Edit report at https://bugs.php.net/bug.php?id=65200&edit=1
ID: 65200
Comment by: mmucklo at corp dot oodle dot com
Reported by: mmucklo at corp dot oodle dot com
Summary: Seg faults in php_free_pcre_cache on child exit
Status: Feedback
Type: Bug
Package: *General Issues
Operating System: RHEL 6.4
PHP Version: 5.4.16
Block user comment: N
Private report: N
New Comment:
Upgraded to PHP 5.4.17, fewer cores, it seems, but still seeing a couple so
far...
The backtrace has changed, though:
----------------------------------
Core was generated by `/service/local/apache/bin/httpd -f
/service/conf/httpd.qvc.conf'.
Program terminated with signal 11, Segmentation fault.
#0 __memcmp_sse2 () at ../sysdeps/x86_64/memcmp.S:57
57 movl (%rdi), %eax
(gdb) bt
#0 __memcmp_sse2 () at ../sysdeps/x86_64/memcmp.S:57
#1 0x00007f15016adb0a in zend_mm_check_ptr (heap=0xdc3a10, ptr=0x7f14dc01e2a8,
silent=0, __zend_filename=0x7f1501c250a8 "/workspace/source/external/build/php-
5.4.17-apache/Zend/zend_opcode.c", __zend_lineno=364, __zend_orig_filename=0x0,
__zend_orig_lineno=0)
at /workspace/source/external/build/php-5.4.17-apache/Zend/zend_alloc.c:1515
#2 0x00007f15016ad65a in zend_mm_check_ptr (heap=0xdc3a10, ptr=0x7f14dc01e2a8,
silent=1, __zend_filename=0x7f1501c250a8 "/workspace/source/external/build/php-
5.4.17-apache/Zend/zend_opcode.c", __zend_lineno=364, __zend_orig_filename=0x0,
__zend_orig_lineno=0)
at /workspace/source/external/build/php-5.4.17-apache/Zend/zend_alloc.c:1416
#3 0x00007f15016af182 in _zend_mm_free_int (heap=0xdc3a10, p=0x7f14dc01e2a8,
__zend_filename=0x7f1501c250a8 "/workspace/source/external/build/php-5.4.17-
apache/Zend/zend_opcode.c", __zend_lineno=364, __zend_orig_filename=0x0,
__zend_orig_lineno=0)
at /workspace/source/external/build/php-5.4.17-apache/Zend/zend_alloc.c:2064
#4 0x00007f15016b080d in _efree (ptr=0x7f14dc01e2a8,
__zend_filename=0x7f1501c250a8 "/workspace/source/external/build/php-5.4.17-
apache/Zend/zend_opcode.c", __zend_lineno=364, __zend_orig_filename=0x0,
__zend_orig_lineno=0) at /workspace/source/external/build/php-5.4.17-
apache/Zend/zend_alloc.c:2436
#5 0x00007f15016d95a1 in destroy_op_array (op_array=0x1470ab8) at
/workspace/source/external/build/php-5.4.17-apache/Zend/zend_opcode.c:364
#6 0x00007f15016d890f in destroy_zend_function (function=0x1470ab8) at
/workspace/source/external/build/php-5.4.17-apache/Zend/zend_opcode.c:112
#7 0x00007f15016d8929 in zend_function_dtor (function=0x1470ab8) at
/workspace/source/external/build/php-5.4.17-apache/Zend/zend_opcode.c:124
#8 0x00007f15016f9ecf in zend_hash_destroy (ht=0x1470698) at
/workspace/source/external/build/php-5.4.17-apache/Zend/zend_hash.c:560
#9 0x00007f15016d923d in destroy_zend_class (pce=0x3586b48) at
/workspace/source/external/build/php-5.4.17-apache/Zend/zend_opcode.c:296
#10 0x00007f15016fa2bc in zend_hash_apply_deleter (ht=0xdc4370, p=0x3586b30) at
/workspace/source/external/build/php-5.4.17-apache/Zend/zend_hash.c:650
#11 0x00007f15016fa979 in zend_hash_reverse_apply (ht=0xdc4370,
apply_func=0x7f15016d200e <clean_non_persistent_class>) at
/workspace/source/external/build/php-5.4.17-apache/Zend/zend_hash.c:804
#12 0x00007f15016d287e in shutdown_executor () at
/workspace/source/external/build/php-5.4.17-apache/Zend/zend_execute_API.c:303
#13 0x00007f15016e6e56 in zend_deactivate () at
/workspace/source/external/build/php-5.4.17-apache/Zend/zend.c:938
#14 0x00007f1501652b03 in php_request_shutdown (dummy=0x0) at
/workspace/source/external/build/php-5.4.17-apache/main/main.c:1800
#15 0x00007f1501792808 in php_apache_request_dtor (r=0x1383150) at
/workspace/source/external/build/php-5.4.17-
apache/sapi/apache2handler/sapi_apache2.c:507
#16 0x00007f1501793079 in php_handler (r=0x1383150) at
/workspace/source/external/build/php-5.4.17-
apache/sapi/apache2handler/sapi_apache2.c:679
#17 0x0000000000441d90 in ap_run_handler (r=0x1383150) at config.c:158
#18 0x00000000004453ee in ap_invoke_handler (r=0x1383150) at config.c:376
#19 0x000000000048ca60 in ap_process_request (r=0x1383150) at http_request.c:282
#20 0x0000000000489a08 in ap_process_http_connection (c=0x13752d0) at
http_core.c:190
#21 0x0000000000449330 in ap_run_process_connection (c=0x13752d0) at
connection.c:43
#22 0x00000000004b9bc8 in child_main (child_num_arg=<value optimized out>) at
prefork.c:667
#23 0x00000000004b9ec4 in make_child (s=0xc51c80, slot=16) at prefork.c:768
#24 0x00000000004bab17 in perform_idle_server_maintenance (_pconf=<value
optimized out>, plog=<value optimized out>, s=<value optimized out>) at
prefork.c:903
#25 ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=
<value optimized out>) at prefork.c:1107
#26 0x000000000042e524 in main (argc=3, argv=0x7fffd6d0d018) at main.c:753
Previous Comments:
------------------------------------------------------------------------
[2013-07-08 07:16:05] [email protected]
>From what i could analyse yet, this issue locale related. It happens on
>prefork
child shutdown, so also PHP module shutdown. From this point not very bad. The
PCRE patterns are cached by locale, so it might be reproduceable with a
scenario
like this
- set locale
- do some pcre stuff
- change locale
- do some pcre stuff
.......
This is most likely a race condition in MSHUTDOWN while freeing PCRE cache
under
Apache prefork.
You could try a simple script with this scenario. I'll be doing the same in the
meantime. Or maybe you recognize this pattern in your app? Unfortunately that's
all I could read from the BT so far.
Thanks
------------------------------------------------------------------------
[2013-07-06 00:59:14] mmucklo at corp dot oodle dot com
It's probably not possible to boil into a single script as we're running
symfony2
which is pulling in probably hundreds of files and various dependencies just to
generate a single page.
It does seem to happen rather consistently under simple manual testing of our
site
on a QA machine.
Is there anything else we can do to help isolate the issue?
------------------------------------------------------------------------
[2013-07-04 06:36:07] [email protected]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2013-07-03 23:18:56] mmucklo at corp dot oodle dot com
Description:
------------
Seeing regular Seg faults during child process clean up.
Apache 2.2.24
PHP 5.4.16
Backtrace:
Core was generated by `/service/local/apache/bin/httpd -f
/service/conf/httpd.qvc.conf'.
Program terminated with signal 6, Aborted.
#0 0x00000031d26328a5 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.23-
13.el6_3.1.x86_64 glibc-2.12-1.107.el6.x86_64 libgcc-4.4.7-3.el6.x86_64
libstdc++-4.4.7-3.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64
(gdb) bt
#0 0x00000031d26328a5 in raise () from /lib64/libc.so.6
#1 0x00000031d2634085 in abort () from /lib64/libc.so.6
#2 0x00000031d26707b7 in __libc_message () from /lib64/libc.so.6
#3 0x00000031d26760e6 in malloc_printerr () from /lib64/libc.so.6
#4 0x00000031d267656d in malloc_consolidate () from /lib64/libc.so.6
#5 0x00000031d2678ba8 in _int_free () from /lib64/libc.so.6
#6 0x00007fbc90e882f3 in php_free_pcre_cache (data=0x3c9c220) at
/workspace/source/external/build/php-5.4.16-apache/ext/pcre/php_pcre.c:96
#7 0x00007fbc913a8453 in zend_hash_destroy (ht=0x7fbc91c48060) at
/workspace/source/external/build/php-5.4.16-apache/Zend/zend_hash.c:560
#8 0x00007fbc90e88382 in zm_globals_dtor_pcre (pcre_globals=0x7fbc91c48060) at
/workspace/source/external/build/php-5.4.16-apache/ext/pcre/php_pcre.c:113
#9 0x00007fbc9139fe71 in module_destructor (module=0x1d80480) at
/workspace/source/external/build/php-5.4.16-apache/Zend/zend_API.c:2308
#10 0x00007fbc913a8840 in zend_hash_apply_deleter (ht=0x7fbc91c50480,
p=0x1d80420) at /workspace/source/external/build/php-5.4.16-
apache/Zend/zend_hash.c:650
#11 0x00007fbc913a89db in zend_hash_graceful_reverse_destroy
(ht=0x7fbc91c50480)
at /workspace/source/external/build/php-5.4.16-apache/Zend/zend_hash.c:687
#12 0x00007fbc9139e01e in zend_destroy_modules () at
/workspace/source/external/build/php-5.4.16-apache/Zend/zend_API.c:1832
#13 0x00007fbc91394fb2 in zend_shutdown () at
/workspace/source/external/build/php-5.4.16-apache/Zend/zend.c:820
#14 0x00007fbc91302145 in php_module_shutdown () at
/workspace/source/external/build/php-5.4.16-apache/main/main.c:2367
#15 0x00007fbc91302111 in php_module_shutdown_wrapper
(sapi_globals=0x7fbc91c2c680) at /workspace/source/external/build/php-5.4.16-
apache/main/main.c:2335
#16 0x00007fbc91440916 in php_apache_child_shutdown (tmp=0x0) at
/workspace/source/external/build/php-5.4.16-
apache/sapi/apache2handler/sapi_apache2.c:398
#17 0x00007fbc91c6ff2e in run_cleanups (pool=0x2310c08) at
memory/unix/apr_pools.c:2352
#18 apr_pool_destroy (pool=0x2310c08) at memory/unix/apr_pools.c:814
#19 0x00000000004b8d0e in clean_child_exit (code=0) at prefork.c:196
#20 0x00000000004b9129 in child_main (child_num_arg=<value optimized out>) at
prefork.c:692
#21 0x00000000004b9374 in make_child (s=0x1bf0c80, slot=12) at prefork.c:768
#22 0x00000000004b9fc7 in perform_idle_server_maintenance (_pconf=<value
optimized out>, plog=<value optimized out>, s=<value optimized out>) at
prefork.c:903
#23 ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=
<value optimized out>) at prefork.c:1107
#24 0x000000000042e564 in main (argc=3, argv=0x7fff92dd5198) at main.c:753
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=65200&edit=1
