php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69484 zend_mm_heap corrupted on some pages when opcache is enabled
Submitted: 2015-04-19 21:50 UTC Modified: 2015-04-20 23:57 UTC
From: berdir@php.net Assigned: berdir (profile)
Status: Closed Package: opcache
PHP Version: master-Git-2015-04-19 (Git) OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: berdir@php.net
New email:
PHP Version: OS:

 

 [2015-04-19 21:50 UTC] berdir@php.net
Description:
------------
This is part of our efforts to get Drupal 8 green on PHP 7, see https://www.drupal.org/node/2454439.

Since https://bugs.php.net/bug.php?id=69464 was fixed, or maybe already before that but I couldn't get it running well enough to reproduce, I get zend_mm_heap corrupted errors on certain pages, only when opcache is enabled. As mentioned, I don't know exactly when it started, but this worked 1-2 weeks ago.

I've reproduced on two different systems. To reproduce:

1. Get drupal from http://git.drupal.org/project/drupal.got, branch 8.0.x.
2. Install in the UI or with drush si standard --db-url=mysql://user:pass@localhost/db (from https://github.com/drush-ops/drush)
3. Enable aggregator module, with drush en -y aggregator or in the UI on /admin/modules.
4. Go to aggregator/sources/add. When opcache.so is enabled, I get those errors in apache error log and no response, it seems to be working pretty OK when opcache is disabled.

I also got the following segfault when running the test "Drupal\aggregator\Tests\AddFeedTest", even when opache is disabled, I don't know if it is related or not:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fd27390f294 in zend_array_dup (source=0x7fd269e5d738) at /home/berdir/tools/php-src/Zend/zend_hash.c:1597
1597							ZVAL_COPY(&q->val, data);
(gdb) bt
#0  0x00007fd27390f294 in zend_array_dup (source=0x7fd269e5d738) at /home/berdir/tools/php-src/Zend/zend_hash.c:1597
#1  0x00007fd2738fb2a9 in zend_error (type=8, format=0x7fd273e5e986 "Undefined variable: %s") at /home/berdir/tools/php-src/Zend/zend.c:1220
#2  0x00007fd273989ca3 in _get_zval_cv_lookup_BP_VAR_R (ptr=<optimized out>, execute_data=<optimized out>, var=<optimized out>) at /home/berdir/tools/php-src/Zend/zend_execute.c:250
#3  _get_zval_ptr_cv_BP_VAR_R (var=<optimized out>, execute_data=<optimized out>) at /home/berdir/tools/php-src/Zend/zend_execute.c:308
#4  ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER () at /home/berdir/tools/php-src/Zend/zend_vm_execute.h:31213
#5  0x00007fd27393b83b in execute_ex (ex=<optimized out>) at /home/berdir/tools/php-src/Zend/zend_vm_execute.h:394
#6  0x00007fd2738ec79e in zend_call_function (fci=fci@entry=0x7ffe0fb85ae0, fci_cache=<optimized out>, fci_cache@entry=0x7ffe0fb85ab0)
    at /home/berdir/tools/php-src/Zend/zend_execute_API.c:846
#7  0x00007fd27381bd91 in zif_call_user_func_array (execute_data=0x7fd269e13520, return_value=0x7fd269e13510) at /home/berdir/tools/php-src/ext/standard/basic_functions.c:4788
#8  0x00007fd273990aad in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () at /home/berdir/tools/php-src/Zend/zend_vm_execute.h:693
#9  0x00007fd27393b83b in execute_ex (ex=<optimized out>) at /home/berdir/tools/php-src/Zend/zend_vm_execute.h:394
#10 0x00007fd2738ec79e in zend_call_function (fci=fci@entry=0x7ffe0fb85d20, fci_cache=<optimized out>, fci_cache@entry=0x7ffe0fb85cf0)
    at /home/berdir/tools/php-src/Zend/zend_execute_API.c:846
#11 0x00007fd27381bd91 in zif_call_user_func_array (execute_data=0x7fd269e12150, return_value=0x7fd269e11fe0) at /home/berdir/tools/php-src/ext/standard/basic_functions.c:4788
#12 0x00007fd273990aad in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () at /home/berdir/tools/php-src/Zend/zend_vm_execute.h:693
#13 0x00007fd27393b83b in execute_ex (ex=<optimized out>) at /home/berdir/tools/php-src/Zend/zend_vm_execute.h:394
#14 0x00007fd2738fbb65 in zend_execute_scripts (type=8, retval=0x7fd200001c07, retval@entry=0x0, file_count=3) at /home/berdir/tools/php-src/Zend/zend.c:1392
#15 0x00007fd27389e650 in php_execute_script (primary_file=primary_file@entry=0x7ffe0fb88250) at /home/berdir/tools/php-src/main/main.c:2468
#16 0x00007fd27399571a in php_handler (r=<optimized out>) at /home/berdir/tools/php-src/sapi/apache2handler/sapi_apache2.c:673

This can be reproduced by running 'php7 core/scripts/run-tests.sh --url http://d8/ --verbose --color --class "Drupal\aggregator\Tests\AddFeedTest"' after enabling the simpletest module




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-20 04:03 UTC] laruence@php.net
While I am running : php7 core/scripts/run-tests.sh --dburl sqlite://tmp/sqllite --sqlite --url http://d8/ --verbose --color --class "Drupal\aggregator\Tests\AddFeedTest"

I found a segfault in resource handling(via curl), and is fixed in : https://github.com/php/php-src/commit/d66045fe73fb646f15a45286313231908e656a37 

after that I see a FATAL ERROR:

Fatal error: Call to a member function refreshItems() on null in /home/huixinchen/opensource/github/drupal/core/modules/aggregator/src/Tests/AddFeedTest.php on line 21
FATAL Drupal\aggregator\Tests\AddFeedTest: test runner returned a non-zero error code (255).

is that expected?
 [2015-04-20 06:31 UTC] berdir@php.net
Oh, could he curl problem be the segfault that I've seen in https://bugs.php.net/bug.php?id=69411 that was related to curl? We've committed a workaround four that (no longer doing that http request) but I will check if that fixed the problem there.

The fatal error stuff often happens when page requests fail, our tests unfortunately don't abort on the first fail but try to continue, so if a form submission fails, then an object is loaded that was expected to be created and then a method call on that fatals. 

Did you check your apache log? Or going to the mentioned page manually?

You can also try --color --verbose on the test runner, that should display the detailed output and the effect that I've seen there was some 0 bytes responses.
 [2015-04-20 09:34 UTC] laruence@php.net
php7 core/scripts/run-tests.sh  --dburl mysql://root:@127.0.0.1:3308/test  --url http://d8/ --verbose --color --class "Drupal\aggregator\Tests\AddFeedTest"
  ERROR: Missing Simpletest database schema. Either install Simpletest module or use the --sqlite parameter.

I don't understand how to install Simpletest
 [2015-04-20 09:53 UTC] laruence@php.net
btw, are you sure you are get the right backtrace with right php binary?

since 
#14 0x00007fd2738fbb65 in zend_execute_scripts (type=8, retval=0x7fd200001c07, retval@entry=0x0, file_count=3) at /home/berdir/tools/php-src/Zend/zend.c:1392

retval=0x7fd200001c07 should not be a valid pointer.
 [2015-04-20 10:32 UTC] berdir@php.net
You can enable simpletest in the UI or with drush (get it from https://github.com/drush-ops/drush, make sure drush is in the path or call it directly), then call drush en simpletest.

Did you actually install drupal first? Because otherwise you won't be able to enable it. But the --sqlite --dburl approach should work here as well.

You do need to make sure that it's integrated into apache and available somewhere, in my case that's on http://d8, you need to update that.

I'm pretty sure that the backtrace is correct, note that it's a backtrace from the separate apache process, that one segfaulted, not the test script.

As mentioned, you can also reproduce this manually, by installing drupal, enabling aggregator module (same as simpletest) and then go to /aggregator/sources/add.
 [2015-04-20 23:56 UTC] berdir@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: berdir
 [2015-04-20 23:56 UTC] berdir@php.net
I can no longer reproduce this, looks like @dmitry's fix solved this and most other segfaults that I had.

There was only one segfault in the full test suite that I haven't been able to reproduce anymore, apparently when compiling something. See https://www.drupal.org/node/2454439#comment-9849683.

Closing this.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Dec 02 01:03:40 2021 UTC