Segmentation fault on PDO::sqliteCreateFunction with SQLite driver on PHP 8.2.0RC4

[llaville]

Description

The following code:

<?php
class SqlitePlatform
{
    public static function udfSqrt($value)
    {
        return sqrt($value);
    }
}

$userDefinedFunctions = [
    'sqrt' => ['callback' => [SqlitePlatform::class, 'udfSqrt'], 'numArgs' => 1],
];

$dsn = "sqlite:user-db.sqlite";
try {
    $pdo = new PDO($dsn);
    foreach ($userDefinedFunctions as $fn => $data) {
        $pdo->sqliteCreateFunction($fn, $data['callback'], $data['numArgs']);
    }
    \var_dump($pdo);

} catch (PDOException $e) {
    \var_dump($e);
}

Code used is pick from https://github.com/doctrine/dbal/blob/3.4.x/src/Driver/PDO/SQLite/Driver.php, doctrine/dbal 3.4.5 I used from my project

Resulted in this output:

Segmentation fault

But I expected this output instead:

object(PDO)#1 (0) {
}

When I comment the foreach loop, PDO object is created !

It seems there is a regression since PHP 8.2.0-dev (182c8acf432c25150067f6224faacaafd5d9b8b4) My use case that works fine : https://github.com/llaville/php-compatinfo-db/actions/runs/3219733272/jobs/5265516763#step:6:14

PHP Version

PHP 8.2.0RC4

Operating System

Ubuntu 18.04

[cmb69]

Hmm, I cannot reproduce this (neither on https://3v4l.org/QrqpV, nor locally). Is this maybe OPcache/JIT issue? Could you please try to generate a backtrace?

[llaville]

As it is reproductable on each runs of my GitHub Workflow since

• PHP 8.2.0-dev (182c8acf432c25150067f6224faacaafd5d9b8b4) => OK; see https://github.com/llaville/php-compatinfo-db/actions/runs/3219733272/jobs/5265516763#step:8:12
• PHP 8.2.0-dev (9be00e3935b69930b5c2603e78f5e51026102377) => KO; see https://github.com/llaville/php-compatinfo-db/actions/runs/3224760844/jobs/5276262457#step:8:12
• PHP 8.2.0-dev (f516e19948a7d88a96ed8e301322f04d4225a7d5) => KO; see https://github.com/llaville/php-compatinfo-db/actions/runs/3242820638/jobs/5316677105#step:8:12

I'm ok with you that on 3v4l.org all versions provided are not affected. Because I think regression occured since RC3

I'll try to generate a backtrace tomorrow

[llaville]

I confirmed that there is a regression since PHP 8.2.0RC3

On RC3 I've rebuilt a docker version locally with source code git clone --depth 1 --branch php-8.2.0RC3 https://github.com/php/php-src php;

OPcache with CLI is disabled

Checked also with this tool https://github.com/gordalina/cachetool that gave me

And my application that crashed on RC4 is able to create the SQLite database with PHP 8.2.0RC3

On RC4 I've rebuilt a docker version locally with source code git clone --depth 1 --branch php-8.2.0RC4 https://github.com/php/php-src php;

OPcache with CLI is still disabled

And my application still crash with a segmentation fault

@wojtekxtx Sorry, but I'm problem to generate backtrace; still working on it !

[llaville]

I need to rebuild my docker version of PHP 8.2.0RC4 (forgotten to specify --enable-debug in configure step)

Currently got

gdb -args php -args /shared/backups/bartlett/php-compatinfo-db/bin/compatinfo-db db:create
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from php...
(No debugging symbols found in php)

[cmb69]

Sorry, but I'm problem to generate backtrace; still working on it !

No need to apologize. Just take your time. :)

[llaville]

@cmb69 I need help; It's the first time I need to use gdb and I'm not able to generate the backtrace.

Here is current status

[cmb69]

It seems that there is no crash in the session above ("Inferior 1 (process 2016) exited with code 01"). So when you call bt, the process already finished. It is possible that the segfault does not (always) occur when run under gdb.

Interesting is the message "Error disabling address space randomization: Operation not permitted". If ALSR is enabled on that system, that might be the cause for the crash; although that message might just mean "I couldn't disable ASLR, because it is not enabled in the first place".

Also interesting is that PHP info reports OPcache being disabled, but the screenshot from cachetool apparently suggests otherwise. Please run without OPcache and Xdebug (don't even load these extensions if possible); would it still segfault?

[llaville]

I've fixed the issue with warning: Error disabling address space randomization: Operation not permitted following recommandation found at https://stackoverflow.com/questions/35860527/warning-error-disabling-address-space-randomization-operation-not-permitted/46676907#46676907

I've modified my docker-compose.yml with

services:
  php:
    image: local/php-fpm:${PHP_SERVER}-work-820RC4
    security_opt:
      - seccomp:unconfined
    cap_add:
      - SYS_PTRACE

And re-created containers, but still doesn't work

devilbox@php-8.2.0RC4 in /shared/httpd $ gdb -args php -args /shared/backups/bartlett/php-compatinfo-db/bin/compatinfo-db db:create
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from php...
(No debugging symbols found in php)
(gdb) run
Starting program: /usr/local/bin/php -args /shared/backups/bartlett/php-compatinfo-db/bin/compatinfo-db db:create
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Either execute direct code, process stdin or use a file.
[Inferior 1 (process 1887) exited with code 01]
(gdb) bt
No stack.
(gdb)

Will try your suggestions now : Thanks for helping

[llaville]

Still same results without xdebug and opcache

devilbox@php-8.2.0RC4 in /shared/backups/bartlett/php-compatinfo-db $ php -v
PHP 8.2.0RC4 (cli) (built: Oct 15 2022 08:58:18) (NTS DEBUG)
Copyright (c) The PHP Group
Zend Engine v4.2.0RC4, Copyright (c) Zend Technologies
devilbox@php-8.2.0RC4 in /shared/backups/bartlett/php-compatinfo-db $ bin/compatinfo-db db:create
> Creating database schema...
Segmentation fault
devilbox@php-8.2.0RC4 in /shared/backups/bartlett/php-compatinfo-db $ gdb -args php -args /shared/backups/bartlett/php-compatinfo-db/bin/compatinfo-db db:create
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from php...
(No debugging symbols found in php)
(gdb) run
Starting program: /usr/local/bin/php -args /shared/backups/bartlett/php-compatinfo-db/bin/compatinfo-db db:create
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Either execute direct code, process stdin or use a file.
[Inferior 1 (process 1866) exited with code 01]
(gdb) bt
No stack.
(gdb)

[llaville]

Perharps there are others extensions that need to be disable ?

Here are extensions I may be able to load with PHP 8.2.0RC3

devilbox@php-8.2.0RC3 in /shared/backups/bartlett/php-compatinfo-db $ bin/compatinfo-db db:init -vvv
> Initializing CompatInfoDb 4.6.x-dev@30c60ad platform ...

Distribution platform
---------------------

 Platform (desc: "CompatInfoDB", version: 4.6.x-dev@30c60ad, built: 2022-10-15T10:44:12+00:00) with 111 extensions

Extension(s) referenced
-----------------------

 Extension (id: 1, desc: "The amqp PHP extension", version: 1.11.0)
 Extension (id: 2, desc: "The apc PHP extension", version: 3.1.13)
 Extension (id: 3, desc: "The apcu PHP extension", version: 5.1.22)
 Extension (id: 4, desc: "The ast PHP extension", version: 1.1.0)
 Extension (id: 5, desc: "The bcmath PHP extension", version: 8.2.0RC3)
 Extension (id: 6, desc: "The bz2 PHP extension", version: 8.2.0RC3)
 Extension (id: 7, desc: "The calendar PHP extension", version: 8.2.0RC3)
 Extension (id: 8, desc: "The Core PHP extension", version: 8.2.0RC3)
 Extension (id: 9, desc: "The ctype PHP extension", version: 8.2.0RC3)
 Extension (id: 10, desc: "The curl PHP extension", version: 8.2.0RC3)
 Extension (id: 11, desc: "The date PHP extension", version: 8.2.0RC3)
 Extension (id: 12, desc: "The dom PHP extension", version: 8.2.0RC3)
 Extension (id: 13, desc: "The enchant PHP extension", version: 8.2.0RC3)
 Extension (id: 14, desc: "The ereg PHP extension", version: 4.0.1)
 Extension (id: 15, desc: "The exif PHP extension", version: 8.2.0RC3)
 Extension (id: 16, desc: "The fileinfo PHP extension", version: 8.2.0RC3)
 Extension (id: 17, desc: "The filter PHP extension", version: 8.2.0RC3)
 Extension (id: 18, desc: "The ftp PHP extension", version: 8.2.0RC3)
 Extension (id: 19, desc: "The gd PHP extension", version: 8.2.0RC3)
 Extension (id: 20, desc: "The gender PHP extension", version: 1.1.0)
 Extension (id: 21, desc: "The geoip PHP extension", version: 1.1.1)
 Extension (id: 22, desc: "The gettext PHP extension", version: 8.2.0RC3)
 Extension (id: 23, desc: "The gmp PHP extension", version: 8.2.0RC3)
 Extension (id: 24, desc: "The haru PHP extension", version: 1.0.4)
 Extension (id: 25, desc: "The hash PHP extension", version: 8.2.0RC3)
 Extension (id: 26, desc: "The htscanner PHP extension", version: 1.0.1)
 Extension (id: 27, desc: "The http PHP extension", version: 4.2.3)
 Extension (id: 28, desc: "The iconv PHP extension", version: 8.2.0RC3)
 Extension (id: 29, desc: "The igbinary PHP extension", version: 3.2.7)
 Extension (id: 30, desc: "The imagick PHP extension", version: 3.7.0)
 Extension (id: 31, desc: "The imap PHP extension", version: 8.2.0RC3)
 Extension (id: 32, desc: "The inclued PHP extension", version: 0.1.3)
 Extension (id: 33, desc: "The intl PHP extension", version: 8.2.0RC3)
 Extension (id: 34, desc: "The jsmin PHP extension", version: 3.0.0)
 Extension (id: 35, desc: "The json PHP extension", version: 8.2.0RC3)
 Extension (id: 36, desc: "The ldap PHP extension", version: 8.2.0RC3)
 Extension (id: 37, desc: "The libevent PHP extension", version: 0.1.0)
 Extension (id: 38, desc: "The libxml PHP extension", version: 8.2.0RC3)
 Extension (id: 39, desc: "The lzf PHP extension", version: 1.7.0)
 Extension (id: 40, desc: "The mailparse PHP extension", version: 3.1.4)
 Extension (id: 41, desc: "The mbstring PHP extension", version: 8.2.0RC3)
 Extension (id: 42, desc: "The mcrypt PHP extension", version: 1.0.5)
 Extension (id: 43, desc: "The memcache PHP extension", version: 8.0)
 Extension (id: 44, desc: "The memcached PHP extension", version: 3.2.0)
 Extension (id: 45, desc: "The mhash PHP extension", version: 4.0.4)
 Extension (id: 46, desc: "The mongo PHP extension", version: 1.6.16)
 Extension (id: 47, desc: "The msgpack PHP extension", version: 2.2.0RC2)
 Extension (id: 48, desc: "The mssql PHP extension", version: 5.5.2)
 Extension (id: 49, desc: "The mysql PHP extension", version: 5.2.3)
 Extension (id: 50, desc: "The mysqli PHP extension", version: 8.2.0RC3)
 Extension (id: 51, desc: "The OAuth PHP extension", version: 2.0.7)
 Extension (id: 52, desc: "The oci8 PHP extension", version: 3.0.1)
 Extension (id: 53, desc: "The odbc PHP extension", version: 8.2.0RC3)
 Extension (id: 54, desc: "The OPcache PHP extension", version: 8.2.0RC3)
 Extension (id: 55, desc: "The openssl PHP extension", version: 8.2.0RC3)
 Extension (id: 56, desc: "The pcntl PHP extension", version: 8.2.0RC3)
 Extension (id: 57, desc: "The pcre PHP extension", version: 8.2.0RC3)
 Extension (id: 58, desc: "The pdflib PHP extension", version: 4.1.4)
 Extension (id: 59, desc: "The PDO PHP extension", version: 8.2.0RC3)
 Extension (id: 60, desc: "The pgsql PHP extension", version: 8.2.0RC3)
 Extension (id: 61, desc: "The phar PHP extension", version: 8.2.0RC3)
 Extension (id: 62, desc: "The posix PHP extension", version: 8.2.0RC3)
 Extension (id: 63, desc: "The pthreads PHP extension", version: 3.1.6)
 Extension (id: 64, desc: "The raphf PHP extension", version: 2.0.1)
 Extension (id: 65, desc: "The rar PHP extension", version: 4.2.0)
 Extension (id: 66, desc: "The rdkafka PHP extension", version: 6.0.3)
 Extension (id: 67, desc: "The readline PHP extension", version: 8.2.0RC3)
 Extension (id: 68, desc: "The recode PHP extension", version: 4.0.0)
 Extension (id: 69, desc: "The redis PHP extension", version: 5.3.7)
 Extension (id: 70, desc: "The Reflection PHP extension", version: 8.2.0RC3)
 Extension (id: 71, desc: "The riak PHP extension", version: 1.2.0)
 Extension (id: 72, desc: "The session PHP extension", version: 8.2.0RC3)
 Extension (id: 73, desc: "The shmop PHP extension", version: 8.2.0RC3)
 Extension (id: 74, desc: "The SimpleXML PHP extension", version: 8.2.0RC3)
 Extension (id: 75, desc: "The snmp PHP extension", version: 8.2.0RC3)
 Extension (id: 76, desc: "The soap PHP extension", version: 8.2.0RC3)
 Extension (id: 77, desc: "The sockets PHP extension", version: 8.2.0RC3)
 Extension (id: 78, desc: "The solr PHP extension", version: 2.5.1)
 Extension (id: 79, desc: "The sphinx PHP extension", version: 1.3.3)
 Extension (id: 80, desc: "The spl PHP extension", version: 8.2.0RC3)
 Extension (id: 81, desc: "The sqlite PHP extension", version: 2.0-dev)
 Extension (id: 82, desc: "The sqlite3 PHP extension", version: 8.2.0RC3)
 Extension (id: 83, desc: "The ssh2 PHP extension", version: 1.3.1)
 Extension (id: 84, desc: "The standard PHP extension", version: 8.2.0RC3)
 Extension (id: 85, desc: "The stomp PHP extension", version: 2.0.3)
 Extension (id: 86, desc: "The svn PHP extension", version: 2.0.3)
 Extension (id: 87, desc: "The sync PHP extension", version: 1.1.2)
 Extension (id: 88, desc: "The sysvmsg PHP extension", version: 8.2.0RC3)
 Extension (id: 89, desc: "The sysvsem PHP extension", version: 8.2.0RC3)
 Extension (id: 90, desc: "The sysvshm PHP extension", version: 8.2.0RC3)
 Extension (id: 91, desc: "The tidy PHP extension", version: 8.2.0RC3)
 Extension (id: 92, desc: "The tokenizer PHP extension", version: 8.2.0RC3)
 Extension (id: 93, desc: "The uopz PHP extension", version: 6.1.2)
 Extension (id: 94, desc: "The uploadprogress PHP extension", version: 2.0.2)
 Extension (id: 95, desc: "The uuid PHP extension", version: 1.2.0)
 Extension (id: 96, desc: "The varnish PHP extension", version: 1.2.4)
 Extension (id: 97, desc: "The wddx PHP extension", version: 4.0.0)
 Extension (id: 98, desc: "The XCache PHP extension", version: 3.2.0)
 Extension (id: 99, desc: "The xdebug PHP extension", version: 3.2.0RC1)
 Extension (id: 100, desc: "The xhprof PHP extension", version: 2.3.7)
 Extension (id: 101, desc: "The xlswriter PHP extension", version: 1.5.2)
 Extension (id: 102, desc: "The xml PHP extension", version: 8.2.0RC3)
 Extension (id: 103, desc: "The xmldiff PHP extension", version: 1.1.3)
 Extension (id: 104, desc: "The xmlreader PHP extension", version: 8.2.0RC3)
 Extension (id: 105, desc: "The xmlrpc PHP extension", version: 1.0.0RC2)
 Extension (id: 106, desc: "The xmlwriter PHP extension", version: 8.2.0RC3)
 Extension (id: 107, desc: "The xsl PHP extension", version: 8.2.0RC3)
 Extension (id: 108, desc: "The yac PHP extension", version: 2.3.1)
 Extension (id: 109, desc: "The yaml PHP extension", version: 2.2.2)
 Extension (id: 110, desc: "The zip PHP extension", version: 1.21.1)
 Extension (id: 111, desc: "The zlib PHP extension", version: 8.2.0RC3)

 [OK] Database built successfully!

[llaville]

@cmb69 Good news : I've found extension that should be disabled/fixed: xhprof, I've re-enabled xdebug and opcache

[cmb69]

Good news : I've found extension that should be disabled/fixed: xhprof

Good news indeed! Maybe the issue is already fixed (see https://github.com/longxinH/xhprof/issues/68). Could you try to build xhprof from its master branch?

[llaville]

I confirm that my application CompatInfoDB with PHP 8.2.0RC4 (locally) and with GitHub Actions PHP 8.2.0-dev (aba82c74d9bfa48319d331dc1fb357606962c94a) is able to build a SQLite database (see https://github.com/llaville/php-compatinfo-db/actions/runs/3255570865/jobs/5345031152) with xhprof extension disabled

[llaville]

Good news : I've found extension that should be disabled/fixed: xhprof

Good news indeed! Maybe the issue is already fixed (see longxinH/xhprof#68). Could you try to build xhprof from its master branch?

I'll try !

[llaville]

@cmb69 master branch of xhprof does not solve it ! Need a fix.

[llaville]

Issue report on xhprof extension GitHub repository. I think it's time to close this one as PHP source code is not impacted !

Big thanks @cmb69 for your support/help

[rioderelfte]

We ran into an issue in the Tideways extension when calling PDO::sqliteCreateFunction as well. I think this is an issue in the PDO extension which only shows up when observers are used. I think I found a fix for this issue: https://github.com/php/php-src/pull/9818

Maybe this is the same bug.