8000 phpredis coredump · Issue #875 · phpredis/phpredis · GitHub
[go: up one dir, main page]
Skip to content
phpredis coredump  #875
New issue
New issue
Closed
Closed
phpredis coredump #875
@destinyac

Description

@destinyac
destinyac
opened on Jul 9, 2016

my English is so pool , so ...
this problem was happened in php7、php5.

php coredump info:

(gdb) where
#0  0x0000003dcbf8ff08 in main_arena () from /lib64/libc.so.6
#1  0x000000000079fa29 in _php_stream_set_option (stream=0x23d95e0, option=12, value=0, 
    ptrparam=<value optimized out>) at /root/workspace/php-5.5.22/main/streams/streams.c:1357
#2  0x000000000079fad8 in _php_stream_eof (stream=0x23d95e0)
    at /root/workspace/php-5.5.22/main/streams/streams.c:781
#3  0x00007f5f33a705ec in redis_check_eof (redis_sock=0x7f5f32f1d990)
    at /root/workspace/php-5.5.22/ext/phpredis/library.c:148
#4  0x00007f5f33a70abf in redis_sock_write (redis_sock=0x7f5f32f1d990, 
    cmd=0x7f5f32f2c0a8 "*2\r\n$3\r\nGET\r\n$12\r\nxiyuan_test3\r\n", sz=32)
    at /root/workspace/php-5.5.22/ext/phpredis/library.c:1805
#5  0x00007f5f33a68bb8 in zim_Redis_get (ht=1, return_value=0x7f5f32f24638, return_value_ptr=0x7fff177895d0, 
    this_ptr=0x7f5f32f154b8, return_value_used=1) at /root/workspace/php-5.5.22/ext/phpredis/redis.c:1299
#6  0x00000000007dabd2 in zend_call_function (fci=0x7fff17789550, fci_cache=<value optimized out>)
    at /root/workspace/php-5.5.22/Zend/zend_execute_API.c:952
#7  0x00000000006fffa7 in zif_call_user_func_array (ht=<value optimized out>, return_value=0x7f5f32f248d8, 
    return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, 
    return_value_used=<value optimized out>) at /root/workspace/php-5.5.22/ext/standard/basic_functions.c:4813
#8  0x000000000086a843 in zend_do_fcall_common_helper_SPEC (execute_data=<value optimized out>)
    at /root/workspace/php-5.5.22/Zend/zend_vm_execute.h:550
#9  0x000000000085c0c0 in execute_ex (execute_data=0x7f5f39e83b50)
    at /root/workspace/php-5.5.22/Zend/zend_vm_execute.h:363
#10 0x00000000007dac2e in zend_call_function (fci=0x7fff17789860, fci_cache=<value optimized out>)
    at /root/workspace/php-5.5.22/Zend/zend_execute_API.c:934
#11 0x0000000000800d47 in zend_call_method (object_pp=0x7fff17789988, obj_ce=<value optimized out>, 
    fn_proxy=0x7f5f32f1d438, function_name=0xd96513 "__call", function_name_len=<value optimized out>, 
    retval_ptr_ptr=0x7fff17789998, param_count=2, arg1=0x7f5f32f1fd38, arg2=0x7f5f32f16828)
    at /root/workspace/php-5.5.22/Zend/zend_interfaces.c:97
#12 0x000000000080f6ed in zend_std_call_user_call (ht=<value optimized out>, return_value=0x7f5f32f23e18, 
    return_value_ptr=<value optimized out>, this_ptr=0x7f5f32f15430, return_value_used=<value optimized out>)
    at /root/workspace/php-5.5.22/Zend/zend_object_handlers.c:899
#13 0x000000000086a843 in zend_do_fcall_common_helper_SPEC (execute_data=<value optimized out>)
    at /root/workspace/php-5.5.22/Zend/zend_vm_execute.h:550
#14 0x000000000085c0c0 in execute_ex (execute_data=0x7f5f39e83778)
    at /root/workspace/php-5.5.22/Zend/zend_vm_execute.h:363
#15 0x00000000007dac2e in zend_call_function (fci=0x7fff17789c30, fci_cache=<value optimized out>)
(gdb) zbacktrace
[0x7f0547e15bf0] Redis->get("u_c_2788480652167_dr") [internal function]
[0x7f0547e15b70] call_user_func_array(array(2)[0x7f0547e15bd0], array(1)[0x7f0547e15be0]) [internal function]
[0x7f0547e15a80] Beatles\Utils\Redis->__call("get", array(1)[0x7f0547e15af0]) /home/webroot/beatles/public/phputils/libraries/redis.php:98 
[0x7f0547e159c0] Beatles\Api\Helper\UserCounter::getCount("2788480652167", 2) /home/webroot/beatles/application/api/helper/usercounter.php:273 
[0x7f0547e15910] Beatles\Api\Helper\User::getUserTripNum("2788480652167") /home/webroot/beatles/application/api/helper/user.php:160 
[0x7f0547e157c0] Beatles\Api\Helper\User::getUserDesc("2788480652167", 2, NULL, "4.3.5") /home/webroot/beatles/application/api/helper/user.php:173 
[0x7f0547e153a0] Beatles\Api\Controller\Driver\Order\NearbyList->index(array(2)[0x7f0547e15400]) /home/webroot/beatles/application/api/controller/driver/order/nearbylist.php:433 
[0x7f0547e15320] call_user_func_array(array(2)[0x7f0547e15380], array(1)[0x7f0547e15390]) [internal function]
[0x7f0547e15280] Beatles\Framework\Base\Router->run(array(2)[0x7f0547e152e0]) /home/webroot/beatles/public/phputils/base/router.php:109 
[0x7f0547e15140] (main) /home/webroot/beatles/public/phputils/framework.php:79 
[0x7f0547e15030] (main) /home/webroot/beatles/application/api/index.php:116

repeate code :

<?php
//step 1
try{
    $redis1 = testRedis();
    if($redis1) {
        var_dump($redis1->get('xiyuan_test1'));
        echo "\n";
    }
}catch(\RedisException $e){
    echo 'redis error1: errno='.$e->getCode().' errmsg='.$e->getMessage()."\n";
}

//step 2
try{
    $redis2 = testRedis();
    sleep(10);
    if($redis2) {
        var_dump($redis2->get('xiyuan_test2'));   //  kill redis-server(/home/redis/bin/redis-server /home/redis/redis.conf && sleep 5 && ps -ef |grep redis |awk '{print $2}'|xargs kill -9) , force redis connection lost .
        echo "\n";
    }
}catch(\RedisException $e){
    echo 'redis error2: errno='.$e->getCode().' errmsg='.$e->getMessage()."\n";
}

//step 3
try{
    if($redis1){
        var_dump($redis1->get('xiyuan_test3'));  // at this line , core 
        echo "\n";
    }
}catch(\RedisException $e){
    echo 'redis error3: errno='.$e->getCode().' errmsg='.$e->getMessage()."\n";
}

function testRedis($ip='127.0.0.1',$port=6379,$timeout=0,$index=0){
    try{
        $instance = new \Redis();
        $instance->pconnect($ip, $port, $timeout);
        if($instance->select($index)){
            return $instance;
        }
    }catch(\RedisException $e){
        echo 'redis error4: errno='.$e->getCode().' errmsg='.$e->getMessage()."\n";
        return false;
    }
}

program output :

`(gdb)` run test.php
Starting program: /usr/local/php/bin/php test.php
[Thread debugging using libthread_db enabled]
PHP Warning:  PHP Startup: taint: Unable to initialize module
Module compiled with module API=20090626
PHP    compiled with module API=20121212
These options need to match
 in Unknown on line 0
bool(false)
redis error2: errno=0 errmsg=Connection lost
Program received signal SIGSEGV, Segmentation fault.
0x0000000300001800 in ?? ()

Analysision && bug fix suggestion

step 1: new Redis1

Redis1 -> RedisSocket ->  stream -> phpstream->context->fd

step 2: new Redis2

Redis1 -> RedisSocket ->  
                         \
                             stream -> phpstream->context->fd
                         /
Redis2-> RedisSocket ->

step2.1 $redis2->get

$redis2->get->redis_socket_write->check_stream_eof(*stream connection lost) -> php_stream_pclose(free *stream  and resouce ).

and then Redis2->redis_socket->stream = NULL;
but Redis1->redis_socket->stream is still exist. so the Redis1->redis_socket->stream is illegal.

step 3 $redis1->get

$redis1->get->redis_socket_write->check_stream_eof(core dump)

because $redis1->redis_socket->stream has been free. so when check_stream_eof then core dump.

fix suggestion:

avoid muti Redis instance has the same *php_stream.
php:
use singleton ," ip+port+timeout" as key ;

phpredis
php_stream use singleton ," ip+port+timeout" as key ;

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0