Last modified: 2014-06-10 11:55:58 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T61130, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 59130 - Fatal error: LuaSandboxFunction::call(): PANIC: unprotected error in call to Lua API (not enough memory) in LuaSandbo
Fatal error: LuaSandboxFunction::call(): PANIC: unprotected error in call to...
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
Scribunto (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-12-30 19:29 UTC by Sam Reed (reedy)
Modified: 2014-06-10 11:55 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Sam Reed (reedy) 2013-12-30 19:29:46 UTC 
As an OOM, can we "ignore" this?

[30-Dec-2013 19:26:32] Fatal error: LuaSandboxFunction::call() [<a href='luasandboxfunction.call'>luasandboxfunction.call</a>]: PANIC: unprotected error in call to Lua API (not enough memory) at /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/engines/LuaSandbox/Engine.php on line 158
Server: mw1054
Method: GET
URL: http://ru.wikipedia.org/wiki/Населённые_пункты_Ставропольского_края
Backtrace:
#0 [internal function]: LuaSandboxFunction->call(Object(LuaSandboxFunction))
#1 /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/engines/LuaSandbox/Engine.php(158): call_user_func_array(Array, Array)
#2 /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/engines/LuaCommon/LuaCommon.php(179): Scribunto_LuaSandboxInterpreter->callFunction(Object(LuaSandboxFunction), Object(LuaSandboxFunction))
#3 /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/engines/LuaCommon/LuaCommon.php(638): Scribunto_LuaEngine->executeModule(Object(LuaSandboxFunction))
#4 /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/engines/LuaCommon/LuaCommon.php(665): Scribunto_LuaModule->execute()
#5 /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/common/Hooks.php(108): Scribunto_LuaModule->invoke('GetStat', Object(PPTemplateFrame_DOM))
#6 [internal function]: ScribuntoHooks::invokeHook(Object(Parser), Object(PPTemplateFrame_DOM), Array)
#7 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(3616): call_user_func_array('ScribuntoHooks:...', Array)
#8 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(3333): Parser->callParserFunction(Object(PPTemplateFrame_DOM), '#invoke', Array)
#9 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Preprocessor_DOM.php(1113): Parser->braceSubstitution(Array, Object(PPTemplateFrame_DOM))
#10 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(3488): PPFrame_DOM->expand(Object(PPNode_DOM))
#11 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Preprocessor_DOM.php(1113): Parser->braceSubstitution(Array, Object(PPFrame_DOM))
#12 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(3150): PPFrame_DOM->expand(Object(PPNode_DOM), 0)
#13 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(1212): Parser->replaceVariables(''''????????????...')
#14 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(395): Parser->internalParse(''''????????????...')
#15 /usr/local/apache/common-local/php-1.23wmf7/includes/content/WikitextContent.php(306): Parser->parse(''''????????????...', Object(Title), Object(ParserOptions), true, true, 59738045)
#16 /usr/local/apache/common-local/php-1.23wmf7/includes/WikiPage.php(3561): WikitextContent->getParserOutput(Object(Title), 59738045, Object(ParserOptions))
#17 /usr/local/apache/common-local/php-1.23wmf7/includes/PoolCounter.php(222): PoolWorkArticleView->doWork()
#18 /usr/local/apache/common-local/php-1.23wmf7/includes/Article.php(708): PoolCounterWork->execute()
#19 /usr/local/apache/common-local/php-1.23wmf7/includes/actions/ViewAction.php(44): Article->view()
#20 /usr/local/apache/common-local/php-1.23wmf7/includes/Wiki.php(441): ViewAction->show()
#21 /usr/local/apache/common-local/php-1.23wmf7/includes/Wiki.php(305): MediaWiki->performAction(Object(Article), Object(Title))
#22 /usr/local/apache/common-local/php-1.23wmf7/includes/Wiki.php(596): MediaWiki->performRequest()
#23 /usr/local/apache/common-local/php-1.23wmf7/includes/Wiki.php(460): MediaWiki->main()
#24 /usr/local/apache/common-local/php-1.23wmf7/index.php(49): MediaWiki->run()
#25 /usr/local/apache/common-local/w/index.php(3): require('/usr/local/apac...')
#26 {main}
Comment 1 Brad Jorsch 2014-01-24 20:17:42 UTC 
I was able to reproduce this with eval.php, and after convincing php to load a local version of luasandbox so gdb would give me debug symbols, I got a backtrace:

#0  luasandbox_panic (L=0x33a7370) at /home/anomie/luasandbox/luasandbox/luasandbox.c:512
#1  0x00007fffee0ceb4a in luaD_throw (L=0x33a7370, errcode=4) at ldo.c:104
#2  0x00007fffee0d2b2f in luaM_realloc_ (L=0x33a7370, block=<optimized out>, osize=0, nsize=40) at lmem.c:81
#3  0x00007fffee0cfda4 in luaF_newCclosure (L=0x33a7370, nelems=0, e=0x33a7a78) at lfunc.c:24
#4  0x00007fffee0cac21 in lua_pushcclosure (L=0x33a7370, fn=0x7fffee2f6a30 <luasandbox_attach_trace>, n=0) at lapi.c:491
#5  0x00007fffee2f8989 in luasandbox_call_helper (L=0x33a7370, sandbox_zval=0x3398048, sandbox=0x33a7108, args=0x9da86d0, numArgs=1, return_value=0x95abb20) at /home/anomie/luasandbox/luasandbox/luasandbox.c:1307
#6  0x00007fffee2fa384 in zim_LuaSandboxFunction_call (ht=1, return_value=0x95abb20, return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>)
    at /home/anomie/luasandbox/luasandbox/luasandbox.c:1270
#7  0x000000000068dea7 in zend_call_function (fci=0x7fffffffb2a0, fci_cache=0x7fffffffb2f0) at /tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:991
#8  0x00000000005d05d8 in zif_call_user_func_array (ht=54162288, return_value=0x9d65d18, return_value_ptr=0x22, this_ptr=0x33a7428, return_value_used=52428776)
    at /tmp/buildd/php5-5.3.10/ext/standard/basic_functions.c:4803
#9  0x000000000070fd2d in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7eee6e0) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#10 0x00000000006c089b in execute (op_array=0x2f274d8) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#11 0x000000000068dddc in zend_call_function (fci=0x7fffffffb5a0, fci_cache=0x7ffff7eeb5d0) at /tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:969
#12 0x00000000005d05d8 in zif_call_user_func_array (ht=54162288, return_value=0x9d8dbb0, return_value_ptr=0x22, this_ptr=0x33a7428, return_value_used=52428776)
    at /tmp/buildd/php5-5.3.10/ext/standard/basic_functions.c:4803
#13 0x000000000070fd2d in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7eeb5d0) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#14 0x00000000006c089b in execute (op_array=0x11aecc0) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#15 0x000000000068dddc in zend_call_function (fci=0x7fffffffb8a0, fci_cache=0x7ffff7ed74d8) at /tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:969
#16 0x00000000005d05d8 in zif_call_user_func_array (ht=54162288, return_value=0x288c080, return_value_ptr=0x22, this_ptr=0x33a7428, return_value_used=52428776)
    at /tmp/buildd/php5-5.3.10/ext/standard/basic_functions.c:4803
#17 0x000000000070fd2d in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ed74d8) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#18 0x00000000006c089b in execute (op_array=0x11aee10) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#19 0x000000000068dddc in zend_call_function (fci=0x7fffffffbbb0, fci_cache=0x7ffff7ed6db8) at /tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:969
#20 0x00000000006b0f37 in zend_call_method (object_pp=0x7fffffffbcd8, obj_ce=0x1ebe3e8, fn_proxy=0x1ebe5c8, function_name=0xab7549 "__call", function_name_len=52428776, retval_ptr_ptr=0x7fffffffbcf8, 
    param_count=7062284, arg1=0x2, arg2=0x288b280) at /tmp/buildd/php5-5.3.10/Zend/zend_interfaces.c:97
#21 0x00000000006bc30c in zend_std_call_user_call (ht=42513024, return_value=0x288b2d0, return_value_ptr=0x22, this_ptr=0x1ebe3e8, return_value_used=52428776)
    at /tmp/buildd/php5-5.3.10/Zend/zend_object_handlers.c:717
#22 0x000000000070fd2d in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ed6db8) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#23 0x00000000006c089b in execute (op_array=0x25cf768) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#24 0x000000000069be00 in zend_execute_scripts (type=0, retval=0x800000000, file_count=3) at /tmp/buildd/php5-5.3.10/Zend/zend.c:1308
#25 0x0000000000648473 in php_execute_script (primary_file=0x200000001) at /tmp/buildd/php5-5.3.10/main/main.c:2323
#26 0x000000000042c967 in main (argc=32767, argv=0x7fffffffe85e) at /tmp/buildd/php5-5.3.10/sapi/cli/php_cli.c:1188

It appears that the problem is that Lua is hitting the Lua memory limit in one of the setup functions (the call at frame 4) rather than in actual Lua code that is executed under lua_pcall.

The thing to do might be to give Lua a slightly higher memory limit when running the "unprotected" functions than when calling "protected" code, to make it more likely that the actual allocation failure will happen in the latter.
Comment 2 Gerrit Notification Bot 2014-01-24 20:18:06 UTC 
Change 109413 had a related patch set uploaded by Anomie:
Allow memory over-allocation in unprotected Lua calls

https://gerrit.wikimedia.org/r/109413
Comment 3 Gerrit Notification Bot 2014-01-30 22:42:24 UTC 
Change 109413 merged by jenkins-bot:
Allow memory over-allocation in unprotected Lua calls

https://gerrit.wikimedia.org/r/109413
Comment 4 Brad Jorsch 2014-01-31 15:10:52 UTC 
Fixed in git. Since php-luasandbox doesn't follow the normal deployment schedule (it needs someone to build a new Debian package and put it in the repo for Puppet), there's no predicting when the fix will be deployed to WMF wikis.
Comment 5 Sam Reed (reedy) 2014-04-21 12:04:28 UTC 
(In reply to Brad Jorsch from comment #4)
> Fixed in git. Since php-luasandbox doesn't follow the normal deployment
> schedule (it needs someone to build a new Debian package and put it in the
> repo for Puppet), there's no predicting when the fix will be deployed to WMF
> wikis.

Just opened https://rt.wikimedia.org/Ticket/Display.html?id=7327 requesting this to be done
Comment 6 Andre Klapper 2014-06-10 11:55:58 UTC 
(In reply to Sam Reed (reedy) from comment #5)
> Just opened https://rt.wikimedia.org/Ticket/Display.html?id=7327 requesting
> this to be done

For the records: Mon Apr 28 16:53:04 2014: Deployed all over the cluster
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links