php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80907 Seg fault with pcntl_alarm() when triggered while waiting on IO
Submitted: 2021-03-25 14:44 UTC Modified: 2021-05-23 04:22 UTC
From: tobias dot nyholm at gmail dot com Assigned:
Status: No Feedback Package: PCNTL related
PHP Version: 7.4.16 OS: OSX
Private report: No CVE-ID: None
 [2021-03-25 14:44 UTC] tobias dot nyholm at gmail dot com
Description:
------------
When using `pcntl_alarm()` and the alarm is triggered when waiting for IO inside a  class, I get a "42064 segmentation fault". 

If the for loop is executing in the global namespace, everything is fine. 


Test script:
---------------
<?php

pcntl_async_signals(true);
pcntl_signal(SIGALRM, function () {
    throw new \RuntimeException('Maximum execution time reached');
});
pcntl_alarm(2);

class Worker
{
    public function work()
    {
        for ($i = 0; $i< 10; $i++) {
            echo '.';
            sleep(5);
        }
    }
}

$worker = new Worker();
$worker->work();
echo "end";


Expected result:
----------------
.PHP Fatal error:  Uncaught RuntimeException: Maximum execution time reached in /Users/tobias/Workspace/PHPStorm/bref/alarm.php:5
Stack trace:
#0 /Users/tobias/Workspace/PHPStorm/bref/alarm.php(13): {closure}(14, Array)
#1 /Users/tobias/Workspace/PHPStorm/bref/alarm.php(21): Worker->work()
#2 {main}
  thrown in /Users/tobias/Workspace/PHPStorm/bref/alarm.php on line 5


Actual result:
--------------
❯ php alarm.php
.[1]    41920 segmentation fault  php alarm.php


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-03-25 20:55 UTC] dc dot link at yahoo dot fr
Was unable to reproduce it with Mac Intel and M1 with and without debug. Does it occur all the time and was it build from source or is it homebrew/macports ?
 [2021-03-25 21:40 UTC] tobias dot nyholm at gmail dot com
Thank you for trying to reproduce. 

I've installed PHP with homebrew. The bug is present on PHP 7.4.10 and 7.4.14. Not on PHP 8.0.1

---------

❯ php -v
PHP 7.4.14 (cli) (built: Jan  5 2021 14:30:27) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.14, Copyright (c), by Zend Technologies
    with blackfire v1.48.1~mac-x64-non_zts74, https://blackfire.io, by Blackfire

❯ php alarm.php 
.[1]    33291 segmentation fault  php alarm.php


❯ php8 -v
PHP 8.0.1 (cli) (built: Jan  7 2021 17:26:28) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.1, Copyright (c) Zend Technologies
    with Xdebug v3.0.2, Copyright (c) 2002-2021, by Derick Rethans
    with Zend OPcache v8.0.1, Copyright (c), by Zend Technologies


❯ php8 alarm.php 
.PHP Fatal error:  Uncaught RuntimeException: Maximum execution time reached in /workspace/alarm.php:5
Stack trace:
#0 /workspace/alarm.php(13): {closure}(14, Array)
#1 /workspace/alarm.php(21): Worker->work()
#2 {main}
  thrown in /workspace/alarm.php on line 5

Fatal error: Uncaught RuntimeException: Maximum execution time reached in /workspace/alarm.php on line 5

RuntimeException: Maximum execution time reached in /workspace/alarm.php on line 5

Call Stack:
    0.0003     464296   1. {main}() /workspace/alarm.php:0
    0.0005     469392   2. Worker->work() /workspace/alarm.php:21
    2.0052     469896   3. {closure:/workspace/alarm.php:4-6}(14, ['signo' => 14, 'errno' => 0, 'code' => 0]) /workspace/alarm.php:13
 [2021-03-25 22:21 UTC] danack@php.net
Hi Tobias,

I think I can reproduce, but on an older version. Do you have a crash log in ~/Library/Logs/DiagnosticReports/ ?

That should contain a stacktrace. If one doesn't appear there, running the code with `sudo dtruss php debug.php` might be a magic invocation that makes one appear.

Please post the stacktrace if you can.
 [2021-03-25 22:29 UTC] tobias dot nyholm at gmail dot com
Great! Im happy the bug is fixed in later patch versions. Here is the crash log. 

---------------

Process:               php [15272]
Path:                  /usr/local/Cellar/php/7.4.10/bin/php
Identifier:            php
Version:               0
Code Type:             X86-64 (Native)
Parent Process:        zsh [24880]
Responsible:           phpstorm [2201]
User ID:               501

Date/Time:             2021-03-25 23:24:11.746 +0100
OS Version:            Mac OS X 10.15.7 (19H2)
Report Version:        12
Anonymous UUID:        187FC819-8EA4-6935-FB12-CD56C0275BA2

Sleep/Wake UUID:       A66D0A37-1DD8-4E1D-93EE-D2E20EEFB870

Time Awake Since Boot: 260000 seconds
Time Since Wake:       2800 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       EXC_I386_GPFLT
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [15272]

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   php                           	0x000000010ee3e203 ZEND_HANDLE_EXCEPTION_SPEC_HANDLER + 265
1   pcov.so                       	0x00000001129559cd php_pcov_execute_ex + 157
2   blackfire.so                  	0x0000000112f3c0fb bf_zend_execute + 43
3   php                           	0x000000010ee24bf6 ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER + 403
4   pcov.so                       	0x00000001129559cd php_pcov_execute_ex + 157
5   blackfire.so                  	0x0000000112f3c0fb bf_zend_execute + 43
6   php                           	0x000000010ee0948f zend_execute + 352
7   php                           	0x000000010edcc38d zend_execute_scripts + 277
8   php                           	0x000000010ed74985 php_execute_script + 482
9   php                           	0x000000010ee5316e do_cli + 3833
10  php                           	0x000000010ee520d3 main + 1211
11  libdyld.dylib                 	0x00007fff72755cc9 start + 1

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000080  rbx: 0x0000000000000006  rcx: 0x6972637320656874  rdx: 0x0000000000000024
  rdi: 0x0000000112a16100  rsi: 0x0000000000000006  rbp: 0x00007ffee113a9b0  rsp: 0x00007ffee113a990
   r8: 0x0000000112a16101   r9: 0x0000000112a161a0  r10: 0x0000000112b0cd80  r11: 0x0000000000000246
  r12: 0x0000000112b0b0c0  r13: 0x0000000112955bf8  r14: 0x0000000112a16100  r15: 0x00000000ffffffff
  rip: 0x000000010ee3e203  rfl: 0x0000000000010206  cr2: 0x000000010ee3e0fa
  
Logical CPU:     4
Error Code:      0x00000000
Trap Number:     13


Binary Images:
(Removed because they are not interesting)

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 964101
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=521.4M resident=0K(0%) swapped_out_or_unallocated=521.4M(100%)
Writable regions: Total=452.8M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=452.8M(100%)
 
                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Kernel Alloc Once                    8K        1 
MALLOC                            80.1M       23 
MALLOC guard page                   24K        5 
MALLOC_MEDIUM (reserved)         360.0M        3         reserved VM address space (unallocated)
Memory Tag 250                    2048K        1 
STACK GUARD                       56.0M        1 
Stack                             8192K        1 
VM_ALLOCATE                       2052K        1 
VM_ALLOCATE (reserved)             192K        1         reserved VM address space (unallocated)
__DATA                            7331K      198 
__DATA_CONST                      1628K       39 
__LINKEDIT                       394.9M       78 
__OBJC_RO                         32.3M        1 
__OBJC_RW                         1908K        2 
__TEXT                           126.6M      190 
__UNICODE                          564K        1 
shared memory                       12K        3 
===========                     =======  ======= 
TOTAL                              1.0G      549 
TOTAL, minus reserved VM space   713.1M      549
 [2021-04-19 10:38 UTC] nikic@php.net
Does the crash also occur under php -n (or maybe php -n -d extension=pcntl, dunno how these are loaded in your case)? Mainly wondering about the presence of pcov.
 [2021-05-11 06:47 UTC] krakjoe@php.net
-Status: Open +Status: Feedback
 [2021-05-11 06:47 UTC] krakjoe@php.net
Just to note, it's not possible to provide proper support for things involving blackfire, or any closed source extension.

In addition, blackfire specifically state that their extension is not compatible with pcov.

> If pcov extension is installed, Blackfire will not behave as expected; consider disabling it when profiling.

If the issue is reproducible without blackfire loaded, please update this bug report. 

If the issue disappears without blackfire, we can't help, you have  to go to blackfire for support.
 [2021-05-23 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC