php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76258 PHP-FPM crash when running update.php in Drupal
Submitted: 2018-04-23 22:59 UTC Modified: 2018-05-13 12:46 UTC
From: post at minhost dot no Assigned:
Status: Closed Package: opcache
PHP Version: 7.1.16 OS: CentOS 7.4
Private report: No CVE-ID: None
 [2018-04-23 22:59 UTC] post at minhost dot no
Description:
------------
I think this bug has been present ever since PHP 7.1.13. The bug might have been introduced in PHP 7.1.13 with one of these bug fixes: #75579 or #75720 - however that is just guessing from my side.

Please note that the server is running PHP 7.1.16 WITH this patch https://github.com/php/php-src/commit/b6a41ad5ba2f853d44e6184375968a86c8167f1e (but the crashes also happen without the patch).

For several months we have customers running Drupal that experience that PHP-FPM crash when they run /update.php in Drupal - but ever since PHP 7.1.16 this has also happened when flushing all cache in Drupal and when doing other changes in Drupal control panel on their sites. Also since PHP 7.1.16 the crashes has happen more frequent. So it might be more then one bug that is causing these crashes.

One possibility is that the crash when running /update.php in Drupal is because of a bug introduced in a PHP version several months ago, and that the other crashes in Drupal might be because of a new bug in PHP 7.1.16 that would be related to this bug I reported here: https://bugs.php.net/bug.php?id=76205 (see the comment for a bactrace).

The production servers wich experience this bug has these ini settings:

opcache.memory_consumption=32768
opcache.interned_strings_buffer=64
opcache.max_accelerated_files=1000000
opcache.revalidate_freq=0
opcache.validate_timestamps=1
opcache.fast_shutdown=1
opcache.enable_cli=0
opcache.validate_permission=1
opcache.validate_root=1
opcache.use_cwd=1
opcache.revalidate_path=1
opcache.enable_file_override=1
opcache.file_cache_only=0
opcache.max_wasted_percentage=10

Please note that I have file cache enabled in user directory, using it as a second level fallback cache. This bug is not present without file cache enabled as secondary cache, I believe.

In order to generate a bactrace of core dumps, I used a copy of one of the Drupal sites from production servers, and set it up on a test VPS server. This test server has the same settings except that the limits is much lower because of less resources. So the test server only has 128 memory limit in opcache, for example. This is not ideal, but I hope it is the same bug that crashes the site on the test server, as it is on the production server. However I notice that on the test server, opcache memory limit is reached when the site crash, and that is not the case on the production server, wich never reach the memory limit in opcache.

Also on the test server, the Drupal site sometimes crashed only by visiting the front page, that does not happen on the production server, on produtction server PHP-FPM/OPcache only crashes in Drupal when running /update.php or doing other changes/updates in Drupal control panel.

Below is a backtrace of the core dump when PHP-FPM/OPcache crashed on the Drupal site on the test server. Please note I did first run cron in Drupal manually, wich failed, and then I run /update.php in Drupal and PHP-FPM then crashed. This generated two core dumps, here they are:

# Output of core-php-fpm71.23066

[root@dns2 ~]# gdb /usr/local/php71/sbin/php-fpm71 /tmp/core-php-fpm71.23066
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-100.el7_4.1
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/php71/sbin/php-fpm71...done.
[New LWP 23066]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `php-fpm: pool asle                           '.
Program terminated with signal 6, Aborted.
#0  0x00007fd21f7c91f7 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-13.el7.x86_64 elfutils-libelf-0.168-8.el7.x86_64 elfutils-libs-0.168-8.el7.x86_64 glibc-2.17-196.el7_4.2.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-8.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libcap-2.22-9.el7.x86_64 libcom_err-1.42.9-10.el7.x86_64 libgcc-4.8.5-16.el7_4.2.x86_64 libgcrypt-1.5.3-14.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libselinux-2.5-11.el7.x86_64 libstdc++-4.8.5-16.el7_4.2.x86_64 nss-softokn-freebl-3.28.3-8.el7_4.x86_64 openssl-libs-1.0.2k-8.el7.x86_64 systemd-libs-219-42.el7_4.10.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb)

(gdb) bt full
#0  0x00007fd21f7c91f7 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007fd21f7ca8e8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007fd21f7c2266 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007fd21f7c2312 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x00007fd21745d490 in zend_file_cache_unserialize_prop_info (zv=0x7fd20e513608, script=0x7fd20e4fac40, buf=0x7fd20e4fac40) at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:1149
        prop = 0x7fd20e4fe2c8
        __PRETTY_FUNCTION__ = "zend_file_cache_unserialize_prop_info"
#5  0x00007fd21745b524 in zend_file_cache_unserialize_hash (ht=0x7fd20e4fe420, script=0x7fd20e4fac40, buf=0x7fd20e4fac40, func=0x7fd21745d198 <zend_file_cache_unserialize_prop_info>, dtor=0x0)
    at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:912
        p = 0x7fd20e513608
        end = 0x7fd20e5136e8
        __PRETTY_FUNCTION__ = "zend_file_cache_unserialize_hash"
#6  0x00007fd21745e020 in zend_file_cache_unserialize_class (zv=0x7fd20e4fefa0, script=0x7fd20e4fac40, buf=0x7fd20e4fac40) at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:1215
        ce = 0x7fd20e4fe3a8
        __PRETTY_FUNCTION__ = "zend_file_cache_unserialize_class"
#7  0x00007fd21745b524 in zend_file_cache_unserialize_hash (ht=0x7fd20e4fad50, script=0x7fd20e4fac40, buf=0x7fd20e4fac40, func=0x7fd21745da43 <zend_file_cache_unserialize_class>, dtor=0xa2efe4 <destroy_zend_class>)
    at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:912
        p = 0x7fd20e4fefa0
        end = 0x7fd20e4fefc0
        __PRETTY_FUNCTION__ = "zend_file_cache_unserialize_hash"
#8  0x00007fd21745f174 in zend_file_cache_unserialize (script=0x7fd20e4fac40, buf=0x7fd20e4fac40) at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:1316
        __PRETTY_FUNCTION__ = "zend_file_cache_unserialize"
#9  0x00007fd21745f971 in zend_file_cache_script_load (file_handle=0x7ffe5b25c450) at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:1481
        __orig_bailout = 0x7ffe5b25d6f0
        __bailout = {{__jmpbuf = {0, -9001223339983523043, 4517600, 140730427632944, 140540419074992, 140540165883048, -9001223340033854691, -8985345566166240483}, __mask_was_saved = 0, __saved_mask = {__val = {18065752,
                140540165122400, 0, 140730427622064, 4517600, 140730427632944, 140540419074992, 140540165883048, 10328386, 140730427622016, 140730427622192, 38654705665, 140540164968064, 6, 140540165123478, 140730427622192}}}}
        full_path = 0x7fd20e9e6d20
        fd = 7
        filename = 0x7fd20ebf4300 "/home/asle/.opcache/f2eec51e0cb18f52ff29dc2739fb55f0/home/asle/domains/fjell-bfk4k.41.no/public_html/sites/all/modules/views/includes/handlers.inc.bin"
        script = 0x7fd20e4fac40
        info = {magic = "OPCACHE", system_id = "f2eec51e0cb18f52ff29dc2739fb55f0", mem_size = 132400, str_size = 17608, script_offset = 0, timestamp = 1524073239, checksum = 1352203530}
        bucket = 0x7fd20e9e6d38
        mem = 0x7fd20e4fac40
        checkpoint = 0x7fd20e4fac28
        buf = 0x7fd20e4fac40
        cache_it = 0
        ok = 1
#10 0x00007fd2174465e8 in persistent_compile_file (file_handle=0x7ffe5b25c450, type=2) at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/ZendAccelerator.c:1873
        persistent_script = 0x0
        key = 0x0
        key_length = 32722
        from_shared_memory = 245263648
#11 0x0000000000aa2c68 in zend_include_or_eval (inc_filename=0x7fd21dc16c20, type=4) at /usr/local/directadmin/custombuild/php-7.1.16/Zend/zend_execute.c:2816
        op_array = 0x7ffe5b25c518
        file_handle = {handle = {fd = 245108352, fp = 0x7fd20e9c0e80, stream = {handle = 0x7fd20e9c0e80, isatty = 0, mmap = {len = 56696, pos = 0, map = 0x0, buf = 0x7fd226545000 <Address 0x7fd226545000 out of bounds>,
                old_handle = 0x0, old_closer = 0x0}, reader = 0x9d05b5 <_php_stream_read>, fsizer = 0x9b0f17 <php_zend_stream_fsizer>, closer = 0x9b0ef1 <php_zend_stream_mmap_closer>}},
          filename = 0x7fd20e63b018 "/home/asle/domains/fjell-bfk4k.41.no/public_html/sites/all/modules/views/includes/handlers.inc", opened_path = 0x7fd20e9e6d20, type = ZEND_HANDLE_MAPPED, free_filename = 0 '\000'}
        resolved_path = 0x7fd20e63b000
        new_op_array = 0x0
        tmp_inc_filename = {value = {lval = 140730427622736, dval = 6.9530069612941864e-310, counted = 0x7ffe5b25c550, str = 0x7ffe5b25c550, arr = 0x7ffe5b25c550, obj = 0x7ffe5b25c550, res = 0x7ffe5b25c550, ref = 0x7ffe5b25c550,
            ast = 0x7ffe5b25c550, zv = 0x7ffe5b25c550, ptr = 0x7ffe5b25c550, ce = 0x7ffe5b25c550, func = 0x7ffe5b25c550, ww = {w1 = 1529202000, w2 = 32766}}, u1 = {v = {type = 0 '\000', type_flags = 0 '\000', const_flags = 0 '\000',
              reserved = 0 '\000'}, type_info = 0}, u2 = {next = 32722, cache_slot = 32722, lineno = 32722, num_args = 32722, fe_pos = 32722, fe_iter_idx = 32722, access_flags = 32722, property_guard = 32722, extra = 32722}}
        __PRETTY_FUNCTION__ = "zend_include_or_eval"
#12 0x0000000000b10c01 in ZEND_INCLUDE_OR_EVAL_SPEC_TMPVAR_HANDLER () at /usr/local/directadmin/custombuild/php-7.1.16/Zend/zend_vm_execute.h:51657
        new_op_array = 0x7fd20eaa0208
        free_op1 = 0x7fd21dc16c20
        inc_filename = 0x7fd21dc16c20
#13 0x0000000000aa2f70 in execute_ex (ex=0x7fd21dc16030) at /usr/local/directadmin/custombuild/php-7.1.16/Zend/zend_vm_execute.h:429
        orig_opline = 0x0
        orig_execute_data = 0x0
#14 0x0000000000aa3082 in zend_execute (op_array=0x7fd21dc6b000, return_value=0x0) at /usr/local/directadmin/custombuild/php-7.1.16/Zend/zend_vm_execute.h:474
        execute_data = 0x7fd21dc16030
#15 0x0000000000a44199 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/directadmin/custombuild/php-7.1.16/Zend/zend.c:1482
        files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7ffe5b25c6d0, reg_save_area = 0x7ffe5b25c610}}
        i = 1
        file_handle = 0x7ffe5b25eb10
---Type <return> to continue, or q <return> to quit---
        op_array = 0x7fd21dc6b000
#16 0x00000000009b34f8 in php_execute_script (primary_file=0x7ffe5b25eb10) at /usr/local/directadmin/custombuild/php-7.1.16/main/main.c:2577
        realfile = "\360\330%[\376\177\000\000?\242\000\000\000\000\000\060\331%[\376\177\000\000\220\331%[\376\177\000\000\360d\301\035\322\177\000\000\000e\301\035\322\177\000\000X.\025\001\000\000\000\000\240\306\305\035\322\177\000\000`\306\305\035\322\177", '\000' <repeats 18 times>, "Pe\301\035\322\177", '\000' <repeats 18 times>, "P\340%[\376\177\000\000\000\000\000\000\000\000\000\000 \355\311\035\322\177\000\000\b\f\002\002\000\000\000\000\220c\301\035\322\177\000\000I\032\210\037\n\000\000\000\020\263\346\016\322\177\000\000@\000\300\035\322\177\000\000\020\263\346\016\322\177\000\000`\263\346\016\322\177\000\000\340\330%[\376\177\000\000Q"...
        __orig_bailout = 0x7ffe5b25e940
        __bailout = {{__jmpbuf = {16, -9001223339247422691, 4517600, 140730427632944, 0, 0, -9001223339794779363, 9000879734108959517}, __mask_was_saved = 0, __saved_mask = {__val = {22016013009980, 140540161179968, 140540419073152,
                140730427628240, 344097250888, 140540161943976, 140540162034592, 18446744070943790992, 140540161943904, 140540419073072, 2208112403584, 140730427627456, 11153264, 140730427627456, 10651579, 140540419072912}}}}
        prepend_file_p = 0x0
        append_file_p = 0x0
        prepend_file = {handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x0,
          opened_path = 0x0, type = ZEND_HANDLE_FILENAME, free_filename = 0 '\000'}
        append_file = {handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x0,
          opened_path = 0x0, type = ZEND_HANDLE_FILENAME, free_filename = 0 '\000'}
        old_cwd = 0x7ffe5b25c6d0 "/home/asle/domains/fjell-bfk4k.41.no/public_html"
        use_heap = 0 '\000'
        retval = 0
#17 0x0000000000b33275 in main (argc=2, argv=0x7ffe5b25ed38) at /usr/local/directadmin/custombuild/php-7.1.16/sapi/fpm/fpm/fpm_main.c:1966
        primary_script = 0x7fd21dc02420 "/home/asle/domains/fjell-bfk4k.41.no/private_html/index.php"
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {0, -9001223339073359075, 4517600, 140730427632944, 0, 0, -9001223339249519843, 9000879527382201117}, __mask_was_saved = 0, __saved_mask = {__val = {12206400, 140730427632952, 2, 11740119, 12206512,
                140540562389360, 31632276063478121, 7018986666877744431, 7809632559044715890, 0, 281470681751424, 0, 0, 7383780706149492083, 7363230881234747507, 0}}}}
        exit_status = 0
        cgi = 0
        c = -1
        use_extended_info = 0
        file_handle = {handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 529, pos = 0, map = 0x0, buf = 0x7fd2266cc000 "", old_handle = 0x0, old_closer = 0x0}, reader = 0x9d05b5 <_php_stream_read>,
              fsizer = 0x9b0f17 <php_zend_stream_fsizer>, closer = 0x9b0ef1 <php_zend_stream_mmap_closer>}}, filename = 0x7fd21dc02000 "/home/asle/domains/fjell-bfk4k.41.no/private_html/index.php", opened_path = 0x0,
          type = ZEND_HANDLE_FILENAME, free_filename = 0 '\000'}
        orig_optind = 1
        orig_optarg = 0x0
        ini_entries_len = 0
        max_requests = 2000
        requests = 4
        fcgi_fd = 0
        request = 0x32d1500
        fpm_config = 0x0
        fpm_prefix = 0x0
        fpm_pid = 0x0
        test_conf = 0
        force_daemon = 0
        force_stderr = 0
        php_information = 0
        php_allow_to_run_as_root = 0
        __func__ = "main"
(gdb)

# Output of core-php-fpm71.23067:

[root@dns2 ~]# gdb /usr/local/php71/sbin/php-fpm71 /tmp/core-php-fpm71.23067
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-100.el7_4.1
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/php71/sbin/php-fpm71...done.
[New LWP 23067]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `php-fpm: pool asle                           '.
Program terminated with signal 6, Aborted.
#0  0x00007fd21f7c91f7 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-13.el7.x86_64 elfutils-libelf-0.168-8.el7.x86_64 elfutils-libs-0.168-8.el7.x86_64 glibc-2.17-196.el7_4.2.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-8.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libcap-2.22-9.el7.x86_64 libcom_err-1.42.9-10.el7.x86_64 libgcc-4.8.5-16.el7_4.2.x86_64 libgcrypt-1.5.3-14.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libselinux-2.5-11.el7.x86_64 libstdc++-4.8.5-16.el7_4.2.x86_64 nss-softokn-freebl-3.28.3-8.el7_4.x86_64 openssl-libs-1.0.2k-8.el7.x86_64 systemd-libs-219-42.el7_4.10.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb)

(gdb) bt full
#0  0x00007fd21f7c91f7 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007fd21f7ca8e8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007fd21f7c2266 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007fd21f7c2312 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x00007fd21745d490 in zend_file_cache_unserialize_prop_info (zv=0x7fd20eb59a08, script=0x7fd20eb41040, buf=0x7fd20eb41040) at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:1149
        prop = 0x7fd20eb446c8
        __PRETTY_FUNCTION__ = "zend_file_cache_unserialize_prop_info"
#5  0x00007fd21745b524 in zend_file_cache_unserialize_hash (ht=0x7fd20eb44820, script=0x7fd20eb41040, buf=0x7fd20eb41040, func=0x7fd21745d198 <zend_file_cache_unserialize_prop_info>, dtor=0x0)
    at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:912
        p = 0x7fd20eb59a08
        end = 0x7fd20eb59ae8
        __PRETTY_FUNCTION__ = "zend_file_cache_unserialize_hash"
#6  0x00007fd21745e020 in zend_file_cache_unserialize_class (zv=0x7fd20eb453a0, script=0x7fd20eb41040, buf=0x7fd20eb41040) at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:1215
        ce = 0x7fd20eb447a8
        __PRETTY_FUNCTION__ = "zend_file_cache_unserialize_class"
#7  0x00007fd21745b524 in zend_file_cache_unserialize_hash (ht=0x7fd20eb41150, script=0x7fd20eb41040, buf=0x7fd20eb41040, func=0x7fd21745da43 <zend_file_cache_unserialize_class>, dtor=0xa2efe4 <destroy_zend_class>)
    at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:912
        p = 0x7fd20eb453a0
        end = 0x7fd20eb453c0
        __PRETTY_FUNCTION__ = "zend_file_cache_unserialize_hash"
#8  0x00007fd21745f174 in zend_file_cache_unserialize (script=0x7fd20eb41040, buf=0x7fd20eb41040) at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:1316
        __PRETTY_FUNCTION__ = "zend_file_cache_unserialize"
#9  0x00007fd21745f971 in zend_file_cache_script_load (file_handle=0x7ffe5b25c450) at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/zend_file_cache.c:1481
        __orig_bailout = 0x7ffe5b25d6f0
        __bailout = {{__jmpbuf = {0, -9001223339983523043, 4517600, 140730427632944, 140540419075488, 140540158289064, -9001223340033854691, -8985345566166240483}, __mask_was_saved = 0, __saved_mask = {__val = {18065752,
                140540169025248, 0, 140730427622064, 4517600, 140730427632944, 140540419075488, 140540158289064, 10328386, 140730427622016, 140730427622192, 38654705665, 140540166106304, 6, 140540169024886, 140730427622192}}}}
        full_path = 0x7fd20ed9f500
        fd = 7
        filename = 0x7fd20eeff3c0 "/home/asle/.opcache/f2eec51e0cb18f52ff29dc2739fb55f0/home/asle/domains/fjell-bfk4k.41.no/public_html/sites/all/modules/views/includes/handlers.inc.bin"
        script = 0x7fd20eb41040
        info = {magic = "OPCACHE", system_id = "f2eec51e0cb18f52ff29dc2739fb55f0", mem_size = 132400, str_size = 17608, script_offset = 0, timestamp = 1524073239, checksum = 1352203530}
        bucket = 0x7fd20ed9f518
        mem = 0x7fd20eb41040
        checkpoint = 0x7fd20eb3e998
        buf = 0x7fd20eb41040
        cache_it = 0
        ok = 1
#10 0x00007fd2174465e8 in persistent_compile_file (file_handle=0x7ffe5b25c450, type=2) at /usr/local/directadmin/custombuild/php-7.1.16/ext/opcache/ZendAccelerator.c:1873
        persistent_script = 0x0
        key = 0x0
        key_length = 32722
        from_shared_memory = 249165056
#11 0x0000000000aa2c68 in zend_include_or_eval (inc_filename=0x7fd21dc16e10, type=4) at /usr/local/directadmin/custombuild/php-7.1.16/Zend/zend_execute.c:2816
        op_array = 0x7ffe5b25c518
        file_handle = {handle = {fd = 246246592, fp = 0x7fd20ead6cc0, stream = {handle = 0x7fd20ead6cc0, isatty = 0, mmap = {len = 56696, pos = 0, map = 0x0, buf = 0x7fd2264e5000 <Address 0x7fd2264e5000 out of bounds>,
                old_handle = 0x0, old_closer = 0x0}, reader = 0x9d05b5 <_php_stream_read>, fsizer = 0x9b0f17 <php_zend_stream_fsizer>, closer = 0x9b0ef1 <php_zend_stream_mmap_closer>}},
          filename = 0x7fd20ed9f8d8 "/home/asle/domains/fjell-bfk4k.41.no/public_html/sites/all/modules/views/includes/handlers.inc", opened_path = 0x7fd20ed9f500, type = ZEND_HANDLE_MAPPED, free_filename = 0 '\000'}
        resolved_path = 0x7fd20ed9f8c0
        new_op_array = 0x0
        tmp_inc_filename = {value = {lval = 140730427622736, dval = 6.9530069612941864e-310, counted = 0x7ffe5b25c550, str = 0x7ffe5b25c550, arr = 0x7ffe5b25c550, obj = 0x7ffe5b25c550, res = 0x7ffe5b25c550, ref = 0x7ffe5b25c550,
            ast = 0x7ffe5b25c550, zv = 0x7ffe5b25c550, ptr = 0x7ffe5b25c550, ce = 0x7ffe5b25c550, func = 0x7ffe5b25c550, ww = {w1 = 1529202000, w2 = 32766}}, u1 = {v = {type = 0 '\000', type_flags = 0 '\000', const_flags = 0 '\000',
              reserved = 0 '\000'}, type_info = 0}, u2 = {next = 32722, cache_slot = 32722, lineno = 32722, num_args = 32722, fe_pos = 32722, fe_iter_idx = 32722, access_flags = 32722, property_guard = 32722, extra = 32722}}
        __PRETTY_FUNCTION__ = "zend_include_or_eval"
#12 0x0000000000b10c01 in ZEND_INCLUDE_OR_EVAL_SPEC_TMPVAR_HANDLER () at /usr/local/directadmin/custombuild/php-7.1.16/Zend/zend_vm_execute.h:51657
        new_op_array = 0x7fd20e362208
        free_op1 = 0x7fd21dc16e10
        inc_filename = 0x7fd21dc16e10
#13 0x0000000000aa2f70 in execute_ex (ex=0x7fd21dc16030) at /usr/local/directadmin/custombuild/php-7.1.16/Zend/zend_vm_execute.h:429
        orig_opline = 0x0
        orig_execute_data = 0x0
#14 0x0000000000aa3082 in zend_execute (op_array=0x7fd21dc6d000, return_value=0x0) at /usr/local/directadmin/custombuild/php-7.1.16/Zend/zend_vm_execute.h:474
        execute_data = 0x7fd21dc16030
#15 0x0000000000a44199 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/directadmin/custombuild/php-7.1.16/Zend/zend.c:1482
        files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7ffe5b25c6d0, reg_save_area = 0x7ffe5b25c610}}
        i = 1
        file_handle = 0x7ffe5b25eb10
---Type <return> to continue, or q <return> to quit---
        op_array = 0x7fd21dc6d000
#16 0x00000000009b34f8 in php_execute_script (primary_file=0x7ffe5b25eb10) at /usr/local/directadmin/custombuild/php-7.1.16/main/main.c:2577
        realfile = '\000' <repeats 2368 times>...
        __orig_bailout = 0x7ffe5b25e940
        __bailout = {{__jmpbuf = {16, -9001223339247422691, 4517600, 140730427632944, 0, 0, -9001223339794779363, 9000879734108959517}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 16 times>}}}}
        prepend_file_p = 0x0
        append_file_p = 0x0
        prepend_file = {handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x0,
          opened_path = 0x0, type = ZEND_HANDLE_FILENAME, free_filename = 0 '\000'}
        append_file = {handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x0,
          opened_path = 0x0, type = ZEND_HANDLE_FILENAME, free_filename = 0 '\000'}
        old_cwd = 0x7ffe5b25c6d0 "/home/asle/domains/fjell-bfk4k.41.no/public_html"
        use_heap = 0 '\000'
        retval = 0
#17 0x0000000000b33275 in main (argc=2, argv=0x7ffe5b25ed38) at /usr/local/directadmin/custombuild/php-7.1.16/sapi/fpm/fpm/fpm_main.c:1966
        primary_script = 0x7fd21dc02420 "/home/asle/domains/fjell-bfk4k.41.no/private_html/update.php"
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {0, -9001223339073359075, 4517600, 140730427632944, 0, 0, -9001223339249519843, 9000879527382201117}, __mask_was_saved = 0, __saved_mask = {__val = {12206400, 140730427632952, 2, 11740119, 12206512,
                140540562389360, 31632276063478121, 7018986666877744431, 7809632559044715890, 0, 281470681751424, 0, 0, 7383780706149492083, 7363230881234747507, 0}}}}
        exit_status = 0
        cgi = 0
        c = -1
        use_extended_info = 0
        file_handle = {handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 19986, pos = 0, map = 0x0, buf = 0x7fd2265ac000 <Address 0x7fd2265ac000 out of bounds>, old_handle = 0x0, old_closer = 0x0},
              reader = 0x9d05b5 <_php_stream_read>, fsizer = 0x9b0f17 <php_zend_stream_fsizer>, closer = 0x9b0ef1 <php_zend_stream_mmap_closer>}},
          filename = 0x7fd21dc02000 "/home/asle/domains/fjell-bfk4k.41.no/private_html/update.php", opened_path = 0x0, type = ZEND_HANDLE_MAPPED, free_filename = 0 '\000'}
        orig_optind = 1
        orig_optarg = 0x0
        ini_entries_len = 0
        max_requests = 2000
        requests = 7
        fcgi_fd = 0
        request = 0x32d1600
        fpm_config = 0x0
        fpm_prefix = 0x0
        fpm_pid = 0x0
        test_conf = 0
        force_daemon = 0
        force_stderr = 0
        php_information = 0
        php_allow_to_run_as_root = 0
        __func__ = "main"
(gdb)

Also please see https://bugs.php.net/bug.php?id=76225


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-04-23 23:19 UTC] post at minhost dot no
I forgot to mention that the crash only happen sporadic, and not every time. On production servers it seems to crash about 50% of the times you run /update.php in Drupal
 [2018-05-13 12:46 UTC] post at minhost dot no
-Status: Open +Status: Closed
 [2018-05-13 12:46 UTC] post at minhost dot no
Fixed in Bug #76205
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Sep 18 20:03:42 2021 UTC