PHP :: Bug #79261 :: Segfault on Script Exit

Bug #79261	Segfault on Script Exit
Submitted:	2020-02-11 20:15 UTC	Modified:	2020-02-12 09:07 UTC
From:	dblabian at gmail dot com	Assigned:
Status:	Duplicate	Package:	*General Issues
PHP Version:	7.4.2	OS:	5.4.2-arch1-1 #1 SMP PREEMPT
Private report:	No	CVE-ID:	None

View Developer Edit

[2020-02-11 20:15 UTC] dblabian at gmail dot com

Description:
------------
Upgrading from PHP 7.3.12 to PHP 7.4.1 and 7.4.2 resulted in a particular script segfaulting. The segfault seems to change on each run. Mostly its a segfault, sometimes it's an illegal operation. What I've been able to track down is that it occurs on the script exit, when either exit(), die() or the script reaches the end of its logic.

This is the only script we have that's segfaulting (that I know of). It has some attributes that make it somewhat unique: 1) it uses pcntl functions to fork processes from a master loop, and those loop items also fork themselves, 2) it uses semaphores and shared memory to coordinate the children, 3) it calls pcntl_wait() at exit.

The GDB output doesn't seem useful as it just references the JIT:

#0  0x00007f08b5f749b0 in ?? ()
#1  0x00007f08b89bea57 in pcre2_jit_match_8 () from /usr/lib/libpcre2-8.so.0
#2  0x00007f08b89c2d5c in pcre2_match_8 () from /usr/lib/libpcre2-8.so.0
#3  0x000055e26d9c2c9f in php_pcre_replace_impl ()
#4  0x000055e26d9c3250 in php_pcre_replace ()
#5  0x000055e26d9c3665 in ?? ()
#6  0x000055e26dc44bac in execute_ex ()
#7  0x000055e26dc49d21 in zend_execute ()
#8  0x000055e26dbc30b7 in zend_execute_scripts ()
#9  0x000055e26db63231 in php_execute_script ()
#10 0x000055e26dc4be0c in ?? ()
#11 0x000055e26d97b3e7 in ?? ()
#12 0x00007f08b872a153 in __libc_start_main () from /usr/lib/libc.so.6
#13 0x000055e26d97bb0e in _start ()


#0  0x00007f08b5f749b0 in ?? ()
#1  0x00007f08b89bea57 in pcre2_jit_match_8 () from /usr/lib/libpcre2-8.so.0
#2  0x00007f08b89c2d5c in pcre2_match_8 () from /usr/lib/libpcre2-8.so.0
#3  0x000055e26d9c2c9f in php_pcre_replace_impl ()
#4  0x000055e26d9c3250 in php_pcre_replace ()
#5  0x000055e26d9c3665 in ?? ()
#6  0x000055e26dc44bac in execute_ex ()
#7  0x000055e26dbb478a in zend_call_function ()
#8  0x000055e26dbf459f in zend_objects_destroy_object ()
#9  0x000055e26dbf9156 in zend_objects_store_call_destructors ()
#10 0x000055e26dbb342d in ?? ()
#11 0x000055e26dbc2e3e in zend_call_destructors ()
#12 0x000055e26db61ef6 in php_request_shutdown ()
#13 0x000055e26dc4b173 in ?? ()
#14 0x000055e26d97b3e7 in ?? ()
#15 0x00007f08b872a153 in __libc_start_main () from /usr/lib/libc.so.6
#16 0x000055e26d97bb0e in _start ()


#0  0x00007f08b5f749b0 in ?? ()
#1  0x00007f08b89bea57 in pcre2_jit_match_8 () from /usr/lib/libpcre2-8.so.0
#2  0x00007f08b89c2d5c in pcre2_match_8 () from /usr/lib/libpcre2-8.so.0
#3  0x000055e26d9c2c9f in php_pcre_replace_impl ()
#4  0x000055e26d9c3250 in php_pcre_replace ()
#5  0x000055e26d9c3665 in ?? ()
#6  0x000055e26dc44bac in execute_ex ()
#7  0x000055e26dc49d21 in zend_execute ()
#8  0x000055e26dbc30b7 in zend_execute_scripts ()
#9  0x000055e26db63231 in php_execute_script ()
#10 0x000055e26dc4be0c in ?? ()
#11 0x000055e26d97b3e7 in ?? ()
#12 0x00007f08b872a153 in __libc_start_main () from /usr/lib/libc.so.6
#13 0x000055e26d97bb0e in _start ()

I started using strace to track down what was happening, and that's how I followed it back to the end of execution.

1581438826.999227 access("/ve_run/flags", W_OK) = 0
1581438826.999671 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x56076ffc26df} ---
1581438827.028036 +++ killed by SIGSEGV (core dumped) +++
Segmentation fault

581451801.841257 --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---
1581451801.865146 +++ killed by SIGSEGV (core dumped) +++
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-02-11 20:28 UTC] dblabian at gmail dot com

Any advice on further debugging this issue is appreciated.

[2020-02-11 20:35 UTC] dblabian at gmail dot com

One other note, I wrote a couple of test scripts with the key functionality that's different, i.e. forking and reaping, etc, and didn't experience any segfaults.

[2020-02-11 20:38 UTC] nikic@php.net

-Status: Open +Status: Feedback

[2020-02-11 20:38 UTC] nikic@php.net

Please check whether the libpcre provided by your distribution is compiled with --enable-jit-sealloc. Arch should have fixed this per https://bugs.archlinux.org/task/64799, but possibly you are still using an --enable-jit-sealloc build, which is incompatible with fork().

[2020-02-11 23:17 UTC] dblabian at gmail dot com

-Status: Feedback +Status: Open

[2020-02-11 23:17 UTC] dblabian at gmail dot com

Thank you for the suggestion. I updated to pcre2-10.34-3 on Arch and it did indeed solve the issue. 

So directly related to https://bugs.php.net/bug.php?id=78927. 

Thank you for the help, I did search for a comparable issue but didn't turn that up.

[2020-02-12 09:07 UTC] cmb@php.net

-Status: Open +Status: Duplicate

[2020-02-12 09:07 UTC] cmb@php.net

Marking as duplicate of bug #78927 then.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Oct 29 12:00:01 2025 UTC