search

php / php-src

The PHP Interpreter
https://www.php.net
Other
38.18k stars 7.75k forks source link

php 8.3.10 oops @ object cache flush #15388

Closed pgnd closed 2 months ago

pgnd commented 2 months ago

Description

on

distro
    Name: Fedora Linux 40 (Forty)
    Version: 40
    Codename:

uname -rm
    6.10.3-200.fc40.x86_64 x86_64

with

rpm -qa | grep -E "php-common|php-fpm|php-redis"
    php-common-8.3.10-1.fc40.remi.x86_64
    php-fpm-8.3.10-1.fc40.remi.x86_64
    php-pecl-redis6-6.1.0~RC1-1.fc40.remi.8.3.x86_64

php -v
    PHP 8.3.10 (cli) (built: Jul 30 2024 13:44:37) (NTS gcc x86_64)
    Copyright (c) The PHP Group
    Zend Engine v4.3.10, Copyright (c) Zend Technologies
        with Zend OPcache v8.3.10, Copyright (c), by Zend Technologies
        with Xdebug v3.3.2, Copyright (c) 2002-2024, by Derick Rethans

php-fpm -v
    PHP 8.3.10 (fpm-fcgi) (built: Jul 30 2024 13:44:37)
    Copyright (c) The PHP Group
    Zend Engine v4.3.10, Copyright (c) Zend Technologies
        with Zend OPcache v8.3.10, Copyright (c), by Zend Technologies
        with Xdebug v3.3.2, Copyright (c) 2002-2024, by Derick Rethans

in an app instance (Wordpress 6.6.1), exec of an Object Cache flush results in

Aug 13 11:44:49 test kernel: php-fpm[9241]: segfault at 23e00000070 ip 00005563d19807ab sp 00007ffddf340250 error 4 in php-fpm[3037ab,5563d16ab000+33c000] likely on CPU 14 (core 6, socket 0)
Aug 13 11:44:49 test kernel: Code: e8 01 00 00 48 89 45 c8 48 85 db 0f 84 9b 00 00 00 4c 8d 35 eb 76 1d 00 0f 1f 80 00 00 00 00 49 89 9d e8 01 00 00 48 8b 53 18 <48> 8b 42 38 a8 01 74 12 48 8d 0d 06 21 1d 00 48 8b 89 e0 01 00 00

@ core dump

gdb /usr/sbin/php-fpm /var/lib/systemd/coredump/core.9241
(gdb) set pagination off
(gdb) bt full

(gdb) bt full
    #0  call_end_observers (execute_data=0x5563cd6db840, return_value=0x0)
        at /usr/src/debug/php-8.3.10-1.fc40.remi.x86_64/Zend/zend_observer.c:265
            func = 0x23e00000038
            handler = <optimized out>
            possible_handlers_end = <optimized out>
    #1  zend_observer_fcall_end_all () at /usr/src/debug/php-8.3.10-1.fc40.remi.x86_64/Zend/zend_observer.c:293
            execute_data = 0x5563cd6db840
            original_execute_data = 0x0
    #2  0x00005563d1866850 in php_request_shutdown (dummy=dummy@entry=0x0)
        at /usr/src/debug/php-8.3.10-1.fc40.remi.x86_64/main/main.c:1862
            report_memleaks = true
    #3  0x00005563d16f517e in main (argc=<optimized out>, argv=<optimized out>)
        at /usr/src/debug/php-8.3.10-1.fc40.remi.x86_64/sapi/fpm/fpm/fpm_main.c:1970
            primary_script = <optimized out>
            __orig_bailout = <optimized out>
            __bailout = {{__jmpbuf = {10, -6812356180845851385, 6, 93887207390336, 0, 93887208458776,
                  -6812356180952806137, -843938314294326009}, __mask_was_saved = 0, __saved_mask = {__val = {
                    140660866771648, 63, 18446744073709551072, 0, 4222461064, 140728348183984, 140660865462146, 0,
                    140660865924268, 93887539638944, 1024, 0, 0, 140728348184192, 140660865304512, 22}}}}
            exit_status = <optimized out>
            cgi = 0
            c = <optimized out>
            use_extended_info = <optimized out>
            file_handle = {handle = {fp = 0x0, stream = {handle = 0x0, isatty = 0, reader = 0x0, fsizer = 0x0,
                  closer = 0x0}}, filename = 0x0, opened_path = 0x0, type = 0 '\000', primary_script = true,
              in_list = false, buf = 0x0, len = 0}
            orig_optind = 1
            orig_optarg = 0x0
            ini_builder = {value = 0x0, length = 0}
            max_requests = 200
            requests = <optimized out>
            fcgi_fd = <optimized out>
            request = 0x5563e5b3aa80
            fpm_config = <optimized out>
            fpm_prefix = <optimized out>
            fpm_pid = <optimized out>
            test_conf = 0
            force_daemon = <optimized out>
            force_stderr = <optimized out>
            php_information = <optimized out>
            php_allow_to_run_as_root = <optimized out>
            __func__ = "main"
            ret = <optimized out>
            __orig_bailout = <optimized out>
            __bailout = <optimized out>
            __str = <optimized out>
    (gdb)

no 'simple' reproducer ... yet.

PHP Version

PHP 8.3.10

Operating System

Fedora 40

cmb69 commented 2 months ago

Does this also happen when Xdebug is not loaded?

pgnd commented 2 months ago

@cmb69

after editing,

/usr/local/etc/php8/conf.d/xdebug.ini
-   xdebug.mode = on
+   xdebug.mode = off

, and restart, it does not segfault on exec of the in-WP ObjectCache flush (in ~10 attempts, so far)

turn it back on, and immediately segfaults on the flush

iluuu1994 commented 2 months ago

If disabling xdebug solves the problem, the issue should be reported on the xdebug bug tracker.

cmb69 commented 2 months ago

@pgnd, see https://github.com/xdebug/xdebug?tab=readme-ov-file#contributing.

pgnd commented 2 months ago

fyi -> https://bugs.xdebug.org/view.php?id=2285

thx o/

Apetree100122 commented 2 months ago

gdb /usr/sbin/php-fpm /var/lib/systemd/coredump/core.9241(gdb) set pagination off(gdb) bt full (gdb) bt full #0 call_end_observers (execute_data=0x5563cd6db840,return_value=0x0) at /usr/src/debug/php-8.3.10-1.fc40.remi.x86_64/Zend/zend_observer.c:263 func = 0x23e00000038 handler =
possible_handlers_end = #1 zend_observer_fcall_end_all () at /usr/src/debug /php-8.3.10-1.fc40.remi.x86_64 /Zend/zend_observer.c:293 execute_data = 0x5563cd6db840 original_execute_data = 0x0 #2 0x00005563d1866850 in php_request_shutdown (dummy=dummy@entry=0x0) at /usr/src/debug/php-8.3.10 1.fc40.remi.x86_64/main/main.c:1862 report_memleaks = true #3 0x00005563d16f517e in main (argc=, argv=) at /usr/src/debug/php-8.3.10-1.fc40.remi.x86_64/sapi/fpm/fpm/fpm_main.c:1970 primary_script = orig_bailout = bailout = {{jmpbuf = { 10, >6 8 12 3 5 6 1 8 0 8 4 5 8 5 1 3 8 5, 6, 9 3 8 8 7 2 0 73 9 0 3 3 6, 0, 9 3 8 8 7 2 0 8 4 5 8 7 7 6 6 8 1 2 3 5 6 1 8 0 9 5 2 8 0 6 1 3 7, 8 4 3 9 3 8 3 1 4 2 9 4 3 2 6 0 0 9}, mask_was_saved = 0, saved_mask = {val = { 140660866771648, 63, 18446744073709551072, 0, 4222461064, 140728348183984, 140660865462146, 0, 140660865924268, 93887539638944, 1024, 0, 0, 140728348184192, 140660865304512, 22}}}} exit_status = cgi = c = use_extended_info = file_handle = {handle = {fp = 0x0, stream = {handle = 0x0, isatty = 0, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x0, opened_path = 0x0, type = 0 '\000', primary_script = true, in_list = false, buf = 0x0, len = 0} orig_optind = 1orig_op targ = 0x0 ini_builder = {value = 0x0, length = 0}max_requests = 200 requests = fcgi_fd = request = 0x5563e5b3aa80 fpm_config = fpm_prefix = fpm_pid = test_conf = 0force_daemon = force_stderr = php_information = php_allow_to_run_as_root = func = "main" ret = __orig_bailout = bailout = str = (gdb)