php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74213 Esoteric file causes segfault with 7.1 && opcache
Submitted: 2017-03-06 18:16 UTC Modified: 2017-07-02 04:22 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: georgestephanis at automattic dot com Assigned:
Status: No Feedback Package: opcache
PHP Version: 7.1.2 OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-03-06 18:16 UTC] georgestephanis at automattic dot com
Description:
------------
When a certain file is loaded in PHP 7.1 with Opcache turned on -- in our case it was https://raw.githubusercontent.com/Automattic/jetpack/4.6/modules/related-posts/jetpack-related-posts.php -- the server segfaults and returns a 500 error.

A user provided this strace, included in the `Actual Result` field.

I've distilled it down to the following test script, which -- if loaded into a php file will also segfault, unless you `ini_set( 'opcache.enable', 0 );` to disable opcache.

The code works just fine in PHP 7.0 -- so 7.1 seems to have been a break.

Test script:
---------------
<?php
// https://gist.github.com/georgestephanis/7a0c81593581842d36e2383ae22c0a77
class Test_Class {
	public static function init() {
		static $instance = NULL;
		$instance = new Test_Class();
		return $instance;
	}
}
class Test_Class_Raw extends Test_Class {}

Actual result:
--------------
6851 14716 unlink("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a/home/**redacted**/public_html/wpphp71/wp-content/plugins/jetpack/modules/related-posts/jetpack-related-post     s.php.bin") = 0
6852 14716 stat("/home/**redacted**/public_html/wpphp71/wp-content/plugins/jetpack/modules/related-posts/jetpack-related-posts.php", {st_mode=S_IFREG|0644, st_size=42917, ...}) = 0
6853 14716 mmap(NULL, 2097152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4eb0800000
6854 14716 munmap(0x7f4eb0800000, 2097152)   = 0
6855 14716 fcntl(3, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=1}) = 0
6856 14716 fcntl(3, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=1}) = 0
6857 14716 mkdir("/home/**redacted**/.opcache", 0700) = -1 EEXIST (File exists)
6858 14716 mkdir("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a", 0700) = -1 EEXIST (File exists)
6859 14716 mkdir("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a/home", 0700) = -1 EEXIST (File exists)
6860 14716 mkdir("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a/home/**redacted**", 0700) = -1 EEXIST (File exists)
6861 14716 mkdir("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a/home/**redacted**/public_html", 0700) = -1 EEXIST (File exists)
6862 14716 mkdir("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a/home/**redacted**/public_html/wpphp71", 0700) = -1 EEXIST (File exists)
6863 14716 mkdir("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a/home/**redacted**/public_html/wpphp71/wp-content", 0700) = -1 EEXIST (File exists)
6864 14716 mkdir("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a/home/**redacted**/public_html/wpphp71/wp-content/plugins", 0700) = -1 EEXIST (File exists)
6865 14716 mkdir("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a/home/**redacted**/public_html/wpphp71/wp-content/plugins/jetpack", 0700) = -1 EEXIST (File exists)
6866 14716 mkdir("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a/home/**redacted**/public_html/wpphp71/wp-content/plugins/jetpack/modules", 0700) = -1 EEXIST (File exists)
6867 14716 mkdir("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a/home/**redacted**/public_html/wpphp71/wp-content/plugins/jetpack/modules/related-posts", 0700) = -1 EEXIST (     File exists)
6868 14716 open("/home/**redacted**/.opcache/89683bd16d8b1548698d49eab705558a/home/**redacted**/public_html/wpphp71/wp-content/plugins/jetpack/modules/related-posts/jetpack-related-posts.     php.bin", O_RDWR|O_CREAT|O_EXCL, 0600) = 6
6869 14716 flock(6, LOCK_EX)                 = 0
6870 14716 --- SIGSEGV (Segmentation fault) @ 0 (0) ---

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-03-07 10:56 UTC] andrew dot nester dot dev at gmail dot com
I was trying to reproduce it but no success. Could you please describe exact steps you did to reproduces this issue? Thanks!
 [2017-03-07 11:08 UTC] spam2 at rhsoft dot net
he means whatever file includes the code-snippet which is clear because otherwise ini_set() would not make any sense in context of diable opcache since it's too late - anways, no crash with 7.1.3RC1

[harry@rh:/www/beta.rhsoft.net/crash]$ cat test.php
<?php
require 'include.php';

[harry@rh:/www/beta.rhsoft.net/crash]$ cat include.php
<?php
class Test_Class {
        public static function init() {
                static $instance = NULL;
                $instance = new Test_Class();
                return $instance;
        }
}
class Test_Class_Raw extends Test_Class {}

[harry@rh:/www/beta.rhsoft.net/crash]$ php -v
PHP 7.1.3RC1 (cli) (built: Feb 28 2017 12:34:57) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
[harry@rh:/www/beta.rhsoft.net/crash]$
 [2017-03-20 16:50 UTC] georgestephanis at automattic dot com
Howdy!

I meant -- yes -- that the `ini_set()` would be in the file including test_class.php not in test_class.php directly.

We've had reports of this in several environments thus far, and I've been able to duplicate it in testing in Siteground's 7.1 configuration.  I'm not hugely intimately familiar with Siteground's setup -- perhaps it's contingent on the web server or fastcgi mode?
 [2017-03-20 17:26 UTC] nikic@php.net
Most likely this has been fixed by https://github.com/php/php-src/commit/648b756f35fdfc1948126ce954a3f7d6bd479ba5 (which will be in 7.0.18 and 7.1.4). Your strace indicated that you indeed use the opcache file cache and the linked test script covers precisely your situation: https://github.com/php/php-src/blob/master/Zend/tests/unused_shared_static_variables.phpt
 [2017-06-23 15:37 UTC] nikic@php.net
-Status: Open +Status: Feedback
 [2017-06-23 15:37 UTC] nikic@php.net
Can you please confirm that this issue has been resolved?
 [2017-07-02 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Dec 05 09:01:23 2020 UTC