[Bug 1208199] New: php8-fpm SIGABRT when using chroot option
http://bugzilla.opensuse.org/show_bug.cgi?id=1208199 Bug ID: 1208199 Summary: php8-fpm SIGABRT when using chroot option Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: silentworks@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Hello, php8-fpm as of current version kills itself after executing anything on the spawn childs, it reports an overflow. ############## [13-Feb-2023 12:48:59] WARNING: [pool webmail] child 24741 exited on signal 6 (SIGABRT - core dumped) after 8.323155 seconds from start [13-Feb-2023 12:48:59] NOTICE: [pool webmail] child 24789 started [13-Feb-2023 12:49:00] WARNING: [pool webmail] child 24742 exited on signal 6 (SIGABRT - core dumped) after 9.250155 seconds from start [13-Feb-2023 12:49:00] NOTICE: [pool webmail] child 24799 started ########## gdb coredump load: ######################################### Reading symbols from /usr/sbin/php-fpm... Reading symbols from /root/.cache/debuginfod_client/059885d25ea288ba5d71218fbf100569e242ac7f/debuginfo... warning: Can't open file /dev/zero (deleted) during file-backed mapping note processing [New LWP 24742] warning: Section `.reg-xstate/24742' in core file too small. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `php-fpm: pool webmail '. Program terminated with signal SIGABRT, Aborted. warning: Section `.reg-xstate/24742' in core file too small. #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0; (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00006b54496b1503 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00006b544965ee16 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00006b544964789c in __GI_abort () at abort.c:79 #4 0x00006b54496485d7 in __libc_message (fmt=fmt@entry=0x6b54497cc552 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150 #5 0x00006b5449746c4b in __GI___fortify_fail (msg=msg@entry=0x6b54497cc4f8 "buffer overflow detected") at fortify_fail.c:24 #6 0x00006b54497450c6 in __GI___chk_fail () at chk_fail.c:28 #7 0x00001493cdc53c5a in mempcpy (__len=10, __src=0x1493ce003708, __dest=0x1493cee706a0) at /usr/include/bits/string_fortified.h:45 #8 fake_data_segment (info=0x0, sysdb=0x1493cf01c040) at /usr/src/debug/php-8.1.15/ext/date/lib/parse_tz.c:917 #9 timelib_builtin_db () at /usr/src/debug/php-8.1.15/ext/date/lib/parse_tz.c:1080 #10 0x00001493cdc43d8d in get_timezone_info () at /usr/src/debug/php-8.1.15/ext/date/php_date.c:557 #11 0x00001493cdc468d5 in zif_strtotime (execute_data=0x6b5449014610, return_value=0x6b54490145d0) at /usr/src/debug/php-8.1.15/ext/date/php_date.c:1037 #12 0x00001493cde4cb5b in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (execute_data=0x6b5449014510) at /usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:1297 #13 0x00001493cdeaa388 in execute_ex (ex=<optimized out>) at /usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:55585 #14 0x00001493cde0e6fc in zend_call_function (fci=0x78ee7809dd80, fci_cache=<optimized out>) at /usr/src/debug/php-8.1.15/Zend/zend_execute_API.c:912 #15 0x00001493cdf62392 in _call_user_function_impl (function_name=<optimized out>, object=0x0, named_params=0x0, params=0x78ee7809de00, param_count=1, retval_ptr=0x78ee7809ddf0) at /usr/src/debug/php-8.1.15/Zend/zend_execute_API.c:712 #16 ps_call_handler.constprop.0 (func=<optimized out>, argv=0x78ee7809de00, retval=0x78ee7809ddf0, argc=1) at /usr/src/debug/php-8.1.15/ext/session/mod_user.c:36 #17 0x00001493cdcc567f in ps_read_user (mod_data=<optimized out>, key=<optimized out>, val=0x78ee7809de38, maxlifetime=<optimized out>) at /usr/src/debug/php-8.1.15/ext/session/mod_user.c:144 #18 0x00001493cdcbf233 in php_session_initialize () at /usr/src/debug/php-8.1.15/ext/session/session.c:444 #19 0x00001493cdcbf820 in php_session_start () at /usr/src/debug/php-8.1.15/ext/session/session.c:1612 #20 0x00001493cdcc4fa7 in zif_session_start (execute_data=<optimized out>, return_value=0x78ee7809df70) at /usr/src/debug/php-8.1.15/ext/session/session.c:2533 #21 0x00001493cde4e6fd in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER (execute_data=0x6b5449014450) at /usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:1235 #22 0x00001493cdeaa388 in execute_ex (ex=<optimized out>) at /usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:55585 #23 0x00001493cdeb067d in zend_execute (op_array=0x6b5449002000, return_value=0x0) at /usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:60151 #24 0x00001493cdf52f32 in zend_execute (return_value=0x0, op_array=0x6b5449002000) at /usr/src/debug/php-8.1.15/Zend/zend.c:1785 #25 zend_execute_scripts.constprop.1 (type=8, retval=0x0, file_count=3, file_count=3, retval=0x0, type=8) at /usr/src/debug/php-8.1.15/Zend/zend.c:1799 #26 0x00001493cdda41f8 in php_execute_script (primary_file=<optimized out>) at /usr/src/debug/php-8.1.15/main/main.c:2541 #27 0x00001493cdc3fd28 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/php-8.1.15/sapi/fpm/fpm/fpm_main.c:1917 ####################################################### How to replicate? /etc/php8/fpm/php-fpm.d/test.conf: ################### [test] user = test group = test listen = 127.0.0.1:9001 pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 chroot = /home/test process.dumpable = yes rlimit_core = unlimited ################### -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1208199 http://bugzilla.opensuse.org/show_bug.cgi?id=1208199#c1 --- Comment #1 from Victor Ortiz <silentworks@gmail.com> --- To make clear it only happens whe the chroot=path option is used to start the pools. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1208199 http://bugzilla.opensuse.org/show_bug.cgi?id=1208199#c2 --- Comment #2 from Victor Ortiz <silentworks@gmail.com> --- The php-systzdata-v21.patch is bugged thats why fortify stops it ################################ --- php-systzdata-v21.patch 2021-11-16 22:22:53.000000000 +0100 +++ php-systzdata-v21.new.patch 2023-02-13 13:55:09.766507803 +0100 @@ -415,7 +415,7 @@ + size_t n; + char *data, *p; + -+ data = malloc(3 * sysdb->index_size + 7); ++ data = malloc(3 * sysdb->index_size + sizeof(FAKE_HEADER) - 1); + + p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1); + ################################## -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1208199 http://bugzilla.opensuse.org/show_bug.cgi?id=1208199#c3 --- Comment #3 from Victor Ortiz <silentworks@gmail.com> --- Also once the overflow is fixed, it can still die with SIGSEGV if the configured timezone is not found in the zonefiles folder (as if you set Jupiter/Europa and is not found), or the the zonefiles folder is not found. That shouldn't happen as it doesn't give any information of the issue or problem. It should print that the zonefile wasn't found as an error. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1208199 http://bugzilla.opensuse.org/show_bug.cgi?id=1208199#c4 --- Comment #4 from Victor Ortiz <silentworks@gmail.com> --- So nobody cares? I gave you the solution, and is an issue introduced by using a patch that nobody tested and that shouldn't be used. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1208199 http://bugzilla.opensuse.org/show_bug.cgi?id=1208199#c7 --- Comment #7 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1208199) was mentioned in https://build.opensuse.org/request/show/1071456 Factory / php8 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com