Bug ID 1208199
Summary php8-fpm SIGABRT when using chroot option
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware x86-64
OS openSUSE Tumbleweed
Status NEW
Severity Normal
Priority P5 - None
Component Other
Assignee screening-team-bugs@suse.de
Reporter silentworks@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Hello, php8-fpm as of current version kills itself after executing anything on
the spawn childs, it reports an overflow.

##############
[13-Feb-2023 12:48:59] WARNING: [pool webmail] child 24741 exited on signal 6
(SIGABRT - core dumped) after 8.323155 seconds from start
[13-Feb-2023 12:48:59] NOTICE: [pool webmail] child 24789 started
[13-Feb-2023 12:49:00] WARNING: [pool webmail] child 24742 exited on signal 6
(SIGABRT - core dumped) after 9.250155 seconds from start
[13-Feb-2023 12:49:00] NOTICE: [pool webmail] child 24799 started
##########

gdb coredump load:

#########################################
Reading symbols from /usr/sbin/php-fpm...
Reading symbols from
/root/.cache/debuginfod_client/059885d25ea288ba5d71218fbf100569e242ac7f/debuginfo...

warning: Can't open file /dev/zero (deleted) during file-backed mapping note
processing
[New LWP 24742]

warning: Section `.reg-xstate/24742' in core file too small.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `php-fpm: pool webmail                                   
            '.
Program terminated with signal SIGABRT, Aborted.

warning: Section `.reg-xstate/24742' in core file too small.
#0  __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44            return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO
(ret) : 0;
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00006b54496b1503 in __pthread_kill_internal (signo=6, threadid=<optimized
out>) at pthread_kill.c:78
#2  0x00006b544965ee16 in __GI_raise (sig=sig@entry=6) at
../sysdeps/posix/raise.c:26
#3  0x00006b544964789c in __GI_abort () at abort.c:79
#4  0x00006b54496485d7 in __libc_message (fmt=fmt@entry=0x6b54497cc552 "*** %s
***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150
#5  0x00006b5449746c4b in __GI___fortify_fail (msg=msg@entry=0x6b54497cc4f8
"buffer overflow detected") at fortify_fail.c:24
#6  0x00006b54497450c6 in __GI___chk_fail () at chk_fail.c:28
#7  0x00001493cdc53c5a in mempcpy (__len=10, __src=0x1493ce003708,
__dest=0x1493cee706a0) at /usr/include/bits/string_fortified.h:45
#8  fake_data_segment (info=0x0, sysdb=0x1493cf01c040) at
/usr/src/debug/php-8.1.15/ext/date/lib/parse_tz.c:917
#9  timelib_builtin_db () at
/usr/src/debug/php-8.1.15/ext/date/lib/parse_tz.c:1080
#10 0x00001493cdc43d8d in get_timezone_info () at
/usr/src/debug/php-8.1.15/ext/date/php_date.c:557
#11 0x00001493cdc468d5 in zif_strtotime (execute_data=0x6b5449014610,
return_value=0x6b54490145d0) at
/usr/src/debug/php-8.1.15/ext/date/php_date.c:1037
#12 0x00001493cde4cb5b in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER
(execute_data=0x6b5449014510) at
/usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:1297
#13 0x00001493cdeaa388 in execute_ex (ex=<optimized out>) at
/usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:55585
#14 0x00001493cde0e6fc in zend_call_function (fci=0x78ee7809dd80,
fci_cache=<optimized out>) at
/usr/src/debug/php-8.1.15/Zend/zend_execute_API.c:912
#15 0x00001493cdf62392 in _call_user_function_impl (function_name=<optimized
out>, object=0x0, named_params=0x0, params=0x78ee7809de00, param_count=1,
retval_ptr=0x78ee7809ddf0) at
/usr/src/debug/php-8.1.15/Zend/zend_execute_API.c:712
#16 ps_call_handler.constprop.0 (func=<optimized out>, argv=0x78ee7809de00,
retval=0x78ee7809ddf0, argc=1) at
/usr/src/debug/php-8.1.15/ext/session/mod_user.c:36
#17 0x00001493cdcc567f in ps_read_user (mod_data=<optimized out>,
key=<optimized out>, val=0x78ee7809de38, maxlifetime=<optimized out>) at
/usr/src/debug/php-8.1.15/ext/session/mod_user.c:144
#18 0x00001493cdcbf233 in php_session_initialize () at
/usr/src/debug/php-8.1.15/ext/session/session.c:444
#19 0x00001493cdcbf820 in php_session_start () at
/usr/src/debug/php-8.1.15/ext/session/session.c:1612
#20 0x00001493cdcc4fa7 in zif_session_start (execute_data=<optimized out>,
return_value=0x78ee7809df70) at
/usr/src/debug/php-8.1.15/ext/session/session.c:2533
#21 0x00001493cde4e6fd in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER
(execute_data=0x6b5449014450) at
/usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:1235
#22 0x00001493cdeaa388 in execute_ex (ex=<optimized out>) at
/usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:55585
#23 0x00001493cdeb067d in zend_execute (op_array=0x6b5449002000,
return_value=0x0) at /usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:60151
#24 0x00001493cdf52f32 in zend_execute (return_value=0x0,
op_array=0x6b5449002000) at /usr/src/debug/php-8.1.15/Zend/zend.c:1785
#25 zend_execute_scripts.constprop.1 (type=8, retval=0x0, file_count=3,
file_count=3, retval=0x0, type=8) at /usr/src/debug/php-8.1.15/Zend/zend.c:1799
#26 0x00001493cdda41f8 in php_execute_script (primary_file=<optimized out>) at
/usr/src/debug/php-8.1.15/main/main.c:2541
#27 0x00001493cdc3fd28 in main (argc=<optimized out>, argv=<optimized out>) at
/usr/src/debug/php-8.1.15/sapi/fpm/fpm/fpm_main.c:1917
#######################################################

How to replicate?

/etc/php8/fpm/php-fpm.d/test.conf:
###################
[test]
user = test
group = test
listen = 127.0.0.1:9001
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chroot = /home/test

process.dumpable = yes
rlimit_core = unlimited
###################

You are receiving this mail because: