JIT segmentation fault in PHP 8.1

[cappadaan]

Description

PHP 8.1.0 + 8.1.1 produces segfault, randomly. Downgrading to 8.0 solves the issue.

--core dump---

BFD: Warning: coredump-php-fpm.30267 is truncated: expected core file size >= 5413076992, found: 35983360.
[New LWP 30267]
[New LWP 1887]
[New LWP 1886]
[New LWP 1888]
Cannot access memory at address 0x7f277dbb3128
Cannot access memory at address 0x7f277dbb3120
Failed to read a valid object file image from memory.
Core was generated by `php-fpm: pool xxxxxx '.

Program terminated with signal 11, Segmentation fault.
#0 0x000055bbf04c0f25 in ZEND_NEW_SPEC_CONST_UNUSED_HANDLER () at /usr/src/debug/php-8.1.1/Zend/zend_vm_execute.h:10137
10137 ce = CACHED_PTR(opline->op2.num);
(gdb) bt
Python Exception <class 'gdb.MemoryError'> Cannot access memory at address 0x7ffdc940e3a8:
(gdb) bt
#0 0x000055bbf04c0f25 in ZEND_NEW_SPEC_CONST_UNUSED_HANDLER () at /usr/src/debug/php-8.1.1/Zend/zend_vm_execute.h:10137
Cannot access memory at address 0x7ffdc940e3a8
(gdb) frame 0
#0 0x000055bbf04c0f25 in ZEND_NEW_SPEC_CONST_UNUSED_HANDLER () at /usr/src/debug/php-8.1.1/Zend/zend_vm_execute.h:10137
10137 ce = CACHED_PTR(opline->op2.num);
(gdb) info frame
Stack level 0, frame at 0x7ffdc940e3b0:
rip = 0x55bbf04c0f25 in ZEND_NEW_SPEC_CONST_UNUSED_HANDLER (/usr/src/debug/php-8.1.1/Zend/zend_vm_execute.h:10137); saved rip Cannot access memory at address 0x7ffdc940e3a8

this is the only available info in the core dump.

PHP Version

PHP 8.1.0 + 8.1.1

Operating System

CentOS 7

[cmb69]

I'm afraid this is not actionable without further information, since you didn't provide a reproduce script, and the stack backtrace only shows 1 frame. Since you claim that happens randomly, providing a reproduce script may not be possible, but at the very least we need more info, such as whether OPcache is enabled, whether OPcache JIT is enabled (tracing or function), and in which environment (SAPI) this happens, and also whether that happens only occasionally (and recovers afterwards or not), or happens frequently. Also, try to run with the latest PHP-8.1 development version, where some PHP 8.1.1 bugs have been fixed.

[cappadaan]

• it happens in php-fpm
• randomly and frequent, cannot reproduce
• there is nothing more in the backtrace, so its hard to find what function causes this
• opcache settings:
  opcache.enable = on;
  opcache.enable_cli=1;
  opcache.jit_buffer_size=1G;
  opcache.validate_root = on;
  opcache.enable_cli = on;
  opcache.file_update_protection = 0;
  opcache.revalidate_freq = 0;
  opcache.validate_timestamps = 0;
  opcache.interned_strings_buffer = 64;
  opcache.max_accelerated_files = 16229;
  opcache.memory_consumption = 4096;
  opcache.fast_shutdown = 1;
  opcache.log_verbosity_level = 2;
  opcache.blacklist_filename = /etc/opcache-blacklist.txt;
  opcache.force_restart_timeout = 1800;

[cmb69]

Thanks for the further info! Does it also happen when JIT is disabled (i.e. opcache.jit_buffer_size=0)? If not, what happens if you use a smaller jit_buffer_size (1GB seems very much, maybe try 16M or 64M).

[cappadaan]

I disabled JIT for now, will update in a few days.

[cmb69]

Okay, I'll change back to feeback status (the ticket will be kept open for 2 weeks).