Dealing with PHP Segfault in CentOS 6.5

Bir müddət əvvələ qədər DMESG output-dan aldığımız məlumata əsasən commandline-dan çalışdırılan PHP kod serverde segfult error-lar verir, bir müddətdən sonra isə server-in özünü necə deyərlər “itiririk”:

php[2682]: segfault at ffffffff ip 000000000058b19f sp 00007fff4f51eae0 error 4 in php[400000+2c0000]
php[4478]: segfault at ffffffff ip 000000000058b19f sp 00007fffd5b5b3e0 error 4 in php[400000+2c0000]
php[5883]: segfault at ffffffff ip 000000000058b19f sp 00007fff6e5ddd70 error 4 in php[400000+2c0000]
php[8353]: segfault at ffffffff ip 000000000058b19f sp 00007ffffa83a8a0 error 4 in php[400000+2c0000]
php[9629]: segfault at ffffffff ip 000000000058b19f sp 00007fff55e23630 error 4 in php[400000+2c0000]
php[11285]: segfault at ffffffff ip 000000000058b19f sp 00007fff2dd525a0 error 4 in php[400000+2c0000]
php[13148]: segfault at ffffffff ip 000000000058b19f sp 00007fff375157a0 error 4 in php[400000+2c0000]
php[14569]: segfault at ffffffff ip 000000000058b19f sp 00007fff90a58d00 error 4 in php[400000+2c0000]
php[15560]: segfault at ffffffff ip 000000000058b19f sp 00007fffa1db0060 error 4 in php[400000+2c0000]
php[17825]: segfault at ffffffff ip 000000000058b19f sp 00007fff33d2b490 error 4 in php[400000+2c0000]
php[18783]: segfault at ffffffff ip 000000000058b19f sp 00007ffff949dcb0 error 4 in php[400000+2c0000]
php[19747]: segfault at ffffffff ip 000000000058b19f sp 00007fff897c3f10 error 4 in php[400000+2c0000]
php[20704]: segfault at ffffffff ip 000000000058b19f sp 00007ffff3083eb0 error 4 in php[400000+2c0000]
php[21667]: segfault at ffffffff ip 000000000058b19f sp 00007fff93bb9a20 error 4 in php[400000+2c0000]
php[22620]: segfault at ffffffff ip 000000000058b19f sp 00007fff28930530 error 4 in php[400000+2c0000]
php[24544]: segfault at ffffffff ip 000000000058b19f sp 00007ffff8e08450 error 4 in php[400000+2c0000]
php[25654]: segfault at ffffffff ip 000000000058b19f sp 00007fffaf874640 error 4 in php[400000+2c0000]
php[26704]: segfault at ffffffff ip 000000000058b19f sp 00007fff7e2283a0 error 4 in php[400000+2c0000]
php[27869]: segfault at ffffffff ip 000000000058b19f sp 00007fffc9e5c8e0 error 4 in php[400000+2c0000]

/var/log/messages – output:

Oct 13 11:23:46 linuxsrv2 kernel: php[2439]: segfault at 6b4bac000 ip 00000000005b41d0 sp 00007fff7d0b9568 error 4 in php[400000+2c0000]
Oct 13 11:23:48 linuxsrv2 abrtd: Directory 'ccpp-2014-10-13-11:23:46-2439' creation detected
Oct 13 11:23:48 linuxsrv2 abrt[2440]: Saved core dump of pid 2439 (/usr/bin/php) to /var/spool/abrt/ccpp-2014-10-13-11:23:46-2439 (85946368 bytes)

Daha dəqiq olaraq test etdikdə:

[root@linuxsrv2 abrt]# /usr/bin/php /usr/share/nginx/html/Grab/index-console.php Test xxxxxxxxxx
Segmentation fault (core dumped)

Core Dump GDB output-a nəzər yetirək:

[root@linuxsrv2 ccpp-2014-10-15-14:25:02-10116]# gdb /usr/bin/php coredump
.
.
.
Core was generated by `/usr/bin/php /usr/share/nginx/html/Grab/index-console.php Test xxxxxxxx'.
Program terminated with signal 11, Segmentation fault.
#0  zend_mm_remove_from_free_list (heap=<value optimized out>, mm_block=0x29fe8c8) at /usr/src/debug/php-5.3.3/Zend/zend_alloc.c:826
826				ZEND_MM_CHECK_TREE(mm_block);

(gdb) bt
#0  zend_mm_remove_from_free_list (heap=<value optimized out>, mm_block=0x29fe8c8) at /usr/src/debug/php-5.3.3/Zend/zend_alloc.c:826
#1  0x000000000058b3b5 in _zend_mm_free_int (heap=0x24372b0, p=0x29fe878) at /usr/src/debug/php-5.3.3/Zend/zend_alloc.c:2019
#2  0x00000000005b4b91 in zend_hash_destroy (ht=0x4e4d1b0) at /usr/src/debug/php-5.3.3/Zend/zend_hash.c:531
#3  0x00000000005a052a in destroy_zend_class (pce=<value optimized out>) at /usr/src/debug/php-5.3.3/Zend/zend_opcode.c:191
#4  0x00000000005b4835 in zend_hash_apply_deleter (ht=0x2437c00, p=0x2aca320) at /usr/src/debug/php-5.3.3/Zend/zend_hash.c:609
#5  0x00000000005b4939 in zend_hash_reverse_apply (ht=0x2437c00, apply_func=0x59b750 <clean_non_persistent_class>)
    at /usr/src/debug/php-5.3.3/Zend/zend_hash.c:758
#6  0x000000000059c45e in shutdown_executor () at /usr/src/debug/php-5.3.3/Zend/zend_execute_API.c:312
#7  0x00000000005a8c22 in zend_deactivate () at /usr/src/debug/php-5.3.3/Zend/zend.c:890
#8  0x0000000000556805 in php_request_shutdown (dummy=<value optimized out>) at /usr/src/debug/php-5.3.3/main/main.c:1634
#9  0x0000000000631214 in main (argc=4, argv=0x7fff232e2158) at /usr/src/debug/php-5.3.3/sapi/cli/php_cli.c:1373

(gdb) bt full
#0  zend_mm_remove_from_free_list (heap=<value optimized out>, mm_block=0x29fe8c8) at /usr/src/debug/php-5.3.3/Zend/zend_alloc.c:826
        rp = <value optimized out>
        cp = <value optimized out>
        prev = 0x2bf12b0
        next = 0x2bf12b0
#1  0x000000000058b3b5 in _zend_mm_free_int (heap=0x24372b0, p=0x29fe878) at /usr/src/debug/php-5.3.3/Zend/zend_alloc.c:2019
        mm_block = 0x29fe868
        next_block = 0x29fe8c8
        size = 96
#2  0x00000000005b4b91 in zend_hash_destroy (ht=0x4e4d1b0) at /usr/src/debug/php-5.3.3/Zend/zend_hash.c:531
        p = 0x4e49b98
        q = 0x29fe878
#3  0x00000000005a052a in destroy_zend_class (pce=<value optimized out>) at /usr/src/debug/php-5.3.3/Zend/zend_opcode.c:191
        ce = 0x4e4d180
#4  0x00000000005b4835 in zend_hash_apply_deleter (ht=0x2437c00, p=0x2aca320) at /usr/src/debug/php-5.3.3/Zend/zend_hash.c:609
        retval = <value optimized out>
#5  0x00000000005b4939 in zend_hash_reverse_apply (ht=0x2437c00, apply_func=0x59b750 <clean_non_persistent_class>)
    at /usr/src/debug/php-5.3.3/Zend/zend_hash.c:758
        result = 1
        p = 0x2aca400
        q = 0x2aca320
#6  0x000000000059c45e in shutdown_executor () at /usr/src/debug/php-5.3.3/Zend/zend_execute_API.c:312
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {9618720, 4153135478262045439, 140733783621432, 0, 0, 140733783621432, -4153268429412787457, 4153135458132007679}, 
            __mask_was_saved = 0, __saved_mask = {__val = {44778240, 312, 5813072, 44033256, 81700376, 88, 5813072, 20040, 5813072, 9620224, 9617240, 
                9618536, 0, 0, 5928661, 9620224}}}}
#7  0x00000000005a8c22 in zend_deactivate () at /usr/src/debug/php-5.3.3/Zend/zend.c:890
No locals.
#8  0x0000000000556805 in php_request_shutdown (dummy=<value optimized out>) at /usr/src/debug/php-5.3.3/main/main.c:1634
        report_memleaks = 1 '\001'
#9  0x0000000000631214 in main (argc=4, argv=0x7fff232e2158) at /usr/src/debug/php-5.3.3/sapi/cli/php_cli.c:1373
        exit_status = 0
        c = <value optimized out>
---Type <return> to continue, or q <return> to quit---
        file_handle = {type = ZEND_HANDLE_MAPPED, filename = 0x7fff232e3f38 "/usr/share/nginx/html/Grab/index-console.php", opened_path = 0x0, handle = {
            fd = 40267816, fp = 0x2667028, stream = {handle = 0x2667028, isatty = 0, mmap = {len = 585, pos = 0, map = 0x7ff7457cf000, 
                buf = 0x7ff7457cf000 <Address 0x7ff7457cf000 out of bounds>, old_handle = 0x26908f0, old_closer = 0x5bd500 <zend_stream_stdio_closer>}, 
              reader = 0x5bdb10 <zend_stream_stdio_reader>, fsizer = 0x5bd5b0 <zend_stream_stdio_fsizer>, closer = 0x5bdaa0 <zend_stream_mmap_closer>}}, 
          free_filename = 0 '\000'}
        behavior = <value optimized out>
        reflection_what = <value optimized out>
        orig_optind = 1
        orig_optarg = 0x0
        arg_free = <value optimized out>
        arg_excp = <value optimized out>
        script_file = <value optimized out>
        interactive = <value optimized out>
        module_started = 1
        request_started = 1
        lineno = 1
        exec_direct = <value optimized out>
        exec_run = <value optimized out>
        exec_begin = <value optimized out>
        exec_end = <value optimized out>
        param_error = <value optimized out>
        hide_argv = <value optimized out>
        ini_entries_len = <value optimized out>


zend_mm_heap corrupted -u isə scripti PHP debug-dan birbaşa alırıq

[root@linuxsrv2 ~]# gdb /usr/bin/php
.
.
(gdb) run /usr/share/nginx/html/Grab/index-console.php Test xxxxx
Starting program: /usr/bin/php /usr/share/nginx/html/Grab/index-console.php Test xxxxx
[Thread debugging using libthread_db enabled]
zend_mm_heap corrupted

Program exited with code 01.

Araşdırmalardan sonra, ortaya çıxdı ki, bu BUG PHP-nin garbage collector-undan irəli gəlir.
Test məqsədilə Garbage Collector-u söndürüb yoxlayaq./etc/php.ini faylına əlavə edirik:

[PHP]
zend.enable_gc = 0

Daha sonra nginx-ə restart veririk və bir daha yoxlayırıq:

(gdb) run /usr/share/nginx/html/Grab/index-console.php Test xxxxxx
Starting program: /usr/bin/php /usr/share/nginx/html/Grab/index-console.php Test xxxxx
[Thread debugging using libthread_db enabled]

Program exited normally.

Ümumiləşdirsək, qarşılaşdığımız BUG üçün workaround: Garbage Collector-u söndürməkdir.

Əgər Global yox məhz müəyyən script üçün söndürmək lazımdırsa o zaman script daxilinə qeyd etmək lazımdır:

ini_set('zend.enable_gc',0);

Təşəkkürlər.

Səs: +10. Bəyənilsin Zəifdir

Müəllif: Şəhriyar Rzayev

Bu yazıya şərh Bu mövzuya aid sual

Şərh yazın