Skip to content

crash due to invalid pointer in mysqli with tcmalloc #11564

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sephiroth-j opened this issue Jun 30, 2023 · 1 comment
Closed

crash due to invalid pointer in mysqli with tcmalloc #11564

sephiroth-j opened this issue Jun 30, 2023 · 1 comment
Labels
Bug Status: Duplicate

Comments

@sephiroth-j
Copy link

Description

We tried to use tcmalloc (tcmalloc_minimal) from gperftools v2.10 together with PHP. Unfortunately PHP-FPM crashes right at the beginning in mysqli.so.

We tried both variants: a) adding LD_PRELOAD=/opt/lamprt/lib/libtcmalloc_minimal.so and b) adding libtcmalloc_minimal at compile time with -ltcmalloc_minimal without LD_PRELOAD. Both variants cause a crash. Below is the stack trace of variant a).

Jun 30 09:59:58 demo systemd-coredump[112399]: Process 112397 (php-fpm) of user 0 dumped core.
                                                    
                                                    Stack trace of thread 112397:
                                                    #0  0x00007f2a7b77e0c7 raise (libc.so.6)
                                                    #1  0x00007f2a7b77f49a abort (libc.so.6)
                                                    #2  0x00007f2a7b7bd324 __libc_message (libc.so.6)
                                                    #3  0x00007f2a7b7c2796 malloc_printerr (libc.so.6)
                                                    #4  0x00007f2a7b7c35db _int_free (libc.so.6)
                                                    #5  0x00007f2a7a81b8e0 zm_startup_mysqli (mysqli.so)
                                                    #6  0x00000000007f2929 zend_startup_module_ex (php-fpm)
                                                    #7  0x00000000007f29c4 zend_startup_module_zval (php-fpm)
                                                    #8  0x00000000007fff9b zend_hash_apply (php-fpm)
                                                    #9  0x0000000000789010 php_module_startup (php-fpm)
                                                    #10 0x000000000049babd main (php-fpm)
                                                    #11 0x00007f2a7b769ac5 __libc_start_main (libc.so.6)
                                                    #12 0x000000000049d499 _start (php-fpm)

complete core dump from systemd: core dump.log

PHP Version

PHP 8.2.7

Operating System

No response
@nielsdos
Copy link
Member

This is a duplicate of #10670 (see that issue for more details).
Injecting custom allocators by overriding libc's allocator with LD_PRELOAD or linking flags is not supported. This is because PHP uses RTLD_DEEPLINK to link its dependent libraries.

RTLD_DEEPLINK makes sure that a library will always prefer its local symbols over the global ones, hence not all places that call malloc() and free() will use tcmalloc. You can see this in the backtrace of your post: the freeing happened with libc's free() while the allocation happened with tcmalloc. This doesn't work and therefore it crashes.

These custom allocators used to have a workaround for applications using RTLD_DEEPLINK, but glibc removed support for that fairly recently.

It's not possible to disable RTLD_DEEPLINK because there are libraries PHP depends on where some symbols may conflict with symbols from other libraries. If you are sure this isn't the case for your setup you can search for RTLD_DEEPLINK in PHP's source code and replace it with the constant 0.

@nielsdos nielsdos closed this as not planned Won't fix, can't repro, duplicate, stale Jun 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Status: Duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nielsdos @sephiroth-j