#295 closed defect (fixed)

PHP 5.4.9 TRAITS with Xcache -> SEG FAULT

Reported by: alexz Owned by: moo
Priority: blocker Milestone: 3.0.1
Component: cacher Version: 3.0.0
Keywords: Traits php5.4 Cc: herbert.roth@…, alexander.zamponi@…
Application: PHP Version: 5.4.9-4~precise+1
Other Exts: SAPI: apache2handler
Probability: Always Blocked By:
Blocking:

Description (last modified by moo)

Hi!

Have a problem with php traits and xcache! Whenever I try to use traits apache has an segmentation fault.
If I disable Xcache everything works fine, if I re-enable it it crashes again!

System ENV:

Ubuntu 12.04
PHP 5.4.9-4~precise+1
Apache2
XCache 3.0.0

Thanks for support!
alex

Full GDB Trace:

Thread 1 (Thread 0x7fbec1f99740 (LWP 4020)):
#0  zend_mm_remove_from_free_list (heap=0x7fbec2477c40, mm_block=0x7fbea484adb0) at /build/buildd/php5-5.4.9/Zend/zend_alloc.c:833
        next = 0x65527465735f7473
#1  0x00007fbebe315c90 in _zend_mm_free_int (heap=0x7fbec2477c40, p=0x7fbea484adc0) at /build/buildd/php5-5.4.9/Zend/zend_alloc.c:2101
        mm_block = 0x7fbea484adb0
        next_block = 0x7fbea484adb0
        size = 0
#2  0x00007fbebe3326f8 in zend_clear_trait_method_name (op_array=0x7fbec2cb0ad8) at /build/buildd/php5-5.4.9/Zend/zend_opcode.c:273
No locals.
#3  0x00007fbebe34b074 in zend_hash_apply (ht=0x7fbec2cb07c0, apply_func=0x7fbebe3326e0 <zend_clear_trait_method_name>) at /build/buildd/php5-5.4.9/Zend/zend_hash.c:716
        result = -1026881640
        p = 0x7fbec2cb0a68
#4  0x00007fbebe332dcf in destroy_zend_class (pce=0x7fbec2477c40) at /build/buildd/php5-5.4.9/Zend/zend_opcode.c:312
        ce = 0x7fbec2cb0798
#5  0x00007fbebe332e17 in _destroy_zend_class_traits_info (ce=0x7fbec2c9fcc8) at /build/buildd/php5-5.4.9/Zend/zend_opcode.c:221
        i = 0
#6  0x00007fbebe332ca2 in destroy_zend_class (pce=0x7fbec2477c40) at /build/buildd/php5-5.4.9/Zend/zend_opcode.c:323
        ce = 0x7fbec2c9fcc8
#7  0x00007fbebe3497f5 in zend_hash_apply_deleter () at /build/buildd/php5-5.4.9/Zend/zend_hash.c:650
No locals.
#8  0x00007fbebe34b331 in zend_hash_reverse_apply (ht=0x7fbec24785a0, apply_func=0x7fbebe32da10 <clean_non_persistent_class>) at /build/buildd/php5-5.4.9/Zend/zend_hash.c:804
        result = 1
#9  0x00007fbebe32e136 in shutdown_executor () at /build/buildd/php5-5.4.9/Zend/zend_execute_API.c:305
        __orig_bailout = <incomplete type>
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
        __orig_bailout = <incomplete type>
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
        __bailout = {{__jmpbuf = {3198472128, 32702, 1352255362, 3448805185, 3252416672, 32702, 0, 0}, __mask_was_saved = 0, __saved_mask = {__val = {1434306434, 3448805149, 0, 0, 3142056427, 32702, 3198449632, 32702, 3198470208, 32702, 
                3259198880, 32702, 3259188672, 32702, 3259198856, 32702}}}}
#10 0x00007fbebe33cdc5 in zend_deactivate () at /build/buildd/php5-5.4.9/Zend/zend.c:938
        __orig_bailout = <incomplete type>
---Type <return> to continue, or q <return> to quit---
        __bailout = {{__jmpbuf = {0, 0, 3198470208, 32702, 3204040578, 3448804975, 3252416672, 32702}, __mask_was_saved = -1254897790, __saved_mask = {__val = {0, 0, 0, 0, 0, 0, 3259177752, 32702, 8192, 0, 294, 0, 0, 0, 3198470208, 32702}}}}
        __orig_bailout = <incomplete type>
        __bailout = {{__jmpbuf = {0, 0, 3198470208, 32702, 3204040578, 3448804975, 3252416672, 32702}, __mask_was_saved = -1254897790, __saved_mask = {__val = {0, 0, 0, 0, 0, 0, 3259177752, 32702, 8192, 0, 294, 0, 0, 0, 3198470208, 32702}}}}
        __orig_bailout = <incomplete type>
        __bailout = {{__jmpbuf = {0, 0, 3198470208, 32702, 3204040578, 3448804975, 3252416672, 32702}, __mask_was_saved = -1254897790, __saved_mask = {__val = {0, 0, 0, 0, 0, 0, 3259177752, 32702, 8192, 0, 294, 0, 0, 0, 3198470208, 32702}}}}
        __orig_bailout = <incomplete type>
        __bailout = {{__jmpbuf = {0, 0, 3198470208, 32702, 3204040578, 3448804975, 3252416672, 32702}, __mask_was_saved = -1254897790, __saved_mask = {__val = {0, 0, 0, 0, 0, 0, 3259177752, 32702, 8192, 0, 294, 0, 0, 0, 3198470208, 32702}}}}
        __orig_bailout = <incomplete type>
        __bailout = {{__jmpbuf = {0, 0, 3198470208, 32702, 3204040578, 3448804975, 3252416672, 32702}, __mask_was_saved = -1254897790, __saved_mask = {__val = {0, 0, 0, 0, 0, 0, 3259177752, 32702, 8192, 0, 294, 0, 0, 0, 3198470208, 32702}}}}
        __orig_bailout = <incomplete type>
        __bailout = {{__jmpbuf = {0, 0, 3198470208, 32702, 3204040578, 3448804975, 3252416672, 32702}, __mask_was_saved = -1254897790, __saved_mask = {__val = {0, 0, 0, 0, 0, 0, 3259177752, 32702, 8192, 0, 294, 0, 0, 0, 3198470208, 32702}}}}
        __orig_bailout = <incomplete type>
        __bailout = {{__jmpbuf = {0, 0, 3198470208, 32702, 3204040578, 3448804975, 3252416672, 32702}, __mask_was_saved = -1254897790, __saved_mask = {__val = {0, 0, 0, 0, 0, 0, 3259177752, 32702, 8192, 0, 294, 0, 0, 0, 3198470208, 32702}}}}
#11 0x00007fbebe2dc117 in php_request_shutdown (dummy=0x7fbec2477c40) at /build/buildd/php5-5.4.9/main/main.c:1790
        report_memleaks = 1 '\001'
#12 0x00007fbebe3e6997 in php_handler (r=0x7fbebe3e6997) at /build/buildd/php5-5.4.9/sapi/apache2handler/sapi_apache2.c:520
        ctx = 0x1
        conf = 0x7fbec1dbf0a0
        brigade = 0x7fbec1db4278
        bucket = 0x65757165725f7274
        rv = 1918857844
        parent_req = 0x7fbec1db4a38
#13 0x00007fbec1feb508 in ap_run_handler ()
No symbol table info available.
#14 0x00007fbec1feb97e in ap_invoke_handler ()
No symbol table info available.
#15 0x00007fbec1ffb570 in ap_process_request ()
No symbol table info available.
#16 0x00007fbec1ff8398 in ?? ()
No symbol table info available.
#17 0x00007fbec1ff1fa8 in ap_run_process_connection ()
No symbol table info available.
#18 0x00007fbec20001d0 in ?? ()
No symbol table info available.
#19 0x00007fbec200093a in ?? ()
No symbol table info available.
#20 0x00007fbec20014e7 in ap_mpm_run ()
No symbol table info available.
#21 0x00007fbec1fd64a4 in main ()
No symbol table info available.

Change History (11)

comment:1 Changed 22 months ago by alexz

  • Cc alexander.zamponi@… added

comment:2 Changed 22 months ago by slight

Hi,

I think I'm seeing the same, but it's hard to tell as I can only reproduce on a production server so I can't test properly and there's nothing showing up in the logs. But with XCache enabled pages have connection resets. It seems to be limited to Apache(2) though, the same code run via the CLI is fine (XCache is definitely enabled on both).

Debian Squeeze.
PHP 5.4 5.4.9-1~dotdeb.0
Apache2 2.2.16-6+squeeze6
Tried with XCache 3.0.0 (20121029), 2.0.0 (20120420) and 2.0.1 (20120714)

Thanks!

comment:3 Changed 22 months ago by alexz

Hi again,

Just tested it with nginx, and it's the same problem:

[error] 984#0: *6 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 192.168.1.46, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "192.168.1.144:8080"

alex

comment:4 Changed 22 months ago by moo

  • Description modified (diff)
  • Milestone changed from undecided to 3.0.1

thanks for reporting, this issue is being investigated

comment:5 Changed 22 months ago by alexz

Short update:

if I create a empty trait (or a trait only with properties ) everything works fine but when I add a function the described problem occurs!

comment:6 Changed 22 months ago by moo

  • Status changed from new to assigned

confirmed with 5.4.9. by looking changes in php git, it seems introduced by PHP 5.4.8 (changed from 5.4.7)

comment:7 Changed 22 months ago by moo

defect inspected. workaround: xcache.readonly_protection=on. fixing

comment:8 Changed 22 months ago by moo

  • Resolution set to fixed
  • Status changed from assigned to closed

fixed in [1196]

comment:9 Changed 22 months ago by alexz

  • Resolution fixed deleted
  • Status changed from closed to reopened

workaround doesn't work...

Apache2: works for the first request but every other request gets a seg fault

Nginx: doesn't work

comment:10 Changed 22 months ago by slight

Workaround works for me on Apache2 if I also set:

xcache.mmap_path = "/tmp/xcache"

comment:11 Changed 22 months ago by moo

  • Resolution set to fixed
  • Status changed from reopened to closed

xcache.mmap_path = "/tmp/xcache" is required to enable readonly protection. the workaround was not a fit, the fix is committed trunk already

Note: See TracTickets for help on using tickets.