php-fpm sometimes SIGSEGVs (signal 11) when running fpm_get_status
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php7.4 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Athos Ribeiro | ||
php8.1 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Athos Ribeiro | ||
php8.2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Mantic |
Fix Committed
|
Undecided
|
Athos Ribeiro |
Bug Description
[ Impact ]
Running fpm_get_status may result in a segmentation fault.
[ Test Plan ]
The following script is a reproducer for the described bug:
#!/bin/bash
set -eux
trap cleanup EXIT
UBUNTU_
PHP_VERSION=
TEST_CONTAINER=
PHP_TEST_
cleanup() {
rm -f ${PHP_TEST_FILE}
lxc delete -f ${TEST_CONTAINER}
}
cat > ${PHP_TEST_FILE} <<EOF
testing...
<br/>
<?php
phpinfo();
fpm_get_status();
EOF
lxc launch ubuntu-
lxc exec ${TEST_CONTAINER} -- apt update
lxc exec ${TEST_CONTAINER} -- apt install -y php php-fpm apache2-utils apache2 libapache2-
lxc exec ${TEST_CONTAINER} -- systemctl start php${PHP_
lxc exec ${TEST_CONTAINER} -- a2dismod php${PHP_VERSION} mpm_prefork
lxc exec ${TEST_CONTAINER} -- a2enconf php8.2-fpm
lxc exec ${TEST_CONTAINER} -- a2enmod proxy_fcgi proxy mpm_event
lxc file push ${PHP_TEST_FILE} ${TEST_
lxc exec ${TEST_CONTAINER} -- systemctl restart apache2.service
lxc exec ${TEST_CONTAINER} -- sh -c "curl -s localhost/test.php | grep -o 'FPM/FastCGI'"
lxc exec ${TEST_CONTAINER} -- ab -n 10000 -c 99 http://
echo 'Number of SIGSEGV failures:'
lxc exec ${TEST_CONTAINER} -- sh -c "cat /var/log/
Running the script above ensuring the php packages from proposed are installed should be enough for SRU verification purposes.
[ Where problems could occur ]
The change in question is straightforward:
We are replacing a string interpolation for a string literal because the variables being substituted could result in a null pointer dereference.
Unless some other software components are parsing the logs, which are being changed (which would result in chained failures across components), issues could occur due to unrelated issues with possible new dependencies after a full PHP rebuild.
[ Other Info ]
This is fixed upstream in php-8.3.1, php-8.2.14, and php-8.1.27. Hence, this should be fixed in noble, but needs fixing in mantic, jammy, and focal.
[ Original report ]
Like the title says, we do run fpm_get_status a lot. We're trying to get metrics about our systems performance this way.
lsb_release -rd:
Description: Ubuntu 20.04.6 LTS
Release: 20.04
apt-cache policy php-fpm
php-fpm:
Installed: 2:7.4+75
Candidate: 2:7.4+75
Version table:
*** 2:7.4+75 500
500 http://
100 /var/lib/
I expected it to return fpm status, instead it crashes and kills the process.
Related branches
- git-ubuntu bot: Approve
- Andreas Hasenack: Approve
- Canonical Server Reporter: Pending requested
- Canonical Server packageset reviewers: Pending requested
-
Diff: 57 lines (+35/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/fix-segfault-in-fpm_status_export_to_zval.patch (+27/-0)
debian/patches/series (+1/-0)
- git-ubuntu bot: Approve
- Andreas Hasenack: Approve
- Canonical Server packageset reviewers: Pending requested
- Canonical Server Reporter: Pending requested
-
Diff: 57 lines (+35/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/fix-segfault-in-fpm_status_export_to_zval.patch (+27/-0)
debian/patches/series (+1/-0)
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 87 lines (+41/-2)5 files modifieddebian/changelog (+7/-0)
debian/control (+2/-1)
debian/control.in (+2/-1)
debian/patches/0048-Fix-segfault-in-fpm_status_export_to_zval.patch (+29/-0)
debian/patches/series (+1/-0)
description: | updated |
Changed in php7.4 (Ubuntu): | |
status: | New → Triaged |
assignee: | nobody → Athos Ribeiro (athos-ribeiro) |
tags: | added: server-todo |
no longer affects: | php7.4 (Ubuntu Jammy) |
no longer affects: | php7.4 (Ubuntu Mantic) |
Changed in php7.4 (Ubuntu Focal): | |
status: | New → Triaged |
no longer affects: | php8.1 (Ubuntu Focal) |
no longer affects: | php8.2 (Ubuntu Focal) |
no longer affects: | php7.4 (Ubuntu Focal) |
Changed in php8.1 (Ubuntu): | |
status: | New → Triaged |
Changed in php8.2 (Ubuntu): | |
status: | New → Triaged |
description: | updated |
description: | updated |
Changed in php8.2 (Ubuntu Mantic): | |
status: | Triaged → In Progress |
description: | updated |
Changed in php8.1 (Ubuntu Jammy): | |
status: | Triaged → In Progress |
Changed in php7.4 (Ubuntu Focal): | |
status: | Triaged → In Progress |
tags: |
added: verification-needed-mantic removed: verification-done-mantic |
Hi Lars,
Thanks for taking the time to report this bug and help making Ubuntu better.
I suppose you are able to reproduce the issue constantly then?
Would you mind providing a short (reliable) reproducer for the issue I could use to verify and investigate from a fresh Ubuntu 20.04 installation?
I am setting this bug status as incomplete. Please, move it back to new once you provide the additional information.