php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62757 php-fpm carshed when used apc_bin_dumpfile with apc.serializer
Submitted: 2012-08-06 12:51 UTC Modified: 2012-08-10 14:43 UTC
From: cfc4n at cnxct dot com Assigned: laruence (profile)
Status: Closed Package: APC (PECL)
PHP Version: 5.3.10 OS: CentOS 5.6
Private report: No CVE-ID: None
 [2012-08-06 12:51 UTC] cfc4n at cnxct dot com
Description:
------------
My php.ini config with this:
;apc version 3.1.9
apc.enabled = 1
apc.enable_cli = 1
apc.cache_by_default = on
apc.shm_segments = 1
apc.shm_size = 128M
apc.num_files_hint = 300
apc.user_entries_hint = 4096
apc.write_lock = On
apc.stat = 0
apc.stat_ctime = 0
apc.ttl=0
apc.user_ttl=0
apc.serializer=igbinary ;// igbinary and php
make install with PHP ver 5.3.10 and php-fpm,when I Requst test script,PHP-FPM 
shutdown like "WARNING: [pool www] child 9043 exited on signal 11 (SIGSEGV - 
core dumped) after 2.097479 seconds from start" 

Test script:
---------------
//定义需要cache的目录
$arrCacheDir = array();
array_push($arrCacheDir,PROJECTROOT.'core');
/* 循环读取需要cache的目录*/
foreach ($arrCacheDir as $value)
{
    compileDir($value);
}

/* 生成bin文件*/
 if (!writeBin())
{
    exit('write to '.APCBIN.'xyws_vn.bin failed!!!');
}
function compileDir ($dir)
{
......
//开始缓存文件
if (apc_compile_file($dir.DIRECTORY_SEPARATOR.$file))
{
    $arrCacheFile[] = $dir.DIRECTORY_SEPARATOR.$file;
}
......
}

Expected result:
----------------
run ok....

Actual result:
--------------
apc.serializer=php:
#0  apc_swizzle_hashtable (bd=0x2b787542a030, ll=0x7fffe0149c60, 
ht=0x2b78754be9c6, swizzle_cb=0x2b787492fa00 <apc_swizzle_zval>, is_ptr=1) at 
/root/Redis/APC-3.1.9/apc_bin.c:408
#1  0x00002b787492fa6d in apc_swizzle_zval (bd=0x2b787542a030, 
ll=0x7fffe0149c60, zv=0x2b78754bdb80) at /root/Redis/APC-3.1.9/apc_bin.c:463
#2  0x00002b787492fd4f in apc_swizzle_op_array (bd=0x2b787542a030, 
ll=0x7fffe0149c60, op_array=0x2b78754bd8ff) at /root/Redis/APC-
3.1.9/apc_bin.c:205
#3  0x00002b787492fe81 in apc_swizzle_function (bd=0x2b787542a030, 
ll=0x7fffe0149c60, func=0x2b78754be9c6) at /root/Redis/APC-3.1.9/apc_bin.c:268
#4  0x00002b787492f982 in apc_swizzle_hashtable (bd=0x2b787542a030, 
ll=0x7fffe0149c60, ht=0x2b7875431366, swizzle_cb=0x2b787492fe60 
<apc_swizzle_function>, is_ptr=0) at /root/Redis/APC-3.1.9/apc_bin.c:411
#5  0x00002b7874930765 in apc_swizzle_class_entry (files=0x5cfcfd8, user_vars=
<value optimized out>) at /root/Redis/APC-3.1.9/apc_bin.c:294
#6  apc_bin_dump (files=0x5cfcfd8, user_vars=<value optimized out>) at 
/root/Redis/APC-3.1.9/apc_bin.c:794
#7  0x00002b78749219e1 in zif_apc_bin_dumpfile (ht=<value optimized out>, 
return_value=0x5c2a470, return_value_ptr=<value optimized out>, this_ptr=<value 
optimized out>, return_value_used=<value optimized out>)
    at /root/Redis/APC-3.1.9/php_apc.c:1418
#8  0x0000000000718b98 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x2b78753a9fd0) at /root/soft/php-5.3.6/Zend/zend_vm_execute.h:316
#9  0x000000000071819c in execute (op_array=0x5bec870) at /root/soft/php-
5.3.6/Zend/zend_vm_execute.h:107
#10 0x00002b7873644aa6 in zend_oe () from 
/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-
20090626/ZendGuardLoader.so
#11 0x00000000007186c2 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x2b78753a9050) at /root/soft/php-5.3.6/Zend/zend_vm_execute.h:340
#12 0x000000000071819c in execute (op_array=0x5bd0c48) at /root/soft/php-
5.3.6/Zend/zend_vm_execute.h:107
#13 0x00002b7873644aa6 in zend_oe () from 
/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-
20090626/ZendGuardLoader.so
#14 0x00000000006f312d in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /root/soft/php-5.3.6/Zend/zend.c:1194
#15 0x00000000006a25bd in php_execute_script (primary_file=0x7fffe014e710) at 
/root/soft/php-5.3.6/main/main.c:2268
#16 0x000000000077d81f in main (argc=3, argv=<value optimized out>) at 
/root/soft/php-5.3.6/sapi/fpm/fpm/fpm_main.c:1917

apc.serializer=igbinary:
#0  zend_hash_get_current_key_ex (ht=0x2aaaab56eb30, str_index=0x7fffe9b2eda8, 
str_length=0x7fffe9b2ee00, num_index=0x7fffe9b2eda0, duplicate=0 '\000', 
pos=0x7fffe9b2edb8) at /root/soft/php-5.3.6/Zend/zend_hash.c:1119
1119                    if (p->nKeyLength) {
(gdb) bt
#0  zend_hash_get_current_key_ex (ht=0x2aaaab56eb30, str_index=0x7fffe9b2eda8, 
str_length=0x7fffe9b2ee00, num_index=0x7fffe9b2eda0, duplicate=0 '\000', 
pos=0x7fffe9b2edb8) at /root/soft/php-5.3.6/Zend/zend_hash.c:1119
#1  0x00002af4013ddb03 in igbinary_serialize_array (igsd=0x7fffe9b2ee50, z=
<value optimized out>) at /root/soft/igbinary-1.1.1/igbinary.c:862
#2  igbinary_serialize_zval (igsd=0x7fffe9b2ee50, z=<value optimized out>) at 
/root/soft/igbinary-1.1.1/igbinary.c:1225
#3  0x00002af4013e3d10 in igbinary_serialize (ret=0x7fffe9b2ef00, 
ret_len=0x7fffe9b2ef08, z=0x2aaaab56e938) at /root/soft/igbinary-
1.1.1/igbinary.c:333
#4  0x00002af4013e3e29 in igbinary_apc_serializer (buf=0x2aaaab56eb30, 
buf_len=0x7fffe9b2eda8, value=0x0, config=0x7fffe9b2eda0) at 
/root/soft/igbinary-1.1.1/igbinary.c:534
#5  0x00002af400d85fbb in my_serialize_object (dst=0x2af401888466, 
src=0x2aaaab56e938, ctxt=<value optimized out>) at /root/Redis/APC-
3.1.9/apc_compile.c:244
#6  my_copy_zval (dst=0x2af401888466, src=0x2aaaab56e938, ctxt=<value optimized 
out>) at /root/Redis/APC-3.1.9/apc_compile.c:363
#7  0x00002af400d8e1e0 in apc_bin_dump (files=0xbbb0130, user_vars=<value 
optimized out>) at /root/Redis/APC-3.1.9/apc_bin.c:726
#8  0x00002af400d7f9e1 in zif_apc_bin_dumpfile (ht=<value optimized out>, 
return_value=0xbbf1c48, return_value_ptr=<value optimized out>, this_ptr=<value 
optimized out>, return_value_used=<value optimized out>)
    at /root/Redis/APC-3.1.9/php_apc.c:1418
#9  0x0000000000718b98 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x2af401807050) at /root/soft/php-5.3.6/Zend/zend_vm_execute.h:316
#10 0x000000000071819c in execute (op_array=0xbb2d900) at /root/soft/php-
5.3.6/Zend/zend_vm_execute.h:107
#11 0x00002af3ffaa2aa6 in zend_oe () from 
/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-
20090626/ZendGuardLoader.so
#12 0x00000000006f312d in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /root/soft/php-5.3.6/Zend/zend.c:1194
#13 0x00000000006a25bd in php_execute_script (primary_file=0x7fffe9b339f0) at 
/root/soft/php-5.3.6/main/main.c:2268
#14 0x000000000077d81f in main (argc=3, argv=<value optimized out>) at 
/root/soft/php-5.3.6/sapi/fpm/fpm/fpm_main.c:1917

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-08-06 13:18 UTC] cfc4n at cnxct dot com
and ,when I do that,It's return a Error...
$arrDrop = array('helpers/post.php');
$arr = array();
foreach ($arrDrop as $key => $value)
{
    apc_compile_file(WWWROOT.$value);
    $arr[] = WWWROOT.$value;
}

var_dump(apc_bin_dumpfile($arr,null,'a.bin'));
?>

helpers/post.php is here : http://paste.ubuntu.org.cn/138814
 [2012-08-07 08:03 UTC] cfc4n at cnxct dot com
Sorry,It's a bug of apc_bin_dumpfile  function,not apc_compile_file.I did not 
seriously look at this information of coredump...
Maybe It's a same bug as BUG #62765
 [2012-08-07 08:03 UTC] cfc4n at cnxct dot com
-PHP Version: 5.3Git-2012-08-06 (Git) +PHP Version: 5.3.10
 [2012-08-08 05:31 UTC] cfc4n at cnxct dot com
if Dump bin file done. and it make a new carshed when used apc_bin_load 
function.(ubuntu 12.04  php5.3.10 deb install)
E.G:
(gdb) bt
#0  0x00007f03c3088306 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f03c2275b5c in apc_pmemcpy (p=0x7f23ba68e652, n=8, pool=<optimized 
out>) at /usr/include/x86_64-linux-gnu/bits/string3.h:52
#2  0x00007f03c2266f45 in apc_string_pmemcpy (pool=0x7f03b37e1040, len=
<optimized out>, str=<optimized out>) at /root/APC-3.1.9/apc_compile.c:288
#3  my_copy_zval (dst=0x7f03b37e3420, src=0x7f03b024926a, ctxt=0x7fff7c215300) 
at /root/APC-3.1.9/apc_compile.c:337
#4  0x00007f03c226f39d in my_copy_znode (dst=0x7f03b37e3418, src=<optimized 
out>, ctxt=<optimized out>) at /root/APC-3.1.9/apc_compile.c:427
#5  0x00007f03c226f46a in my_copy_zend_op (dst=0x7f03b37e33d0, 
src=0x7f03b024921a, ctxt=0x7fff7c215300) at /root/APC-3.1.9/apc_compile.c:446
#6  0x00007f03c2270242 in apc_copy_op_array (dst=0x7f03b37e2fe0, 
src=0x7f03b0249033, ctxt=0x7fff7c215300) at /root/APC-3.1.9/apc_compile.c:1222
#7  0x00007f03c2278dbd in apc_bin_load (bd=0x7f03aff47048, flags=<optimized 
out>) at /root/APC-3.1.9/apc_bin.c:901
#8  0x00007f03c2268d5b in zif_apc_bin_loadfile (ht=<optimized out>, 
return_value=0x17dde00, return_value_ptr=<optimized out>, this_ptr=<optimized 
out>, return_value_used=<optimized out>) at /root/APC-3.1.9/php_apc.c:1536
#9  0x000000000070efcd in ?? ()
#10 0x00000000006bfb3b in execute ()
#11 0x000000000069b0a0 in zend_execute_scripts ()
#12 0x0000000000647753 in php_execute_script ()
#13 0x000000000042b885 in ?? ()
#14 0x00007f03c301876d in __libc_start_main () from /lib/x86_64-linux-
gnu/libc.so.6
#15 0x000000000042c0e5 in _start ()
(gdb) f 0
#0  0x00007f03c3088306 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) f 1
#1  0x00007f03c2275b5c in apc_pmemcpy (p=0x7f23ba68e652, n=8, pool=<optimized 
out>) at /usr/include/x86_64-linux-gnu/bits/string3.h:52
52        return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
(gdb) f 2
#2  0x00007f03c2266f45 in apc_string_pmemcpy (pool=0x7f03b37e1040, len=
<optimized out>, str=<optimized out>) at /root/APC-3.1.9/apc_compile.c:288
288         return apc_pmemcpy(str, len, pool TSRMLS_CC);
 [2012-08-08 05:31 UTC] cfc4n at cnxct dot com
-Summary: php-fpm carshed when i used apc_compile_file function +Summary: php-fpm carshed when i used apc_bin_dumpfile and apc_bin_load function
 [2012-08-08 15:02 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2012-08-08 15:02 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2012-08-10 10:39 UTC] cfc4n at cnxct dot com
-Status: Feedback +Status: Open
 [2012-08-10 10:39 UTC] cfc4n at cnxct dot com
I find the code of this bug.
c.php
//// APC_bin_dump函数不支持函数的参数设置为默认数组的语法
//// 类中不支持 空数组属性
/**/
class ApiLib{
    //not support 1 
    private $arr=array();

    //not support 2
    function test($arr = array()) {
        return true;
    }
}
?>

a.php
<?php
$str = dirname(__FILE__).DIRECTORY_SEPARATOR.'c.php';
apc_store('aaaa',"xxxxx",1);
apc_compile_file($str);
apc_bin_dumpfile(array($str), null,'ccc.bin');
?>
Run a.php with http method (nginx + php-fpm),fpm will coredump...
 [2012-08-10 14:40 UTC] laruence@php.net
change summary
 [2012-08-10 14:40 UTC] laruence@php.net
-Summary: php-fpm carshed when i used apc_bin_dumpfile and apc_bin_load function +Summary: php-fpm carshed when used apc_bin_dumpfile with apc.serializer
 [2012-08-10 14:41 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=327043
Log: Fixed Bug #62757 (php-fpm carshed when used apc_bin_dumpfile with apc.serializer)
 [2012-08-10 14:43 UTC] laruence@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-08-10 14:43 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2012-08-10 16:17 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=327049
Log: Re-fixed bug #62757

and silent memleaks reporting temporarily
 [2012-08-15 08:06 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=327126
Log: Re-fix #62757, previous is ugly
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Nov 14 12:01:36 2019 UTC