|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75731 Php-fpm will crash when perf runs with call graph option
Submitted: 2017-12-26 03:18 UTC Modified: 2017-12-26 03:21 UTC
From: ufo19890607 at gmail dot com Assigned:
Status: Open Package: Reproducible crash
PHP Version: 7.0Git-2017-12-26 (Git) OS: Centos7.3
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: ufo19890607 at gmail dot com
New email:
PHP Version: OS:


 [2017-12-26 03:18 UTC] ufo19890607 at gmail dot com
The php version:7.0.6

gdb backtrace
#0  0x00007f044ff447bd in re_compile_fastmap_iter (bufp=0x7f044ff447bd <re_compile_fastmap_iter+1165>, 
    fastmap=0x46 <Address 0x46 out of bounds>, init_state=<optimized out>, init_state=<optimized out>) at regcomp.c:407
407			      if (__wcrtomb (buf, towlower (cset->mbchars[i]), &state)
(gdb) bt
#0  0x00007f044ff447bd in re_compile_fastmap_iter (bufp=0x7f044ff447bd <re_compile_fastmap_iter+1165>, 
    fastmap=0x46 <Address 0x46 out of bounds>, init_state=<optimized out>, init_state=<optimized out>) at regcomp.c:407
#1  0x0000000000831160 in virtual_file_ex (state=0x7fff9c1a4f70, path=<optimized out>, verify_path=0x0, use_realpath=1)
    at  phpng/php-7.0.6/Zend/zend_virtual_cwd.c:1392
#2  0x00000000007aacee in expand_filepath_with_mode (
    filepath=0x7f044d6020d8 "xx/xxxx/xxxxxx/xxxxxxx", 
    real_path=0x7fff9c1a4fc0 "\360X\032\234\377\177", relative_to=<optimized out>, relative_to_len=0, realpath_mode=1)
    at  phpng/php-7.0.6/main/fopen_wrappers.c:812
#3  0x00000000007c1536 in _php_stream_fopen (
    filename=0x7f044d6020d8 "xx/xxxx/xxxxxx/xxxxxxx", mode=0xdbb1f1 "rb", 
    opened_path=0x0, options=0) at  phpng/php-7.0.6/main/streams/plain_wrapper.c:970
#4  0x00000000007bd084 in _php_stream_open_wrapper_ex (
    path=0x7f044d6020d8 "xx/xxxx/xxxxxx/xxxxxxx", mode=0xdbb1f1 "rb", options=8, 
    opened_path=0x0, context=0x7f044d65f4c0) at  phpng/php-7.0.6/main/streams/streams.c:2060
#5  0x000000000071722b in zif_file_get_contents (execute_data=<optimized out>, return_value=0x7f044d615540)
    at  phpng/php-7.0.6/ext/standard/file.c:544
#6  0x000000000065387c in phar_file_get_contents (execute_data=0x7f044d615570, return_value=0x7f044d615540)
    at  phpng/php-7.0.6/ext/phar/func_interceptors.c:224
#7  0x00000000008798b8 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7f044d615450)
    at  phpng/php-7.0.6/Zend/zend_vm_execute.h:714
#8  0x00000000008423d0 in execute_ex (ex=<optimized out>) at  phpng/php-7.0.6/Zend/zend_vm_execute.h:417
#9  0x00000000008952fb in zend_execute (op_array=0x7f044d66a000, return_value=<optimized out>)
    at  phpng/php-7.0.6/Zend/zend_vm_execute.h:458
#10 0x0000000000802333 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at  phpng/php-7.0.6/Zend/zend.c:1427
#11 0x00000000007a4b40 in php_execute_script (primary_file=0x7fff9c1a88b0) at  phpng/php-7.0.6/main/main.c:2494
#12 0x00000000008a318e in main (argc=<optimized out>, argv=<optimized out>) at  phpng/php-7.0.6/sapi/fpm/fpm/fpm_main.c:1968

Test script:

Expected result:

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-26 03:21 UTC] ufo19890607 at gmail dot com
I use perf to analyze the performance overhead for the server.
There are several dockers in the server. The php-fpm in the docker
will crash as long as the perf collects samples for all the cpus with call graph option(perf record -ag). Below is the stack trace
in the coredump.

This issue happens  always. The perf is running on the host machine and the command line is as follow:

         $perf record -ag -F 100

I add some output info in the php source code, and found that virtual_file_ex functions's rbp value is really strange,etc 0x1, 0x31. I guess when the perf collects samples for all the cpus with -g option, it may destroy the php-fpm's stack. When the perf is running without -g option, the php-fpm is normal. Who have ever encountered similar problems?

OS in the server: Centos7.3  , Kernel version: 3.10.0-514.16.1.el7.x86_64. php-fpm version: 7.0.6
Processor info: Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Jun 23 21:01:30 2024 UTC