Description
The following code:
(Installed Nextcloud 33 + Postgres and added an IMAP account to Nextcloud Mail)
php-zts occ mail:account:sync 24
Resulted in this output:
It reliably hangs. Maybe a memory corruption? I would love it to just crash, but the symptom is that it starts to spin forever in zend_hash_find_bucket (the line idx = Z_NEXT(p->val); keeps idx being zero). I know this is hot code, but for safety against hanging, there could maybe be some assertion that ensures that idx changes at least once in a while? 100% CPU spins like this could get expensive at scale.
#0 0x000055b3c8dbda37 in zend_hash_find ()
#1 0x000055b3c871b929 in pcre_get_compiled_regex_cache_ex ()
#2 0x000055b3c871f4cd in ?? ()
#3 0x000055b3c871f2e0 in ?? ()
#4 0x000055b3c871f8e9 in ?? ()
#5 0x000055b3c8d3700d in ?? ()
#6 0x000055b3c8cdfbb9 in execute_ex ()
#7 0x000055b3c8cdff75 in zend_execute ()
#8 0x000055b3c8e25b72 in zend_execute_script ()
#9 0x000055b3c8bf0f28 in php_execute_script_ex ()
#10 0x000055b3c8e2a021 in ?? ()
#11 0x000055b3c8e28056 in ?? ()
#12 0x00007f8487e8a8d0 in libc_start_main_stage2 (main=0x55b3c8e26690, argc=4, argv=0x7ffffc22e278) at src/env/__libc_start_main.c:95
#13 0x000055b3c8518b56 in _start ()
If I force return in GDB (set $rax=0; return - saying there is no matching hash), it dies on a null pointer dereference later on.
But I expected this output instead:
(this is normal successful execution)
Sorry for no minimized reproducer yet. Is there something I could do without minimizing the test case? I am trying to get a better backtrace, but I believe building with ASAN would work best.
Known working version (Alpine system PHP):
$ php85 -v
PHP 8.5.6 (cli) (built: May 7 2026 16:54:58) (NTS)
Copyright (c) The PHP Group
Built by Alpine Linux aports
Zend Engine v4.5.6, Copyright (c) Zend Technologies
with Zend OPcache v8.5.6, Copyright (c), by Zend Technologies
Known broken version: (added https://pkg.henderkes.com/api/packages/85/alpine/main/php-zts to /etc/apk/repositories and installed php-zts)
PHP Version
PHP 8.5.6 (cli) (built: May 8 2026 14:59:54) (ZTS zig 0.16.0 x86_64)
Copyright (c) The PHP Group
Built by Static PHP <https://static-php.dev> #StandWithUkraine
Zend Engine v4.5.6, Copyright (c) Zend Technologies
with Zend OPcache v8.5.6, Copyright (c), by Zend Technologies
Operating System
Alpine 3.23.4
Description
The following code:
(Installed Nextcloud 33 + Postgres and added an IMAP account to Nextcloud Mail)
Resulted in this output:
It reliably hangs. Maybe a memory corruption? I would love it to just crash, but the symptom is that it starts to spin forever in zend_hash_find_bucket (the line
idx = Z_NEXT(p->val);keeps idx being zero). I know this is hot code, but for safety against hanging, there could maybe be some assertion that ensures that idx changes at least once in a while? 100% CPU spins like this could get expensive at scale.If I force return in GDB (set $rax=0; return - saying there is no matching hash), it dies on a null pointer dereference later on.
But I expected this output instead:
(this is normal successful execution)
Sorry for no minimized reproducer yet. Is there something I could do without minimizing the test case? I am trying to get a better backtrace, but I believe building with ASAN would work best.
Known working version (Alpine system PHP):
Known broken version: (added https://pkg.henderkes.com/api/packages/85/alpine/main/php-zts to /etc/apk/repositories and installed php-zts)
PHP Version
Operating System
Alpine 3.23.4