc/php-7.1.3/ext/reflection/php_reflection.c:4975
#8  0x00000000008cd12c in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /usr/local/etc/php-7.1.3/Zend/zend_vm_execute.h:1097
#9  0x0000000000874a6b in execute_ex (ex=<optimized out>) at /usr/local/etc/php-7.1.3/Zend/zend_vm_execute.h:429
#10 0x000000000081afe7 in zend_call_function (fci=0x7f7b870158b0, fci@entry=0x7ffd24dac080, fci_cache=fci_cache@entry=0x7ffd24dac050) at /usr/local/etc/php-7.1.3/Zend/zend_execute_API.c:846
#11 0x000000000074588b in zif_call_user_func_array (execute_data=0x7f7b87013220, return_value=0x7f7b87013210) at /usr/local/etc/php-7.1.3/ext/standard/basic_functions.c:4853
#12 0x00000000008cc6d2 in ZEND_DO_FCALL_BY_NAME_SPEC_RETVAL_USED_HANDLER () at /usr/local/etc/php-7.1.3/Zend/zend_vm_execute.h:876
#13 0x0000000000874a6b in execute_ex (ex=<optimized out>) at /usr/local/etc/php-7.1.3/Zend/zend_vm_execute.h:429
#14 0x00000000008cf590 in zend_execute (op_array=0x7f7b8707f0e0, op_array@entry=0x7f7b867a2260, return_value=return_value@entry=0x7f7b87013060) at /usr/local/etc/php-7.1.3/Zend/zend_vm_execute.h:474
#15 0x000000000082b153 in zend_execute_scripts (type=type@entry=8, retval=0x7f7b87013060, retval@entry=0x0, file_count=file_count@entry=3) at /usr/local/etc/php-7.1.3/Zend/zend.c:1476
#16 0x00000000007c78f0 in php_execute_script (primary_file=primary_file@entry=0x7ffd24dae700) at /usr/local/etc/php-7.1.3/main/main.c:2537
#17 0x00000000008d18a6 in do_cli (argc=4, argv=0x1b0df20) at /usr/local/etc/php-7.1.3/sapi/cli/php_cli.c:993
#18 0x000000000044acfc in main (argc=4, argv=0x1b0df20) at /usr/local/etc/php-7.1.3/sapi/cli/php_cli.c:1381

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-04 10:55 UTC] krakjoe@php.net
-Status: Open +Status: Feedback
 [2017-04-04 10:55 UTC] krakjoe@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2017-04-04 11:01 UTC] nikic@php.net
Can you provide the result of running the code under "USE_ZEND_ALLOC=0 valgrind php"?
 [2017-04-04 11:04 UTC] spam2 at rhsoft dot net
> A proper reproducing script starts with <?php 
> and ends with ?>,is max. 10-20 lines long

well, but when it happens only with a large script that's just impossible and that standard paragrpah not very helpful
 [2017-04-04 11:14 UTC] sexecut at gmail dot com
Thanks for reply.
I completely forgot. On version 7.1.0 everything all was fine

> Can you provide the result of running the code under "USE_ZEND_ALLOC=0 valgrind php"?
$ USE_ZEND_ALLOC=0 valgrind php
==64544== Memcheck, a memory error detector
==64544== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==64544== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==64544== Command: php
==64544== 
php: error while loading shared libraries: libc-client.so.2007e: cannot open shared object file: No such file or directory
==64544== Jump to the invalid address stated on the next line
==64544==    at 0x566: ???
==64544==    by 0x401026C: _dl_signal_error (dl-error.c:125)
==64544==    by 0x400EE89: _dl_map_object_deps (dl-deps.c:686)
==64544==    by 0x40034F9: dl_main (rtld.c:1610)
==64544==    by 0x4019461: _dl_sysdep_start (dl-sysdep.c:249)
==64544==    by 0x4004E79: _dl_start_final (rtld.c:307)
==64544==    by 0x4004E79: _dl_start (rtld.c:413)
==64544==    by 0x4000CC7: ??? (in /lib/x86_64-linux-gnu/ld-2.23.so)
==64544==  Address 0x566 is not stack'd, malloc'd or (recently) free'd
==64544== 
==64544== 
==64544== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==64544==  Bad permissions for mapped region at address 0x566
==64544==    at 0x566: ???
==64544==    by 0x401026C: _dl_signal_error (dl-error.c:125)
==64544==    by 0x400EE89: _dl_map_object_deps (dl-deps.c:686)
==64544==    by 0x40034F9: dl_main (rtld.c:1610)
==64544==    by 0x4019461: _dl_sysdep_start (dl-sysdep.c:249)
==64544==    by 0x4004E79: _dl_start_final (rtld.c:307)
==64544==    by 0x4004E79: _dl_start (rtld.c:413)
==64544==    by 0x4000CC7: ??? (in /lib/x86_64-linux-gnu/ld-2.23.so)
==64544== 
==64544== HEAP SUMMARY:
==64544==     in use at exit: 0 bytes in 0 blocks
==64544==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==64544== 
==64544== All heap blocks were freed -- no leaks are possible
==64544== 
==64544== For counts of detected and suppressed errors, rerun with: -v
==64544== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
 [2017-04-04 12:17 UTC] sexecut at gmail dot com
> php: error while loading shared libraries: libc-client.so.2007e: cannot open shared object file: No such file or directory
Oops, php build is broken now I try reinstall it
 [2017-04-04 12:39 UTC] sexecut at gmail dot com
The problem was solved by accident. After installing valgrind apt-get deleted the library, the result was an error:
> Php: error while loading shared libraries: libc-client.so.2007e: can not open shared object file: No such file or directory
I returned back this library and at the same time updated all the packages of the system and php started working fine! Next time I will update the system packages before updating the version of php. Sorry for the lost time
 [2017-04-04 12:40 UTC] sexecut at gmail dot com
-Status: Feedback +Status: Closed
 [2017-04-04 12:40 UTC] sexecut at gmail dot com
Close
 [2017-04-04 12:40 UTC] nikic@php.net
-Status: Closed +Status: Not a bug
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Jun 02 09:01:27 2020 UTC