http://bugzilla.opensuse.org/show_bug.cgi?id=1208199 Bug ID: 1208199 Summary: php8-fpm SIGABRT when using chroot option Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: silentworks@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Hello, php8-fpm as of current version kills itself after executing anything on the spawn childs, it reports an overflow. ############## [13-Feb-2023 12:48:59] WARNING: [pool webmail] child 24741 exited on signal 6 (SIGABRT - core dumped) after 8.323155 seconds from start [13-Feb-2023 12:48:59] NOTICE: [pool webmail] child 24789 started [13-Feb-2023 12:49:00] WARNING: [pool webmail] child 24742 exited on signal 6 (SIGABRT - core dumped) after 9.250155 seconds from start [13-Feb-2023 12:49:00] NOTICE: [pool webmail] child 24799 started ########## gdb coredump load: ######################################### Reading symbols from /usr/sbin/php-fpm... Reading symbols from /root/.cache/debuginfod_client/059885d25ea288ba5d71218fbf100569e242ac7f/debuginfo... warning: Can't open file /dev/zero (deleted) during file-backed mapping note processing [New LWP 24742] warning: Section `.reg-xstate/24742' in core file too small. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `php-fpm: pool webmail '. Program terminated with signal SIGABRT, Aborted. warning: Section `.reg-xstate/24742' in core file too small. #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0; (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00006b54496b1503 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00006b544965ee16 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00006b544964789c in __GI_abort () at abort.c:79 #4 0x00006b54496485d7 in __libc_message (fmt=fmt@entry=0x6b54497cc552 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150 #5 0x00006b5449746c4b in __GI___fortify_fail (msg=msg@entry=0x6b54497cc4f8 "buffer overflow detected") at fortify_fail.c:24 #6 0x00006b54497450c6 in __GI___chk_fail () at chk_fail.c:28 #7 0x00001493cdc53c5a in mempcpy (__len=10, __src=0x1493ce003708, __dest=0x1493cee706a0) at /usr/include/bits/string_fortified.h:45 #8 fake_data_segment (info=0x0, sysdb=0x1493cf01c040) at /usr/src/debug/php-8.1.15/ext/date/lib/parse_tz.c:917 #9 timelib_builtin_db () at /usr/src/debug/php-8.1.15/ext/date/lib/parse_tz.c:1080 #10 0x00001493cdc43d8d in get_timezone_info () at /usr/src/debug/php-8.1.15/ext/date/php_date.c:557 #11 0x00001493cdc468d5 in zif_strtotime (execute_data=0x6b5449014610, return_value=0x6b54490145d0) at /usr/src/debug/php-8.1.15/ext/date/php_date.c:1037 #12 0x00001493cde4cb5b in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (execute_data=0x6b5449014510) at /usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:1297 #13 0x00001493cdeaa388 in execute_ex (ex=<optimized out>) at /usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:55585 #14 0x00001493cde0e6fc in zend_call_function (fci=0x78ee7809dd80, fci_cache=<optimized out>) at /usr/src/debug/php-8.1.15/Zend/zend_execute_API.c:912 #15 0x00001493cdf62392 in _call_user_function_impl (function_name=<optimized out>, object=0x0, named_params=0x0, params=0x78ee7809de00, param_count=1, retval_ptr=0x78ee7809ddf0) at /usr/src/debug/php-8.1.15/Zend/zend_execute_API.c:712 #16 ps_call_handler.constprop.0 (func=<optimized out>, argv=0x78ee7809de00, retval=0x78ee7809ddf0, argc=1) at /usr/src/debug/php-8.1.15/ext/session/mod_user.c:36 #17 0x00001493cdcc567f in ps_read_user (mod_data=<optimized out>, key=<optimized out>, val=0x78ee7809de38, maxlifetime=<optimized out>) at /usr/src/debug/php-8.1.15/ext/session/mod_user.c:144 #18 0x00001493cdcbf233 in php_session_initialize () at /usr/src/debug/php-8.1.15/ext/session/session.c:444 #19 0x00001493cdcbf820 in php_session_start () at /usr/src/debug/php-8.1.15/ext/session/session.c:1612 #20 0x00001493cdcc4fa7 in zif_session_start (execute_data=<optimized out>, return_value=0x78ee7809df70) at /usr/src/debug/php-8.1.15/ext/session/session.c:2533 #21 0x00001493cde4e6fd in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER (execute_data=0x6b5449014450) at /usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:1235 #22 0x00001493cdeaa388 in execute_ex (ex=<optimized out>) at /usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:55585 #23 0x00001493cdeb067d in zend_execute (op_array=0x6b5449002000, return_value=0x0) at /usr/src/debug/php-8.1.15/Zend/zend_vm_execute.h:60151 #24 0x00001493cdf52f32 in zend_execute (return_value=0x0, op_array=0x6b5449002000) at /usr/src/debug/php-8.1.15/Zend/zend.c:1785 #25 zend_execute_scripts.constprop.1 (type=8, retval=0x0, file_count=3, file_count=3, retval=0x0, type=8) at /usr/src/debug/php-8.1.15/Zend/zend.c:1799 #26 0x00001493cdda41f8 in php_execute_script (primary_file=<optimized out>) at /usr/src/debug/php-8.1.15/main/main.c:2541 #27 0x00001493cdc3fd28 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/php-8.1.15/sapi/fpm/fpm/fpm_main.c:1917 ####################################################### How to replicate? /etc/php8/fpm/php-fpm.d/test.conf: ################### [test] user = test group = test listen = 127.0.0.1:9001 pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 chroot = /home/test process.dumpable = yes rlimit_core = unlimited ################### -- You are receiving this mail because: You are on the CC list for the bug.