php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79261 Segfault on Script Exit
Submitted: 2020-02-11 20:15 UTC Modified: 2020-02-12 09:07 UTC
From: dblabian at gmail dot com Assigned:
Status: Duplicate Package: *General Issues
PHP Version: 7.4.2 OS: 5.4.2-arch1-1 #1 SMP PREEMPT
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: dblabian at gmail dot com
New email:
PHP Version: OS:

 

 [2020-02-11 20:15 UTC] dblabian at gmail dot com 
Description:
------------
Upgrading from PHP 7.3.12 to PHP 7.4.1 and 7.4.2 resulted in a particular script segfaulting. The segfault seems to change on each run. Mostly its a segfault, sometimes it's an illegal operation. What I've been able to track down is that it occurs on the script exit, when either exit(), die() or the script reaches the end of its logic.

This is the only script we have that's segfaulting (that I know of). It has some attributes that make it somewhat unique: 1) it uses pcntl functions to fork processes from a master loop, and those loop items also fork themselves, 2) it uses semaphores and shared memory to coordinate the children, 3) it calls pcntl_wait() at exit.

The GDB output doesn't seem useful as it just references the JIT:

#0  0x00007f08b5f749b0 in ?? ()
#1  0x00007f08b89bea57 in pcre2_jit_match_8 () from /usr/lib/libpcre2-8.so.0
#2  0x00007f08b89c2d5c in pcre2_match_8 () from /usr/lib/libpcre2-8.so.0
#3  0x000055e26d9c2c9f in php_pcre_replace_impl ()
#4  0x000055e26d9c3250 in php_pcre_replace ()
#5  0x000055e26d9c3665 in ?? ()
#6  0x000055e26dc44bac in execute_ex ()
#7  0x000055e26dc49d21 in zend_execute ()
#8  0x000055e26dbc30b7 in zend_execute_scripts ()
#9  0x000055e26db63231 in php_execute_script ()
#10 0x000055e26dc4be0c in ?? ()
#11 0x000055e26d97b3e7 in ?? ()
#12 0x00007f08b872a153 in __libc_start_main () from /usr/lib/libc.so.6
#13 0x000055e26d97bb0e in _start ()


#0  0x00007f08b5f749b0 in ?? ()
#1  0x00007f08b89bea57 in pcre2_jit_match_8 () from /usr/lib/libpcre2-8.so.0
#2  0x00007f08b89c2d5c in pcre2_match_8 () from /usr/lib/libpcre2-8.so.0
#3  0x000055e26d9c2c9f in php_pcre_replace_impl ()
#4  0x000055e26d9c3250 in php_pcre_replace ()
#5  0x000055e26d9c3665 in ?? ()
#6  0x000055e26dc44bac in execute_ex ()
#7  0x000055e26dbb478a in zend_call_function ()
#8  0x000055e26dbf459f in zend_objects_destroy_object ()
#9  0x000055e26dbf9156 in zend_objects_store_call_destructors ()
#10 0x000055e26dbb342d in ?? ()
#11 0x000055e26dbc2e3e in zend_call_destructors ()
#12 0x000055e26db61ef6 in php_request_shutdown ()
#13 0x000055e26dc4b173 in ?? ()
#14 0x000055e26d97b3e7 in ?? ()
#15 0x00007f08b872a153 in __libc_start_main () from /usr/lib/libc.so.6
#16 0x000055e26d97bb0e in _start ()


#0  0x00007f08b5f749b0 in ?? ()
#1  0x00007f08b89bea57 in pcre2_jit_match_8 () from /usr/lib/libpcre2-8.so.0
#2  0x00007f08b89c2d5c in pcre2_match_8 () from /usr/lib/libpcre2-8.so.0
#3  0x000055e26d9c2c9f in php_pcre_replace_impl ()
#4  0x000055e26d9c3250 in php_pcre_replace ()
#5  0x000055e26d9c3665 in ?? ()
#6  0x000055e26dc44bac in execute_ex ()
#7  0x000055e26dc49d21 in zend_execute ()
#8  0x000055e26dbc30b7 in zend_execute_scripts ()
#9  0x000055e26db63231 in php_execute_script ()
#10 0x000055e26dc4be0c in ?? ()
#11 0x000055e26d97b3e7 in ?? ()
#12 0x00007f08b872a153 in __libc_start_main () from /usr/lib/libc.so.6
#13 0x000055e26d97bb0e in _start ()

I started using strace to track down what was happening, and that's how I followed it back to the end of execution.

1581438826.999227 access("/ve_run/flags", W_OK) = 0
1581438826.999671 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x56076ffc26df} ---
1581438827.028036 +++ killed by SIGSEGV (core dumped) +++
Segmentation fault

581451801.841257 --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---
1581451801.865146 +++ killed by SIGSEGV (core dumped) +++
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-11 20:28 UTC] dblabian at gmail dot com 
Any advice on further debugging this issue is appreciated.
 [2020-02-11 20:35 UTC] dblabian at gmail dot com 
One other note, I wrote a couple of test scripts with the key functionality that's different, i.e. forking and reaping, etc, and didn't experience any segfaults.
 [2020-02-11 20:38 UTC] nikic@php.net
-Status: Open +Status: Feedback
 [2020-02-11 20:38 UTC] nikic@php.net 
Please check whether the libpcre provided by your distribution is compiled with --enable-jit-sealloc. Arch should have fixed this per https://bugs.archlinux.org/task/64799, but possibly you are still using an --enable-jit-sealloc build, which is incompatible with fork().
 [2020-02-11 23:17 UTC] dblabian at gmail dot com
-Status: Feedback +Status: Open
 [2020-02-11 23:17 UTC] dblabian at gmail dot com 
Thank you for the suggestion. I updated to pcre2-10.34-3 on Arch and it did indeed solve the issue. 

So directly related to https://bugs.php.net/bug.php?id=78927. 

Thank you for the help, I did search for a comparable issue but didn't turn that up.
 [2020-02-12 09:07 UTC] cmb@php.net
-Status: Open +Status: Duplicate
 [2020-02-12 09:07 UTC] cmb@php.net 
Marking as duplicate of bug #78927 then.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 01:01:30 2024 UTC