php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71977 After opcache turned on to cause Segmentation fault
Submitted: 2016-04-06 13:48 UTC Modified: 2017-06-23 15:44 UTC
Votes:5
Avg. Score:4.6 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:2 (50.0%)
From: wangduo1122 at 163 dot com Assigned:
Status: Not a bug Package: opcache
PHP Version: 7.0.5 OS: Linux
Private report: No CVE-ID: None
 [2016-04-06 13:48 UTC] wangduo1122 at 163 dot com
Description:
------------
When turned on opcache, the first call to extension function normally , the second appeared Segmentation fault. Close opcache is normal.Through debug and found add_assoc_stringl,add_assoc_long caused Segmentation fault when turned on opcache

Test script:
---------------
ZEND_FUNCTION( L5ApiGetRoute ){
    double d_time_out   = 0;
    std::string err_msg;
    zval *za_qos_req;

    if ( ZEND_NUM_ARGS() == 2 ){
        if ( zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ad",&za_qos_req,&d_time_out) == FAILURE ){
            RETURN_LONG(-2);
    }else{
        WRONG_PARAM_COUNT;
        RETURN_LONG(-3);
    }
php_var_dump(za_qos_req, 1);
    add_assoc_stringl( za_qos_req, "hostIp", "10.175.90.28", 12);
    add_assoc_long( za_qos_req, "hostPort", 80 );
}

PHP code:
<?php
    $l5_req = array(
                'modId' => 64100225,
                'cmdId' => 65536
    );
    $l5_time_out = 0.2;
    $ret = L5ApiGetRoute($l5_req, $l5_time_out);
    print_r($l5_req);
    $l5_reqx = array(
                'modId' => 64000833,
                'key' => 3
    );
    $ret = L5ApiGetRoute($l5_reqx, $l5_time_out);
    print_r($l5_reqx);
?>

PHP.INI(opcache config)
zend_extension=opcache.so
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=10
opcache.fast_shutdown=1
opcache.enable_cli=1

Actual result:
--------------
[root@cweb_sports_api_new_10 ~/cl5/php/src]# /usr/local/qqwebsrv/php7/bin/php test.php
array(2) {
  ["modId"]=>
  int(64100225)
  ["cmdId"]=>
  int(65536)
}
Array
(
    [modId] => 64100225
    [cmdId] => 65536
    [hostIp] => 10.175.90.28
    [hostPort] => 80
)
array(2) {---------------------Get the correct parameters
  ["modId"]=>
  int(64000833)
  ["key"]=>
  int(3)
}
Array
(
    [modId] => 64000833
    [key] => 3
    [hostIp] => 10.175.90.28
    [hostPort] => 80
)
[root@cweb_sports_api_new_10 ~/cl5/php/src]# /usr/local/qqwebsrv/php7/bin/php test.php
array(2) {
  ["modId"]=>
  int(64100225)
  ["cmdId"]=>
  int(65536)
}
Array
(
    [modId] => 64100225
    [cmdId] => 65536
    [hostIp] => 10.175.90.28
    [hostPort] => 80
)
array(32696) {----------------------Did not get to the parameter
Segmentation fault (core dumped)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-04-07 06:17 UTC] nikic@php.net
-Status: Open +Status: Feedback
 [2016-04-07 06:17 UTC] nikic@php.net
You must
a) declare the parameter as being by-reference in arginfo and
b) separate the argument by using "a/d" instead of "ad".

Does doing these two things fix the issue?
 [2016-04-07 10:07 UTC] wangduo1122 at 163 dot com
-Status: Feedback +Status: Open
 [2016-04-07 10:07 UTC] wangduo1122 at 163 dot com
The original function is accomplished , I do not want to modify the original function .
Test the "a/d", this will not be the original parameters to be modified.
Are there any other ways to solve this problem ?
 [2016-04-08 11:45 UTC] wangduo1122 at 163 dot com
If you turn off opcache, we would not have this problem.
 [2016-04-27 02:15 UTC] jsilver at doublesharp dot com
I was successfully running opcache for some time, but randomly this morning I started seeing the same behavior from php-fpm. Once these errors began appearing in the log Nginx would only return a 502 Bad Gateway error until php-fpm was restarted.

Removing opcache corrected the issue, please let me know if there is other debugging I can do.


OS: CentOS 7
PHP: 7.0.5

/var/log/php-fpm/www-error.log
--------------------------------
26-Apr-2016 18:26:31] NOTICE: [pool www] child 17467 started
[26-Apr-2016 18:26:34] WARNING: [pool www] child 17344 exited on signal 11 (SIGSEGV) after 205.748769 seconds from start
[26-Apr-2016 18:26:34] NOTICE: [pool www] child 17473 started
[26-Apr-2016 18:26:34] WARNING: [pool www] child 17315 exited on signal 11 (SIGSEGV) after 258.979294 seconds from start
[26-Apr-2016 18:26:34] NOTICE: [pool www] child 17474 started
[26-Apr-2016 18:26:35] WARNING: [pool www] child 17345 exited on signal 11 (SIGSEGV) after 207.569738 seconds from start
[26-Apr-2016 18:26:35] NOTICE: [pool www] child 17476 started
[26-Apr-2016 18:26:38] WARNING: [pool www] child 17317 exited on signal 11 (SIGSEGV) after 263.001353 seconds from start
[26-Apr-2016 18:26:38] NOTICE: [pool www] child 17478 started
[26-Apr-2016 18:26:38] WARNING: [pool www] child 17337 exited on signal 11 (SIGSEGV) after 211.347670 seconds from start
[26-Apr-2016 18:26:38] NOTICE: [pool www] child 17480 started
[26-Apr-2016 18:26:39] WARNING: [pool www] child 17356 exited on signal 11 (SIGSEGV) after 209.634259 seconds from start
[26-Apr-2016 18:26:39] NOTICE: [pool www] child 17482 started
[26-Apr-2016 18:26:41] WARNING: [pool www] child 17343 exited on signal 11 (SIGSEGV) after 213.523122 seconds from start
[26-Apr-2016 18:26:41] NOTICE: [pool www] child 17489 started
[26-Apr-2016 18:26:42] WARNING: [pool www] child 17351 exited on signal 11 (SIGSEGV) after 213.560209 seconds from start


/var/log/messages
--------------------------------
Apr 26 21:26:31 web01 kernel: traps: php-fpm[17316] general protection ip:7f83cb4b6feb sp:7ffe89bdfdb0 error:0 in opcache.so[7f83cb4a3000+2c000]
Apr 26 21:26:34 web01 kernel: traps: php-fpm[17344] general protection ip:7f83cb4b6feb sp:7ffe89bdfdb0 error:0 in opcache.so[7f83cb4a3000+2c000]
Apr 26 21:26:34 web01 kernel: traps: php-fpm[17315] general protection ip:7f83cb4b6feb sp:7ffe89bdf7f0 error:0 in opcache.so[7f83cb4a3000+2c000]
Apr 26 21:26:35 web01 kernel: traps: php-fpm[17345] general protection ip:7f83cb4b6feb sp:7ffe89bdfdb0 error:0 in opcache.so[7f83cb4a3000+2c000]
Apr 26 21:26:38 web01 kernel: traps: php-fpm[17317] general protection ip:7f83cb4b6feb sp:7ffe89bdfdb0 error:0 in opcache.so[7f83cb4a3000+2c000]
Apr 26 21:26:38 web01 kernel: traps: php-fpm[17337] general protection ip:7f83cb4b6feb sp:7ffe89bdfdb0 error:0 in opcache.so[7f83cb4a3000+2c000]
Apr 26 21:26:39 web01 kernel: traps: php-fpm[17356] general protection ip:7f83cb4b6feb sp:7ffe89bdfdb0 error:0 in opcache.so[7f83cb4a3000+2c000]
Apr 26 21:26:41 web01 kernel: traps: php-fpm[17343] general protection ip:7f83cb4b6feb sp:7ffe89bdf7f0 error:0 in opcache.so[7f83cb4a3000+2c000]
Apr 26 21:26:42 web01 kernel: traps: php-fpm[17351] general protection ip:7f83cb4b6feb sp:7ffe89bdf7f0 error:0 in opcache.so[7f83cb4a3000+2c000]
```
 [2016-06-30 09:39 UTC] sofire at gmail dot com
OS: CentOS 6.6

PHP 7.0.7 (cli) (built: May 25 2016 17:35:28) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
    with Xdebug v2.4.0, Copyright (c) 2002-2016, by Derick Rethans




php-fpm[1921] general protection ip:7f5a9454d4c3 sp:7fffb87a8b30 error:0 in opcache.so[7f5a9453a000+2b000]
php-fpm[2054] general protection ip:7f5a9454d4c3 sp:7fffb87a8b30 error:0 in opcache.so[7f5a9453a000+2b000]
 [2017-06-23 15:44 UTC] nikic@php.net
-Status: Open +Status: Not a bug
 [2017-06-23 15:44 UTC] nikic@php.net
Closing as this is a bug in the extension, not in opcache (see first comment).
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Aug 11 02:01:24 2020 UTC