PHP random segfaults on session_start();

Bug #424789 reported by Chris on 2009-09-05
34
This bug affects 4 people
Affects Status Importance Assigned to Milestone
php-suhosin (Ubuntu)
Undecided
Unassigned
php5 (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: php5

Description: Ubuntu karmic (development branch)
Release: 9.10

libapache2-mod-php5:
  Installed: 5.2.10.dfsg.1-2ubuntu2
  Candidate: 5.2.10.dfsg.1-2ubuntu2

Localhost sites including MySqlAdmin are randomly producing;

[Sun Aug 23 20:00:15 2009] [notice] child pid 17481 exit signal Segmentation fault (11)
[Sun Aug 23 20:00:34 2009] [notice] child pid 17483 exit signal Segmentation fault (11)

in the apache logs. When this occurs the browser either reports no data or prompts to download the php file (an empty file). Testing indicates the fault occurs when the php file calls session_start().

Normally the page will load correctly after a fresh (or several).

ProblemType: Bug
Architecture: i386
Date: Sat Sep 5 12:31:34 2009
DistroRelease: Ubuntu 9.10
Package: libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu2
ProcEnviron:
 LANGUAGE=
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-9.29-generic
SourcePackage: php5
Uname: Linux 2.6.31-9-generic i686

Chris (chris-pm) wrote :
Chris (chris-pm) on 2009-09-05
description: updated
Niels Egberts (nielsegberts) wrote :

I'm confirming this issue.

Changed in php5 (Ubuntu):
status: New → Confirmed
Chris (chris-pm) on 2009-09-05
tags: added: karmic
Chris Gebhardt (dev-openserve) wrote :

I confirm this behavior as well. A php script with nothing more than session_start() will randomly segfault. I haven't been able to produce any similar issues with php-cli.

Chris (chris-pm) wrote :

This bug appears to be upstream, it has also been reported in Gentoo;

http://bugs.gentoo.org/show_bug.cgi?id=276583

Switching off session encryption in suhosin bypasses the issue for now. Workaround is to edit;

/etc/php5/apache2/conf.d/suhosin.ini

and add;

suhosin.session.encrypt = off

then restart Apache.

Gustavo A. Díaz (gdiaz) wrote :

Hi,

I also have this bug and noticed using ispCP (http://www.isp-control.net) with fcgid module of apache.
I've edited this file: /etc/php5/conf.d/suhosin.ini instead of the one mentioned above and now works.

Chuck Short (zulcss) wrote :

Hi I was able to reproduce this with the following setup:

apache2-mpm-worker 2.2.12-1ubuntu2
libapache2-mod-fcgid 1:2.2-1
php5-cgi 5.2.10.dfsg.1-2ubuntu3
php5-suhosin 0.9.28-1

The cause is definitely the php5-suhoshin module which is fixed in 0.9.28. I will ask for a FFE exception and a sync request.

Regards
chuck

Changed in php5 (Ubuntu):
status: Confirmed → In Progress
Changed in php-suhosin (Ubuntu):
status: New → Won't Fix
status: Won't Fix → New
Chuck Short (zulcss) wrote :

Hi I would like to ask for a FFE exception for php-suhosin. The debian changelog is the following:

 php-suhosin (0.9.28-1) unstable; urgency=low

   * New upstream version
     - Fixed crash bug with PHP 5.2.10 caused by a
       change in extension load order of ext/session
       (Closes: #538820)

 -- Alexander Wirt <email address hidden> Fri, 14 Aug 2009 08:09:56 +0200

Chris (chris-pm) wrote :

Hi Chuck,

When I first heard about suhosin causing the problem, my first attempt to work-around the problem was to uninstall the php-suhosin package. But this made no difference to the results/segfaults I was seeing.

Got me confused, but anything that fixes this is good news.

Scott Kitterman (kitterman) wrote :

No FFe needed for bugfixes. Unsubscribing motu-release.

Niels Egberts (nielsegberts) wrote :

With the provided workaround, I still get the segfaults sometimes.

Chris (chris-pm) wrote :

Niels,

Did you try editing;

/etc/php5/apache2/conf.d/suhosin.ini

as I suggested and

/etc/php5/conf.d/suhosin.ini

as Gustavo suggested?

You might need to modify both, since I've noticed that i've also got encryption as off in both files. I probably changed the php5/conf.d version in previous attempts to work-around this.

Change both files to have encryption off and you should be ok.

I could be wrong here, but I think the file Gustavo mentioned is related to the php5-suhosin package. But I believe the PHP5 modules being shipped also include a suhosin patch which is were the php5/conf.d version of the suhosin.ini comes in.

Confusing situation if we have two versions of suhosin on the go :(
One patched into PHP5 as well as a separate installed package.

Chuck Short (zulcss) wrote :

Hi,

Please sync php-suhosin from debian unstable. The changelog entry is the following:
 php-suhosin (0.9.28-1) unstable; urgency=low

   * New upstream version
     - Fixed crash bug with PHP 5.2.10 caused by a
       change in extension load order of ext/session
       (Closes: #538820)

 -- Alexander Wirt <email address hidden> Fri, 14 Aug 2009 08:09:56 +0200

Mmm could be. I think the other related to apache is when you use its module
cause on my installation (that I use fcgid and not libapache2-mod-php5) only
was in /etc/php5/conf.d/suhosin.ini. For now is working good :)

2009/9/11 Chris <email address hidden>

> Niels,
>
> Did you try editing;
>
> /etc/php5/apache2/conf.d/suhosin.ini
>
> as I suggested and
>
> /etc/php5/conf.d/suhosin.ini
>
> as Gustavo suggested?
>
> You might need to modify both, since I've noticed that i've also got
> encryption as off in both files. I probably changed the php5/conf.d
> version in previous attempts to work-around this.
>
> Change both files to have encryption off and you should be ok.
>
> I could be wrong here, but I think the file Gustavo mentioned is related
> to the php5-suhosin package. But I believe the PHP5 modules being
> shipped also include a suhosin patch which is were the php5/conf.d
> version of the suhosin.ini comes in.
>
> Confusing situation if we have two versions of suhosin on the go :(
> One patched into PHP5 as well as a separate installed package.
>
> --
> PHP random segfaults on session_start();
> https://bugs.launchpad.net/bugs/424789
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Iain Lane (laney) on 2009-09-14
Changed in php-suhosin (Ubuntu):
status: New → Confirmed
Changed in php-suhosin (Ubuntu):
status: Confirmed → Fix Released
Chuck Short (zulcss) wrote :

This should be fixed now.

Regards
chuck

Chuck Short (zulcss) wrote :

This should be fixed now in Karmic. Thanks for the bug report.

Regards
chuck

Changed in php5 (Ubuntu):
status: In Progress → Fix Released
Chris (chris-pm) wrote :

Many thanks.

I accepted the config files during the upgrades so all settings at default and working as expected.

:D

Gustavo A. Díaz (gdiaz) wrote :

Works fine for me too, thanks!

2009/9/18 Chris <email address hidden>

> Many thanks.
>
> I accepted the config files during the upgrades so all settings at
> default and working as expected.
>
> :D
>

--
Gustavo A. Díaz
GDNet Projects
www.gdnet.com.ar

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.