php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #70977 Segmentation fault (core dumped) with opcache.huge_code_pages=1
Submitted: 2015-11-26 14:42 UTC Modified: 2015-11-27 11:40 UTC
From: reynierpm at gmail dot com Assigned: laruence (profile)
Status: Closed Package: Reproducible crash
PHP Version: 7.0.0RC8 OS: CentOS 6.7
Private report: No CVE-ID: None
View Developer Edit
 [2015-11-26 14:42 UTC] reynierpm at gmail dot com 
Description:
------------
I tried to run "composer update" in a Symfony2 project and got the following error: "Segmentation fault (core dumped)". By setting opcache.huge_code_pages=0 at /etc/php.d/10-opcache.ini the issue gets fixed

Actual result:
--------------
(gdb) run /usr/local/bin/composer
Starting program: /usr/bin/php /usr/local/bin/composer
[Thread debugging using libthread_db enabled]
 
Program received signal SIGSEGV, Segmentation fault.
zend_llist_del_element (l=0x9dc8e0, element=0x0, compare=0x7ffff1b40590 <accelerator_remove_cb>) at /usr/src/debug/php-7.0.0RC8/Zend/zend_llist.c:91
91      {


(gdb) bt
#0  zend_llist_del_element (l=0x9dc8e0, element=0x0, compare=0x7ffff1b40590 <accelerator_remove_cb>) at /usr/src/debug/php-7.0.0RC8/Zend/zend_llist.c:91
#1  0x00007ffff1b425b1 in zps_startup_failure (extension=<value optimized out>) at /usr/src/debug/php-7.0.0RC8/ext/opcache/ZendAccelerator.c:2336
#2  accel_startup (extension=<value optimized out>) at /usr/src/debug/php-7.0.0RC8/ext/opcache/ZendAccelerator.c:2621
#3  0x00000000005edbb1 in zend_extension_startup (extension=0xa26c80) at /usr/src/debug/php-7.0.0RC8/Zend/zend_extensions.c:176
#4  0x00000000005d7123 in zend_llist_apply_with_del (l=0x9dc8e0, func=0x5edba0 <zend_extension_startup>) at /usr/src/debug/php-7.0.0RC8/Zend/zend_llist.c:171
#5  0x00000000005edb97 in zend_startup_extensions () at /usr/src/debug/php-7.0.0RC8/Zend/zend_extensions.c:197
#6  0x0000000000585815 in php_module_startup (sf=<value optimized out>, additional_modules=<value optimized out>, num_additional_modules=<value optimized out>) at /usr/src/debug/php-7.0.0RC8/main/main.c:2197
#7  0x00000000006761bd in php_cli_startup (sapi_module=<value optimized out>) at /usr/src/debug/php-7.0.0RC8/sapi/cli/php_cli.c:423
#8  0x00000000006778e1 in main (argc=2, argv=0x9dfad0) at /usr/src/debug/php-7.0.0RC8/sapi/cli/php_cli.c:1325

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-26 14:48 UTC] [email protected]
-Summary: Segmentation fault (core dumped) +Summary: Segmentation fault (core dumped) with opcache.huge_code_pages=1
 [2015-11-26 14:48 UTC] [email protected]
-Package: PHP Language Specification +Package: Reproducible crash
 [2015-11-26 15:21 UTC] [email protected]
-Status: Open +Status: Feedback -Assigned To: +Assigned To: laruence
 [2015-11-26 15:21 UTC] [email protected] 
from the description, it probably a duplictated to #70973 , could you please try the patch I commentted there?

thanks
 [2015-11-26 16:01 UTC] [email protected] 
@laruence: I'm giving first a try to http://git.php.net/?p=php-src.git;a=commitdiff;h=eb59dd7d8137c6567afcd579bcb3bd0298f5bbc4 which is not part of RC8
 [2015-11-26 16:10 UTC] [email protected] 
@remi: That commit looks suspicious. If I get the code right, this means that we'll skip memcpy'ing the text segment back into the newly mapped memory if the madvise fails. This means that when control flow returns to the PHP text segment we're executing uninitialized memory.

Btw, is it possible to map these as PROT_READ | PROT_WRITE only? I know it's only temporary, but it doesn't seem necessary to have this as w+x memory.
 [2015-11-26 16:43 UTC] [email protected] 
With patch proposed on 70973, same segfault.
 [2015-11-27 11:01 UTC] [email protected] 
could you please try the patch here? : http://pastebin.com/Xg2eVzYq

thanks
 [2015-11-27 11:40 UTC] [email protected] 
sorry, wrong paste, use this instead: http://pastebin.com/sqXMzZLT
 [2015-11-27 14:42 UTC] [email protected] 
With latest laruence's patch, segfault disappear.
 [2015-11-27 15:32 UTC] [email protected] 
Automatic comment on behalf of [email protected]
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e9a8d7ff1d59cbcaf4b5cec728a94fb0d54dd993
Log: Fixed bug #70977, #70973 (Segmentation fault with opcache.huge_code_pages=1)
 [2015-11-27 15:32 UTC] [email protected]
-Status: Feedback +Status: Closed
 [2016-07-20 11:35 UTC] [email protected] 
Automatic comment on behalf of [email protected]
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e9a8d7ff1d59cbcaf4b5cec728a94fb0d54dd993
Log: Fixed bug #70977, #70973 (Segmentation fault with opcache.huge_code_pages=1)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jun 08 19:01:26 2025 UTC