php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #70392 SIGSEGV during PHP shutdown
Submitted: 2015-08-30 17:09 UTC Modified: 2015-09-11 09:23 UTC
From: pegasus at vaultwiki dot org Assigned: dmitry (profile)
Status: Closed Package: *General Issues
PHP Version: 7.0Git-2015-08-30 (Git) OS: Centos 7 64-bit
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: pegasus at vaultwiki dot org
New email:
PHP Version: OS:

 

 [2015-08-30 17:09 UTC] pegasus at vaultwiki dot org 
Description:
------------
I have noticed in my logs for several months that PHP has been throwing SIGSEGV at random times that do not seem to correspond to any scripts when comparing against timestamps in the web server's access logs. It would be incredibly useful if PHP's error logs would include the REQUEST_URI+QUERY_STRING that led to a segfault. I ran a backtrace on the coredump a while back and was disheartened because there was no execute frame that might suggest what PHP code or script causes this error.

I was hoping you guys would magically find the problem before release, but we're in RC now and I still get the errors in my logs. From what I remember, if I don't have --enable-debug in my configure and this error occurs, the FPM shuts down and must be restarted manually. Since it can do this in the middle of the night when no staff is awake, it can be a serious problem.

Here is the backtrace:
####
#0  0x0000000000946aa0 in zend_mm_find_leaks_small (p=0x7f0499600000, i=510,
    j=25, leak=0x7fff54486290)
    at /home/***/php-src-c68fa93/Zend/zend_alloc.c:1957
#1  0x0000000000946c0d in zend_mm_find_leaks (heap=0x7f04d9e00040,
    p=0x7f0499600000, i=510, leak=0x7fff54486290)
    at /home/***/php-src-c68fa93/Zend/zend_alloc.c:1985
#2  0x0000000000947006 in zend_mm_check_leaks (heap=0x7f04d9e00040)
    at /home/***/php-src-c68fa93/Zend/zend_alloc.c:2070
#3  0x00000000009472c6 in zend_mm_shutdown (heap=0x7f04d9e00040, full=0,
    silent=0) at /home/robotnik/php-src-c68fa93/Zend/zend_alloc.c:2135
#4  0x0000000000948159 in shutdown_memory_manager (silent=0, full_shutdown=0)
    at /home/***/php-src-c68fa93/Zend/zend_alloc.c:2578
#5  0x00000000008eac78 in php_request_shutdown (dummy=0x0)
    at /home/***/php-src-c68fa93/main/main.c:1837
#6  0x0000000000a47245 in main (argc=8, argv=0x7fff54486a78)
    at /home/***/php-src-c68fa93/sapi/fpm/fpm/fpm_main.c:1969
####

If you can give me some idea how to help you solve this issue faster, please let me know. As there is no execute frame, I cannot debug this in the normal way.

According to frame 0, this is the line in zend_alloc.c that causes the segfault:
####
if (dbg->size != 0) {
####

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-08-31 13:43 UTC] laruence@php.net 
hmm, we can not do something useful here if you don't have a way to reproduce it :<
 [2015-08-31 13:46 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2015-08-31 13:55 UTC] laruence@php.net
-Assigned To: +Assigned To: dmitry
 [2015-08-31 13:55 UTC] laruence@php.net 
Dmitry, can you see anything useful here?
 [2015-08-31 16:30 UTC] dmitry@php.net 
The crash on line "if (dbg->size != 0)" is possible only when "dbg" is invalid.
The crash occured on processing 25-th element of 510-th page.
We allocate 512 pages at once. So I assume "dbg" somehow points into page after 512.

I don't see how this may happen yet.

Can you show the values of "dbg" and "bin_num"?
 [2015-08-31 18:09 UTC] pegasus at vaultwiki dot org 
How would I output the value?
 [2015-09-01 17:27 UTC] dmitry@php.net 
p dbg
p bin_num
 [2015-09-02 10:09 UTC] dmitry@php.net 
Please check the latest git version.
The following commit might fix the problem.

http://git.php.net/?p=php-src.git;a=commitdiff;h=111bd5d8c45a9c44b2e39951e6a1a543a893f8bd
 [2015-09-02 12:16 UTC] pegasus at vaultwiki dot org 
I will try the new commit and watch the logs for a few days to see if the error still occurs. I will also work on getting you the output of those variables next time I am at the terminal.
 [2015-09-07 20:20 UTC] pegasus at vaultwiki dot org 
After a few days, issue persists using the suggested commit (different line numbers):

###
#0  0x000000000094733b in zend_mm_find_leaks_small (p=0x7f7df2200000, i=510,
    j=6, leak=0x7fffbe955cf0)
    at /home/***/php-src-0f74bae/Zend/zend_alloc.c:1966
1966                    if (dbg->size != 0) {
###

p dbg
$1 = (zend_mm_debug_info *) 0x7f7df24002e0

p bin_num
$2 = 24

p dbg->size
Cannot access memory at address 0x7f7df24002e0

p leak->filename
$3 = 0xfe5540 "/home/***/php-src-0f74bae/Zend/zend_vm_execute.h"

p leak->lineno
$4 = 15242

I have not checked exhaustively, but when comparing to other instances of the error, it seems bin_num = 24 is a pattern here (and dbg->size is always inaccessible).
 [2015-09-08 14:27 UTC] dmitry@php.net 
Thank you for feedback. It's really helpful.
Please check the latest git version.
The following commit might fix the problem.

http://git.php.net/?p=php-src.git;a=commitdiff;h=aa3fd8c849dc9d05ff1dcd9e21ca63b69cda8f61
 [2015-09-10 21:50 UTC] pegasus at vaultwiki dot org 
This SIGSEGV appears to be resolved by the suggested commit. If I come up against any more segfaults, I'll report them accordingly.
 [2015-09-11 09:23 UTC] dmitry@php.net
-Status: Feedback +Status: Closed
 [2015-09-11 09:23 UTC] dmitry@php.net 
Thanks for feedback. It was very useful and allowed to fix few very serious bugs.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun May 05 07:01:32 2024 UTC