Skip to content

Zend/tests/arginfo_zpp_mismatch.phpt causes a segfault with JIT + --repeat 2 #12494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
danog opened this issue Oct 22, 2023 · 1 comment
Closed

Zend/tests/arginfo_zpp_mismatch.phpt causes a segfault with JIT + --repeat 2 #12494

danog opened this issue Oct 22, 2023 · 1 comment
Labels
Bug Status: Needs Triage

Comments

@danog
Copy link
Contributor

danog commented Oct 22, 2023
edited
Loading

Description

The test fails with a segfault with any --repeat value bigger than 1, if either function or tracing JIT is enabled:

php run-tests.php Zend/tests/arginfo_zpp_mismatch.phpt --repeat 2

php.ini:

memory_limit = -1
zend.assertions = 1
display_errors = On
display_startup_errors = On
extension=gmp
extension=iconv
[opcache]
zend_extension=opcache
opcache.memory_consumption=4096M
opcache.enable=1
opcache.enable_cli=1
opcache.jit=tracing
opcache.validate_timestamps=0
opcache.jit_buffer_size=1G
opcache.file_update_protection=0
opcache.max_accelerated_files=1000000
opcache.interned_strings_buffer=64

opcache.file_cache=/tmp/opc

opcache.jit_prof_threshold=0.000000001
opcache.jit_max_root_traces=  30000000
opcache.jit_max_side_traces=  30000000
opcache.jit_max_exit_counters=30000000
opcache.jit_hot_loop=1
opcache.jit_hot_func=1
opcache.jit_hot_return=1
opcache.jit_hot_side_exit=1

opcache.jit_blacklist_root_trace=255
opcache.jit_blacklist_side_trace=255

opcache.protect_memory=1

Result:

Executing for the first time...
===DONE===
Finished execution, repeating...
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2394949==ERROR: AddressSanitizer: SEGV on unknown address 0x7fe0c28c3e80 (pc 0x7fe2638a5bd0 bp 0x7fff9c68f3b0 sp 0x7fff9c68eb78 T0)
==2394949==The signal is caused by a WRITE memory access.
    #0 0x7fe2638a5bd0  /build/glibc-BHL3KM/glibc-2.31/string/../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:200
    #1 0x558b9e69c31f in __asan_memset (/usr/local/bin/php+0x49c31f) (BuildId: f133e332475a6c839fc804e2a4a24ca8ce73b6c4)
    #2 0x7fe25e36f0ce in bzero_aligned /root/php-src/ext/opcache/ZendAccelerator.c:150:2
    #3 0x7fe25e369528 in cache_script_in_shared_memory /root/php-src/ext/opcache/ZendAccelerator.c:1624:2
    #4 0x7fe25e36749e in persistent_compile_file /root/php-src/ext/opcache/ZendAccelerator.c:2156:24
    #5 0x558b9f559846 in zend_execute_scripts /root/php-src/Zend/zend.c:1871:14
    #6 0x558b9f3611ef in php_execute_script /root/php-src/main/main.c:2492:13
    #7 0x558b9faeb027 in do_cli /root/php-src/sapi/cli/php_cli.c:966:5
    #8 0x558b9fae8bba in main /root/php-src/sapi/cli/php_cli.c:1340:18
    #9 0x7fe26373e082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16
    #10 0x558b9e60441d in _start (/usr/local/bin/php+0x40441d) (BuildId: f133e332475a6c839fc804e2a4a24ca8ce73b6c4)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-BHL3KM/glibc-2.31/string/../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:200
==2394949==ABORTING

ping @dstogov

PHP Version

f093409
@danog danog changed the title Zend/tests/arginfo_zpp_mismatch.phpt causes a segfault withJIT + --repeat 2 Zend/tests/arginfo_zpp_mismatch.phpt causes a segfault with JIT + --repeat 2 Oct 22, 2023
@danog
Copy link
Contributor Author

danog commented Oct 22, 2023

Similar result for Zend/tests/arginfo_zpp_mismatch_strict.phpt:

Executing for the first time...
===DONE===
Finished execution, repeating...
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2395060==ERROR: AddressSanitizer: SEGV on unknown address 0x7f4933cc3e80 (pc 0x7f4ad4c90bd0 bp 0x7ffcaa30a490 sp 0x7ffcaa309c58 T0)
==2395060==The signal is caused by a WRITE memory access.
/usr/bin/llvm-symbolizer-16: /lib/x86_64-linux-gnu/libcurl.so.4: no version information available (required by /usr/bin/llvm-symbolizer-16)
    #0 0x7f4ad4c90bd0  /build/glibc-BHL3KM/glibc-2.31/string/../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:200
    #1 0x55a757e9c31f in __asan_memset (/usr/local/bin/php+0x49c31f) (BuildId: f133e332475a6c839fc804e2a4a24ca8ce73b6c4)
    #2 0x7f4acf76f0ce in bzero_aligned /root/php-src/ext/opcache/ZendAccelerator.c:150:2
    #3 0x7f4acf769528 in cache_script_in_shared_memory /root/php-src/ext/opcache/ZendAccelerator.c:1624:2
    #4 0x7f4acf76749e in persistent_compile_file /root/php-src/ext/opcache/ZendAccelerator.c:2156:24
    #5 0x55a758d59846 in zend_execute_scripts /root/php-src/Zend/zend.c:1871:14
    #6 0x55a758b611ef in php_execute_script /root/php-src/main/main.c:2492:13
    #7 0x55a7592eb027 in do_cli /root/php-src/sapi/cli/php_cli.c:966:5
    #8 0x55a7592e8bba in main /root/php-src/sapi/cli/php_cli.c:1340:18
    #9 0x7f4ad4b29082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16
    #10 0x55a757e0441d in _start (/usr/local/bin/php+0x40441d) (BuildId: f133e332475a6c839fc804e2a4a24ca8ce73b6c4)

@danog danog mentioned this issue Oct 22, 2023
Closed
dstogov added a commit that referenced this issue Oct 23, 2023
@dstogov
Merge branch 'PHP-8.1' into PHP-8.2
6be3c18 
* PHP-8.1:
  Fixed GH-12494: Zend/tests/arginfo_zpp_mismatch.phpt causes a segfault withJIT + --repeat 2
dstogov added a commit that referenced this issue Oct 23, 2023
@dstogov
Merge branch 'PHP-8.2' into PHP-8.3
a1818dd 
* PHP-8.2:
  Fixed GH-12494: Zend/tests/arginfo_zpp_mismatch.phpt causes a segfault withJIT + --repeat 2
dstogov added a commit that referenced this issue Oct 23, 2023
@dstogov
Merge branch 'PHP-8.3'
3d832fc 
* PHP-8.3:
  Fixed GH-12494: Zend/tests/arginfo_zpp_mismatch.phpt causes a segfault withJIT + --repeat 2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Status: Needs Triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danog