php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71182 SIGSEGV at php-fpm 7.0.1
Submitted: 2015-12-21 14:52 UTC Modified: 2017-01-12 14:37 UTC
Votes:12
Avg. Score:4.4 ± 0.8
Reproduced:12 of 12 (100.0%)
Same Version:12 (100.0%)
Same OS:2 (16.7%)
From: mfractal at gmail dot com Assigned: krakjoe (profile)
Status: Closed Package: FPM related
PHP Version: 7.0.1 OS: Ubuntu 14.04.3 LTS
Private report: No CVE-ID: None
 [2015-12-21 14:52 UTC] mfractal at gmail dot com
Description:
------------
Using nginx with php7 fpm running invision board ipboard forum software we get a lot of SIGSEGV errors in fpm log. 

Mods enabled for that instance are : json, mysqli, opcache (not in use even) and pdo_mysql. With opcache enabled the frequency of the crashes increases dramatically and eventually php freezes and requires a restart to start working again. Without opcache the frequency of SEGV errors decreases but they are still there.

Crash dumps all point to lex_scan. Here's an example dump :

Every single dump looks like this :

[New LWP 32341]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `php-fpm: pool www                                                          '.
Program terminated with signal SIGBUS, Bus error.
#0  lex_scan (zendlval=zendlval@entry=0x7ffe8c2723b0) at Zend/zend_language_scanner.c:2046
2046	Zend/zend_language_scanner.c: No such file or directory.
(gdb) bt
#0  lex_scan (zendlval=zendlval@entry=0x7ffe8c2723b0) at Zend/zend_language_scanner.c:2046
#1  0x000000000075958b in zendlex (elem=elem@entry=0x7ffe8c272470)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_compile.c:1573
#2  0x000000000073dd5e in zendparse () at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_language_parser.c:4209
#3  0x000000000074181b in compile_file (file_handle=file_handle@entry=0x7ffe8c273050, type=<optimised out>)
    at Zend/zend_language_scanner.l:591
#4  0x00000000007673c2 in dtrace_compile_file (file_handle=0x7ffe8c273050, type=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:50
#5  0x00000000005d3b83 in phar_compile_file (file_handle=<optimised out>, type=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/ext/phar/phar.c:3311
#6  0x0000000000741a05 in compile_filename (type=8, filename=filename@entry=0x7f25c2216530)
    at Zend/zend_language_scanner.l:647
#7  0x00000000007f7c37 in ZEND_INCLUDE_OR_EVAL_SPEC_TMPVAR_HANDLER ()
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:40559
#8  0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#9  0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#10 0x00000000007eed70 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:800
#11 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#12 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#13 0x00000000007eed70 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:800
#14 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#15 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
---Type <return> to continue, or q <return> to quit---
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#16 0x00000000007eed70 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:800
#17 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#18 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#19 0x0000000000768d2c in zend_call_function (fci=fci@entry=0x7ffe8c273620, fci_cache=fci_cache@entry=0x7ffe8c2735f0)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_execute_API.c:854
#20 0x0000000000792124 in zend_call_method (object=object@entry=0x7ffe8c273710, obj_ce=<optimised out>,
    fn_proxy=0x7f25c23b70c8, function_name=function_name@entry=0xc67558 "__isset",
    function_name_len=function_name_len@entry=7, retval_ptr=retval_ptr@entry=0x7ffe8c273700, param_count=param_count@entry=1,
    arg1=arg1@entry=0x7f25c23a78d0, arg2=arg2@entry=0x0) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_interfaces.c:104
#21 0x00000000007ac0d2 in zend_std_call_issetter (retval=0x7ffe8c273700, member=0x7f25c23a78d0, object=0x7ffe8c273710)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_object_handlers.c:266
#22 zend_std_has_property (object=<optimised out>, member=0x7f25c23a78d0, has_set_exists=0, cache_slot=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_object_handlers.c:1479
#23 0x00000000007b2292 in ZEND_ISSET_ISEMPTY_PROP_OBJ_SPEC_UNUSED_CONST_HANDLER ()
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:24235
#24 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#25 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#26 0x0000000000768d2c in zend_call_function (fci=fci@entry=0x7ffe8c273970, fci_cache=fci_cache@entry=0x7ffe8c273940)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_execute_API.c:854
#27 0x0000000000792124 in zend_call_method (object=0x7ffe8c273a70, obj_ce=<optimised out>, fn_proxy=0x7f25c23b70b0,
    function_name=function_name@entry=0xc67544 "__get", function_name_len=function_name_len@entry=5,
---Type <return> to continue, or q <return> to quit---
    retval_ptr=0x7f25c2215af0, param_count=param_count@entry=1, arg1=arg1@entry=0x7f25c227df90, arg2=arg2@entry=0x0)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_interfaces.c:104
#28 0x00000000007aa37c in zend_std_call_getter (object=object@entry=0x7ffe8c273a70, member=member@entry=0x7f25c227df90,
    retval=retval@entry=0x7f25c2215af0) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_object_handlers.c:202
#29 0x00000000007ab804 in zend_std_read_property (object=<optimised out>, member=0x7f25c227df90, type=0,
    cache_slot=<optimised out>, rv=0x7f25c2215af0) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_object_handlers.c:564
#30 0x00000000007b52e1 in ZEND_FETCH_OBJ_R_SPEC_VAR_CONST_HANDLER ()
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:17145
#31 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#32 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#33 0x00000000007eed70 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:800
#34 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#35 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#36 0x0000000000768d2c in zend_call_function (fci=fci@entry=0x7ffe8c273dc0, fci_cache=fci_cache@entry=0x7ffe8c273d90)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_execute_API.c:854
#37 0x0000000000792124 in zend_call_method (object=0x7ffe8c273ec0, obj_ce=<optimised out>, fn_proxy=0x7f25c2207108,
    function_name=function_name@entry=0xc67544 "__get", function_name_len=function_name_len@entry=5,
    retval_ptr=0x7f25c2215720, param_count=param_count@entry=1, arg1=arg1@entry=0x7f25c228bb50, arg2=arg2@entry=0x0)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_interfaces.c:104
#38 0x00000000007aa37c in zend_std_call_getter (object=object@entry=0x7ffe8c273ec0, member=member@entry=0x7f25c228bb50,
    retval=retval@entry=0x7f25c2215720) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_object_handlers.c:202
#39 0x00000000007ab804 in zend_std_read_property (object=<optimised out>, member=0x7f25c228bb50, type=0,
---Type <return> to continue, or q <return> to quit---
    cache_slot=<optimised out>, rv=0x7f25c2215720) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_object_handlers.c:564
#40 0x00000000007b52e1 in ZEND_FETCH_OBJ_R_SPEC_VAR_CONST_HANDLER ()
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:17145
#41 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#42 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#43 0x00000000007eed70 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:800
#44 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#45 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#46 0x00000000007eed70 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:800
#47 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#48 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#49 0x00000000007eed70 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:800
#50 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#51 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#52 0x00000000007eed70 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:800
#53 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#54 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#55 0x0000000000768d2c in zend_call_function (fci=fci@entry=0x7ffe8c274400, fci_cache=0x7ffe8c274330, fci_cache@entry=0x0)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_execute_API.c:854
---Type <return> to continue, or q <return> to quit---
#56 0x0000000000769278 in call_user_function_ex (function_table=<optimised out>, object=object@entry=0x0,
    function_name=<optimised out>, retval_ptr=retval_ptr@entry=0x7ffe8c2744b0, param_count=param_count@entry=1,
    params=params@entry=0x7ffe8c2744a0, no_separation=no_separation@entry=1, symbol_table=symbol_table@entry=0x0)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_execute_API.c:679
#57 0x00000000007692a9 in call_user_function (function_table=<optimised out>, object=object@entry=0x0,
    function_name=<optimised out>, retval_ptr=retval_ptr@entry=0x7ffe8c2744b0, param_count=param_count@entry=1,
    params=params@entry=0x7ffe8c2744a0) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_execute_API.c:661
#58 0x00000000005fd84d in ps_call_handler (func=<optimised out>, argc=argc@entry=1, argv=argv@entry=0x7ffe8c2744a0,
    retval=retval@entry=0x7ffe8c2744b0) at /build/php7.0-IclZBw/php7.0-7.0.1/ext/session/mod_user.c:33
#59 0x00000000005fdaa5 in ps_read_user (mod_data=<optimised out>, key=<optimised out>, val=0x7ffe8c2744e8,
    maxlifetime=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/ext/session/mod_user.c:129
#60 0x00000000005fb007 in php_session_initialize () at /build/php7.0-IclZBw/php7.0-7.0.1/ext/session/session.c:526
#61 0x00000000005fb8b5 in php_session_start () at /build/php7.0-IclZBw/php7.0-7.0.1/ext/session/session.c:1623
#62 0x00000000005fcb7a in zif_session_start (execute_data=<optimised out>, return_value=0x7f25c2213bb0)
    at /build/php7.0-IclZBw/php7.0-7.0.1/ext/session/session.c:2301
#63 0x000000000076753b in dtrace_execute_internal (execute_data=<optimised out>, return_value=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:107
#64 0x00000000007ef093 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:844
#65 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#66 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#67 0x00000000007eed70 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:800
#68 0x00000000007b205b in execute_ex (ex=<optimised out>) at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:414
#69 0x0000000000767439 in dtrace_execute_ex (execute_data=<optimised out>)
---Type <return> to continue, or q <return> to quit---
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_dtrace.c:83
#70 0x00000000007facdf in zend_execute (op_array=op_array@entry=0x7f25c2265000, return_value=return_value@entry=0x0)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend_vm_execute.h:458
#71 0x0000000000776a74 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3)
    at /build/php7.0-IclZBw/php7.0-7.0.1/Zend/zend.c:1428
#72 0x000000000071a9e8 in php_execute_script (primary_file=primary_file@entry=0x7ffe8c276bf0)
    at /build/php7.0-IclZBw/php7.0-7.0.1/main/main.c:2471
#73 0x00000000004789bc in main (argc=<optimised out>, argv=<optimised out>)
    at /build/php7.0-IclZBw/php7.0-7.0.1/sapi/fpm/fpm/fpm_main.c:1944


Also, we aren't the only ones experiencing this issue, please see here : https://community.invisionpower.com/topic/423696-php-700/?page=2#comment-2604636


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-21 15:14 UTC] venancio1981 at gmail dot com
Im also seing this error in the php-fpm error logs using php 7.0.1.
I use Centos 7.2.

In my case, the segfault happens more or less each hour in every child.
 [2015-12-21 17:06 UTC] frej dot akki at gmail dot com
Same here, i also see the same error from the coredump
centos 6.7
 [2016-01-29 09:23 UTC] steffen dot weber at gmail dot com
Since upgrading from PHP 5.6 to 7.0 I'm seeing "exited on signal 11 (SIGSEGV)" warnings instead of "exited with code 0" notices in my php-fpm error log at intervals that I can influence by changing "pm.max_requests".

So I guess that the SIGSEGV happens when PHP 7.0 tries to exit cleanly after having served "pm.max_requests".
 [2016-01-29 10:35 UTC] steffen dot weber at gmail dot com
Please ignore parts of my previous comment. The SIGSEGV exits have only occured once after upgrading from PHP 5.6 to 7.0. Now I'm seeing normal "exited with code 0" logs again.

Maybe the hint about "pm.max_requests" can help others.
 [2016-01-29 10:40 UTC] venancio1981 at gmail dot com
Since php 7.0.2 i don't have the segfaults anymore. Its seems fixed for me.
 [2017-01-12 14:37 UTC] krakjoe@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: krakjoe
 [2017-01-12 14:37 UTC] krakjoe@php.net
Since this was reported to be fixed nearly a year ago, I'm closing this.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sat Nov 17 01:01:26 2018 UTC