Segmentation fault with php7.1

[imaben]

OS: CentOS Linux release 7.3.1611 (Core)

PHP: PHP 7.1.2

stack:

Core was generated by `php-fpm: pool www '. Program terminated with signal 11, Segmentation fault.

0 0x00007f7a0efe92d3 in mmc_value_handler_multi (key=0x7ffff953bee0 "dao_key_pk_v2_1_user_db_seo_search_words_645574", key_len=47, value=0x7ffff953beb0, flags=1, cas=0, param=0x7ffff953c150) at /home/work/pecl-memcache-4.0.4/php7/memcache.c:1754

1754 /home/work/pecl-memcache-4.0.4/php7/memcache.c: No such file or directory. Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-13.el7.x86_64 cyrus-sasl-lib-2.1.26-20.el7_2.x86_64 expat-2.1.0-10.el7_3.x86_64 fontconfig-2.10.95-10.el7.x86_64 glibc-2.17-157.el7_3.1.x86_64 gmp-6.0.0-12.el7_1.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.14.1-27.el7_3.x86_64 libcom_err-1.42.9-9.el7.x86_64 libcurl-7.43.0-1.el7.x86_64 libgcc-4.8.5-11.el7.x86_64 libgcrypt-1.5.3-13.el7_3.1.x86_64 libgomp-4.8.5-11.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libidn-1.28-4.el7.x86_64 libselinux-2.5-6.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 libstdc++-4.8.5-11.el7.x86_64 libxml2-2.9.1-6.el7_2.3.x86_64 nspr-4.11.0-1.el7_2.x86_64 nss-3.21.3-2.el7_3.x86_64 nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64 nss-util-3.21.3-1.1.el7_3.x86_64 openldap-2.4.40-13.el7.x86_64 openssl-libs-1.0.1e-60.el7.x86_64 pcre-8.32-15.el7_2.1.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64 (gdb) bt

0 0x00007f7a0efe92d3 in mmc_value_handler_multi (key=0x7ffff953bee0 "dao_key_pk_v2_1_user_db_seo_search_words_645574", key_len=47, value=0x7ffff953beb0, flags=1, cas=0, param=0x7ffff953c150) at /home/work/pecl-memcache-4.0.4/php7/memcache.c:1754

1 0x00007f7a0efedb85 in mmc_unpack_value (mmc=mmc@entry=0x21b1840, request=request@entry=0x7f7a13ca8900, buffer=buffer@entry=0x7f7a13ca8928,

key=key@entry=0x7f7a13ca8ab8 "dao_key_pk_v2_1_user_db_seo_search_words_645574", key_len=47, flags=1, cas=0, bytes=bytes@entry=106)
at /home/work/pecl-memcache-4.0.4/php7/memcache_pool.c:500

2 0x00007f7a0eff3aa2 in mmc_server_read_value (mmc=0x21b1840, request=0x7f7a13ca8900) at /home/work/pecl-memcache-4.0.4/php7/memcache_ascii_protocol.c:190

3 0x00007f7a0efefb0c in mmc_pool_select (pool=pool@entry=0x7f79454eb500) at /home/work/pecl-memcache-4.0.4/php7/memcache_pool.c:1559

4 0x00007f7a0eff06a8 in mmc_pool_run (pool=0x7f79454eb500) at /home/work/pecl-memcache-4.0.4/php7/memcache_pool.c:1645

5 0x00007f7a0efea6f3 in php_mmc_store (execute_data=, return_value=0x7f7a13c14d50, op=1) at /home/work/pecl-memcache-4.0.4/php7/memcache.c:697 #6 0x00000000008bfb78 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /opt/px/php-7.1.2/Zend/zend_vm_execute.h:1097

7 0x000000000086ef7b in execute_ex (ex=) at /opt/px/php-7.1.2/Zend/zend_vm_execute.h:429

8 0x00000000008c1e04 in zend_execute (op_array=0x7f7a13c700e0, op_array@entry=0x7f794b188950, return_value=return_value@entry=0x7f7a13c14cb0)

at /opt/px/php-7.1.2/Zend/zend_vm_execute.h:474

9 0x000000000082a454 in zend_execute_scripts (type=type@entry=8, retval=0x7f7a13c14cb0, retval@entry=0x0, file_count=file_count@entry=3)

at /opt/px/php-7.1.2/Zend/zend.c:1475

10 0x00000000007cbe50 in php_execute_script (primary_file=primary_file@entry=0x7ffff953e620) at /opt/px/php-7.1.2/main/main.c:2537

11 0x000000000044262c in main (argc=, argv=) at /opt/px/php-7.1.2/sapi/fpm/fpm/fpm_main.c:1966

[tomassrnka]

Hi,

unfortunately, I can't reproduce the bug. Installed PHP 7.1 on CentOS 7.7 from REMI's repository and all seems to be working fine.

Could you please provide code that crashes PHP? Could you please provide "php -i"?

Thanks, Tomas

[imaben]

@tomassrnka Thanks for your reply. This error occurs occasionally，It is more likely to occur when memcache restarting. Debugging with gdb can find that the variable address taken out on line 1751 is unreadable. Sorry, till now I haven't found the conditions to reproduce this error.

[shmel1k]

Hi. I have the conditions to reproduce.

I have at least 10 fpms with some kind of load(100-200rps prob) on them. I have at least 2 servers in configuration. I restart one of them and get SEGFAULT.

[imaben]

@shmel1k awesome!

[shmel1k]

I have such kind of stacktrace by the way

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f4345fc7d93 in mmc_value_handler_single () from /usr/lib/php/20170718/memcache.so
(gdb) bt
#0  0x00007f4345fc7d93 in mmc_value_handler_single () from /usr/lib/php/20170718/memcache.so
#1  0x00007f4345fcce8d in mmc_unpack_value () from /usr/lib/php/20170718/memcache.so
#2  0x00007f4345fd2c9c in ?? () from /usr/lib/php/20170718/memcache.so
#3  0x00007f4345fced04 in mmc_pool_select () from /usr/lib/php/20170718/memcache.so
#4  0x00007f4345fcf7a8 in mmc_pool_run () from /usr/lib/php/20170718/memcache.so
#5  0x00007f4345fc97a2 in ?? () from /usr/lib/php/20170718/memcache.so

Looks like all resources are freed in another C(not php) thread, but idk. Checks like

if (!result) { return -1; }

do not work. If they dont, I think, that it is some kind of race issue

[imaben]

@shmel1k Hi, Could you please provide code that crashes PHP?

[shmel1k]

Hi!

Nothing diffucult, something like

Init script

$m = new Memcache();
$m->addServer($host1, $port1); // persistent
$m->addServer($host2, $port2); // persistent

Somewhere in php-fpm logic

$m->set('some_key', 'some_value', 42);
$m->get('some_key');