PHP :: Bug #79998 :: Opcache JIT segfault

Bug #79998	Opcache JIT segfault
Submitted:	2020-08-19 17:14 UTC	Modified:	2020-12-14 13:10 UTC
From:	adam at adsar dot co dot uk	Assigned:
Status:	Closed	Package:	JIT
PHP Version:	8.0.0beta1	OS:	CentOS 8.2.2004
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	adam at adsar dot co dot uk
New email:
PHP Version:		OS:

New Comment:

[2020-08-19 17:14 UTC] adam at adsar dot co dot uk

Description:
------------
We use the PEAR DB library to access a MySQL server.

If we try and get a result from the MySQL server over 126 times, it segfaults when the JIT is enabled.

opcache.jit_buffer_size=32M
opcache.jit=1235

Test script:
---------------
wget http://download.pear.php.net/package/PEAR-1.10.12.tgz
tar zxvf PEAR-1.10.12.tgz
mv PEAR-1.10.12/* ./

wget http://download.pear.php.net/package/DB-1.10.0.tgz
tar zxvf DB-1.10.0.tgz
mv DB-1.10.0/* ./



<?php

require_once 'DB.php'; 

$db = DB::connect("mysqli://username:password@databaseIP/databasename");

for($i=0;$i<127;$i++) {
    $db->getOne("select 1");
}


Actual result:
--------------
           PID: 7535 (php-fpm)
           UID: 48 (apache)
           GID: 48 (apache)
        Signal: 11 (SEGV)
     Timestamp: Wed 2020-08-19 16:49:30 UTC (42s ago)
  Command Line: php-fpm: pool www
    Executable: /opt/remi/php80/root/usr/sbin/php-fpm
 Control Group: /system.slice/php80-php-fpm.service
          Unit: php80-php-fpm.service
         Slice: system.slice
       Boot ID: 90c2d9a3c0464be19521cd71a01a6959
    Machine ID: 55930b9a23b7461d8dee6412d10a4e7b
      Hostname: handsetdeals
       Storage: /var/lib/systemd/coredump/core.php-fpm.48.90c2d9a3c0464be19521cd71a01a6959.7535.1597855770000000.lz4
       Message: Process 7535 (php-fpm) of user 48 dumped core.

                Stack trace of thread 7535:
                #0  0x00007f81030a9687 __strlen_avx2 (libc.so.6)
                #1  0x000055f6bbf560ea xbuf_format_converter (php-fpm)
                #2  0x000055f6bbfb672d zend_vstrpprintf (php-fpm)
                #3  0x000055f6bbdf8c97 zend_error_va_list (php-fpm)
                #4  0x000055f6bbdf8ec7 zend_error (php-fpm)
                #5  0x00007f8100aee686 zend_jit_deprecated_helper (opcache.so)
                #6  0x000000004973971f n/a (n/a)




(gdb) bt
#0  0x00007f81030a9687 in __strlen_avx2 () from /lib64/libc.so.6
#1  0x000055f6bbf560ea in xbuf_format_converter (xbuf=0x7ffc6ede7a10, is_char=false, fmt=0x55f6bc0b1177 "s() is deprecated", ap=0x7ffc6ede7a80)
    at /usr/src/debug/php80-php-8.0.0~beta2-29.el8.remi.x86_64/main/spprintf.c:572
#2  0x000055f6bbfb672d in zend_vstrpprintf (max_len=max_len@entry=0, format=<optimized out>, ap=<optimized out>)
    at /usr/src/debug/php80-php-8.0.0~beta2-29.el8.remi.x86_64/Zend/zend.c:253
#3  0x000055f6bbdf8c97 in zend_error_va_list (orig_type=8192, error_filename=0x42042550 "/var/www/html/break/DB/common.php", error_lineno=1223,
    format=<optimized out>, args=<optimized out>) at /usr/src/debug/php80-php-8.0.0~beta2-29.el8.remi.x86_64/Zend/zend.c:1434
#4  0x000055f6bbdf8ec7 in zend_error (type=8192, format=0x55f6bc0b116b "Method %s::%s() is deprecated")
    at /usr/src/debug/php80-php-8.0.0~beta2-29.el8.remi.x86_64/Zend/zend.c:1507
#5  0x00007f8100aee686 in zend_jit_deprecated_helper () from /opt/remi/php80/root/usr/lib64/php/modules/opcache.so
#6  0x000000004973971f in ?? ()
#7  0x000000004200f938 in ?? ()
#8  0x0000000049733557 in ?? ()
#9  0x00007ffc6edea1d0 in ?? ()
#10 0x0000000042053a10 in ?? ()
#11 0x0000000000000008 in ?? ()
#12 0x000055f6bbf6f252 in php_stdiop_close (stream=0x7f8100e16230, close_handle=<optimized out>)
    at /usr/src/debug/php80-php-8.0.0~beta2-29.el8.remi.x86_64/main/streams/plain_wrapper.c:514
#13 0x000055f600000002 in ?? ()
#14 0x00007f8100e692a0 in ?? ()
#15 0x0000000000000001 in ?? ()
#16 0x000055f6bc52be10 in executor_globals ()
#17 0xb2ebdc8315da0700 in ?? ()
#18 0x00007ffc6edea1d0 in ?? ()
#19 0x00007f8100e16020 in ?? ()
#20 0x000055f6bc52bce0 in ?? ()
#21 0x00007f8100e02000 in ?? ()
#22 0x0000000000000000 in ?? ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-09-17 16:54 UTC] adam at adsar dot co dot uk

Just a quick note - tested again on beta 4, and still seems to be breaking.

Best,
Adam

[2020-12-14 12:57 UTC] dmitry@php.net

-Status: Open +Status: Feedback

[2020-12-14 12:57 UTC] dmitry@php.net

Please, check this with PHP-8.0.0 or above. I can't reproduce the problem.

[2020-12-14 13:10 UTC] adam at adsar dot co dot uk

-Status: Feedback +Status: Closed

[2020-12-14 13:10 UTC] adam at adsar dot co dot uk

Thank you Dmitry - I concur, I can't reproduce it now.

Great work on the JIT by the way :)

Best,
Adam

[2021-10-28 01:09 UTC] m8roon at gmail dot com

thats good 
thx bro

https://down-plus.com/

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Dec 27 17:01:30 2024 UTC