kernel: php-fpm: segfault at x ip y sp z error 6 in libpcre.so.1.2.0

An issue with php70-php-fpm Perl PCRE causing some segfaults every once in a while.

Current pcre/jit details from phpinfo:

# php -r "phpinfo();" |egrep -i "pcre|jit"
auto_globals_jit => On => On
pcre
PCRE (Perl Compatible Regular Expressions) Support => enabled
PCRE Library Version => 8.32 2012-11-30
PCRE JIT Support => enabled
pcre.backtrack_limit => 1000000 => 1000000
pcre.jit => 0 => 0
pcre.recursion_limit => 100000 => 100000

Here’s the php.ini section (/etc/opt/remi/php70/php.ini)

 930 [Pcre]
 931 ;PCRE library backtracking limit.
 932 ; http://php.net/pcre.backtrack-limit
 933 ;pcre.backtrack_limit=100000
 934 pcre.backtrack_limit=2000000
 935 ; Increased from 1,000,000 (default) to 2,000,000
 936 
 937 ;PCRE library recursion limit.
 938 ;Please note that if you set this value to a high number you may consume all
 939 ;the available process stack and eventually crash PHP (due to reaching the
 940 ;stack size limit imposed by the Operating System).
 941 ; http://php.net/pcre.recursion-limit
 942 ;pcre.recursion_limit=100000
 943 pcre.recursion_limit=1000000
 944 ; Increased from 100,000 to 1,000,000
 945 
 946 ;Enables or disables JIT compilation of patterns. This requires the PCRE
 947 ;library to be compiled with JIT support.
 948 ;pcre.jit=0
 949 pcre.jit=1
 950 ; STK 051717 Enabled pcre.jit.  It's compiled in and looks like it should help perf.
 951 ; php -r "phpinfo();" |egrep -i "pcre|jit"

After making that change, restart php70-php-fpm and you should be good with the new values set:

# php -r "phpinfo();" |egrep -i "pcre|jit"
auto_globals_jit => On => On
pcre
PCRE (Perl Compatible Regular Expressions) Support => enabled
PCRE Library Version => 8.32 2012-11-30
PCRE JIT Support => enabled
pcre.backtrack_limit => 2000000 => 2000000
pcre.jit => 1 => 1
pcre.recursion_limit => 1000000 => 1000000

Still, need to find out what is causing the PCRE to cause a stack overflow.

EDIT: Need to double-check SELinux

If you want to allow httpd to execmem, then you must tell SELinux about this by enabling the ‘httpd_execmem’ boolean.

# setsebool -P httpd_execmem 1

You can generate a local policy module to allow this access. You can allow this access for now by executing:

# ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm
# semodule -i my-phpfpm.pp

Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:system_r:httpd_t:s0
Source php-fpm

Raw Audit Messages:
type=AVC msg=audit(1495071733.385:311998): avc: denied { execmem } for pid=989 comm="php-fpm" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process

type=SYSCALL msg=audit(1495071733.385:311998): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=10000 a2=7 a3=22 items=0 ppid=984 pid=989 auid=4294967295 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=4294967295 comm=php-fpm exe=/opt/remi/php70/root/usr/sbin/php-fpm subj=system_u:system_r:httpd_t:s0 key=(null)

Hash: php-fpm,httpd_t,httpd_t,process,execmem

kernel: php-fpm: segfault at x ip y sp z error 6 in libpcre.so.1.2.0

Related Posts

Adding Additional Storage for Docker

How-to Change ILAN on single host Ciena MCP/BluePlanet Install – After the fact

Load Balancing with KEMP and CentOS Backend Services

Nginx for SSL Termination to Varnish & Apache Backend with WordPress

MariaDB 10.1 CentOS 7 Fails to Start Using New Disk or Data Location

Ramdisk Sync for Better Performance in I/O Intensive Environments