From: askalski at gmail dot com Operating system: Linux PHP version: 5.4.20 Package: Reproducible crash Bug Type: Bug Bug description:crash on shutdown because of zend extension cleanup order
Description: ------------ php_module_startup() initializes modules first, extensions second. However, zend_shutdown() destroys them in the same order (modules first, extensions second), rather than in stack order as one would expect. Furthermore, it seems (based on reading the zend_startup_extensions() zend_shutdown_extensions() functions) that if multiple zend extensions are loaded, they are destroyed in the wrong order as well. Multiple modules work fine; they are destroyed in stack order. To reproduce the issue, load an extension and module which both override the same Zend structure. For example, loading both OpCache 7.0.2 and APC 3.1.13 will cause a segfault on shutdown because of improper cleanup order of orig_interned_strings_start, old_interned_strings_start, and compiler_globals.interned_strings_start. I'm aware that the example sounds like a bizarre combination of modules and extensions here; I'm reporting the bug because it points at an issue in PHP itself. The specific use case for loading both APC and OpCache is to use OpCache for opcodes and APC with apc.cache_by_default=0 for the apc_store/apc_fetch userland functions. Test script: --------------- zend_extension=/usr/lib64/php/modules/opcache.so extension=apc.so Load both OpCache and APC in mod_php in Apache "prefork" mode. Send SIGTERM to one of the workers (or simply send enough requests to make Apache reap the worker), and watch for the Segmentation fault in Apache's error_log. Expected result: ---------------- No crash. Actual result: -------------- Segmentation fault. -- Edit bug report at https://bugs.php.net/bug.php?id=65822&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=65822&r=trysnapshot54 Try a snapshot (PHP 5.5): https://bugs.php.net/fix.php?id=65822&r=trysnapshot55 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=65822&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=65822&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=65822&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=65822&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=65822&r=needscript Try newer version: https://bugs.php.net/fix.php?id=65822&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=65822&r=support Expected behavior: https://bugs.php.net/fix.php?id=65822&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=65822&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=65822&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=65822&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65822&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=65822&r=dst IIS Stability: https://bugs.php.net/fix.php?id=65822&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=65822&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=65822&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=65822&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=65822&r=mysqlcfg