Ubuntu
php7.2 package

zend_string_init error: Cannot access memory

Bug #1865338 reported by Scott Hollenbeck
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php7.2 (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

I'm using php7.2-fpm to run the Simple Machines Community Forum. I have an fpm pool dedicated to the forum. Every so often I see an error like this in my fpm log:

[01-Mar-2020 01:18:15] WARNING: [pool smf] child 23384 exited on signal 7 (SIGBUS - core dumped) after 0.708817 seconds from start

Here's a backtrace:

[New LWP 23384]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `php-fpm: pool smf'.
Program terminated with signal SIGBUS, Bus error.
#0 __memcpy_ssse3 () at ../sysdeps/x86_64/multiarch/memcpy-ssse3.S:620
620 ../sysdeps/x86_64/multiarch/memcpy-ssse3.S: No such file or directory.
(gdb) bt
#0 __memcpy_ssse3 () at ../sysdeps/x86_64/multiarch/memcpy-ssse3.S:620
#1 0x000055feb96ec706 in memcpy (__len=38654, __src=0x7f220d2bf06b, __dest=0x7f220789a018)
    at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
#2 zend_string_init (persistent=0, len=38654, str=0x7f220d2bf06b <error: Cannot access memory at address 0x7f220d2bf06b>)
    at ./Zend/zend_string.h:172
#3 lex_scan (zendlval=zendlval@entry=0x7ffe48510e90) at Zend/zend_language_scanner.l:1995
#4 0x000055feb970140e in zendlex (elem=elem@entry=0x7ffe48510f48) at ./Zend/zend_compile.c:1728
#5 0x000055feb96e4dff in zendparse () at ./Zend/zend_language_parser.c:4229
#6 0x000055feb96e7457 in zend_compile (type=type@entry=2) at Zend/zend_language_scanner.l:586
#7 0x000055feb96e898a in compile_file (file_handle=0x7ffe48511e50, type=2) at Zend/zend_language_scanner.l:636
#8 0x00007f21fd0b3ecc in ?? () from /usr/lib/php/20170718/phar.so
#9 0x00007f22072ba29c in ?? () from /usr/lib/php/20170718/opcache.so
#10 0x00007f22072bbf58 in ?? () from /usr/lib/php/20170718/opcache.so
#11 0x000055feb96e8a32 in compile_filename (type=type@entry=2, filename=filename@entry=0x7f220781e460) at Zend/zend_language_scanner.l:663
#12 0x000055feb978925b in zend_include_or_eval (inc_filename=inc_filename@entry=0x7f220781e460, type=2) at ./Zend/zend_execute.c:2832
#13 0x000055feb97c9483 in ZEND_INCLUDE_OR_EVAL_SPEC_TMPVAR_HANDLER () at ./Zend/zend_vm_execute.h:48894
#14 0x000055feb97cef97 in execute_ex (ex=0x7f22078a1020) at ./Zend/zend_vm_execute.h:63210
#15 0x000055feb97d5f77 in zend_execute (op_array=op_array@entry=0x7f2207880000, return_value=return_value@entry=0x7f21f9fbd258)
    at ./Zend/zend_vm_execute.h:63780
#16 0x000055feb9724702 in zend_execute_scripts (type=type@entry=8, retval=0x7f21f9fbd258, retval@entry=0x0, file_count=125952816,
    file_count@entry=3) at ./Zend/zend.c:1498
#17 0x000055feb96c0160 in php_execute_script (primary_file=0x7ffe48514670) at ./main/main.c:2599
#18 0x000055feb956f7bb in main (argc=<optimized out>, argv=<optimized out>) at ./sapi/fpm/fpm/fpm_main.c:1966
(gdb)

I haven't found a specific way to reproduce the error beyond letting the software run for several hours. More info:

$ lsb_release -rd
Description: Ubuntu 18.04.4 LTS
Release: 18.04
$ apt-cache policy php7.2-fpm
php7.2-fpm:
  Installed: 7.2.24-0ubuntu0.18.04.3
  Candidate: 7.2.24-0ubuntu0.18.04.3
  Version table:
 *** 7.2.24-0ubuntu0.18.04.3 500
        500 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
        500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages
        100 /var/lib/dpkg/status
     7.2.3-1ubuntu1 500
        500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
$

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Can you attach the core dump? Or the crash file, if you have one in /var/crash about this.

Revision history for this message
Scott Hollenbeck (g-sah) wrote :

Unfortunately I didn't keep that particular core dump, but I have more recent dumps. I've attached one of them. The error has changed:

[New LWP 3553]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `php-fpm: pool smf'.
Program terminated with signal SIGBUS, Bus error.
#0 0x0000560f1b3fc426 in lex_scan (zendlval=zendlval@entry=0x7ffc84fdf5b0) at Zend/zend_language_scanner.l:1981
1981 Zend/zend_language_scanner.l: No such file or directory.
(gdb) bt
#0 0x0000560f1b3fc426 in lex_scan (zendlval=zendlval@entry=0x7ffc84fdf5b0) at Zend/zend_language_scanner.l:1981
#1 0x0000560f1b41340e in zendlex (elem=elem@entry=0x7ffc84fdf668) at ./Zend/zend_compile.c:1728
#2 0x0000560f1b3f6dff in zendparse () at ./Zend/zend_language_parser.c:4229
#3 0x0000560f1b3f9457 in zend_compile (type=type@entry=2) at Zend/zend_language_scanner.l:586
#4 0x0000560f1b3fa98a in compile_file (file_handle=0x7ffc84fe0570, type=2) at Zend/zend_language_scanner.l:636
#5 0x00007faf412b3ecc in ?? () from /usr/lib/php/20170718/phar.so
#6 0x00007faf4b4ba29c in ?? () from /usr/lib/php/20170718/opcache.so
#7 0x00007faf4b4bbf58 in ?? () from /usr/lib/php/20170718/opcache.so
#8 0x0000560f1b3faa32 in compile_filename (type=type@entry=2, filename=filename@entry=0x7faf4ba1f460) at Zend/zend_language_scanner.l:663
#9 0x0000560f1b49b25b in zend_include_or_eval (inc_filename=inc_filename@entry=0x7faf4ba1f460, type=2) at ./Zend/zend_execute.c:2832
#10 0x0000560f1b4db483 in ZEND_INCLUDE_OR_EVAL_SPEC_TMPVAR_HANDLER () at ./Zend/zend_vm_execute.h:48894
#11 0x0000560f1b4e0f97 in execute_ex (ex=0x27) at ./Zend/zend_vm_execute.h:63210
#12 0x0000560f1b4e7f77 in zend_execute (op_array=op_array@entry=0x7faf4ba7f000, return_value=return_value@entry=0x7faf2f6c3098)
    at ./Zend/zend_vm_execute.h:63780
#13 0x0000560f1b436702 in zend_execute_scripts (type=type@entry=8, retval=0x7faf2f6c3098, retval@entry=0x0, file_count=1268904752,
    file_count@entry=3) at ./Zend/zend.c:1498
#14 0x0000560f1b3d2160 in php_execute_script (primary_file=0x7ffc84fe2d90) at ./main/main.c:2599
#15 0x0000560f1b2817bb in main (argc=<optimized out>, argv=<optimized out>) at ./sapi/fpm/fpm/fpm_main.c:1966
(gdb)

Revision history for this message
Scott Hollenbeck (g-sah) wrote :

The original error reappeared:

[New LWP 4655]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `php-fpm: pool smf '.
Program terminated with signal SIGBUS, Bus error.
#0 __memcpy_ssse3 () at ../sysdeps/x86_64/multiarch/memcpy-ssse3.S:620
620 ../sysdeps/x86_64/multiarch/memcpy-ssse3.S: No such file or directory.
(gdb) bt
#0 __memcpy_ssse3 () at ../sysdeps/x86_64/multiarch/memcpy-ssse3.S:620
#1 0x0000560f1b3fe706 in memcpy (__len=38756, __src=0x7faf515a506b, __dest=0x7faf4ba99018)
    at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
#2 zend_string_init (persistent=0, len=38756, str=0x7faf515a506b <error: Cannot access memory at address 0x7faf515a506b>)
    at ./Zend/zend_string.h:172
#3 lex_scan (zendlval=zendlval@entry=0x7ffc84fdf5b0) at Zend/zend_language_scanner.l:1995
#4 0x0000560f1b41340e in zendlex (elem=elem@entry=0x7ffc84fdf668) at ./Zend/zend_compile.c:1728
#5 0x0000560f1b3f6dff in zendparse () at ./Zend/zend_language_parser.c:4229
#6 0x0000560f1b3f9457 in zend_compile (type=type@entry=2) at Zend/zend_language_scanner.l:586
#7 0x0000560f1b3fa98a in compile_file (file_handle=0x7ffc84fe0570, type=2) at Zend/zend_language_scanner.l:636
#8 0x00007faf412b3ecc in ?? () from /usr/lib/php/20170718/phar.so
#9 0x00007faf4b4ba29c in ?? () from /usr/lib/php/20170718/opcache.so
#10 0x00007faf4b4bbf58 in ?? () from /usr/lib/php/20170718/opcache.so
#11 0x0000560f1b3faa32 in compile_filename (type=type@entry=2, filename=filename@entry=0x7faf4ba1f460) at Zend/zend_language_scanner.l:663
#12 0x0000560f1b49b25b in zend_include_or_eval (inc_filename=inc_filename@entry=0x7faf4ba1f460, type=2) at ./Zend/zend_execute.c:2832
#13 0x0000560f1b4db483 in ZEND_INCLUDE_OR_EVAL_SPEC_TMPVAR_HANDLER () at ./Zend/zend_vm_execute.h:48894
#14 0x0000560f1b4e0f97 in execute_ex (ex=0x7faf4ba99fa0) at ./Zend/zend_vm_execute.h:63210
#15 0x0000560f1b4e7f77 in zend_execute (op_array=op_array@entry=0x7faf4ba80000, return_value=return_value@entry=0x7faf389afdd8)
    at ./Zend/zend_vm_execute.h:63780
#16 0x0000560f1b436702 in zend_execute_scripts (type=type@entry=8, retval=0x7faf389afdd8, retval@entry=0x0, file_count=1268904752,
    file_count@entry=3) at ./Zend/zend.c:1498
#17 0x0000560f1b3d2160 in php_execute_script (primary_file=0x7ffc84fe2d90) at ./main/main.c:2599
#18 0x0000560f1b2817bb in main (argc=<optimized out>, argv=<optimized out>) at ./sapi/fpm/fpm/fpm_main.c:1966
(gdb)

Core dump (hopefully, it's a 70MB compressed zip archive) attached.

Paride Legovini (paride)
tags: added: server-triage-discuss
Andreas Hasenack (ahasenack)
Changed in php7.2 (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Christian Ehrhardt  (paelzer)
tags: removed: server-triage-discuss
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.