Page MenuHomePhabricator
Create Task
Maniphest T61130

Fatal error: LuaSandboxFunction::call(): PANIC: unprotected error in call to Lua API (not enough memory) in LuaSandbo
Closed, ResolvedPublic
Actions

Description

As an OOM, can we "ignore" this?

[30-Dec-2013 19:26:32] Fatal error: LuaSandboxFunction::call() [<a href='luasandboxfunction.call'>luasandboxfunction.call</a>]: PANIC: unprotected error in call to Lua API (not enough memory) at /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/engines/LuaSandbox/Engine.php on line 158
Server: mw1054
Method: GET
URL: http://ru.wikipedia.org/wiki/Населённые_пункты_Ставропольского_края
Backtrace:
#0 [internal function]: LuaSandboxFunction->call(Object(LuaSandboxFunction))
#1 /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/engines/LuaSandbox/Engine.php(158): call_user_func_array(Array, Array)
#2 /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/engines/LuaCommon/LuaCommon.php(179): Scribunto_LuaSandboxInterpreter->callFunction(Object(LuaSandboxFunction), Object(LuaSandboxFunction))
#3 /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/engines/LuaCommon/LuaCommon.php(638): Scribunto_LuaEngine->executeModule(Object(LuaSandboxFunction))
#4 /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/engines/LuaCommon/LuaCommon.php(665): Scribunto_LuaModule->execute()
#5 /usr/local/apache/common-local/php-1.23wmf7/extensions/Scribunto/common/Hooks.php(108): Scribunto_LuaModule->invoke('GetStat', Object(PPTemplateFrame_DOM))
#6 [internal function]: ScribuntoHooks::invokeHook(Object(Parser), Object(PPTemplateFrame_DOM), Array)
#7 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(3616): call_user_func_array('ScribuntoHooks:...', Array)
#8 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(3333): Parser->callParserFunction(Object(PPTemplateFrame_DOM), '#invoke', Array)
#9 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Preprocessor_DOM.php(1113): Parser->braceSubstitution(Array, Object(PPTemplateFrame_DOM))
#10 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(3488): PPFrame_DOM->expand(Object(PPNode_DOM))
#11 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Preprocessor_DOM.php(1113): Parser->braceSubstitution(Array, Object(PPFrame_DOM))
#12 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(3150): PPFrame_DOM->expand(Object(PPNode_DOM), 0)
#13 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(1212): Parser->replaceVariables(''''????????????...')
#14 /usr/local/apache/common-local/php-1.23wmf7/includes/parser/Parser.php(395): Parser->internalParse(''''????????????...')
#15 /usr/local/apache/common-local/php-1.23wmf7/includes/content/WikitextContent.php(306): Parser->parse(''''????????????...', Object(Title), Object(ParserOptions), true, true, 59738045)
#16 /usr/local/apache/common-local/php-1.23wmf7/includes/WikiPage.php(3561): WikitextContent->getParserOutput(Object(Title), 59738045, Object(ParserOptions))
#17 /usr/local/apache/common-local/php-1.23wmf7/includes/PoolCounter.php(222): PoolWorkArticleView->doWork()
#18 /usr/local/apache/common-local/php-1.23wmf7/includes/Article.php(708): PoolCounterWork->execute()
#19 /usr/local/apache/common-local/php-1.23wmf7/includes/actions/ViewAction.php(44): Article->view()
#20 /usr/local/apache/common-local/php-1.23wmf7/includes/Wiki.php(441): ViewAction->show()
#21 /usr/local/apache/common-local/php-1.23wmf7/includes/Wiki.php(305): MediaWiki->performAction(Object(Article), Object(Title))
#22 /usr/local/apache/common-local/php-1.23wmf7/includes/Wiki.php(596): MediaWiki->performRequest()
#23 /usr/local/apache/common-local/php-1.23wmf7/includes/Wiki.php(460): MediaWiki->main()
#24 /usr/local/apache/common-local/php-1.23wmf7/index.php(49): MediaWiki->run()
#25 /usr/local/apache/common-local/w/index.php(3): require('/usr/local/apac...')
#26 {main}

Version: unspecified
Severity: normal

Details

Reference
bz59130

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:37 AM
bzimport added a project: Scribunto.
bzimport set Reference to bz59130.
bzimport added a subscriber: Unknown Object (MLST).
Reedy created this task.Dec 30 2013, 7:29 PM
Anomie added a comment.Jan 24 2014, 8:17 PM

I was able to reproduce this with eval.php, and after convincing php to load a local version of luasandbox so gdb would give me debug symbols, I got a backtrace:

#0 luasandbox_panic (L=0x33a7370) at /home/anomie/luasandbox/luasandbox/luasandbox.c:512
#1 0x00007fffee0ceb4a in luaD_throw (L=0x33a7370, errcode=4) at ldo.c:104
#2 0x00007fffee0d2b2f in luaM_realloc_ (L=0x33a7370, block=<optimized out>, osize=0, nsize=40) at lmem.c:81
#3 0x00007fffee0cfda4 in luaF_newCclosure (L=0x33a7370, nelems=0, e=0x33a7a78) at lfunc.c:24
#4 0x00007fffee0cac21 in lua_pushcclosure (L=0x33a7370, fn=0x7fffee2f6a30 <luasandbox_attach_trace>, n=0) at lapi.c:491
#5 0x00007fffee2f8989 in luasandbox_call_helper (L=0x33a7370, sandbox_zval=0x3398048, sandbox=0x33a7108, args=0x9da86d0, numArgs=1, return_value=0x95abb20) at /home/anomie/luasandbox/luasandbox/luasandbox.c:1307
#6 0x00007fffee2fa384 in zim_LuaSandboxFunction_call (ht=1, return_value=0x95abb20, return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>)

at /home/anomie/luasandbox/luasandbox/luasandbox.c:1270

#7 0x000000000068dea7 in zend_call_function (fci=0x7fffffffb2a0, fci_cache=0x7fffffffb2f0) at /tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:991
#8 0x00000000005d05d8 in zif_call_user_func_array (ht=54162288, return_value=0x9d65d18, return_value_ptr=0x22, this_ptr=0x33a7428, return_value_used=52428776)

at /tmp/buildd/php5-5.3.10/ext/standard/basic_functions.c:4803

#9 0x000000000070fd2d in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7eee6e0) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#10 0x00000000006c089b in execute (op_array=0x2f274d8) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#11 0x000000000068dddc in zend_call_function (fci=0x7fffffffb5a0, fci_cache=0x7ffff7eeb5d0) at /tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:969
#12 0x00000000005d05d8 in zif_call_user_func_array (ht=54162288, return_value=0x9d8dbb0, return_value_ptr=0x22, this_ptr=0x33a7428, return_value_used=52428776)

at /tmp/buildd/php5-5.3.10/ext/standard/basic_functions.c:4803

#13 0x000000000070fd2d in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7eeb5d0) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#14 0x00000000006c089b in execute (op_array=0x11aecc0) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#15 0x000000000068dddc in zend_call_function (fci=0x7fffffffb8a0, fci_cache=0x7ffff7ed74d8) at /tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:969
#16 0x00000000005d05d8 in zif_call_user_func_array (ht=54162288, return_value=0x288c080, return_value_ptr=0x22, this_ptr=0x33a7428, return_value_used=52428776)

at /tmp/buildd/php5-5.3.10/ext/standard/basic_functions.c:4803

#17 0x000000000070fd2d in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ed74d8) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#18 0x00000000006c089b in execute (op_array=0x11aee10) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#19 0x000000000068dddc in zend_call_function (fci=0x7fffffffbbb0, fci_cache=0x7ffff7ed6db8) at /tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:969
#20 0x00000000006b0f37 in zend_call_method (object_pp=0x7fffffffbcd8, obj_ce=0x1ebe3e8, fn_proxy=0x1ebe5c8, function_name=0xab7549 "__call", function_name_len=52428776, retval_ptr_ptr=0x7fffffffbcf8,

param_count=7062284, arg1=0x2, arg2=0x288b280) at /tmp/buildd/php5-5.3.10/Zend/zend_interfaces.c:97

#21 0x00000000006bc30c in zend_std_call_user_call (ht=42513024, return_value=0x288b2d0, return_value_ptr=0x22, this_ptr=0x1ebe3e8, return_value_used=52428776)

at /tmp/buildd/php5-5.3.10/Zend/zend_object_handlers.c:717

#22 0x000000000070fd2d in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ed6db8) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#23 0x00000000006c089b in execute (op_array=0x25cf768) at /tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#24 0x000000000069be00 in zend_execute_scripts (type=0, retval=0x800000000, file_count=3) at /tmp/buildd/php5-5.3.10/Zend/zend.c:1308
#25 0x0000000000648473 in php_execute_script (primary_file=0x200000001) at /tmp/buildd/php5-5.3.10/main/main.c:2323
#26 0x000000000042c967 in main (argc=32767, argv=0x7fffffffe85e) at /tmp/buildd/php5-5.3.10/sapi/cli/php_cli.c:1188

It appears that the problem is that Lua is hitting the Lua memory limit in one of the setup functions (the call at frame 4) rather than in actual Lua code that is executed under lua_pcall.

The thing to do might be to give Lua a slightly higher memory limit when running the "unprotected" functions than when calling "protected" code, to make it more likely that the actual allocation failure will happen in the latter.

gerritbot added a comment.Jan 24 2014, 8:18 PM

Change 109413 had a related patch set uploaded by Anomie:
Allow memory over-allocation in unprotected Lua calls

https://gerrit.wikimedia.org/r/109413

gerritbot added a comment.Jan 30 2014, 10:42 PM

Change 109413 merged by jenkins-bot:
Allow memory over-allocation in unprotected Lua calls

https://gerrit.wikimedia.org/r/109413

Anomie added a comment.Jan 31 2014, 3:10 PM

Fixed in git. Since php-luasandbox doesn't follow the normal deployment schedule (it needs someone to build a new Debian package and put it in the repo for Puppet), there's no predicting when the fix will be deployed to WMF wikis.

Reedy added a comment.Apr 21 2014, 12:04 PM

(In reply to Brad Jorsch from comment #4)

Fixed in git. Since php-luasandbox doesn't follow the normal deployment
schedule (it needs someone to build a new Debian package and put it in the
repo for Puppet), there's no predicting when the fix will be deployed to WMF
wikis.

Just opened https://rt.wikimedia.org/Ticket/Display.html?id=7327 requesting this to be done

Aklapper added a comment.Jun 10 2014, 11:55 AM

(In reply to Sam Reed (reedy) from comment #5)

Just opened https://rt.wikimedia.org/Ticket/Display.html?id=7327 requesting
this to be done

For the records: Mon Apr 28 16:53:04 2014: Deployed all over the cluster

Anomie mentioned this in T171392: Some Commons pages transcluding Template:Countries_of_Europe HTTP 500/503 due to OOM in Lua→PHP→Lua calls.Jul 24 2017, 4:48 PM
Aklapper removed subscribers: Anomie, wikibugs-l-list.Oct 16 2020, 5:42 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL