php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77358 random Segmentation fault (core dumped)
Submitted: 2018-12-27 13:31 UTC Modified: 2019-01-14 09:02 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: kinoute at gmail dot com Assigned:
Status: Duplicate Package: PDO MySQL
PHP Version: 7.3.0 OS: Ubuntu 16.04.5
Private report: No CVE-ID: None
 [2018-12-27 13:31 UTC] kinoute at gmail dot com
Description:
------------
It happens on a VPN running Ubuntu 16.04.5 & PHP 7.3.0 (upgraded from 7.2.13). I'm getting at random intervals Segfault errors on some scripts. I was able to catch a segfault running my script through gdb. Here is the output backtrace:

(gdb) run checkwin.php
Starting program: /usr/bin/php checkwin.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00005555557c2d3a in _efree ()
(gdb) bt
#0  0x00005555557c2d3a in _efree ()
#1  0x00007ffff2d4fea7 in ?? () from /usr/lib/php/20180731/mysqlnd.so
#2  0x00007ffff2d4af4f in ?? () from /usr/lib/php/20180731/mysqlnd.so
#3  0x00007ffff2d4f641 in ?? () from /usr/lib/php/20180731/mysqlnd.so
#4  0x00007ffff2d4e0b9 in ?? () from /usr/lib/php/20180731/mysqlnd.so
#5  0x00007ffff2d4be04 in ?? () from /usr/lib/php/20180731/mysqlnd.so
#6  0x00007ffff2d4bf4e in ?? () from /usr/lib/php/20180731/mysqlnd.so
#7  0x00007fffed601ee4 in ?? () from /usr/lib/php/20180731/pdo_mysql.so
#8  0x00007ffff2b28d0c in ?? () from /usr/lib/php/20180731/pdo.so
#9  0x00007ffff2b2cbaa in ?? () from /usr/lib/php/20180731/pdo.so
#10 0x00005555557fc60e in ?? ()
#11 0x00005555557f92b1 in zend_hash_graceful_reverse_destroy ()
#12 0x00005555557e879e in ?? ()
#13 0x00005555557875e2 in php_module_shutdown ()
#14 0x00005555556427fa in ?? ()
#15 0x00007ffff5cf0830 in __libc_start_main (main=0x555555642370, argc=2, argv=0x7fffffffe5b8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe5a8)
    at ../csu/libc-start.c:291
#16 0x0000555555642909 in _start ()
(gdb)


I can also see segfaults in /var/log/syslog:

Dec 27 12:05:15 vps12833 kernel: [ 1122.000275] php[1975]: segfault at 7f4d49000000 ip 000055a75bf88d3a sp 00007fff1fb200f0 error 4 in php7.3[55a75bd1a000+3eb000]


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-13 18:47 UTC] kinoute at gmail dot com
Some update. I was about to make a little script were I get the same backtrace on gdb every single time I run the php script.

Running MySQL  5.7.24, with a "test" table as followed, with a datetime(6) column. It seems to happen when using the "UPDATE" mysql function. No problem with a simple SELECT.

CREATE TABLE `test` (
  `id` int(11) NOT NULL,
  `date` datetime(6) NOT NULL,
  `poster_id` int(11) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;


INSERT INTO `test` (`id`, `date`, `poster_id`) VALUES
(1, '2019-01-17 01:40:35.123456', 3);


PHP Script:

<?php

$dbh = "";
$dsn = 'mysql:host=localhost;dbname=testphp73';

// Set options
$options = [
    PDO::ATTR_PERSISTENT    => true,
    PDO::ATTR_ERRMODE       => PDO::ERRMODE_EXCEPTION
];

// Create a new PDO instanace
try {
    $dbh = new PDO($dsn, "root", "password", $options);
} // Catch any errors
catch (PDOException $e) {
    $this->error = $e->getMessage();
}


$stmt = $dbh->prepare("UPDATE test SET poster_id = 4 WHERE id = 1");

// no problem
// $stmt = $dbh->prepare("SELECT * FROM test WHERE id = 1");

$stmt->execute();


gdb backtrace with the UPDATE function:

(gdb) run test.php
Starting program: /usr/bin/php test.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Inferior 1 (process 6354) exited with code 01]
(gdb) b exit
Breakpoint 1 at 0x7ffff5d0a030: file exit.c, line 104.
(gdb) run test.php
Starting program: /usr/bin/php test.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Breakpoint 1, __GI_exit (status=1) at exit.c:104
104	exit.c: No such file or directory.
(gdb) bt
#0  __GI_exit (status=1) at exit.c:104
#1  0x00005555556319ed in ?? ()
#2  0x00005555557c2e1d in _efree ()
#3  0x00007ffff2d4fea7 in ?? () from /usr/lib/php/20180731/mysqlnd.so
#4  0x00007ffff2d4af4f in ?? () from /usr/lib/php/20180731/mysqlnd.so
#5  0x00007ffff2d4f641 in ?? () from /usr/lib/php/20180731/mysqlnd.so
#6  0x00007ffff2d4e0b9 in ?? () from /usr/lib/php/20180731/mysqlnd.so
#7  0x00007ffff2d4be04 in ?? () from /usr/lib/php/20180731/mysqlnd.so
#8  0x00007ffff2d4bf4e in ?? () from /usr/lib/php/20180731/mysqlnd.so
#9  0x00007fffed601ee4 in ?? () from /usr/lib/php/20180731/pdo_mysql.so
#10 0x00007ffff2b28d0c in ?? () from /usr/lib/php/20180731/pdo.so
#11 0x00007ffff2b2cbaa in ?? () from /usr/lib/php/20180731/pdo.so
#12 0x00005555557fc6ce in ?? ()
#13 0x00005555557f9371 in zend_hash_graceful_reverse_destroy ()
#14 0x00005555557e885e in ?? ()
#15 0x0000555555787662 in php_module_shutdown ()
#16 0x000055555564282a in ?? ()
#17 0x00007ffff5cf0830 in __libc_start_main (main=0x5555556423a0, argc=2, argv=0x7fffffffe5c8, init=<optimized out>,
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe5b8) at ../csu/libc-start.c:291
#18 0x0000555555642939 in _start ()
(gdb)

gdb backtrace when using SELECT function:

(gdb) run test.php
Starting program: /usr/bin/php test.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Inferior 1 (process 6387) exited normally]
(gdb) b exit
Breakpoint 1 at 0x7ffff5d0a030: file exit.c, line 104.
(gdb) run test.php
Starting program: /usr/bin/php test.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Breakpoint 1, __GI_exit (status=0) at exit.c:104
104	exit.c: No such file or directory.
(gdb) bt
#0  __GI_exit (status=0) at exit.c:104
#1  0x000055555564252d in ?? ()
#2  0x00007ffff5cf0830 in __libc_start_main (main=0x5555556423a0, argc=2, argv=0x7fffffffe5c8, init=<optimized out>,
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe5b8) at ../csu/libc-start.c:291
#3  0x0000555555642939 in _start ()
(gdb)
 [2019-01-14 09:02 UTC] nikic@php.net
-Status: Open +Status: Duplicate
 [2019-01-14 09:02 UTC] nikic@php.net
Given the use of persistent PDO connections and the efree() segfault during shutdown, this is very likely a duplicate of bug #77289, which will be fixed in PHP 7.3.2.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Oct 07 20:01:27 2024 UTC