php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71508 php-fpm segfaults with ondemand in __accept_nocancel/zend_signal_handler_defer
Submitted: 2016-02-03 12:01 UTC Modified: 2016-03-04 13:16 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: bluewind at xinu dot at Assigned: maarten (profile)
Status: Closed Package: Reproducible crash
PHP Version: 7.0.3RC1 OS: Arch Linux
Private report: No CVE-ID: None
 [2016-02-03 12:01 UTC] bluewind at xinu dot at
Description:
------------
I'm running php 7.0.3 on Arch Linux and I see segfaults of php-fpm when running with the ondemand pm. I do not see crashes with the dynamic pm.

The crash does not happen instantly and requests seem to be  served as expected. Some 10 or 20 seconds after the requests it crashes. I'd guess that's the time when ondemand starts shutting down unused workers.

I have also seen these with 7.0.2, but not with 5.6.17 or any other version in the 5.x series.

If you need more info or are unable to reproduce please tell me.

This might be related to https://bugs.php.net/bug.php?id=64984

Test script:
---------------
Use php-fpm with an fpm config like this, make a request and wait a bit.

[web-admin]
listen = /var/run/php-fpm/$pool-fpm.sock
listen.owner = http
listen.group = http
listen.mode = 0660
user = $pool
group = web-admin
pm = ondemand
pm.max_children = 50
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 2000
catch_workers_output=yes
php_admin_value[session.save_path] = "/var/lib/php_sessions/$pool"


Expected result:
----------------
No crash

Actual result:
--------------
coredump of php-fpm

#0  0x00007f77404305f8 in raise () from /usr/lib/libc.so.6
#1  0x000000000083df75 in zend_signal_handler (signo=3, siginfo=0x7fff565db9f0, context=0x7fff565db8c0) at /build/php/src/php-7.0.3/Zend/zend_signal.c:178
#2  0x000000000083db48 in zend_signal_handler_defer (signo=3, siginfo=0x7fff565db9f0, context=0x7fff565db8c0) at /build/php/src/php-7.0.3/Zend/zend_signal.c:89
#3  <signal handler called>
#4  0x00007f77404e6df0 in __accept_nocancel () from /usr/lib/libc.so.6
#5  0x00000000008cd633 in fcgi_accept_request (req=0x2ab8100) at /build/php/src/php-7.0.3/main/fastcgi.c:1396
#6  0x00000000008dc99f in main (argc=4, argv=0x7fff565dc4a8) at /build/php/src/php-7.0.3/sapi/fpm/fpm/fpm_main.c:1872


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-02-04 22:20 UTC] bluewind at xinu dot at
I also just saw this happen once with the dynamic pm. It seems to be the same backtrace, but that's hard to tell because that server does not run the debug build so there are lots of missing values in the trace.

Is there anything missing for this bug to be assigned?
 [2016-02-23 10:58 UTC] sjon at hortensius dot net
I experience the same issue on a machine with multiple fpm pools, I have hundredths of segfaults every day from this. Setting max_requests=1 didn't help.

I have a whole bunch of other machines running the same versions just fine, so there is a condition that is triggering this on a few specific machines. I don't know if it'll help, but here is a dump of the signal from gdb:

$4 = {si_signo = 3, si_errno = 0, si_code = 0, _sifields = {_pad = {37970, 0, 976630064, 809121073, 942684720, 825240352, 1124085808, 32706, 1134976832, 32706, 1134976928, 32706, 920510352, 32764, 8177516, 0, 0, 0, 795229486, 915259460, 4380256, 0, 920512976, 32764, 0, 0, 0, 0}, 
    _kill = {si_pid = 37970, si_uid = 0}, _timer = {si_tid = 37970, si_overrun = 0, si_sigval = {sival_int = 976630064, sival_ptr = 0x303a35313a363130}}, _rt = {si_pid = 37970, si_uid = 0, si_sigval = {sival_int = 976630064, sival_ptr = 0x303a35313a363130}}, _sigchld = {
      si_pid = 37970, si_uid = 0, si_status = 976630064, si_utime = 3544380324122212912, si_stime = 140472324468784}, _sigfault = {si_addr = 0x9452, si_addr_lsb = 12592, si_addr_bnd = {_lower = 0x31302b2038303a30, _upper = 0x7fc243003030}}, _sigpoll = {si_band = 37970, 
      si_fd = 976630064}, _sigsys = {_call_addr = 0x9452, _syscall = 976630064, _arch = 809121073}}}
 [2016-03-03 13:29 UTC] sjon at hortensius dot net
I no longer experience this with 7.0.4
 [2016-03-03 15:10 UTC] sjon at hortensius dot net
Guessing this is a duplicate of #71269
 [2016-03-04 13:16 UTC] maarten@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: maarten
 [2016-03-04 13:16 UTC] maarten@php.net
Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php

Fixed with #71269 in 7.0.4
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jun 18 17:01:32 2024 UTC