zend_signal_handler_defer crashes on apache shutdown #10015
Comments
|
Indeed, possibly a duplicate of https://bugs.php.net/bug.php?id=78619. Anyhow, since PHP 8.0 is no longer actively supported, does this happen on PHP 8.1 too? |
|
Might also be related to #8789. |
|
I can reproduce it with PHP 8.1 too. It's actually very easy: |
|
Seems to be the same issue as #9649: the signal is delivered to a thread that didn't execute PHP yet. It crashes when 0x00007f338867185e in zend_signal_handler_defer (signo=1, siginfo=0x7f3341ffa0b0, context=0x7f3341ff9f80) at /php-src/Zend/zend_signal.c:96
96 if (EXPECTED(SIGG(active))) {
(gdb) bt
#0 0x00007f338867185e in zend_signal_handler_defer (signo=1, siginfo=0x7f3341ffa0b0, context=0x7f3341ff9f80) at /php-src/Zend/zend_signal.c:96
#1 <signal handler called>
#2 0x00007f338961cfde in epoll_wait (epfd=8, events=0x7f33889a9620, maxevents=52, timeout=5000) at ../sysdeps/unix/sysv/linux/epoll_wait.c:30
#3 0x00007f33897476b0 in ?? () from /lib/x86_64-linux-gnu/libapr-1.so.0
#4 0x00007f3389383be8 in ?? () from /usr/lib/apache2/modules/mod_mpm_event.so
#5 0x00007f338958bb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#6 0x00007f338961da00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
(gdb) list
91 zend_signal_handler(signo, siginfo, context);
92 return;
93 }
94 #endif
95
96 if (EXPECTED(SIGG(active))) {
97 if (UNEXPECTED(SIGG(depth) == 0)) { /* try to handle signal */
98 if (UNEXPECTED(SIGG(blocked))) {
99 SIGG(blocked) = 0;
100 }This has been fixed in master by #9766, however in hindsight this may not be ideal in this context. |
jtojnar
added a commit
to jtojnar/nixfiles
that referenced
this issue
Jan 14, 2023
mod_php uses ZTS (thread-safe) build of PHP which is buggy. E.g. causing Apache to crash php/php-src#10015. Let’s switch to FastCGI instead. I had to loosen the systemd service hardening to allow it access my home directory. Took me a while to figure out too. --- For debugging, I added “.mon” suffix to the handler socket and ran the following to monitor it: sudo socat -t100 -x -v UNIX-LISTEN:/run/phpfpm/dev.sock.mon,mode=777,user=wwwrun,group=wwwrun,reuseaddr,fork UNIX-CONNECT:/run/phpfpm/dev.sock Source: https://superuser.com/a/576404/39197 Also used the following for more info: services.phpfpm.settings."log_level" = "debug"; services.phpfpm.pools.dev.settings."access.log" = "/var/log/httpd/phpfpm-$pool.access";
I have applied above pull request and I indeed cannot reproduce the issue (with PHP 8.2). Will this be back ported to versions 8.1 and 8.2? |
nielsdos
added a commit
to nielsdos/php-src
that referenced
this issue
Mar 15, 2023
Fixes phpGH-8789. Fixes phpGH-10015. This is one small part of the underlying bug for phpGH-10737, as in my attempts to reproduce the issue I constantly hit this crash easily. (The fix for the other underlying issue for that bug will follow soon.) It's possible that a signal arrives at a thread that never handled a PHP request before. This causes the signal globals to dereference a NULL pointer because the TSRM pointers for the thread aren't set up to point to the thread resources yet. PR phpGH-9766 previously fixed this for master by ignoring the signal if the thread didn't handle a PHP request yet. While this fixes the crash bug, I think the solution is suboptimal for 3 reasons: 1) The signal is ignored and a message is printed saying there is a bug. However, this is not a bug at all. For example in Apache, the signal set up happens on child process creation, and the thread resource creation happens lazily when the first request is handled by the thread. Hence, the fact that the thread resources aren't set up yet is not actually buggy behaviour. 2) I believe since it was believed to be buggy behaviour, that fix was only applied to master, so 8.1 & 8.2 keep on crashing. 3) We can do better than ignoring the signal. By just initialising the resources if they don't exist, in the very same way the request handler in Apache works, we can gracefully handle the signal.
nielsdos
added a commit
to nielsdos/php-src
that referenced
this issue
Mar 17, 2023
Fixes phpGH-8789. Fixes phpGH-10015. This is one small part of the underlying bug for phpGH-10737, as in my attempts to reproduce the issue I constantly hit this crash easily. (The fix for the other underlying issue for that bug will follow soon.) It's possible that a signal arrives at a thread that never handled a PHP request before. This causes the signal globals to dereference a NULL pointer because the TSRM pointers for the thread aren't set up to point to the thread resources yet. PR phpGH-9766 previously fixed this for master by ignoring the signal if the thread didn't handle a PHP request yet. While this fixes the crash bug, I think the solution is suboptimal for 3 reasons: 1) The signal is ignored and a message is printed saying there is a bug. However, this is not a bug at all. For example in Apache, the signal set up happens on child process creation, and the thread resource creation happens lazily when the first request is handled by the thread. Hence, the fact that the thread resources aren't set up yet is not actually buggy behaviour. 2) I believe since it was believed to be buggy behaviour, that fix was only applied to master, so 8.1 & 8.2 keep on crashing. 3) We can do better than ignoring the signal. By just acting in the same way as if the signals aren't active. This means we need to take the same path as if the TSRM had already shut down.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Core dump is generated during Apache shutdown.
Seems to be the same incarnation of:
https://bugs.php.net/bug.php?id=78619
This time on Solaris:
PHP Version
PHP 8.0
Operating System
Solaris 11.4
The text was updated successfully, but these errors were encountered: