PHP 8.2.19: segfault at 7f377e872428 (sp 00007ffcd580fec0 error 4) #14261
Comments
drsheep404
changed the title
|
Some questions:
The addresses are not meaningful on their own because of ASLR and the fact that binaries between systems can differ. |
|
Same problem here! We are already opened a issue at plesk forum. PHP8.0 doesn't have this problem. |
tested with and without. Same problem
Yes. We disabled opcache and had the same error
Randomly. If you fast reload the webpage, then sometimes 503 or 500 appears. I created a crawler and at the first 5 minutes no errors but than randomly 2 or three subpages per Minute
I will test :)
Thats the inital Settings from plesk. I tested Debian11, Debian12 and Ubuntu24 with inital installation from Plesk. The problem occours through all. I will share my config. php.ini[PHP];;;;;;;;;;;;;;;;;;; ; PHP attempts to find and load this configuration from a number of locations. ; The syntax of the file is extremely simple. Whitespace and lines ; Directives following the section heading [PATH=/www/mysite] only ; Directives are specified using the following syntax: ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one ; Expressions in the INI file are limited to bitwise operators and parentheses: ; Boolean flags can be turned on using the values 1, On, True or Yes. ; An empty string can be denoted by simply not writing anything after the equal ; foo = ; sets foo to an empty string ; If you use constants in your value, and these constants belong to a ;;;;;;;;;;;;;;;;;;; ; php.ini-production contains settings which hold security, performance and ; php.ini-development is very similar to its production variant, except it is ; This is the php.ini-production INI file. ;;;;;;;;;;;;;;;;;;; ; The following are all the settings which are different in either the production ; display_errors ; display_startup_errors ; error_reporting ; log_errors ; max_input_time ; output_buffering ; register_argc_argv ; request_order ; session.gc_divisor ; session.sid_bits_per_character ; session.sid_length ; short_open_tag ; variables_order ; zend.assertions ; zend.exception_ignore_args ; zend.exception_string_param_max_len ;;;;;;;;;;;;;;;;;;;; ; To disable this feature set this option to an empty value ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) ;;;;;;;;;;;;;;;;;;;; ; Enable the PHP scripting language engine under Apache. ; This directive determines whether or not PHP will recognize code between ; The number of significant digits displayed in floating point numbers. ; Output buffering is a mechanism for controlling how much output data ; You can redirect all of the output of your scripts to a function. For ; URL rewriter function rewrites URL on the fly by using ; URL rewriter will not rewrite absolute URL nor form by default. To enable ; Transparent output compression using the zlib library ; https://php.net/zlib.output-compression-level ; You cannot specify additional output handlers if zlib.output_compression ; Implicit flush tells PHP to tell the output layer to flush itself ; The unserialize callback function will be called (with the undefined class' ; The unserialize_max_depth specifies the default depth limit for unserialized ; When floats & doubles are serialized, store serialize_precision significant ; open_basedir, if set, limits all file operations to the defined directory ; This directive allows you to disable certain functions. ; This directive allows you to disable certain classes. ; Colors for Syntax Highlighting mode. Anything that's acceptable in ; If enabled, the request will be allowed to complete even if the user aborts ; Determines the size of the realpath cache to be used by PHP. This value should ; Duration of time, in seconds for which to cache realpath information for a given ; Enables or disables the circular reference collector. ; If enabled, scripts may be written in encodings that are incompatible with ; Allows to set the default encoding for the scripts. This value will be used ; Allows to include or exclude arguments from stack traces generated for exceptions. ; Allows setting the maximum string length in an argument of a stringified stack trace ;;;;;;;;;;;;;;;;; ; Decides whether PHP may expose the fact that it is installed on the server ;;;;;;;;;;;;;;;;;;; ; Maximum execution time of each script, in seconds ; Maximum amount of time each script may spend parsing request data. It's a good ; Maximum input variable nesting level ; How many GET/POST/COOKIE input variables may be accepted ; How many multipart body parts (combined input variable and file uploads) may ; Maximum amount of memory a script may consume ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; This directive informs PHP of which errors, warnings and notices you would like ; This directive controls whether or not and where PHP will output errors, ; The display of errors which occur during PHP's startup sequence are handled ; Besides displaying errors, PHP can also log errors to locations such as a ; Do not log repeated messages. Repeated errors must occur in same file on same ; Ignore source of message when ignoring repeated messages. When this setting ; If this parameter is set to Off, then memory leaks will not be shown (on ; This setting is off by default. ; Turn off normal error reporting and emit XML-RPC error XML ; An XML-RPC faultCode ; When PHP displays or logs an error, it has the capability of formatting the ; If html_errors is set to On and docref_root is not empty, then PHP ; https://php.net/docref-ext ; String to output before an error message. PHP's default behavior is to leave ; String to output after an error message. PHP's default behavior is to leave ; Log errors to specified file. PHP's default behavior is to leave this value ; The syslog ident is a string which is prepended to every message logged ; The syslog facility is used to specify what type of program is logging ; Set this to disable filtering control characters (the default). ;windows.show_crt_warning ;;;;;;;;;;;;;;;;; ; The separator used in PHP generated URLs to separate arguments. ; List of separator(s) used by PHP to parse input URLs into variables. ; This directive determines which super global arrays are registered when PHP ; This directive determines which super global data (G,P & C) should be ; This directive determines whether PHP registers $argv & $argc each time it ; When enabled, the ENV, REQUEST and SERVER variables are created when they're ; Whether PHP will read the POST data. ; Maximum size of POST data that PHP will accept. ; Automatically add files before PHP document. ; Automatically add files after PHP document. ; By default, PHP will output a media type using the Content-Type header. To ; PHP's default character set is set to UTF-8. ; PHP internal character encoding is set to empty. ; PHP input character encoding is set to empty. ; PHP output character encoding is set to empty. ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" ; The root of the PHP pages, used only if nonempty. ; The directory under which PHP opens the script using /~username used only ; Directory in which the loadable extensions (modules) reside. ; Directory where the temporary files should be placed. ; Whether or not to enable the dl() function. The dl() function does NOT work ; cgi.force_redirect is necessary to provide security running PHP as a CGI under ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape ; cgi.fix_pathinfo provides real PATH_INFO/PATH_TRANSLATED support for CGI. PHP's ; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside ; FastCGI under IIS supports the ability to impersonate ; Disable logging through FastCGI connection. PHP's default behavior is to enable ; cgi.rfc2616_headers configuration option tells PHP what type of headers to ; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! ;;;;;;;;;;;;;;;; ; Whether to allow HTTP file uploads. ; Temporary directory for HTTP uploaded files (will use system default if not ; Maximum allowed size for uploaded files. ; Maximum number of files that can be uploaded via a single request ;;;;;;;;;;;;;;;;;; ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. ; Whether to allow include/require to open URLs (like https:// or ftp://) as files. ; Define the anonymous ftp password (your email address). PHP's default setting ; Define the User-Agent string. PHP's default setting for this is empty. ; Default timeout for socket based streams (seconds) ; If your scripts have to deal with files from Macintosh systems, ;;;;;;;;;;;;;;;;;;;;;; ; If you wish to have an extension loaded automatically, use the following ; The ldap extension must be before curl if OpenSSL 1.0.2 and OpenLDAP is used ;extension=curl ; The MIBS data available in the PHP distribution must be installed. ;extension=soap ;zend_extension=opcache ;;;;;;;;;;;;;;;;;;; [CLI Server] [Date] ; https://php.net/date.default-latitude ; https://php.net/date.default-longitude ; https://php.net/date.sunrise-zenith ; https://php.net/date.sunset-zenith [filter] ; https://php.net/filter.default-flags [iconv] ; Use of this INI entry is deprecated, use global internal_encoding instead. ; Use of this INI entry is deprecated, use global output_encoding instead. [imap] [intl] [sqlite3] ; SQLite defensive mode flag (only available from SQLite 3.26+) [Pcre] ; PCRE library recursion limit. ; Enables or disables JIT compilation of patterns. This requires the PCRE [Pdo] [Pdo_mysql] [Phar] ; https://php.net/phar.require-hash ;phar.cache_list = [mail function] ; For Win32 only. ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). ; Force the addition of the specified parameters to be passed as extra parameters ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename ; Use mixed LF and CRLF line separators to keep compatibility with some ; The path to a log file that will log all mail() calls. Log entries include [ODBC] ; https://php.net/odbc.default-user ; https://php.net/odbc.default-pw ; Controls the ODBC cursor model. ; Allow or prevent persistent links. ; Check that a connection is still valid before reuse. ; Maximum number of persistent links. -1 means no limit. ; Maximum number of links (persistent + non-persistent). -1 means no limit. ; Handling of LONG fields. Returns number of bytes to variables. 0 means ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. [MySQLi] ; Maximum number of persistent links. -1 means no limit. ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements ; It allows the user to specify a folder where files that can be sent via LOAD DATA ; Allow or prevent persistent links. ; Maximum number of links. -1 means no limit. ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use ; Default socket name for local MySQL connects. If empty, uses the built-in ; Default host for mysqli_connect() (doesn't apply in safe mode). ; Default user for mysqli_connect() (doesn't apply in safe mode). ; Default password for mysqli_connect() (doesn't apply in safe mode). ; If this option is enabled, closing a persistent connection will rollback [mysqlnd] ; Enable / Disable collection of memory usage statistics by mysqlnd which can be ; Records communication from all extensions using mysqlnd to the specified log ; Defines which queries will be logged. ; Default size of the mysqlnd memory pool, which is used by result sets. ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. ; Size of a pre-allocated buffer used for reading data sent by the server in ; Timeout for network requests in seconds. ; SHA-256 Authentication Plugin related. File with the MySQL server public RSA [OCI8] ; Connection: Enables privileged connections using external ; Connection: The maximum number of persistent OCI8 connections per ; Connection: The maximum number of seconds a process is allowed to ; Connection: The number of seconds that must pass before issuing a ; Connection: Set this to a user chosen connection class to be used ; High Availability: Using On lets PHP receive Fast Application ; Tuning: This option enables statement caching, and specifies how ; Tuning: Enables row prefetching and sets the default number of ; Tuning: Sets the amount of LOB data that is internally returned from ; Compatibility. Using On means oci_close() will not close [PostgreSQL] ; Detect broken persistent links always with pg_pconnect(). ; Maximum number of persistent links. -1 means no limit. ; Maximum number of links (persistent+non persistent). -1 means no limit. ; Ignore PostgreSQL backends Notice message or not. ; Log PostgreSQL backends Notice message or not. [bcmath] [browscap] [Session] ; Argument passed to save_handler. In the case of files, this is the path ; Whether to use strict session mode. ; Whether to use cookies. ; https://php.net/session.cookie-secure ; This option forces PHP to fetch and use a cookie for storing and maintaining ; Name of the session (used as cookie name). ; Initialize session on request startup. ; Lifetime in seconds of cookie or, if 0, until browser is restarted. ; The path for which the cookie is valid. ; The domain for which the cookie is valid. ; Whether or not to add the httpOnly flag to the cookie, which makes it ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) ; Handler used to serialize data. php is the standard serializer of PHP. ; Defines the probability that the 'garbage collection' process is started on every ; Defines the probability that the 'garbage collection' process is started on every ; After this number of seconds, stored data will be seen as 'garbage' and ; NOTE: If you are using the subdirectory option for storing session files ; Check HTTP Referer to invalidate externally stored URLs containing ids. ; Set to {nocache,private,public,} to determine HTTP caching aspects ; Document expires after n minutes. ; trans sid support is disabled by default. ; Set session ID character length. This value could be between 22 to 256. ; The URL rewriter will look for URLs in a defined set of HTML tags. ; add a hidden field with the info which is otherwise appended ; to URLs. tag's action attribute URL will not be modified ; unless it is specified. ; Note that all valid entries require a "=", even if no value follows. ; Default Value: "a=href,area=href,frame=src,form=" ; Development Value: "a=href,area=href,frame=src,form=" ; Production Value: "a=href,area=href,frame=src,form=" ; https://php.net/url-rewriter.tags session.trans_sid_tags = "a=href,area=href,frame=src,form=" ; URL rewriter does not rewrite absolute URLs by default. ; Define how many bits are stored in each character when converting ; Enable upload progress tracking in $_SESSION ; Cleanup the progress information as soon as all POST data has been read ; A prefix used for the upload progress key in $SESSION ; The index name (concatenated with the prefix) in $_SESSION ; How frequently the upload progress should be updated. ; The minimum delay between updates, in seconds ; Only write session data when session data is changed. Enabled by default. [Assertion] [COM] ; allow Distributed-COM calls ; autoregister constants of a component's typelib on com_load() ; register constants casesensitive ; show warnings on duplicate constant registrations ; The default character set code-page to use when passing strings to and from COM objects. ; The version of the .NET framework to use. The value of the setting are the first three parts [mbstring] ; Use of this INI entry is deprecated, use global internal_encoding instead. ; Use of this INI entry is deprecated, use global input_encoding instead. ; Use of this INI entry is deprecated, use global output_encoding instead. ; enable automatic encoding translation according to ; automatic encoding detection order. ; substitute_character used when character cannot be converted ; Enable strict encoding detection. ; This directive specifies the regex pattern of content types for which mb_output_handler() ; This directive specifies maximum stack depth for mbstring regular expressions. It is similar ; This directive specifies maximum retry count for mbstring regular expressions. It is similar [gd] [exif] ; https://php.net/exif.decode-unicode-motorola ; https://php.net/exif.decode-unicode-intel ; https://php.net/exif.encode-jis ; https://php.net/exif.decode-jis-motorola ; https://php.net/exif.decode-jis-intel [Tidy] ; Should tidy clean and repair output automatically? [soap] ; Sets the directory name where SOAP extension will put cache files. ; (time to live) Sets the number of second while cached file will be used ; Sets the size of the cache limit. (Max. number of WSDL files to cache) [sysvshm] [ldap] [dba] [opcache] ; Determines if Zend OPCache is enabled for the CLI version of PHP ; The OPcache shared memory storage size. ; The amount of memory for interned strings in Mbytes. ; The maximum number of keys (scripts) in the OPcache hash table. ; The maximum percentage of "wasted" memory until a restart is scheduled. ; When this directive is enabled, the OPcache appends the current working ; When disabled, you must reset the OPcache manually or restart the ; How often (in seconds) to check file timestamps for changes to the shared ; Enables or disables file search in include_path optimization ; If disabled, all PHPDoc comments are dropped from the code to reduce the ; If enabled, compilation warnings (including notices and deprecations) will ; Allow file existence override (file_exists, etc.) performance feature. ; A bitmask, where each bit enables or disables the appropriate OPcache ;opcache.dups_fix=0 ; The location of the OPcache blacklist file (wildcards allowed). ; Allows exclusion of large files from being cached. By default all files ; How long to wait (in seconds) for a scheduled restart to begin if the cache ; OPcache error_log file name. Empty string assumes "stderr". ; All OPcache errors go to the Web server log. ; Preferred Shared Memory back-end. Leave empty and let the system decide. ; Protect the shared memory from unexpected writing during script execution. ; Allows calling OPcache API functions only from PHP scripts which path is ; Mapping base of shared memory segments (for Windows only). All the PHP ; Facilitates multiple OPcache instances per user (for Windows only). All PHP ; Enables and sets the second level cache directory. ; Enables or disables opcode caching in shared memory. ; Enables or disables checksum validation when script loaded from file cache. ; Implies opcache.file_cache_only=1 for a certain process that failed to ; Enables or disables copying of PHP code (text segment) into HUGE PAGES. ; Validate cached file permissions. ; Prevent name collisions in chroot'ed environment. ; If specified, it produces opcode dumps for debugging different stages of ; Specifies a PHP script that is going to be compiled and executed at server ; Preloading code as root is not allowed for security reasons. This directive ; Prevents caching files that are less than this number of seconds old. It ; Absolute path used to store shared lockfiles (for *nix only). [curl] [openssl] ; If openssl.cafile is not specified or if the CA file is not found, the [ffi] ; List of headers files to preload, wildcard patterns allowed. |
Yes... |
|
Thanks for the info! The fact it reliably reproduces with Alternatively, we can also debug it for you but would need access to the source code in that case. |
|
I hope this helps? (gdb) bt full
#0 0x00007fc9d432960f in __libc_accept (fd=14, addr=..., len=0x7ffc84e1e5f8) at ../sysdeps/unix/sysv/linux/accept.c:26
sc_ret = -512
sc_cancel_oldtype = 0
sc_ret = <optimized out>
#1 0x0000559f2efbe13f in ?? ()
No symbol table info available.
#2 0x0000559f2ec5f709 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7ffc84e1ec18
(gdb) |
|
Looks like only the main thread got backtraced. Try |
|
Can I also do it with |
|
You can do it with |
|
Hahaaaa get it (gdb) thread apply all bt full
Thread 1 (Thread 0x7fc20dd5d480 (LWP 15720) "php-fpm"):
#0 0x0000555e676702e7 in execute_ex ()
No symbol table info available.
#1 0x0000555e675f105a in zend_call_function ()
No symbol table info available.
#2 0x0000555e6744fa29 in ?? ()
No symbol table info available.
#3 0x0000555e67450e08 in ?? ()
No symbol table info available.
#4 0x0000555e67450ea3 in ?? ()
No symbol table info available.
#5 0x0000555e674512f2 in ?? ()
No symbol table info available.
#6 0x0000555e6766f0ad in execute_ex ()
No symbol table info available.
#7 0x0000555e67674125 in zend_execute ()
No symbol table info available.
#8 0x0000555e675ffea8 in zend_execute_scripts ()
No symbol table info available.
#9 0x0000555e675945be in php_execute_script ()
No symbol table info available.
#10 0x0000555e6738ec5a in ?? ()
No symbol table info available.
#11 0x00007fc20e22724a in __libc_start_call_main (main=main@entry=0x555e6738def0, argc=argc@entry=2, argv=argv@entry=0x7ffdfe5d84f8) at ../sysdeps/nptl/libc_start_call_main.h:58
self = <optimized out>
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140728870995192, 1643806115081770837, 0, 140728870995216, 93863951880344, 140471449374752, -1642683253192894635, -1635962564098631851}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7ffdfe5d84f8, 0x7ffdfe5d84f8}, data = {prev = 0x0, cleanup = 0x0, canceltype = -27425544}}}
not_first_call = <optimized out>
#12 0x00007fc20e227305 in __libc_start_main_impl (main=0x555e6738def0, argc=2, argv=0x7ffdfe5d84f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffdfe5d84e8) at ../csu/libc-start.c:360
No locals.
#13 0x0000555e67390c11 in _start ()
No symbol table info available. |
|
Alright, so now we know it happens in your code somewhere in a callback. |
|
Debian 12.5 |
|
Not a distro I use so I can't check, but apparently they ship their debug symbols in the package |
#0 0x00007f8b7e717240 in __GI___libc_write (fd=5, buf=buf@entry=0x7f8b743c1ec0, nbytes=nbytes@entry=28984) at ../sysdeps/unix/sysv/linux/write.c:26
sc_ret = -32
__arg3 = <optimized out>
_a2 = <optimized out>
sc_ret = <optimized out>
sc_ret = <optimized out>
__arg1 = <optimized out>
_a3 = <optimized out>
sc_cancel_oldtype = <optimized out>
resultvar = <optimized out>
__arg2 = <optimized out>
_a1 = <optimized out>
#1 0x0000562056348289 in safe_write (count=65528, buf=0x7f8b743b9000, req=0x562057a21310) at ./main/fastcgi.c:943
ret = <optimized out>
n = 36544
ret = <optimized out>
n = <optimized out>
#2 fcgi_write (req=0x562057a21310, type=type@entry=FCGI_STDOUT,
str=str@entry=0x7f8b74389018 "<!DOCTYPE html>\n<html lang=\"de-DE\">\n<head>\n\t<meta charset=\"UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n\t<link rel=\"pingback\" href=\"https://www.xmlrpc.php\" />\n\n\t<scr"..., len=len@entry=273303) at ./main/fastcgi.c:1631
pos = 196584
pad = <optimized out>
limit = <optimized out>
rest = <optimized out>
#3 0x00005620563512f9 in sapi_cgibin_single_write (str_length=273303,
str=0x7f8b74389018 "<!DOCTYPE html>\n<html lang=\"de-DE\">\n<head>\n\t<meta charset=\"UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n\t<link rel=\"pingback\" href=\"https://www./xmlrpc.php\" />\n\n\t<scr"...) at ./sapi/fpm/fpm/fpm_main.c:249
request = <optimized out>
ret = <optimized out>
ret = <optimized out>
request = <optimized out>
#4 sapi_cgibin_ub_write (str=<optimized out>, str_length=273303) at ./sapi/fpm/fpm/fpm_main.c:276
ptr = 0x7f8b74389018 "<!DOCTYPE html>\n<html lang=\"de-DE\">\n<head>\n\t<meta charset=\"UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n\t<link rel=\"pingback\" href=\"https://www./xmlrpc.php\" />\n\n\t<scr"...
remaining = 273303
ret = <optimized out>
#5 0x0000562056201f30 in php_output_op (op=op@entry=0, str=<optimized out>, len=len@entry=273303) at ./main/output.c:1071
context = {op = 0, in = {data = 0x0, size = 0, used = 0, free = 0, _reserved = 0}, out = {
data = 0x7f8b74389018 "<!DOCTYPE html>\n<html lang=\"de-DE\">\n<head>\n\t<meta charset=\"UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n\t<link rel=\"pingback\" href=\"https://www./xmlrpc.php\" />\n\n\t<scr"..., size = 0, used = 273303, free = 0, _reserved = 0}}
active = <optimized out>
obh_cnt = <optimized out>
#6 0x0000562056202055 in php_output_op (len=273303, str=<optimized out>, op=0) at ./main/output.c:1037
context = <optimized out>
active = <optimized out>
obh_cnt = <optimized out>
#7 php_output_write (str=<optimized out>, len=273303) at ./main/output.c:241
No locals.
#8 0x0000562056284c9d in ZEND_ECHO_SPEC_TMPVAR_HANDLER () at ./Zend/zend_vm_execute.h:14477
str = <optimized out>
z = <optimized out>
#9 0x00005620562c73d3 in execute_ex (ex=0x5) at ./Zend/zend_vm_execute.h:58685
vm_stack_data = {orig_opline = 0x56204e73a258, orig_execute_data = 0x7f8b7be131f0, hybrid_jit_red_zone = "\000\000\000\000\000\000\000\000{\271/V V\000"}
#10 0x0000562056075c40 in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at ./Zend/zend_vm_execute.h:2052
call = 0x7f8b7be132e0
fbc = <optimized out>
ret = <optimized out>
#11 0x0000562056076b0e in execute_ex (ex=0x5) at ./Zend/zend_vm_execute.h:57256
vm_stack_data = {orig_opline = 0x56204e73aaa0, orig_execute_data = 0x7f8b7be13170, hybrid_jit_red_zone = "\3601\341{\213\177\000\000{\271/V V\000"}
#12 0x0000562056075c40 in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at ./Zend/zend_vm_execute.h:2052
call = 0x7f8b7be131f0
fbc = <optimized out>
ret = <optimized out>
#13 0x0000562056076b0e in execute_ex (ex=0x5) at ./Zend/zend_vm_execute.h:57256
vm_stack_data = {orig_opline = 0x56204e72c1d8, orig_execute_data = 0x7f8b7be13080, hybrid_jit_red_zone = "p1\341{\213\177\000\000{\271/V V\000"}
#14 0x0000562056075c40 in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at ./Zend/zend_vm_execute.h:2052
call = 0x7f8b7be13170
fbc = <optimized out>
ret = <optimized out>
#15 0x0000562056076b0e in execute_ex (ex=0x5) at ./Zend/zend_vm_execute.h:57256
vm_stack_data = {orig_opline = 0x56204e6ef328, orig_execute_data = 0x7f8b7be13020, hybrid_jit_red_zone = "\2000\341{\213\177\000\000{\271/V V\000"}
#16 0x0000562056075c40 in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at ./Zend/zend_vm_execute.h:2052
--Type <RET> for more, q to quit, c to continue without paging--
call = 0x7f8b7be13080
fbc = <optimized out>
ret = <optimized out>
#17 0x0000562056076b0e in execute_ex (ex=0x5) at ./Zend/zend_vm_execute.h:57256
vm_stack_data = {orig_opline = 0x0, orig_execute_data = 0x5620564effc0 <executor_globals>, hybrid_jit_red_zone = "\000\000\000\000\000\000\000\000{\271/V V\000"}
#18 0x000056205624d13a in zend_call_function (fci=<optimized out>, fci_cache=<optimized out>) at ./Zend/zend_execute_API.c:957
orig_jit_trace_num = 0
i = <optimized out>
call = 0x7f8b7be13020
fci_cache_local = {function_handler = 0x5620564efa00 <sapi_globals>, calling_scope = 0x0, called_scope = 0x562057a2547d, object = 0x562056084365 <zm_deactivate_date+21>, closure = 0x5620564efa00 <sapi_globals>}
func = <optimized out>
call_info = <optimized out>
object_or_called_scope = <optimized out>
orig_fake_scope = 0x0
#19 0x00005620561802b8 in user_shutdown_function_call (zv=<optimized out>) at ./ext/standard/basic_functions.c:1632
shutdown_function_entry = <optimized out>
retval = {value = {lval = 140722506686416, dval = 6.9526156150423256e-310, counted = 0x7ffc8305dfd0, str = 0x7ffc8305dfd0, arr = 0x7ffc8305dfd0, obj = 0x7ffc8305dfd0, res = 0x7ffc8305dfd0, ref = 0x7ffc8305dfd0, ast = 0x7ffc8305dfd0,
zv = 0x7ffc8305dfd0, ptr = 0x7ffc8305dfd0, ce = 0x7ffc8305dfd0, func = 0x7ffc8305dfd0, ww = {w1 = 2198200272, w2 = 32764}}, u1 = {type_info = 0, v = {type = 0 '\000', type_flags = 0 '\000', u = {extra = 0}}}, u2 = {
next = 1235517999, cache_slot = 1235517999, opline_num = 1235517999, lineno = 1235517999, num_args = 1235517999, fe_pos = 1235517999, fe_iter_idx = 1235517999, guard = 1235517999, constant_flags = 1235517999, extra = 1235517999}}
call_status = SUCCESS
#20 0x000056205626eedc in zend_hash_apply (ht=0x7f8b7bed6310, apply_func=apply_func@entry=0x562056180290 <user_shutdown_function_call>) at ./Zend/zend_hash.c:2071
zv = 0x7f8b7be8e158
idx = 1
result = <optimized out>
#21 0x00005620561863e6 in php_call_shutdown_functions () at ./ext/standard/basic_functions.c:1693
__orig_bailout = 0x7ffc83061c60
__bailout = {{__jmpbuf = {94696886958592, 137760716150328427, 94696909198106, 94696885740521, 60, 0, -139494318325576597, -5932999288151421845}, __mask_was_saved = 0, __saved_mask = {__val = {835349890, 94696909181712, 15,
140237055459392, 140237060221672, 1, 0, 140722506700496, 94696884063202, 1, 140722506700496, 1, 94696886958592, 0, 94696909198106, 94696885740521}}}}
#22 0x00005620561ef395 in php_request_shutdown (dummy=dummy@entry=0x0) at ./main/main.c:1854
report_memleaks = true
#23 0x0000562056082295 in main (argc=<optimized out>, argv=<optimized out>) at ./sapi/fpm/fpm/fpm_main.c:1970
primary_script = <optimized out>
__orig_bailout = <optimized out>
__bailout = {{__jmpbuf = {12, 137760716150852715, 0, 94696886810880, 94696886986776, 0, -139494318573040533, -5932999154497958805}, __mask_was_saved = 0, __saved_mask = {__val = {140237059737312, 140722506702912, 140237059692824, 0,
140237104939008, 13, 140237099438488, 140722506702912, 94696886273816, 140237110726688, 140237110587070, 1, 0, 140237110524024, 140237110614320, 140237059692736}}}}
exit_status = 0
cgi = 0
c = <optimized out>
use_extended_info = 0
file_handle = {handle = {fp = 0x0, stream = {handle = 0x0, isatty = 0, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x0, opened_path = 0x0, type = 0 '\000', primary_script = true, in_list = false, buf = 0x0, len = 0}
orig_optind = 1
orig_optarg = 0x0
ini_builder = {value = 0x0, length = 0}
max_requests = 0
requests = <optimized out>
fcgi_fd = <optimized out>
request = 0x562057a21310
fpm_config = <optimized out>
fpm_prefix = 0x0
fpm_pid = 0x0
test_conf = 0
force_daemon = <optimized out>
force_stderr = 0
php_information = 0
php_allow_to_run_as_root = 0
__func__ = "main"
ret = <optimized out>
__orig_bailout = <optimized out>
__bailout = <optimized out>
__str = <optimized out>
|
|
Thanks, seems like the debug symbols are now present! |
|
Ah no I'm testing without |
|
Thats really strange - no errors in the last 30 minutes....opcache.protect_memory=1 seems to do the job...Last time this changed nothing :O -- |
|
Hi, only as notice, my php.ini conf was only edited with: opcache.enable=1 I saw that this seqfault started at 14th May (and here is the point, I updated from .18 to .19 at this day, but I'm not fully sure if it also affect older versions, because logs started from 12th May (without seqfault)). And I use only PHP8.2, so I can't confirm it's also in 8.0 and 8.1 (or 8.3).
|
github-actions
bot
added
Status: Needs Triage
and removed
Status: Needs Feedback
labels
|
@alex0107 Do you use the deb.sury.org packages? I started a discussion (oerdnj/deb.sury.org#2135) to be sure. |
|
Yes and plesk-xxx-fpm |
|
So a new bt - I hope this time it helps more.... ShowThread 1 (Thread 0x7f489fba2480 (LWP 81192) "php-fpm"):
#0 zend_assign_to_variable_ex (garbage_ptr=0x7fff76882f60, strict=<optimized out>, value_type=1 '\001', value=0x55abaf944fb0, variable_ptr=0x7f4897e84c58) at Zend/zend_execute.h:200
No locals.
#1 ZEND_ASSIGN_OBJ_SPEC_UNUSED_CONST_OP_DATA_CONST_HANDLER () at Zend/zend_vm_execute.h:33260
prop_info = <optimized out>
prop_offset = <optimized out>
ref = <optimized out>
_z2 = <optimized out>
_gc = <optimized out>
cache_slot = <optimized out>
property_val = <optimized out>
_z1 = <optimized out>
_t = <optimized out>
object = <optimized out>
value = 0x55abaf944fb0
tmp = <optimized out>
zobj = 0x7f4897e84be0
name = <optimized out>
tmp_name = <optimized out>
garbage = 0x0
#2 0x000055abb7517dc4 in execute_ex (ex=0x7f4897e84c58) at Zend/zend_vm_execute.h:60113
vm_stack_data = {orig_opline = 0x1, orig_execute_data = 0x7fff768855b0, hybrid_jit_red_zone = "\000\000\000\000\000\000\000\000\b\000\000\000\000\000\000"}
#3 0x000055abb7520125 in zend_execute (op_array=0x7f489d66a000, return_value=0x0) at Zend/zend_vm_execute.h:61604
execute_data = 0x7f489d613020
object_or_called_scope = <optimized out>
call_info = <optimized out>
#4 0x000055abb74abea8 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at Zend/zend.c:1891
files = {{gp_offset = 40, fp_offset = 2004317999, overflow_arg_area = 0x7fff76883120, reg_save_area = 0x7fff768830b0}}
i = -1349234624
file_handle = 0x7f489d613870
op_array = 0x7f489d66a000
ret = SUCCESS
#5 0x000055abb74405be in php_execute_script (primary_file=primary_file@entry=0x7fff768855b0) at main/main.c:2515
realfile = "\377\377\377\377\377\377\377\377\220\245]\271\253U\000\000sD\210v\377\177\000\000Pta\271\253U\000\000\001\000\000\000\000\000\000\000\020\232]\271\253U\000\000\001\000\000\000\000\000\000\000\245oE\267\253U\000\000\001\000\000\000\000\000\000\000\2522\240\237H\177\000\000\340\242Q\271\253U\000\000@\006t\271\253U\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\347\017\001\000\000\000\000\000 \005t\271\253U\000\000\000E\210v\377\177\000\000Pta\271\253U\000\000@\006t\271\253U\000\000\340\242Q\271\253U\000\000@\006t\271\253U\000\000\203ڟ\237H\177\000\000\020\232]\271\253U\000\000\000\000\000\000\000\000\000\000h\306$\001\000\000\000\001\000"...
__orig_bailout = <optimized out>
__bailout = {{__jmpbuf = {140735182034352, 7953448059910764660, 94196037923629, 94196004551563, 60, 0, 7953448063079561332, 4236147030085875828}, __mask_was_saved = 0, __saved_mask = {__val = {94195867058608, 11, 139949701267360, 139949701267392, 1194076609354379008, 140735182029567, 0, 139949855096856, 94196005868224, 0, 94196005869408, 139949854695424, 94196003485965, 139949854695552, 60, 140735182031044}}}}
prepend_file_p = <optimized out>
append_file_p = <optimized out>
prepend_file = {handle = {fp = 0x4e, stream = {handle = 0x4e, isatty = -1798990569, reader = 0x7f4894c59517, fsizer = 0x7f4894c59517, closer = 0x7f48979337e0}}, filename = 0x10923659872baf00, opened_path = 0x0, type = 233 '\351', primary_script = 65, in_list = 136, buf = 0x7f489b837d70 "resource:thread", len = 139949822217547}
append_file = {handle = {fp = 0x7fff768841e0, stream = {handle = 0x7fff768841e0, isatty = -1186368512, reader = 0x7fff768841e0, fsizer = 0x7f489b74ab53, closer = 0x6500646165726874}}, filename = 0x64616572687400, opened_path = 0x7fff768848d0, type = 169 '\251', primary_script = 69, in_list = 68, buf = 0x0, len = 139949760294904}
old_cwd = <optimized out>
use_heap = false
retval = false
#6 0x000055abb723ac5a in main (argc=<optimized out>, argv=<optimized out>) at sapi/fpm/fpm/fpm_main.c:1934
primary_script = <optimized out>
__orig_bailout = <optimized out>
__bailout = {{__jmpbuf = {17, -7953708993272858508, 0, 94196005713984, 94196005897592, 0, 7953448059917056116, 4236147310405367924}, __mask_was_saved = 0, __saved_mask = {__val = {139949858965216, 140735182035552, 139949858920728, 0, 139949908350160, 13, 139949900763544, 140735182035552, 94196005146776, 139949911027744, 139949910888126, 1, 0, 139949910825080, 139949910915376, 139949858920640}}}}
exit_status = 0
cgi = 0
c = <optimized out>
use_extended_info = 0
file_handle = {handle = {fp = 0x0, stream = {handle = 0x0, isatty = 0, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x7f489d664000, opened_path = 0x55abaf28a868, type = 0 '\000', primary_script = true, in_list = false, buf = 0x0, len = 0}
orig_optind = 1
orig_optarg = 0x0
ini_builder = {value = 0x0, length = 0}
max_requests = 0
requests = <optimized out>
fcgi_fd = <optimized out>
request = 0x55abb961a220
fpm_config = <optimized out>
fpm_prefix = 0x0
fpm_pid = 0x0
test_conf = 0
force_daemon = <optimized out>
requests = <optimized out>
fcgi_fd = <optimized out>
request = 0x55abb961a220
fpm_config = <optimized out>
fpm_prefix = 0x0
fpm_pid = 0x0
test_conf = 0
force_daemon = <optimized out>
force_stderr = 0
php_information = 0
php_allow_to_run_as_root = 0
__func__ = "main"
ret = <optimized out>
__orig_bailout = <optimized out>
__bailout = <optimized out>
__str = <optimized out>
|
|
Okay this is a realistic stacktrace for a crash bug. It appears to be a memory corruption bug, and the problem with those is that the point where it crashes is unlikely to be the point where it actually went wrong initially. |
|
Could you also try disabling observers? So we know whether they are related. You're likely using some extension that enables them (e.g. Datadog, or possibly others). |
|
Or is this a problem with the package deb.sury.org and plesk-php8x-fpm? Do we have to contact them? |
I can send you the code. The problems occours on multiple WordPress websites of our costumers. How can I send you the files? Please not directly through a public github issue ;) |
I don't think the problem is in the packaging.
The thing is thought that since I'm not employed by anyone to work on PHP, I don't have any legal protection for the "just in case" situation when dealing with private data. Not sure how this is for people employed by the PHP foundation though. |
|
So I think there isn‘t any private data on this website. Do you have a email or discord or something else so I can send you the file? 😄 |
|
@alex0107 Can you also post a list of extensions that are enabled? Since you're using observers, it's also possible that some third party extension contributes to the problem. |
|
Yes for sure - I don't find any observers like monit or something like this. php -m[PHP Modules] [Zend Modules] |
|
Thats really strange - today the server hangs an i trying to restart. Than following error occours: Do you have a conclusion? :) |
|
Usually happens when a process is stuck or not responding for an extended period of time. In your case, it seems to involve php-fpm and pgrep tasks. You can check if there is something fishy: --> Or better: There you see what's going on. In my case, still: |
|
Yes but why is php-fpm stuck? :D There are no errors (except the segfaults...) ... |
|
What do you mean by "stuck". If there's a crash, FPM should just create a new child. Is that not what is happening? |
|
Is this happening only in high traffic (meaning occasionally just for some request) or are you able to reliably to recreate it locally as well or on some non prod environment? If you are able to recreate locally / on non prod environment (even with something like wrk), then running that under valgrind as suggested could show what the problem is. |
|
No I've created a crawler and the error happens completey random |
|
No feedback was provided. The issue is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so. Thank you. |
Description
Hi,
sorry for unclear report, I don't know why this happens:
kernel: [269065.088395] php-fpm8.2[2107797]: segfault at 7f377e872428 ip 0000562b0b8d9ebd sp 00007ffcd580fec0 error 4 in php-fpm8.2[562b0b6ba000+309000] likely on CPU 3 (core 3, socket 0) kernel: [269065.088412] Code: 74 7b 48 c1 e3 05 4c 01 e3 48 3b 6b 18 75 36 48 89 d8 5b 5d 41 5c c3 66 0f 1f 44 00 00 48 8b 7b 18 48 85 ff 74 0a 48 8b 45 10 <48> 39 47 10 74 3d 8b 5b 0c 83 fb ff 74 45 48 c1 e3 05 4c 01 e3 48 kernel: [269068.671543] php-fpm8.2[1753950]: segfault at 7f377e86e6d0 ip 0000562b0b8d9ebd sp 00007ffcd580fe50 error 4 in php-fpm8.2[562b0b6ba000+309000] likely on CPU 7 (core 7, socket 0) kernel: [269068.671602] Code: 74 7b 48 c1 e3 05 4c 01 e3 48 3b 6b 18 75 36 48 89 d8 5b 5d 41 5c c3 66 0f 1f 44 00 00 48 8b 7b 18 48 85 ff 74 0a 48 8b 45 10 <48> 39 47 10 74 3d 8b 5b 0c 83 fb ff 74 45 48 c1 e3 05 4c 01 e3 48 kernel: [269069.612500] php-fpm8.2[2108620]: segfault at 7f377e874428 ip 0000562b0b8d9ebd sp 00007ffcd580fec0 error 4 in php-fpm8.2[562b0b6ba000+309000] likely on CPU 8 (core 8, socket 0) kernel: [269069.612515] Code: 74 7b 48 c1 e3 05 4c 01 e3 48 3b 6b 18 75 36 48 89 d8 5b 5d 41 5c c3 66 0f 1f 44 00 00 48 8b 7b 18 48 85 ff 74 0a 48 8b 45 10 <48> 39 47 10 74 3d 8b 5b 0c 83 fb ff 74 45 48 c1 e3 05 4c 01 e3 48 kernel: [269073.181863] php-fpm8.2[1725486]: segfault at 7f377e074428 ip 0000562b0b8d9ebd sp 00007ffcd580fec0 error 4 in php-fpm8.2[562b0b6ba000+309000] likely on CPU 11 (core 11, socket 0) kernel: [269073.181878] Code: 74 7b 48 c1 e3 05 4c 01 e3 48 3b 6b 18 75 36 48 89 d8 5b 5d 41 5c c3 66 0f 1f 44 00 00 48 8b 7b 18 48 85 ff 74 0a 48 8b 45 10 <48> 39 47 10 74 3d 8b 5b 0c 83 fb ff 74 45 48 c1 e3 05 4c 01 e3 48Someone has an idea?
Using PHP8.2-fpm via nginx.
This isn't an OOM-Killer, system is well balanced, but with very high traffic.
Also all settings are optimized and correct, including opcache.
How I can find out which file or what causes the segfault? How I can better routing to point the issue (if possible?).
I see the most segfault at 7f377e074428 only. But don't find any similar case about this.
Thanks! :)
PHP Version
PHP 8.2.19
Operating System
Debian 12 (bookworm)
The text was updated successfully, but these errors were encountered: