Mediawiki does no longer respond (every page) after upgrade from php-5.6.9 to php-5.6.10. CPU usage of apache2 process goes near to 100% and the response times out. Following entry appears in the apache error.log: ================ %< ================ [Sat Jul 11 19:25:25 2015] [error] [client 192.168.13.27] PHP Fatal error: Maximum execution time of 30 seconds exceeded in /var/www/localhost/htdocs/mediawiki/includes/utils/MWCryptRand.php on line 320 ================ %< ================ Mediaiwki works fine after downgrade to php-5.6.9 again. Reproducible: Always Steps to Reproduce: 1. Install mediawiki-1.23.8 2. Install php-5.6.10 3. Browse to mediawiki home page Actual Results: Page stays blank, no response from server. Server goes up to 100% CPU usage for apache2 process until request times out. Expected Results: Delivery of the page $ emerge --info Portage 2.2.20 (python 2.7.9-final-0, default/linux/amd64/13.0, gcc-4.8.4, glibc-2.20-r2, 4.0.5-gentoo x86_64) ================================================================= System uname: Linux-4.0.5-gentoo-x86_64-Pentium-R-_Dual-Core_CPU_E6500_@_2.93GHz-with-gentoo-2.2 KiB Mem: 4045264 total, 223784 free KiB Swap: 12000548 total, 12000548 free Timestamp of repository gentoo: Sat, 11 Jul 2015 10:45:01 +0000 sh bash 4.3_p33-r2 ld GNU ld (Gentoo 2.24 p1.4) 2.24 ccache version 3.1.9 [enabled] app-shells/bash: 4.3_p33-r2::gentoo dev-java/java-config: 2.2.0::gentoo dev-lang/perl: 5.20.2::gentoo dev-lang/python: 2.7.9-r1::gentoo dev-util/ccache: 3.1.9-r4::gentoo dev-util/cmake: 3.2.2::gentoo dev-util/pkgconfig: 0.28-r2::gentoo sys-apps/baselayout: 2.2::gentoo sys-apps/openrc: 0.17::gentoo sys-apps/sandbox: 2.6-r1::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69::gentoo sys-devel/automake: 1.11.6-r1::gentoo, 1.14.1::gentoo sys-devel/binutils: 2.24-r3::gentoo sys-devel/gcc: 4.8.4::gentoo sys-devel/gcc-config: 1.7.3::gentoo sys-devel/libtool: 2.4.6::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 3.18::gentoo (virtual/os-headers) sys-libs/glibc: 2.20-r2::gentoo Repositories: gentoo location: /var/db/portage/tree/central sync-type: rsync sync-uri: rsync://rsync.de.gentoo.org/gentoo-portage priority: -1000 local location: /var/db/portage/local masters: gentoo priority: 0 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -mtune=native -Os -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -mtune=native -Os -pipe -fno-default-inline" DISTDIR="/var/db/portage/distfiles/bobbel" EMERGE_DEFAULT_OPTS="--autounmask=n --with-bdeps=y" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://sunsite.cnlab-switch.ch/mirror/gentoo/ http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://ftp.heanet.ie/pub/gentoo/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j2 -s" PKGDIR="/var/db/portage/packages/core2duo" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp/portage" USE="acl alsa amd64 bash-completion berkdb bzip2 caps cli cracklib crypt cups cxx dbus dri fam fortran gdbm gpm iconv icu idn jpeg jpeg2k logrotate mmx mmxext modules multilib ncurses nls nptl pam pcre png readline session sse sse2 sse3 ssl ssse3 syslog tcpd tiff unicode usb vim-syntax xattr zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 sse3 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="multiboot pc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7" RUBY_TARGETS="ruby19 ruby20" SANE_BACKENDS="net" USERLAND="GNU" VIDEO_CARDS="vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
(In reply to Joerg Schaible from comment #0) > Mediawiki does no longer respond (every page) after upgrade from php-5.6.9 > to php-5.6.10. CPU usage of apache2 process goes near to 100% and the > response times out. Following entry appears in the apache error.log: > > ================ %< ================ > [Sat Jul 11 19:25:25 2015] [error] [client 192.168.13.27] PHP Fatal error: > Maximum execution time of 30 seconds exceeded in > /var/www/localhost/htdocs/mediawiki/includes/utils/MWCryptRand.php on line > 320 > ================ %< ================ > > Mediaiwki works fine after downgrade to php-5.6.9 again. > https://git.wikimedia.org/blob/mediawiki%2Fcore/3d6956afe6b897a237b7b7b48416ad4ba9fc7679/includes%2Futils%2FMWCryptRand.php shows that the line listed above is: $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM ); 5.6.10 has this in the notes which could be related: Added file descriptor caching to mcrypt_create_iv().
Possible Upstream bug : https://phabricator.wikimedia.org/T104426 See also https://secure.php.net/manual/en/function.mcrypt-create-iv.php#117047
php-5.6.12 breaks mediawiki-1.23.8 as well
It's worse then just this. Basically mcrypt_create_iv is broken. Both $v=mcrypt_create_iv(64, MCRYPT_DEV_URANDOM); and $v=mcrypt_create_iv(64); just hang. Curiously this appears to be only connected to apache module, CLI works without problems. Haven't checked other SAPIs.
I think this may have been fixed upstream: https://bugs.php.net/bug.php?id=69833 Can you please try dev-lang/php-5.6.16 to see if that fixes the issue?
I'd rather not. Forgot to mention, this applies to me for dev-lang/php-5.5.30, I'm still fighting with (quite valid) new deprecations added by php-5.5 (having upgraded to 5.5 only because 5.4 was masked). Good thing is: manual inspection of the patch in issue you've linked to shows that it should apply cleanly. Bad thing is https://github.com/php/php-src/blob/PHP-5.5/ext/mcrypt/mcrypt.c#L494 shows it's not done upstream. The related 5.5 upstream issue https://bugs.php.net/bug.php?id=70150 is closed as duplicate without fixing it in 5.5.
(In reply to Wacław Schiller from comment #6) > I'd rather not. Forgot to mention, this applies to me for > dev-lang/php-5.5.30, I'm still fighting with (quite valid) new deprecations > added by php-5.5 (having upgraded to 5.5 only because 5.4 was masked). > > Good thing is: manual inspection of the patch in issue you've linked to > shows that it should apply cleanly. Bad thing is > https://github.com/php/php-src/blob/PHP-5.5/ext/mcrypt/mcrypt.c#L494 shows > it's not done upstream. > > The related 5.5 upstream issue https://bugs.php.net/bug.php?id=70150 is > closed as duplicate without fixing it in 5.5. I understand the reluctance to upgrade anything on a live system (especially with third party code like most PHP), but php-5.6 should be a pretty safe upgrade from php-5.5: http://php.net/manual/en/migration56.incompatible.php The big one to watch out for in my opinion is the SSL/TLS verification thing. But that's a trivial fix if you notice it in the logs. We masked php-5.4 because upstream dropped support for it. With php-7.0 recently released, php-5.5 will be next on the chopping block. Upstream is only applying critical fixes at this point, and without a really good reason, we're going to follow their lead.
Oh, and you wouldn't have to stick with php-5.6, it's just important that we know if the bug is really fixed there. If it is, that will help the other people with the same problem. If not, then we need to know so we can get it fixed!
Verified that it works with dev-lang/php-5.6.14 (the currently stable dev-lang/php:5.6). The code from upstream patch is also there. Supposedly it'll work with 5.6.16 as well. Have not checked using mediawiki as in original report, but using a) custom minimal script for that bug > $v=mcrypt_create_iv(64, MCRYPT_DEV_URANDOM); b) SilverStripe installation both of which hang on 5.5.30 and work on 5.6.14. That should probably close the issue for 5.6.
(In reply to Wacław Schiller from comment #9) > Verified that it works with dev-lang/php-5.6.14 (the currently stable > dev-lang/php:5.6). Thank you for verifying. Since upstream isn't interested in backporting this, we won't either: there are simply too many fixes in 5.6.x to be in that business. However, all of the dev-lang/php ebuilds allow you to apply your own patches using the /etc/portage/patches directory: https://wiki.gentoo.org/wiki//etc/portage/patches If you are stuck on the 5.5.x series, the upstream patch can be found at, http://git.php.net/?p=php-src.git;a=patch;h=80bc2133cd453c9a5981023d27e37bfd845172a1;hp=79cd9a18b505e8d77d16abe6ef146d4b4ff02ed9 and then dropped into /etc/portage/patches/dev-lang/php:5.5. Afterwards it should be applied whenever you emerge php-5.5.x.
