-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segmentation fault on script exit #9361
Comments
I had a look to try and understand what's going on. At the end of the request, the current memory limit is reset to the global one in case Line 2687 in aa702c5
The fact that this check succeeds either means that your current memory usage is actually above 8GB (in which case you would have an even larger It would be helpful to know:
If you provide this information I'll try to reconstruct a test case. You could also try running this script with Valgrind to see if you can get more information that way. |
We don't do any script side changes of the memory limit. Right before exiting the script, we actually had this call:
Which gave the following output: It is a script which reads in these 3 files, which contains network ranges along with metadata, that is then combined together to one single list, which is afterwards written out. I'll try to make a simplified version of the script that i can share, but the source data files i won't be able to share publicly. |
@dvaeversted Running with Valgrind might be your best bet as you can run your actual script and memory issues should be reported early. Just note that it will be very slow. |
We encountered the same problem and I tracked it down to an integer overflow with ZEND_MM_CHUNK_SIZE. My reproduction code is <?php
$result = [];
foreach (range(1, 11500000) as $i)
$result[] = ['i' => $i]; when called with php -n -d memory_limit=10G I fixed it by patching zend_alloc_sizes.h
The problem is code like commit 5675ebe Reason: cached_chunks_count is an int and when ZEND_MM_CHUNK_SIZE was declared int too the multiplication could overflow. As the result in both cases is size_t I think it is safe to declare ZEND_MM_CHUNK_SIZE as long to avoid this. |
That wouldn't work on Windows ( #define ZEND_MM_CHUNK_SIZE ((size_t) (2 * 1024 * 1024)) |
No kidding about it being very slow, took all night to complete.
However it did not segfault this time. I also tried out the reproducer that @chschneider shared:
I can confirm it does not crash on php 8.0.22, but does on 8.1.9 & 8.2.0beta3, also exhibiting the behavior that if setting If still needed, any input with exactly how i should run Valgrind would be much appreciated, not a C developer myself. |
According to @chschneider's analysis, this is a bug in the Zend memory manager, and as such won't occur when running with Zend/zend_alloc_sizes.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Zend/zend_alloc_sizes.h b/Zend/zend_alloc_sizes.h
index 9f1c00eaad..502b982a50 100644
--- a/Zend/zend_alloc_sizes.h
+++ b/Zend/zend_alloc_sizes.h
@@ -19,7 +19,7 @@
#ifndef ZEND_ALLOC_SIZES_H
#define ZEND_ALLOC_SIZES_H
-#define ZEND_MM_CHUNK_SIZE (2 * 1024 * 1024) /* 2 MB */
+#define ZEND_MM_CHUNK_SIZE ((size_t) (2 * 1024 * 1024)) /* 2 MB */
#define ZEND_MM_PAGE_SIZE (4 * 1024) /* 4 KB */
#define ZEND_MM_PAGES (ZEND_MM_CHUNK_SIZE / ZEND_MM_PAGE_SIZE) /* 512 */
#define ZEND_MM_FIRST_PAGE (1) And then run the script as usual (without valgrind). |
Just tested with the above patch, and it indeeds solves the SEGFAULT. Which also makes me believe that @chschneider's reproducer is accurate :-) |
Using a lot of memory may overflow some `int` calculations; to avoid that we make sure that the operands are promoted to `size_t`. This issue has been analyzed by @chschneider.
* PHP-8.0: Fix GH-9361: Segmentation fault on script exit
* PHP-8.1: Fix GH-9361: Segmentation fault on script exit
Description
After updating from PHP 8.0.X to 8.1.9, we started experiencing segfaults on a memory heavy script.
We run it using the following command line:
php -d memory_limit=8192M cronscript.php
I was unable to construct a reproducer at this time, but no extensions are used, it is a script that reads in 3 different large files, does some calculations through a bunch of loops, and will crash with a segfault at the end of script execution (either on
exit;
or just when no more lines are left in the script).We tested it on latest 8.2.0beta3, which exhibits the same problem, backtrace included as well.
From gdb i grabbed the following backtraces.
PHP 8.1.9:
PHP 8.2.0beta3:
PHP Version
PHP 8.1.9
Operating System
Centos 7, AlmaLinux 8
The text was updated successfully, but these errors were encountered: