Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault in fpm_status_export_to_zval #12705

Closed
pprasse opened this issue Nov 17, 2023 · 1 comment
Closed

Segmentation fault in fpm_status_export_to_zval #12705

pprasse opened this issue Nov 17, 2023 · 1 comment
Assignees
@bukka
Labels
Bug SAPI: fpm

Comments

@pprasse
Copy link

pprasse commented Nov 17, 2023

Description

We noticed a segmentation fault once in a while (about every 1-2 days) in fpm_status_export_to_zval:
child 42587 exited on signal 11 (SIGSEGV - core dumped) after 102557.206146 seconds from start

gdb revealed it is in fpm_status_export_to_zval:

gdb /usr/sbin/php-fpm core-php-fpm-42587
(gdb) bt
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74
#1  0x0000555a44410c8e in format_converter (odp=0x7ffc26f89ff0, fmt=0x555a450f542f "s] status: scoreboard already in use.", ap=0x7ffc26f8a0a0) at /usr/src/php-src/main/snprintf.c:844
#2  0x0000555a44411724 in strx_printv (buf=0x7ffc26f8a120 "[pool ", len=2048, format=0x555a450f5428 "[pool %s] status: scoreboard already in use.", ap=0x7ffc26f8a0a0) at /usr/src/php-src/main/snprintf.c:1094
#3  0x0000555a444119f7 in ap_php_vsnprintf (buf=0x7ffc26f8a120 "[pool ", len=2048, format=0x555a450f5428 "[pool %s] status: scoreboard already in use.", ap=0x7ffc26f8a0a0) at /usr/src/php-src/main/snprintf.c:1143
#4  0x0000555a44654530 in zlog_external (flags=2, buf=0x7ffc26f8a120 "[pool ", buf_size=2048, fmt=0x555a450f5428 "[pool %s] status: scoreboard already in use.", args=0x7ffc26f8a960)
    at /usr/src/php-src/sapi/fpm/fpm/zlog.c:143
#5  0x0000555a44654888 in vzlog (function=0x555a450f6d90 <__func__.4> "fpm_status_export_to_zval", line=58, flags=2, fmt=0x555a450f5428 "[pool %s] status: scoreboard already in use.", args=0x7ffc26f8a960)
    at /usr/src/php-src/sapi/fpm/fpm/zlog.c:202
#6  0x0000555a44654c2e in zlog_ex (function=0x555a450f6d90 <__func__.4> "fpm_status_export_to_zval", line=58, flags=2, fmt=0x555a450f5428 "[pool %s] status: scoreboard already in use.")
    at /usr/src/php-src/sapi/fpm/fpm/zlog.c:258
#7  0x0000555a4464fbad in fpm_status_export_to_zval (status=0x7f7844e194a0) at /usr/src/php-src/sapi/fpm/fpm/fpm_status.c:58
#8  0x0000555a44647db1 in zif_fpm_get_status (execute_data=0x7f7844e194d0, return_value=0x7f7844e194a0) at /usr/src/php-src/sapi/fpm/fpm/fpm_main.c:1516
#9  0x0000555a444f9ece in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER () at /usr/src/php-src/Zend/zend_vm_execute.h:1312
#10 0x0000555a44572ad8 in execute_ex (ex=0x7f7844e19020) at /usr/src/php-src/Zend/zend_vm_execute.h:56032
#11 0x0000555a44578316 in zend_execute (op_array=0x7f7844e6f000, return_value=0x0) at /usr/src/php-src/Zend/zend_vm_execute.h:60396
#12 0x0000555a444b72b5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-src/Zend/zend.c:1827
#13 0x0000555a4440e7f6 in php_execute_script (primary_file=0x7ffc26f8c380) at /usr/src/php-src/main/main.c:2542
#14 0x0000555a44648a70 in main (argc=8, argv=0x7ffc26f8c828) at /usr/src/php-src/sapi/fpm/fpm/fpm_main.c:1924

Looking at the source:

(gdb) frame 7
#7  0x0000555a4464fbad in fpm_status_export_to_zval (status=0x7f7844e194a0) at /usr/src/php-src/sapi/fpm/fpm/fpm_status.c:58
58			zlog(ZLOG_NOTICE, "[pool %s] status: scoreboard already in use.", scoreboard_p->pool);
(gdb) list 50,60
50		zval fpm_proc_stats, fpm_proc_stat;
51		time_t now_epoch;
52		struct timeval duration, now;
53		double cpu;
54		int i;
55	
56		scoreboard_p = fpm_scoreboard_acquire(NULL, 1);
57		if (!scoreboard_p) {
58			zlog(ZLOG_NOTICE, "[pool %s] status: scoreboard already in use.", scoreboard_p->pool);
59			return -1;
60		}

It is obvious that scoreboard_p is already known to be NULL and the result of using scoreboard_p->pool in zlog must lead to a segfault.

I'll submit a pull-request with the fix soon.

PHP Version

all with php-fpm

Operating System

all
pprasse pushed a commit to ActindoForks/php-src that referenced this issue Nov 17, 2023
fix php#12705
6c1af02
pprasse pushed a commit to ActindoForks/php-src that referenced this issue Nov 17, 2023
fix php#12705
5ce4752
@pprasse pprasse mentioned this issue Nov 17, 2023
Closed
pprasse pushed a commit to ActindoForks/php-src that referenced this issue Nov 18, 2023
fix php#12705
a6f40af 
(cherry picked from commit 5ce4752)
Signed-off-by: Patrick Prasse <patrick.prasse@actindo.com>
bukka pushed a commit that referenced this issue Dec 1, 2023
@bukka
Fix bug GH-12705: Segmentation fault in fpm_status_export_to_zval
df259f8 
Closes GH-12706
@bukka
Copy link
Member

bukka commented Dec 1, 2023

Fixed by df259f8

@bukka bukka closed this as completed Dec 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bukka bukka

Labels
Bug SAPI: fpm
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix https://github.com/php/php-src/issues/12705 ActindoForks/php-src
3 participants
@bukka @pprasse @devnexen