php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78894 Preload: double free or corruption crash
Submitted: 2019-12-01 01:04 UTC Modified: 2020-02-09 04:22 UTC
Votes:10
Avg. Score:4.0 ± 0.9
Reproduced:8 of 9 (88.9%)
Same Version:6 (75.0%)
Same OS:0 (0.0%)
From: luis dot armengol at koyi dot tv Assigned:
Status: No Feedback Package: opcache
PHP Version: 7.4.2 OS: Centos 7.3
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2019-12-01 01:04 UTC] luis dot armengol at koyi dot tv
Description:
------------
Im trying to preload all ZF1 classes to opcache without any luck. Im preloading classes by block manually, I mean, all Zend/Db, all Zend/Cache, all Zend/Config and it works perfectly until a number of require_once or opcache_compile_file calls. 

It starts perfectly httpd service without any error but in the first http call I receive a crash with  Error in `/usr/sbin/httpd': double free or corruption.

Also I receive that crash/segmentation fault in those cases when I shutdown httpd service.

If I disable the preloading of one of the block classes (ie: Zend/Db) I can preload another block and it works, so I assume is something about the number of files of ZF1 im trying to preload (i know its old but without preloading its working ok)

Actual result:
--------------
*** Error in `/usr/sbin/httpd': double free or corruption (!prev): 0x0000556c4e770c30 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x81679)[0x7f307c037679]
/etc/httpd/modules/libphp74.so(+0x300f34)[0x7f306db05f34]
/etc/httpd/modules/libphp74.so(zend_hash_add+0x121)[0x7f306db06091]
/etc/httpd/modules/libphp74.so(+0x2e2159)[0x7f306dae7159]
/etc/httpd/modules/libphp74.so(+0x2e2aa7)[0x7f306dae7aa7]
/etc/httpd/modules/libphp74.so(+0x2e2ad0)[0x7f306dae7ad0]
/etc/httpd/modules/libphp74.so(+0x2ba0b5)[0x7f306dabf0b5]
/etc/httpd/modules/libphp74.so(compile_file+0x8a)[0x7f306dac07fa]
/opt/remi/php74/root/usr/lib64/php/modules/opcache.so(+0x14b11)[0x7f306cb86b11]
/opt/remi/php74/root/usr/lib64/php/modules/opcache.so(+0x17747)[0x7f306cb89747]
/etc/httpd/modules/libphp74.so(+0x33eb1d)[0x7f306db43b1d]
/etc/httpd/modules/libphp74.so(+0x35aa80)[0x7f306db5fa80]
/etc/httpd/modules/libphp74.so(execute_ex+0x18b2)[0x7f306db78162]
/etc/httpd/modules/libphp74.so(zend_execute+0x131)[0x7f306db7f461]
/etc/httpd/modules/libphp74.so(zend_execute_scripts+0xc3)[0x7f306daf9563]
/etc/httpd/modules/libphp74.so(php_execute_script+0x270)[0x7f306da98430]
/etc/httpd/modules/libphp74.so(+0x37c1e0)[0x7f306db811e0]
/usr/sbin/httpd(ap_run_handler+0x40)[0x556c4d8ddaf0]
/usr/sbin/httpd(ap_invoke_handler+0x69)[0x556c4d8de039]
/usr/sbin/httpd(ap_internal_redirect+0x4c)[0x556c4d8f1fac]
/etc/httpd/modules/mod_rewrite.so(+0x4e4c)[0x7f30762b1e4c]
/usr/sbin/httpd(ap_run_handler+0x40)[0x556c4d8ddaf0]
/usr/sbin/httpd(ap_invoke_handler+0x69)[0x556c4d8de039]
/usr/sbin/httpd(ap_process_async_request+0x1ea)[0x556c4d8f2c4a]
/usr/sbin/httpd(ap_process_request+0x22)[0x556c4d8f2f32]
/usr/sbin/httpd(+0x530c2)[0x556c4d8ef0c2]
/usr/sbin/httpd(ap_run_process_connection+0x40)[0x556c4d8e7120]
/etc/httpd/modules/mod_mpm_prefork.so(+0x37af)[0x7f30736fb7af]
/etc/httpd/modules/mod_mpm_prefork.so(+0x39f5)[0x7f30736fb9f5]
/etc/httpd/modules/mod_mpm_prefork.so(+0x468e)[0x7f30736fc68e]
/usr/sbin/httpd(ap_run_mpm+0x4e)[0x556c4d8c20ce]
/usr/sbin/httpd(main+0xa96)[0x556c4d8bae26]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f307bfd8505]
/usr/sbin/httpd(+0x1ef5f)[0x556c4d8baf5f]


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-12-04 09:07 UTC] nikic@php.net
-Status: Open +Status: Feedback
 [2019-12-04 09:07 UTC] nikic@php.net
Can you please provide the script you use for preloading?
 [2019-12-06 14:16 UTC] klarkent911 at gmail dot com
Hello, I probably can answer since I have a similar issue even though it's totally not related to Zend.
Context: php-fpm running on a ubuntu based container
When trying to test our codebase against php7.4 with preloading enabled we get exactly the same problem.
Our preload file basically contains an `include_once 'vendor/autoload.php' and then a series of `require_once some_files.php` which require all the classes that we use from a proprietary framework.
There is nothing much special done there and the requires are around 210.
 [2019-12-15 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2019-12-15 08:40 UTC] nikic@php.net
-Status: No Feedback +Status: Feedback
 [2019-12-15 08:40 UTC] nikic@php.net
Putting this back to Feedback. We've fixed quite a few preloading bugs in the last week, would be great if you could recheck whether things are working now.
 [2019-12-15 18:59 UTC] luis dot armengol at koyi dot tv
Still crashing in 7.4.1 RC1

I can prepare a very basic web application with ZF1 if you need it and send you wherever you want. Meanwhile, this is a small preload file content im using that its working. If you uncomment the block of Zend/Db classes it will crash when trying to load the site (when executing bootstrap) (at least in my case)

--------------------------------

<?php

   set_include_path(get_include_path() . PATH_SEPARATOR . realpath("/data/webs/001_intranet.dev.zinkia.com/lib"));

   opcache_compile_file('Zend/Exception.php');

   opcache_compile_file('Zend/Loader.php');
   opcache_compile_file('Zend/Loader/Autoloader.php');
   opcache_compile_file('Zend/Loader/Autoloader/Resource.php');
   opcache_compile_file('Zend/Loader/Autoloader/Interface.php');
   opcache_compile_file('Zend/Loader/AutoloaderFactory.php');
   opcache_compile_file('Zend/Loader/ClassMapAutoloader.php');
   opcache_compile_file('Zend/Loader/Exception.php');
   opcache_compile_file('Zend/Loader/PluginLoader.php');
   opcache_compile_file('Zend/Loader/SplAutoloader.php');
   opcache_compile_file('Zend/Loader/StandardAutoloader.php');
   opcache_compile_file('Zend/Loader/Exception/InvalidArgumentException.php');
   opcache_compile_file('Zend/Loader/PluginLoader/Exception.php');
   opcache_compile_file('Zend/Loader/PluginLoader/Interface.php');

   opcache_compile_file('Zend/Config.php');
   opcache_compile_file('Zend/Config/Exception.php');
   opcache_compile_file('Zend/Config/Writer.php');
   opcache_compile_file('Zend/Config/Writer/FileAbstract.php');
   opcache_compile_file('Zend/Config/Writer/Array.php');
   opcache_compile_file('Zend/Config/Writer/Ini.php');
   opcache_compile_file('Zend/Config/Writer/Json.php');
   opcache_compile_file('Zend/Config/Writer/Xml.php');
   opcache_compile_file('Zend/Config/Writer/Yaml.php');
   opcache_compile_file('Zend/Config/Ini.php');
   opcache_compile_file('Zend/Config/Json.php');
   opcache_compile_file('Zend/Config/Xml.php');
   opcache_compile_file('Zend/Config/Yaml.php');

   opcache_compile_file('Zend/Cache.php');
   opcache_compile_file('Zend/Cache/Backend/Interface.php');
   opcache_compile_file('Zend/Cache/Backend/ExtendedInterface.php');
   opcache_compile_file('Zend/Cache/Backend.php');
   opcache_compile_file('Zend/Cache/Backend/Apc.php');
   opcache_compile_file('Zend/Cache/Backend/File.php');
   opcache_compile_file('Zend/Cache/Backend/Redis.php');
   opcache_compile_file('Zend/Cache/Backend/Static.php');
   opcache_compile_file('Zend/Cache/Backend/ZendPlatform.php');
   opcache_compile_file('Zend/Cache/Backend/ZendServer.php');
   opcache_compile_file('Zend/Cache/Backend/ZendServer/Disk.php');
   opcache_compile_file('Zend/Cache/Backend/ZendServer/ShMem.php');
   opcache_compile_file('Zend/Cache/Core.php');
   opcache_compile_file('Zend/Cache/Frontend/Capture.php');
   opcache_compile_file('Zend/Cache/Frontend/Class.php');
   opcache_compile_file('Zend/Cache/Frontend/File.php');
   opcache_compile_file('Zend/Cache/Frontend/Function.php');
   opcache_compile_file('Zend/Cache/Frontend/Output.php');
   opcache_compile_file('Zend/Cache/Frontend/Page.php');
   opcache_compile_file('Zend/Cache/Exception.php');
   opcache_compile_file('Zend/Cache/Manager.php');

   /*
   opcache_compile_file('Zend/Db.php');
   opcache_compile_file('Zend/Db/Exception.php');
   opcache_compile_file('Zend/Db/Adapter/Exception.php');
   opcache_compile_file('Zend/Db/Adapter/Abstract.php');
   //opcache_compile_file('Zend/Db/Adapter/Db2.php');
   opcache_compile_file('Zend/Db/Adapter/Mysqli.php');
   opcache_compile_file('Zend/Db/Adapter/Oracle.php');
   opcache_compile_file('Zend/Db/Adapter/Sqlsrv.php');
   //opcache_compile_file('Zend/Db/Adapter/Db2/Exception.php');
   opcache_compile_file('Zend/Db/Adapter/Mysqli/Exception.php');
   opcache_compile_file('Zend/Db/Adapter/Oracle/Exception.php');
   opcache_compile_file('Zend/Db/Adapter/Pdo/Abstract.php');
   opcache_compile_file('Zend/Db/Adapter/Pdo/Ibm.php');
   opcache_compile_file('Zend/Db/Adapter/Pdo/Mssql.php');
   opcache_compile_file('Zend/Db/Adapter/Pdo/Mysql.php');
   opcache_compile_file('Zend/Db/Adapter/Pdo/Oci.php');
   opcache_compile_file('Zend/Db/Adapter/Pdo/Pgsql.php');
   opcache_compile_file('Zend/Db/Adapter/Pdo/Sqlite.php');
   //opcache_compile_file('Zend/Db/Adapter/Pdo/Ibm/Db2.php');
   opcache_compile_file('Zend/Db/Adapter/Pdo/Ibm/Ids.php');
   opcache_compile_file('Zend/Db/Adapter/Sqlsrv/Exception.php');
   opcache_compile_file('Zend/Db/Profiler.php');
   opcache_compile_file('Zend/Db/Profiler/Exception.php');
   opcache_compile_file('Zend/Db/Profiler/Firebug.php');
   opcache_compile_file('Zend/Db/Profiler/Query.php');
   opcache_compile_file('Zend/Db/Select/Exception.php');
   opcache_compile_file('Zend/Db/Statement/Exception.php');
   opcache_compile_file('Zend/Db/Statement/Interface.php');
   opcache_compile_file('Zend/Db/Statement.php');
   opcache_compile_file('Zend/Db/Statement/Db2.php');
   opcache_compile_file('Zend/Db/Statement/Mysqli.php');
   opcache_compile_file('Zend/Db/Statement/Oracle.php');
   opcache_compile_file('Zend/Db/Statement/Pdo.php');
   opcache_compile_file('Zend/Db/Statement/Sqlsrv.php');
   //opcache_compile_file('Zend/Db/Statement/Db2/Exception.php');
   opcache_compile_file('Zend/Db/Statement/Mysqli/Exception.php');
   opcache_compile_file('Zend/Db/Statement/Oracle/Exception.php');
   opcache_compile_file('Zend/Db/Statement/Pdo/Ibm.php');
   opcache_compile_file('Zend/Db/Statement/Pdo/Oci.php');
   opcache_compile_file('Zend/Db/Statement/Sqlsrv/Exception.php');
   opcache_compile_file('Zend/Db/Select.php');
   opcache_compile_file('Zend/Db/Table/Abstract.php');
   opcache_compile_file('Zend/Db/Table/Definition.php');
   opcache_compile_file('Zend/Db/Table/Exception.php');
   opcache_compile_file('Zend/Db/Table/Row/Abstract.php');
   opcache_compile_file('Zend/Db/Table/Row/Exception.php');
   opcache_compile_file('Zend/Db/Table/Rowset/Abstract.php');
   opcache_compile_file('Zend/Db/Table/Rowset/Exception.php');
   opcache_compile_file('Zend/Db/Table/Select/Exception.php');
   opcache_compile_file('Zend/Db/Table/Row.php');
   opcache_compile_file('Zend/Db/Table/Rowset.php');
   opcache_compile_file('Zend/Db/Table/Select.php');
   opcache_compile_file('Zend/Db/Expr.php');
   opcache_compile_file('Zend/Db/Table.php');
*/

   opcache_compile_file('Zend/Registry.php');      

----------------------------------------------------------------
 [2019-12-15 19:27 UTC] nikic@php.net
-Status: Feedback +Status: Open
 [2019-12-18 11:36 UTC] nikic@php.net
I've cloned the zf1 repo and used your preload.php (with Redis commented) with the following command:

~/php-7.4/sapi/cli/php -c ~/php-7.4/php.ini -d opcache.preload=preload.php -S localhost:8000 -t demos/Zend/Wildfire/public/ -d include_path=$PWD/library

I couldn't produce a segfault that way (but I only used demos/Zend/Wildfire/public because it was bundled and looked like web code...)
 [2020-01-27 07:48 UTC] w1zzard at gmx dot net
Seeing the same issue on 7.4.2. 

The error will appear only after certain number of classes loaded. If I remove one class, I can load another.
 [2020-01-27 08:30 UTC] nikic@php.net
-Status: Open +Status: Feedback -PHP Version: 7.4.0 +PHP Version: 7.4.2
 [2020-01-27 08:30 UTC] nikic@php.net
Do you make use of opcache.preload_user? If so, this might be bug #79128.
 [2020-01-27 11:06 UTC] w1zzard at gmx dot net
Correct, changing from opcache.preload_user=username to opcache.preload_user=root fixes the problem.

Thanks!

Why do the docs say "Preloading code as root is not allowed for security reasons. This directive facilitates to let the preloading to be run as another user."
 [2020-01-27 11:12 UTC] nikic@php.net
> Correct, changing from opcache.preload_user=username to opcache.preload_user=root fixes the problem.

I don't think that works. The referenced issue occurs with any use of opcache.preload_user, independent of whether it's root or not. Specifying root might just work by luck.

> Why do the docs say "Preloading code as root is not allowed for security reasons. This directive facilitates to let the preloading to be run as another user."

Preloading under root is not allowed by default, but explicit use of opcache.preload_user=root is allowed, if you do want to run preloading under root (e.g. if you use Docker and you're root anyway).
 [2020-01-27 11:33 UTC] w1zzard at gmx dot net
Indeed, the error happens with opcache.preload_user=root, too. I just got lucky on my first test run.

What's the recommended way to enable preloading now?

Empty opcache.preload_user results in Fatal Error "opcache.preload_user" has not been defined
 [2020-01-30 11:58 UTC] w1zzard at gmx dot net
Guess that means no preloading with 7.4.2 either - wait for 7.4.3
 [2020-02-09 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Dec 04 06:01:23 2020 UTC