Bug 1306219 - php-5.3 segfault.
php-5.3 segfault.
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: php (Show other bugs)
6.6
x86_64 Linux
unspecified Severity high
: rc
: ---
Assigned To: Web Stack Team
BaseOS QE - Apps
:
Depends On:
Blocks: 1269194
  Show dependency treegraph
 
Reported: 2016-02-10 05:58 EST by Patrick
Modified: 2017-06-01 17:18 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-06-01 17:18:44 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
httpd corefile (15.24 MB, application/x-gzip)
2016-02-10 06:17 EST, Patrick
no flags Details
php corefile (13.41 MB, application/x-gzip)
2016-02-10 06:20 EST, Patrick
no flags Details
sosreport (12.82 MB, application/x-xz)
2016-02-10 06:20 EST, Patrick
no flags Details
httpd-logs (18.27 MB, application/x-gzip)
2016-02-10 06:23 EST, Patrick
no flags Details

  None (edit)
Description Patrick 2016-02-10 05:58:24 EST
Description of problem:

Customer is having a segfault, from his php/httpd setup.
We tried to analyze the coredump but no lock on identifying the root cause:
Attaching the sosreport, 2 corefiles (from php ans httpd)



(gdb) bt -30
...
#21805 0x0000003ca7011bdc in match (
    eptr=0x74143b1 ".    \n", ' ' <repeats 26 times>, "\n", ' ' <repeats 22 times>, "\n", ' ' <repeats 20 times>, "\n", ' ' <repeats 18 times>, "\n", ' ' <repeats 22 times>, "\n", ' ' <repeats 26 times>, "\n", ' ' <repeats 30 times>, "\n", ' ' <repeats 23 times>..., ecode=0x6b51043 "_", 
    mstart=0x74143b1 ".    \n", ' ' <repeats 26 times>, "\n", ' ' <repeats 22 times>, "\n", ' ' <repeats 20 times>, "\n", ' ' <repeats 18 times>, "\n", ' ' <repeats 22 times>, "\n", ' ' <repeats 26 times>, "\n", ' ' <repeats 30 times>, "\n", ' ' <repeats 23 times>..., offset_top=2, md=0x7fffacbfa780, ims=0, eptrb=0x0, flags=0, rdepth=0) at pcre_exec.c:716
#21806 0x0000003ca7018812 in pcre_exec (argument_re=<value optimized out>, extra_data=<value optimized out>, subject=<value optimized out>, length=<value optimized out>, 
    start_offset=<value optimized out>, options=<value optimized out>, offsets=0x7388138, offsetcount=6) at pcre_exec.c:4850
#21807 0x0000000000467b13 in php_pcre_split_impl (pce=0x6b51100, 
---Type <return> to continue, or q <return> to quit---
    subject=0x7414188 " \n", ' ' <repeats 30 times>, "\n", ' ' <repeats 30 times>, "modernizing business  \n", ' ' <repeats 30 times>, "moving to an appbased workflow solves these problems and allows for instant communic"..., subject_len=14019, return_value=0x737f058, limit_val=-1, flags=<value optimized out>) at /usr/src/debug/php-5.3.3/ext/pcre/php_pcre.c:1489
#21808 0x00000000004680b5 in zif_preg_split (ht=<value optimized out>, return_value=0x737f058, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, 
    return_value_used=<value optimized out>) at /usr/src/debug/php-5.3.3/ext/pcre/php_pcre.c:1428
#21809 0x00000000005f69d8 in zend_do_fcall_common_helper_SPEC (execute_data=<value optimized out>) at /usr/src/debug/php-5.3.3/Zend/zend_vm_execute.h:316
#21810 0x00000000005cdb20 in execute (op_array=0x735b9c0) at /usr/src/debug/php-5.3.3/Zend/zend_vm_execute.h:107
#21811 0x000000000059e485 in zend_call_function (fci=0x7fffacbfacc0, fci_cache=<value optimized out>) at /usr/src/debug/php-5.3.3/Zend/zend_execute_API.c:965
#21812 0x00000000004f5ef7 in zif_call_user_func_array (ht=<value optimized out>, return_value=0x6af2fc8, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, 
    return_value_used=<value optimized out>) at /usr/src/debug/php-5.3.3/ext/standard/basic_functions.c:4790
#21813 0x00000000005f69d8 in zend_do_fcall_common_helper_SPEC (execute_data=<value optimized out>) at /usr/src/debug/php-5.3.3/Zend/zend_vm_execute.h:316
#21814 0x00000000005cdb20 in execute (op_array=0x36ad7b0) at /usr/src/debug/php-5.3.3/Zend/zend_vm_execute.h:107
#21815 0x000000000059e485 in zend_call_function (fci=0x7fffacbfb000, fci_cache=<value optimized out>) at /usr/src/debug/php-5.3.3/Zend/zend_execute_API.c:965
#21816 0x00000000004f5ef7 in zif_call_user_func_array (ht=<value optimized out>, return_value=0x67d98f0, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, 
    return_value_used=<value optimized out>) at /usr/src/debug/php-5.3.3/ext/standard/basic_functions.c:4790
#21817 0x00000000005f69d8 in zend_do_fcall_common_helper_SPEC (execute_data=<value optimized out>) at /usr/src/debug/php-5.3.3/Zend/zend_vm_execute.h:316
#21818 0x00000000005cdb20 in execute (op_array=0x2cc9a50) at /usr/src/debug/php-5.3.3/Zend/zend_vm_execute.h:107
#21819 0x000000000059e485 in zend_call_function (fci=0x7fffacbfb340, fci_cache=<value optimized out>) at /usr/src/debug/php-5.3.3/Zend/zend_execute_API.c:965
#21820 0x00000000004f5ef7 in zif_call_user_func_array (ht=<value optimized out>, return_value=0x33b17a0, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, 
    return_value_used=<value optimized out>) at /usr/src/debug/php-5.3.3/ext/standard/basic_functions.c:4790
#21821 0x00000000005f69d8 in zend_do_fcall_common_helper_SPEC (execute_data=<value optimized out>) at /usr/src/debug/php-5.3.3/Zend/zend_vm_execute.h:316
#21822 0x00000000005cdb20 in execute (op_array=0x2c45660) at /usr/src/debug/php-5.3.3/Zend/zend_vm_execute.h:107
#21823 0x00000000005a7d3d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/debug/php-5.3.3/Zend/zend.c:1235
#21824 0x0000000000555dc8 in php_execute_script (primary_file=0x7fffacbfdba0) at /usr/src/debug/php-5.3.3/main/main.c:2268
#21825 0x0000000000632185 in main (argc=13, argv=0x7fffacbfdda8) at /usr/src/debug/php-5.3.3/sapi/cli/php_cli.c:1192




Version-Release number of selected component (if applicable):
httpd-2.2.15-39.el6.x86_64                                  
httpd-tools-2.2.15-39.el6.x86_64 
php-5.3.3-40.el6_6.x86_64
Comment 2 Patrick 2016-02-10 06:17 EST
Created attachment 1122770 [details]
httpd corefile
Comment 3 Patrick 2016-02-10 06:20 EST
Created attachment 1122771 [details]
php corefile
Comment 4 Patrick 2016-02-10 06:20 EST
Created attachment 1122772 [details]
sosreport
Comment 5 Patrick 2016-02-10 06:23 EST
Created attachment 1122773 [details]
httpd-logs
Comment 6 Robert Bost 2016-03-08 18:06:02 EST
I think the issue here is that stack size ulimit is being exceeded.

Here is an excerpt from the pcre_stack man page:

~~~~~~
As a very rough rule of thumb, you should reckon on about 500 bytes per recursion. Thus, if you want to limit your stack usage to 8Mb, you should set the limit at 16000 recursions

...

In  Unix-like  environments, there is not often a problem with the stack unless very long strings are involved, though the default limit on stack size varies from system to system.
Values from 8Mb to 64Mb are common. You can find your default limit by running the command:

 ulimit -s

Unfortunately, the effect of running out of stack is often SIGSEGV, though sometimes a more explicit error message is given.
~~~~~~

Assuming roughly 500 bytes per recursion and you have about 21805 recursions: 21805 * 500 = 10902500 bytes = 10902 kilobytes. The default stack size ulimit in RHEL 6 is 10240 kilobytes. 10902k is close enough to 10240k that we can say the stack size was exceeded.
Comment 8 Chris Williams 2017-06-01 17:18:44 EDT
Red Hat Enterprise Linux 6 transitioned to the Production 3 Phase on May 10, 2017.  During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not appear to meet the inclusion criteria for the Production Phase 3 and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification.  Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com

Note You need to log in before you can comment on or make changes to this bug.