Description of problem: If a php module is loaded twice, i.e., the "extension" line is duplicated as follows: # cat /etc/opt/rh/rh-php71/php.d/20-curl.ini ; Enable curl extension module extension=curl.so extension=curl.so httpd/php is aborted when reloaded: # systemctl reload httpd24-httpd Version-Release number of selected component (if applicable): rh-php71-php-7.1.8-1.el7.x86_64 httpd24-httpd-2.4.34-7.el7.1.x86_64 How reproducible: Steps to Reproduce: 1. modify /etc/opt/rh/rh-php71/php.d/20-curl.ini: # cat /etc/opt/rh/rh-php71/php.d/20-curl.ini ; Enable curl extension module extension=curl.so extension=curl.so 2. systemctl start httpd24-httpd 3. systemctl reload httpd24-httpd 4. httpd aborted: *** Error in `/opt/rh/httpd24/root/usr/sbin/httpd': free(): invalid pointer: 0x0000558e06d423b0 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x81489)[0x7f826dc40489] /opt/rh/httpd24/root/etc/httpd/modules/librh-php71-php7.so(+0xc8235)[0x7f826055c235] /opt/rh/httpd24/root/etc/httpd/modules/librh-php71-php7.so(zend_error+0x2c9)[0x7f826055e3ba] /opt/rh/httpd24/root/etc/httpd/modules/librh-php71-php7.so(zend_register_module_ex+0x3d2)[0x7f82606ea5b2] /opt/rh/httpd24/root/etc/httpd/modules/librh-php71-php7.so(php_load_extension+0x106)[0x7f8260625976] /opt/rh/httpd24/root/etc/httpd/modules/librh-php71-php7.so(zend_llist_apply+0x1e)[0x7f82606d680e] /opt/rh/httpd24/root/etc/httpd/modules/librh-php71-php7.so(+0x1f42da)[0x7f82606882da] /opt/rh/httpd24/root/etc/httpd/modules/librh-php71-php7.so(php_module_startup+0x719)[0x7f8260680ae9] /opt/rh/httpd24/root/etc/httpd/modules/librh-php71-php7.so(+0x2ecb65)[0x7f8260780b65] /opt/rh/httpd24/root/etc/httpd/modules/librh-php71-php7.so(+0x2ed7b5)[0x7f82607817b5] /opt/rh/httpd24/root/usr/sbin/httpd(ap_run_post_config+0x59)[0x558e058b18c9] /opt/rh/httpd24/root/usr/sbin/httpd(main+0xa5a)[0x558e0588bd6a] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f826dbe13d5] /opt/rh/httpd24/root/usr/sbin/httpd(+0x21f20)[0x558e0588bf20] Actual results: Expected results: Additional info:
When `systemctl reload httpd24-httpd`, core_globals_dtor is invoked at shutting down php engine, and `core_globals.last_error_message` is freed in core_globald_dtor:1958 but still keeps its pointer value. (gdb) break main.c:1039 Breakpoint 1 at 0x7f8854a85225: file /usr/src/debug/php-7.1.8/main/main.c, line 1039. (gdb) break main.c:1958 Breakpoint 2 at 0x7f8854baa1fd: file /usr/src/debug/php-7.1.8/main/main.c, line 1958. (gdb) c Continuing. (gdb) break main.c:1039 Breakpoint 1 at 0x7f8854a85225: file /usr/src/debug/php-7.1.8/main/main.c, line 1039. (gdb) break main.c:1958 Breakpoint 2 at 0x7f8854baa1fd: file /usr/src/debug/php-7.1.8/main/main.c, line 1958. (gdb) c Continuing. Program received signal SIGUSR1, User defined signal 1. 0x00007fe27bf89f53 in __select_nocancel () at ../sysdeps/unix/syscall-template.S:81 81 T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) (gdb) c Continuing. Breakpoint 1, core_globals_dtor (core_globals=0x7fe26ed9fb00 <core_globals>) at /usr/src/debug/php-7.1.8/main/main.c:1958 1958 free(core_globals->last_error_message); (gdb) print core_globals.last_error_message $1 = 0x55badd590de0 "Module 'sqlsrv' already loaded" (gdb) l 1952 1953 /* {{{ core_globals_dtor 1954 */ 1955 static void core_globals_dtor(php_core_globals *core_globals) 1956 { 1957 if (core_globals->last_error_message) { 1958 free(core_globals->last_error_message); 1959 } 1960 if (core_globals->last_error_file) { 1961 free(core_globals->last_error_file); Then, the process is restared. At this time, `core_globals.last_error_message` keeps non-null value and is freed again in php_error_cb#1041: (gdb) c Continuing. Breakpoint 2, php_error_cb (type=32, error_filename=0x7fe26ea59802 "Unknown", error_lineno=0, format=<optimized out>, args=<optimized out>) at /usr/src/debug/php-7.1.8/main/main.c:1040 1040 PG(last_error_message) = NULL; (gdb) print core_globals.last_error_message $2 = 0x55badd590de0 "" (gdb) s 1041 free(s); (gdb) l 1036 /* store the error if it has changed */ 1037 if (display) { 1038 if (PG(last_error_message)) { 1039 char *s = PG(last_error_message); 1040 PG(last_error_message) = NULL; 1041 free(s); 1042 } 1043 if (PG(last_error_file)) { 1044 char *s = PG(last_error_file); 1045 PG(last_error_file) = NULL; (gdb)
core_globals->last_error_message should be clear with NULL: [hokuda@dhcp-193-78 php-7.1.8]$ diff -u main/main.c.org main/main.c --- main/main.c.org 2017-08-02 02:36:55.000000000 +0900 +++ main/main.c 2019-07-17 15:14:43.463973027 +0900 @@ -1956,6 +1956,7 @@ { if (core_globals->last_error_message) { free(core_globals->last_error_message); + core_globals->last_error_message = NULL; } if (core_globals->last_error_file) { free(core_globals->last_error_file); [hokuda@dhcp-193-78 php-7.1.8]$
About duplicate module, this is detected and reported in httpd error_log PHP Warning: Module 'curl' already loaded in Unknown on line 0 So easy to fix BTW, I'm unable to reproduce this segfault, with all rh-* packages installed. What is the installed extensions ? $ rpm -qa rh-php71\* | sort $ scl enable rh-php71 "php -m"
I suspect some extension to badly log some message during its shutdown script. PR open for upstream discussion https://github.com/php/php-src/pull/4428
Fixed upstream by https://github.com/php/php-src/commit/e5beb4e828b2b9b3d79642bd407813c824950310 (in 7.1.9)
In accordance with the Red Hat Software Collections Product Life Cycle, the support period for this collection has ended. New bug fix, enhancement, and security errata updates, as well as technical support services will no longer be made available for this collection. Customers are encouraged to upgrade to a later release. Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/