-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault when using opcache and JIT #10626
Comments
Note that |
arg_num is also a ridiculously high number, so looks like something got corrupted somewhere |
Minimal reproducer: <?php
function f(): void {
$a = [];
foreach ($a as $b) {}
}
f();
echo "finished" . PHP_EOL; Expected:
Actual:
|
@weirdan your test doesn't show any problems for me nor with php-8.2.3 neither with PHP-8.2.
This may be already fixed by commit 7d68f91, but it's included into php-8.2.3. Please check if you really use php 8.2.3 and the installed opcache is from the same PHP version. |
Yeah. This is definitely fixed by 7d68f91. Reverting it starts crashing on both minimal test and psalm. There are no crashes with patch applied. |
@dstogov this is still reproducible on 8.2.3: root@bd7ce12598d5:/app# php -n -v
PHP 8.2.3 (cli) (built: Feb 14 2023 20:28:49) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.3, Copyright (c) Zend Technologies
root@bd7ce12598d5:/app# cat /tmp/bug.php
<?php
function f(): void {
foreach ([] as $b) {}
}
f();
echo "finished" . PHP_EOL;
root@bd7ce12598d5:/app# /usr/local/bin/php -dopcache.enable_cli=1 -dopcache.jit_buffer_size=512M -dopcache.jit=1205 -dzend_extension=opcache.so -dopcache.optimization_level=0 -n /tmp/bug.php
Segmentation fault (core dumped)
root@bd7ce12598d5:/app# gdb /usr/local/bin/php -c core
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/bin/php...
(No debugging symbols found in /usr/local/bin/php)
warning: Can't open file /dev/zero (deleted) during file-backed mapping note processing
[New LWP 1193]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/local/bin/php -dopcache.enable_cli=1 -dopcache.jit_buffer_size=512M -dopca'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055ea5fa00b3d in ?? ()
(gdb) bt
#0 0x000055ea5fa00b3d in ?? ()
#1 0x0000000000000004 in ?? ()
#2 0x0000000000000000 in ?? ()
quit) I'll try to get debug symbols installed, but meanwhile, the culprit seems to be |
And the OPcache version (reported by
|
@weirdan It seems that the commit with the fix was only merged into master, and wasn't tagged yet |
Backtrace with debug symbols added (from another machine):
|
and with $ cat bug.php
<?php
function f(): void {
foreach ([] as $b) {}
}
f();
echo "finished" . PHP_EOL;
$ php -n -dopcache.enable_cli=1 -dopcache.jit_buffer_size=512M -dopcache.jit=1205 -dzend_extension=opcache.so -dopcache.optimization_level=0 -dopcache.jit_debug=0x400 bug.php
zsh: segmentation fault (core dumped) php -n -dopcache.enable_cli=1 -dopcache.jit_buffer_size=512M bug.php
$ gdb ~/.phpenv/versions/8.2.3/bin/php -c core
GNU gdb (Debian 13.0.91.20230210-0.1) 13.0.91.20230210-git
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/weirdan/.phpenv/versions/8.2.3/bin/php...
warning: Can't open file /dev/zero (deleted) during file-backed mapping note processing
[New LWP 3664575]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `php -n -dopcache.enable_cli=1 -dopcache.jit_buffer_size=512M -dopcache.jit=1205'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000564663c00b8d in ?? ()
(gdb) pipe info sharedlibrary | grep opcache
0x00007f3817053410 0x00007f3817193483 Yes /home/weirdan/.phpenv/versions/8.2.3/lib/php/extensions/debug-non-zts-20220829/opcache.so
(gdb) add-symbol-file /home/weirdan/.phpenv/versions/8.2.3/lib/php/extensions/debug-non-zts-20220829/opcache.so 0x00007f3817193483
add symbol table from file "/home/weirdan/.phpenv/versions/8.2.3/lib/php/extensions/debug-non-zts-20220829/opcache.so" at
.text_addr = 0x7f3817193483
(y or n) y
Reading symbols from /home/weirdan/.phpenv/versions/8.2.3/lib/php/extensions/debug-non-zts-20220829/opcache.so...
(gdb) bt
#0 0x0000564663c00b8d in ?? ()
#1 0x00007f38171944bf in __cpu_indicator_init ()
from /home/weirdan/.phpenv/versions/8.2.3/lib/php/extensions/debug-non-zts-20220829/opcache.so
#2 0x00007f381b557020 in _dl_catch_error@got.plt () from /lib64/ld-linux-x86-64.so.2
#3 0x00005646596e8e58 in __frame_dummy_init_array_entry ()
#4 0x00007ffd322a66f0 in ?? ()
#5 0x00007f381706379c in zend_accel_error (type=0, format=0x7f3817200000 <zend_jit_math_helper+7527> "@")
at /tmp/php-build/source/8.2.3/ext/opcache/zend_accelerator_debug.c:103
#6 0x000056465896d1d8 in zend_execute (op_array=0x7f3817282000 <zend_jit_switch+8939>, return_value=0x0)
at /tmp/php-build/source/8.2.3/Zend/zend_vm_execute.h:60384
#7 0x00005646588b4e67 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /tmp/php-build/source/8.2.3/Zend/zend.c:1780
#8 0x00005646588183fb in php_execute_script (primary_file=0x7ffd322a8dc0)
at /tmp/php-build/source/8.2.3/main/main.c:2541
#9 0x0000564658a24dd9 in do_cli (argc=9, argv=0x56465b763040)
at /tmp/php-build/source/8.2.3/sapi/cli/php_cli.c:964
#10 0x0000564658a25974 in main (argc=9, argv=0x56465b763040)
at /tmp/php-build/source/8.2.3/sapi/cli/php_cli.c:1333
(gdb) |
Having built |
Right, the fix was not included into PHP-8.2.3. The last commit is from February 13, see https://github.com/php/php-src/commits/php-8.2.3 The fix was committed into PHP-8.2 on February 20. It's going to be included into 8.2.4. As a temporary workaround you may use default value of opcache.optimization_level. |
That's what we did. |
In any case, thanks for your good report(s). |
Is this possible that this issue also exists on 8.1 and hasn't been backported ? |
The fix did make it into PHP 8.1.17. |
Description
Runnning https://github.com/vimeo/psalm with this php.ini causes a segfault (ref vimeo/psalm#9340):
Command:
gdb backtrace:
gdb zbacktrace:
PHP Version
PHP 8.2.3
Operating System
Arch linux
The text was updated successfully, but these errors were encountered: