php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63785 php-fpm segfault
Submitted: 2012-12-17 06:14 UTC Modified: 2012-12-25 10:22 UTC
Votes:4
Avg. Score:4.0 ± 1.0
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:3 (75.0%)
From: lys0212 at qq dot com Assigned:
Status: Open Package: FPM related
PHP Version: 5.3.16 OS: RHEL6.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: lys0212 at qq dot com
New email:
PHP Version: OS:

 

 [2012-12-17 06:14 UTC] lys0212 at qq dot com
Description:
------------
Recently, the new a server used to make web, configuration, software 
installation, etc. And now the production environment is the same. On-line soon 
found that /var/log/messages appear PHP-FPM segment error log
------------------------------------------------------------------------
Dec 14 16:57:15 localhost kernel: php-fpm[32231]: segfault at 3701788 ip 
00000000007e10b1 sp 00007fff7c27f2c0 error 4 in php-fpm[400000+a5c000]
Dec 14 16:57:16 localhost abrt[2735]: Saved core dump of pid 32231 
(/web/software/php/sbin/php-fpm) to /var/spool/abrt/ccpp-2012-12-14-16:57:15-
32231 (279961600 bytes)
Dec 14 16:57:16 localhost abrtd: Directory 'ccpp-2012-12-14-16:57:15-32231' 
creation detected
Dec 14 16:57:16 localhost abrtd: Executable '/web/software/php/sbin/php-fpm' 
doesn't belong to any package
Dec 14 16:57:16 localhost abrtd: 'post-create' on '/var/spool/abrt/ccpp-2012-12-
14-16:57:15-32231' exited with 1
Dec 14 16:57:16 localhost abrtd: Corrupted or bad directory 
/var/spool/abrt/ccpp-2012-12-14-16:57:15-32231, deleting
--------------------------------------------------------------
Then after punch, find this mistake occur only in a page, the page, but nothing 
special, but also in other production machine work well.
What is the cause?
The following is core dump information:

[root@localhost job]# gdb php -c core.32270 
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-56.el6)
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/php...(no debugging symbols found)...done.

warning: core file may not match specified executable file.
[New Thread 32270]
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Core was generated by `php-fpm: pool www                                                             
'.
Program terminated with signal 11, Segmentation fault.
#0  0x00000000007e10b1 in zend_mm_free_cache ()
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.80.el6.x86_64
(gdb) bt
#0  0x00000000007e10b1 in zend_mm_free_cache ()
#1  0x00007fca780e53e8 in ?? ()
#2  0x0000000001b5c978 in ?? ()
#3  0x00000000007fca4f in zend_error_noreturn ()
#4  0x0000000000000002 in ?? ()
#5  0x0000000001c1b060 in ?? ()
#6  0x00000000007a86af in virtual_stat ()
#7  0x00007fff7c27f580 in ?? ()
#8  0x6961625f6473732f in ?? ()
#9  0x2f7068702f696163 in ?? ()
#10 0x507463656a6f7270 in ?? ()
#11 0x6975626f6a2f5048 in ?? ()
#12 0x732f7070612f3456 in ?? ()
#13 0x2f626f6a2f657469 in ?? ()
#14 0x7068702e6f666e69 in ?? ()
#15 0x0070007068007000 in ?? ()
#16 0x000000007068702e in ?? ()
#17 0x0000000000000000 in ?? ()
(gdb)



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-12-17 06:28 UTC] aharvey@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

Specifically, we're going to need a backtrace with debug information, I think.
 [2012-12-17 06:28 UTC] aharvey@php.net
-Status: Open +Status: Feedback
 [2012-12-17 09:15 UTC] lys0212 at qq dot com
[root@localhost core]# gdb php -c core-php-fpm.16205
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-56.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/php...(no debugging symbols found)...done.

warning: core file may not match specified executable file.
[New Thread 16205]
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Core was generated by `php-fpm: pool www                                                             '.
Program terminated with signal 11, Segmentation fault.
#0  0x000000000081ba4a in zval_mark_grey ()
Missing separate debuginfos, use: debuginfo-install php-cli-5.3.3-3.el6_2.8.x86_64
(gdb) bt
#0  0x000000000081ba4a in zval_mark_grey ()
#1  0x000000000081ce07 in zend_closure_write_property ()
#2  0x0000000000000030 in ?? ()
#3  0x00000000007e060a in zend_mm_free_cache ()
#4  0x00000000007e060a in zend_mm_free_cache ()
#5  0x00007fff6c771e40 in ?? ()
#6  0x0000000000000001 in ?? ()
#7  0x7ca82b1131a2610d in ?? ()
#8  0x0000000000dba270 in ?? ()
#9  0x0000000000000000 in ?? ()
(gdb)
 [2012-12-17 09:15 UTC] lys0212 at qq dot com
-Status: Feedback +Status: Open
 [2012-12-17 09:24 UTC] lys0212 at qq dot com
[New Thread 16205]
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Core was generated by `php-fpm: pool www                                                             '.
Program terminated with signal 11, Segmentation fault.
#0  0x000000000081ba4a in php_stat (filename=Cannot access memory at address 0xffffffffffffed84
) at /root/php-5.3.16/ext/standard/filestat.c:861
861                             php_error_docref(NULL TSRMLS_CC, E_WARNING, "%sstat failed for %s", IS_LINK_OPERATION(type) ? "L" : "", filename);
Missing separate debuginfos, use: debuginfo-install php-cli-5.3.3-3.el6_2.8.x86_64
(gdb) bt
#0  0x000000000081ba4a in php_stat (filename=Cannot access memory at address 0xffffffffffffed84
) at /root/php-5.3.16/ext/standard/filestat.c:861
Cannot access memory at address 0x4
 [2012-12-17 09:24 UTC] lys0212 at qq dot com
-PHP Version: 5.3.19 +PHP Version: 5.3.16
 [2012-12-17 09:39 UTC] lys0212 at qq dot com
When I compile PHP use parameters --enable-debug, the period of mistake won't appear. In return, --disable-debug this parameter compiler, it appeared again. This is very puzzled
 [2012-12-18 02:50 UTC] laruence@php.net
is there any reproduce test script for this?

the bts seem randomly...
 [2012-12-19 09:25 UTC] lys0212 at qq dot com
(gdb) bt
#0  0x00000000007fe71a in _zend_mm_alloc_int ()
#1  0x000000000085dfaa in ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_TMP_HANDLER ()
#2  0x00007fff6629f770 in ?? ()
#3  0x0000000000000001 in ?? ()
#4  0x0000000000000003 in ?? ()
#5  0x0000000000000008 in ?? ()
#6  0x0000000000000000 in ?? ()
 [2012-12-19 09:31 UTC] lys0212 at qq dot com
When I use apache + PHP this kind of mistake won't appear. Use nginx + PHP-FPM will
 [2012-12-25 10:22 UTC] lys0212 at qq dot com
#0  0x0000003441288bfb in ?? ()
Missing separate debuginfos, use: debuginfo-install php-cli-5.3.3-3.el6_2.8.x86_64
(gdb) bt
#0  0x0000003441288bfb in ?? ()
#1  0x0000000000989624 in string_locale_compare_function (result=0x989624, op1=0x7f1e956df079, op2=0x6e6f4d79)
    at /root/php-5.3.19/Zend/zend_operators.c:1322
#2  0x00000000009df260 in ZEND_INIT_METHOD_CALL_SPEC_TMP_CV_HANDLER (execute_data=0x30e2718)
    at /root/php-5.3.19/Zend/zend_vm_execute.h:7590
#3  0x00000000009c3f6e in zend_leave_helper_SPEC (execute_data=0x9aba8e) at /root/php-5.3.19/Zend/zend_vm_execute.h:209
#4  0x000000000098fc8b in is_numeric_string (str=0x0, length=32767, lval=0x42b5c0, dval=0x7fff61a4b810, allow_errors=0)
    at /root/php-5.3.19/Zend/zend_operators.h:110
#5  0x00000000009178ca in _zval_dtor (zvalue=0x3, __zend_filename=0x4 <Address 0x4 out of bounds>, __zend_lineno=0)
    at /root/php-5.3.19/Zend/zend_variables.h:35
#6  0x0000000000a86c68 in timelib_timezone_lookup ()
#7  0x00007fff00000000 in ?? ()
#8  0x00000034ffffffff in ?? ()
#9  0x00007fff61a4fed8 in ?? ()
#10 0x00000003179f6000 in ?? ()
#11 0x0000000000000000 in ?? ()
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC