Opcache crashed with PHP7

[ryukoui]

I am testing PHP7 for my web applications. Some of them are worked fine.But one give me segfault.

Here is the backtrace below.

Program received signal SIGBUS, Bus error.
0x00007fffe16c1724 in zend_bitset_in (n=4294967290, set=0x7fffe7f39410) at /root/php-src-php-7.0.0RC4/Zend/zend_bitset.h:51
51              return (set[ZEND_BITSET_ELM_NUM(n)] & (Z_UL(1) << ZEND_BITSET_BIT_NUM(n))) != Z_UL(0);
(gdb) bt
#0  0x00007fffe16c1724 in zend_bitset_in (n=4294967290, set=0x7fffe7f39410) at /root/php-src-php-7.0.0RC4/Zend/zend_bitset.h:51
#1  zend_t_usage (block=0x7fffe7f2a050, used_ext=used_ext@entry=0x7fffe7f39fe0, ctx=ctx@entry=0x7fffffffb9f0, op_array=0x7fffe7e6ce08, op_array=0x7fffe7e6ce08, op_array=0x7fffe7e6ce08)
    at /root/php-src-php-7.0.0RC4/ext/opcache/Optimizer/block_pass.c:1819
#2  0x00007fffe16c3802 in optimize_cfg (op_array=op_array@entry=0x7fffe7e6ce08, ctx=ctx@entry=0x7fffffffb9f0) at /root/php-src-php-7.0.0RC4/ext/opcache/Optimizer/block_pass.c:1982
#3  0x00007fffe16bc17b in zend_optimize (ctx=0x7fffffffb9f0, op_array=0x7fffe7e6ce08) at /root/php-src-php-7.0.0RC4/ext/opcache/Optimizer/zend_optimizer.c:471
#4  zend_accel_optimize (op_array=op_array@entry=0x7fffe7e6ce08, ctx=ctx@entry=0x7fffffffb9f0) at /root/php-src-php-7.0.0RC4/ext/opcache/Optimizer/zend_optimizer.c:543
#5  0x00007fffe16bcf03 in zend_accel_script_optimize (script=script@entry=0x7fffe7e6ce00) at /root/php-src-php-7.0.0RC4/ext/opcache/Optimizer/zend_optimizer.c:620
#6  0x00007fffe16adae5 in cache_script_in_shared_memory (from_shared_memory=<synthetic pointer>, key_length=92,
    key=0x7fffe7e59118 "/var/www/venus_4.0/cache/developdevelopmaster/inotify_daemon/gseleven/web_TEST_mergeconf.inc", new_persistent_script=0x7fffe7e6ce00)
    at /root/php-src-php-7.0.0RC4/ext/opcache/ZendAccelerator.c:1213
#7  persistent_compile_file (file_handle=<optimized out>, type=2) at /root/php-src-php-7.0.0RC4/ext/opcache/ZendAccelerator.c:1783
#8  0x00007fffeb160765 in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER () at /root/php-src-php-7.0.0RC4/Zend/zend_vm_execute.h:29148
#9  0x00007fffeb11b44b in execute_ex (ex=<optimized out>) at /root/php-src-php-7.0.0RC4/Zend/zend_vm_execute.h:414
#10 0x00007fffeb1647b7 in zend_execute (op_array=0x7fffe7e76000, op_array@entry=0x7fffcdabebb8, return_value=return_value@entry=0x7fffe7e12700) at /root/php-src-php-7.0.0RC4/Zend/zend_vm_execute.h:458
#11 0x00007fffeb0e04f4 in zend_execute_scripts (type=type@entry=8, retval=0x7fffe7e12700, retval@entry=0x0, file_count=file_count@entry=3) at /root/php-src-php-7.0.0RC4/Zend/zend.c:1428
#12 0x00007fffeb085470 in php_execute_script (primary_file=primary_file@entry=0x7fffffffdf30) at /root/php-src-php-7.0.0RC4/main/main.c:2471
#13 0x00007fffeb1660a2 in php_handler (r=<optimized out>) at /root/php-src-php-7.0.0RC4/sapi/apache2handler/sapi_apache2.c:678
#14 0x0000555555593150 in ap_run_handler ()
#15 0x0000555555593699 in ap_invoke_handler ()
#16 0x00005555555a7a1a in ap_process_async_request ()
#17 0x00005555555a7cf4 in ap_process_request ()
#18 0x00005555555a4682 in ap_process_http_connection ()
#19 0x000055555559c720 in ap_run_process_connection ()
#20 0x00007fffeda1980f in child_main () from /etc/httpd/modules/mod_mpm_prefork.so
#21 0x00007fffeda19a0c in make_child () from /etc/httpd/modules/mod_mpm_prefork.so
#22 0x00007fffeda1a791 in prefork_run () from /etc/httpd/modules/mod_mpm_prefork.so
#23 0x000055555557950e in ap_run_mpm ()
#24 0x0000555555572b36 in main ()

Maybe this is a php7 core problem but I have no idea, so I ask here first.

Here is the opcache setting

zend_extension=/usr/lib64/php/modules/opcache.so
opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.fast_shutdown=1
opcache.blacklist_filename=/etc/php.d/opcache*.blacklist

Some extra info:

• CentOS Linux release 7.1.1503
• Apache/2.4.6
• PHP 7.0.0RC4
• Zend OPcache v7.0.6-dev

This is a very major issue to me so hope this help.

[dstogov]

This looks like some problem in opcache optimizer. Can you check what file/function caused a crash and send it to me. (You'll need to print "(char_)oparray.filenam->val" and "(char)op_array.function_name.val" from the upper frame.

[ryukoui]

Thanks for your reply @dstogov

I am not sure I did the right operation and got the right value, because I am not familiar with gdb debug. This is my answer below.

(gdb) frame 1
#1  zend_t_usage (block=0x7fffe7f2a050, used_ext=used_ext@entry=0x7fffe7f39fe0, ctx=ctx@entry=0x7fffffffb9f0, op_array=0x7fffe7e6ce08, op_array=0x7fffe7e6ce08, op_array=0x7fffe7e6ce08)
    at /root/php-src-php-7.0.0RC4/ext/opcache/Optimizer/block_pass.c:1819
1819                            T_USAGE(opline->op1);
(gdb) print (char)op_array.filename->val
$1 = 24 '\030'
(gdb) print (char)op_array.function_name.val
$2 = 24 '\030'

Sorry about my bad english by the way. Hope this help.

[dstogov]

Not yet, I forgot star, sorry. (gdb) print (char_)oparray.filename->val (gdb) print (char)op_array.function_name.val Then I need the source of that function. you may email it directly to

[nikic]

(gdb) print (char*)op_array.filename->val
(gdb) print (char*)op_array.function_name.val

You didn't forget the star, Markdown dropped it ;)

[ryukoui]

Thanks for your infomation @dstogov @nikic Now I know what I am doing.

I got the filename but no function_name instead of the message below.

$11 = 0x18 <Address 0x18 out of bounds>

There are no custom function in that file. That file is a configuration file which had been automatically generated by merge several files. There are only define functions and small logic like if statements.

I will email you @dstogov that file, but I cannot send you the original one. Because there are really critical infos about security inside, so I deleted those. But don't worry, this one will crash in the same way as the original one.

[ryukoui]

Hi, This is the file in question.

I really appreciate for your help.

2015-10-01 20:50 GMT+09:00 Nikita Popov notifications@github.com:

(gdb) print (char_)oparray.filename->val (gdb) print (char)op_array.function_name.val

You didn't forget the star, Markdown dropped it ;)

— Reply to this email directly or view it on GitHub https://github.com/zendtech/ZendOptimizerPlus/issues/219#issuecomment-144705328 .