hhvm icon indicating copy to clipboard operation
hhvm copied to clipboard

Published 20 hours ago verified publisher icon facebook

[ Segmentation fault ] Using `SQL\Query->toString__FOR_DEBUGGING_ONLY()` causes a segmentation fault when a query is also running

Open lexidor opened this issue 5 years ago • 1 comments

Describe the bug

A segmentation fault occurs when running when asking for the string repr of a SQL\Query while the connection is busy.

Standalone code, or other way to reproduce the problem

<?hh

use namespace HH\Lib\SQL;

<<__EntryPoint>>
async function main_async(): Awaitable<void> {
    require_once __DIR__.'/../vendor/autoload.hack';
    \Facebook\AutoloadMap\initialize();

    $config = /*my config*/;

    $async_conn = await AsyncMysqlClient::connect($config->servername, 3306, $config->dbname, $config->username, $config->password);

    concurrent {
        await func_async($async_conn, new SQL\Query('SELECT %s', 'something'));
        await func_async($async_conn, new SQL\Query('SELECT %s', 'something'));
    }
}

async function func_async(AsyncMysqlConnection $asyncMysql, SQL\Query $query): Awaitable<void> {
    $query->toString__FOR_DEBUGGING_ONLY($asyncMysql);
    await $asyncMysql->queryf('SELECT %s', 'something');
}

Steps to reproduce the behavior:

Have a SQL server running. I used 10.4.11-MariaDB-1:10.4.11+maria~bionic-log. Run the example code above. Read stacktrace from /tmp/stacktrace.xxxxx.log

Expected behavior Code completes silently.

Screenshots NONE

Desktop (please complete the following information):

  • OS: Ubuntu 18.04.4 LTS
  • HHVM Version: 4.51.0
HipHop VM 4.51.0-dev (rel)
Compiler: 1585280615_594927537
Repo schema: ac933c8afa79ac54d3ec9e7de7983d3b2a7977f5

Additional context Stacktrace

Host: lexidor-Cloud-VM
ProcessID: 27372
ThreadID: 140689418532416
ThreadPID: 27372
Name: /usr/bin/hhvm
CmdLine: hhvm library/autoload.php
Type: Segmentation fault
Runtime: hhvm
Version: 1585280615_594927537
DebuggerCount: 0

Arguments: library/autoload.php
ThreadType: CLI

# 0  000055811f319ee6
# 1  000055811f5e2a95
# 2  00007ff4cccaf890
# 3  00005581204c9fe5
# 4  0000558129214953
# 5  000055812921489b
# 6  0000558129215018
# 7  0000558125600491
# 8  000055811fc0b703
# 9  000055811f5fed22
# 10 000055812049cb96
# 11 00005581204af8b8
# 12 00005581204a9eab
# 13 0000558129200631
# 14 000055812920055d
# 15 0000558125600491
# 16 000055811fc0b703
# 17 000055811f978ae0
# 18 000055811f602dd6
# 19 0000558121296861
# 20 0000558121296688
# 21 00005581212963d0
# 22 000055811f684622
# 23 000055811f6855f2
# 24 000055811f68e3e5
# 25 000055811f6901ce
# 26 000055811f2a0974
# 27 00007ff4c61ccb97
# 28 000055811f29dc2a

PHP Stacktrace:

#0  HH\Lib\SQL\Query->toString__FOR_DEBUGGING_ONLY() called at [autoload.php:21]
#1  func_async() called at [autoload.php:16]
#2  main_async()
#3  Closure$__SystemLib\enter_async_entry_point()
#4  HH\Asio\join()
#5  __SystemLib\enter_async_entry_point()

lexidor avatar Mar 27 '20 16:03 lexidor

gdb hhvm wait r library/autoload.php wait thread apply all bt wait hold enter to continue

GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from hhvm...Reading symbols from /usr/lib/debug/.build-id/0c/a764a5770e76e526432c9078b10029355e80a7.debug...done.
done.
(gdb) r library/autoload.php 
Starting program: /usr/bin/hhvm library/autoload.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe38af700 (LWP 31622)]
[New Thread 0x7fffdf0de700 (LWP 31624)]
[New Thread 0x7fffdcddd700 (LWP 31625)]
[New Thread 0x7fffdc5dc700 (LWP 31626)]

Thread 1 "hhvm" received signal SIGSEGV, Segmentation fault.
HPHP::HHLibSQLQuery__toString__FOR_DEBUGGING_ONLY (this_=<optimized out>, conn=...) at ./hphp/runtime/ext/async_mysql/ext_async_mysql.cpp:213
213     ./hphp/runtime/ext/async_mysql/ext_async_mysql.cpp: No such file or directory.
(gdb) thread apply all bt

Thread 5 (Thread 0x7fffdc5dc700 (LWP 31626)):
#0  0x00007fffef578bb7 in epoll_wait (epfd=18, events=0x7fffe3c03e80, maxevents=32, timeout=-1) at ../sysdeps/unix/sysv/linux/epoll_wait.c:30
#1  0x00007ffff6c652c5 in ?? () from /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6
#2  0x00007ffff6c5b114 in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6
#3  0x0000555557f33887 in folly::EventBase::loopBody (this=this@entry=0x7fffdff22440, flags=flags@entry=0, ignoreKeepAlive=ignoreKeepAlive@entry=false)
    at ./third-party/folly/src/folly/io/async/EventBase.cpp:394
#4  0x000055555792f7fb in folly::EventBase::loop (this=0x7fffdff22440) at ./third-party/folly/src/folly/io/async/EventBase.cpp:312
#5  folly::EventBase::loopForever (this=0x7fffdff22440) at ./third-party/folly/src/folly/io/async/EventBase.cpp:535
#6  0x000055555786d077 in facebook::common::mysql_client::AsyncMysqlClient::<lambda()>::operator() (__closure=0x7fffe3bb9308)
    at ./third-party/squangle/squangle/mysql_client/AsyncMysqlClient.cpp:80
#7  std::__invoke_impl<void, facebook::common::mysql_client::AsyncMysqlClient::init()::<lambda()> > (__f=...) at /usr/include/c++/7/bits/invoke.h:60
#8  std::__invoke<facebook::common::mysql_client::AsyncMysqlClient::init()::<lambda()> > (__fn=...) at /usr/include/c++/7/bits/invoke.h:95
#9  std::thread::_Invoker<std::tuple<facebook::common::mysql_client::AsyncMysqlClient::init()::<lambda()> > >::_M_invoke<0> (this=0x7fffe3bb9308)
    at /usr/include/c++/7/thread:234
#10 std::thread::_Invoker<std::tuple<facebook::common::mysql_client::AsyncMysqlClient::init()::<lambda()> > >::operator() (this=0x7fffe3bb9308)
    at /usr/include/c++/7/thread:243
#11 std::thread::_State_impl<std::thread::_Invoker<std::tuple<facebook::common::mysql_client::AsyncMysqlClient::init()::<lambda()> > > >::_M_run(void) (
    this=0x7fffe3bb9300) at /usr/include/c++/7/thread:186
#12 0x00007fffefebb6ef in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#13 0x00007ffff5f506db in start_thread (arg=0x7fffdc5dc700) at pthread_create.c:463
#14 0x00007fffef57888f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7fffdcddd700 (LWP 31625)):
#0  0x00007fffef578bb7 in epoll_wait (epfd=13, events=0x7fffe3c02380, maxevents=32, timeout=-1) at ../sysdeps/unix/sysv/linux/epoll_wait.c:30
#1  0x00007ffff6c652c5 in ?? () from /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6
#2  0x00007ffff6c5b114 in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6
#3  0x0000555557f33887 in folly::EventBase::loopBody (this=this@entry=0x7fffdfe3d440, flags=flags@entry=0, ignoreKeepAlive=ignoreKeepAlive@entry=false)
    at ./third-party/folly/src/folly/io/async/EventBase.cpp:394
#4  0x000055555792f7fb in folly::EventBase::loop (this=0x7fffdfe3d440) at ./third-party/folly/src/folly/io/async/EventBase.cpp:312
#5  folly::EventBase::loopForever (this=0x7fffdfe3d440) at ./third-party/folly/src/folly/io/async/EventBase.cpp:535
---Type <return> to continue, or q <return> to quit---
#6  0x000055555786d077 in facebook::common::mysql_client::AsyncMysqlClient::<lambda()>::operator() (__closure=0x7fffe3bb9398)
    at ./third-party/squangle/squangle/mysql_client/AsyncMysqlClient.cpp:80
#7  std::__invoke_impl<void, facebook::common::mysql_client::AsyncMysqlClient::init()::<lambda()> > (__f=...) at /usr/include/c++/7/bits/invoke.h:60
#8  std::__invoke<facebook::common::mysql_client::AsyncMysqlClient::init()::<lambda()> > (__fn=...) at /usr/include/c++/7/bits/invoke.h:95
#9  std::thread::_Invoker<std::tuple<facebook::common::mysql_client::AsyncMysqlClient::init()::<lambda()> > >::_M_invoke<0> (this=0x7fffe3bb9398)
    at /usr/include/c++/7/thread:234
#10 std::thread::_Invoker<std::tuple<facebook::common::mysql_client::AsyncMysqlClient::init()::<lambda()> > >::operator() (this=0x7fffe3bb9398)
    at /usr/include/c++/7/thread:243
#11 std::thread::_State_impl<std::thread::_Invoker<std::tuple<facebook::common::mysql_client::AsyncMysqlClient::init()::<lambda()> > > >::_M_run(void) (
    this=0x7fffe3bb9390) at /usr/include/c++/7/thread:186
#12 0x00007fffefebb6ef in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#13 0x00007ffff5f506db in start_thread (arg=0x7fffdcddd700) at pthread_create.c:463
#14 0x00007fffef57888f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7fffdf0de700 (LWP 31624)):
#0  0x00007fffef49726c in __GI___sigtimedwait (set=<optimized out>, set@entry=0x5555591513c0 <HPHP::(anonymous namespace)::g_sync_signals>, 
    info=info@entry=0x7fffdf0dae80, timeout=timeout@entry=0x0) at ../sysdeps/unix/sysv/linux/sigtimedwait.c:42
#1  0x00007ffff5f5b45c in __sigwait (set=set@entry=0x5555591513c0 <HPHP::(anonymous namespace)::g_sync_signals>, sig=sig@entry=0x7fffdf0daf3c)
    at ../sysdeps/unix/sysv/linux/sigwait.c:28
#2  0x0000555557c1e2db in HPHP::(anonymous namespace)::handle_signals () at ./hphp/util/sync-signal.cpp:108
#3  0x00007ffff5f506db in start_thread (arg=0x7fffdf0de700) at pthread_create.c:463
#4  0x00007fffef57888f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7fffe38af700 (LWP 31622)):
#0  0x00007fffef56bbf9 in __GI___poll (fds=fds@entry=0x7fffe38abf60, nfds=nfds@entry=2, timeout=timeout@entry=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00005555566ff5c2 in poll (__timeout=-1, __nfds=2, __fds=0x7fffe38abf60) at /usr/include/x86_64-linux-gnu/bits/poll2.h:46
#2  HPHP::(anonymous namespace)::LogThread::<lambda()>::operator() (__closure=0x7fffe63dac28) at ./hphp/runtime/vm/extern-compiler.cpp:233
#3  std::__invoke_impl<void, HPHP::(anonymous namespace)::LogThread::LogThread(int, FILE*)::<lambda()> > (__f=...) at /usr/include/c++/7/bits/invoke.h:60
#4  std::__invoke<HPHP::(anonymous namespace)::LogThread::LogThread(int, FILE*)::<lambda()> > (__fn=...) at /usr/include/c++/7/bits/invoke.h:95
#5  std::thread::_Invoker<std::tuple<HPHP::(anonymous namespace)::LogThread::LogThread(int, FILE*)::<lambda()> > >::_M_invoke<0> (this=0x7fffe63dac28)
    at /usr/include/c++/7/thread:234
---Type <return> to continue, or q <return> to quit---
#6  std::thread::_Invoker<std::tuple<HPHP::(anonymous namespace)::LogThread::LogThread(int, FILE*)::<lambda()> > >::operator() (this=0x7fffe63dac28)
    at /usr/include/c++/7/thread:243
#7  std::thread::_State_impl<std::thread::_Invoker<std::tuple<HPHP::(anonymous namespace)::LogThread::LogThread(int, FILE*)::<lambda()> > > >::_M_run(void) (
    this=0x7fffe63dac20) at /usr/include/c++/7/thread:186
#8  0x00007fffefebb6ef in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#9  0x00007ffff5f506db in start_thread (arg=0x7fffe38af700) at pthread_create.c:463
#10 0x00007fffef57888f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7ffff7fb3640 (LWP 31616)):
#0  HPHP::HHLibSQLQuery__toString__FOR_DEBUGGING_ONLY (this_=<optimized out>, conn=...) at ./hphp/runtime/ext/async_mysql/ext_async_mysql.cpp:213
#1  0x000055555e814953 in ?? ()
#2  0x00007fffdfe7fee0 in ?? ()
#3  0x00007fffe38c5e10 in ?? ()
#4  0x000055555ac00058 in ?? ()
#5  0x00007fffdfc0ffc0 in ?? ()
#6  0x00007fffdfe7ff50 in ?? ()
#7  0x00007fffe63db910 in ?? ()
#8  0x00007fffdfce82f0 in ?? ()
#9  0x000055556520de86 in ?? ()
#10 0x00007fffffffbb00 in ?? ()
#11 0x0000555556911703 in HPHP::jit::enterTC (start=0x7fffdfe7fec0 "\020\377\347\337\377\177") at ./hphp/runtime/vm/jit/enter-tc.cpp:72
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

lexidor avatar Mar 27 '20 17:03 lexidor