PHP 8.2.5 - 8.2.7 crash

[sitnikov]

Description

I only have a core from version 8.2.5, but version 8.2.6 also crashed. I can't replicate the issue for 8.2.6 because this is a production system. Version 8.2.1 is working properly

(gdb) bt

#0  zend_mm_alloc_small (bin_num=8, heap=0x7f5c54200040) at /usr/src/debug/php82-8.2.5-1.x86_64/Zend/zend_alloc.c:1313
#1  zend_mm_alloc_heap (size=<optimized out>, heap=0x7f5c54200040) at /usr/src/debug/php82-8.2.5-1.x86_64/Zend/zend_alloc.c:1384
#2  _emalloc (size=<optimized out>) at /usr/src/debug/php82-8.2.5-1.x86_64/Zend/zend_alloc.c:2594
#3  0x0000562af46da26e in zend_objects_new (ce=0x562afd1bc320) at /usr/src/debug/php82-8.2.5-1.x86_64/Zend/zend_objects_API.h:83
#4  0x0000562af464c71a in _object_and_properties_init (properties=0x0, class_type=<optimized out>, arg=0x7f5c542160c0) at /usr/src/debug/php82-8.2.5-1.x86_64/Zend/zend_API.c:1695
#5  object_init_ex (arg=arg@entry=0x7f5c542160c0, class_type=<optimized out>) at /usr/src/debug/php82-8.2.5-1.x86_64/Zend/zend_API.c:1718
#6  0x0000562af4689e85 in ZEND_NEW_SPEC_CONST_UNUSED_HANDLER () at /usr/src/debug/php82-8.2.5-1.x86_64/Zend/zend_vm_execute.h:10289
#7  0x0000562af46b4a54 in execute_ex (ex=0x10f7e48) at /usr/src/debug/php82-8.2.5-1.x86_64/Zend/zend_vm_execute.h:56937
#8  0x0000562af46bd1c2 in zend_execute (op_array=0x7f5c54202000, return_value=0x0) at /usr/src/debug/php82-8.2.5-1.x86_64/Zend/zend_vm_execute.h:60396
#9  0x0000562af4649be5 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /usr/src/debug/php82-8.2.5-1.x86_64/Zend/zend.c:1826
#10 0x0000562af45e360a in php_execute_script (primary_file=<optimized out>) at /usr/src/debug/php82-8.2.5-1.x86_64/main/main.c:2542
#11 0x0000562af43e311c in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/php82-8.2.5-1.x86_64/sapi/fpm/fpm/fpm_main.c:1924

(gdb) zbacktrace

[0x7f5c54215fc0] Doctrine\DBAL\Connection->executeQuery("SELECT spare_id AS sid, spare_id_name AS pnid, discount, stock,\12                            (!ISNULL(spare_id) + !ISNULL(spare_id_name) + !ISNULL(stock)) AS conditions,\12                            discounted_sell_price_no_vat AS price\12                     ...", array(2)[0x7f5c54216020], array(0)[0x7f5c54216030], NULL) /...../vendor/doctrine/dbal/src/Connection.php:1067 
[0x7f5c54215f10] ZZZZZ\DB\Connection->executeQuery("SELECT spare_id AS sid, spare_id_name AS pnid, discount, stock,\12                            (!ISNULL(spare_id) + !ISNULL(spare_id_name) + !ISNULL(stock)) AS conditions,\12                            discounted_sell_price_no_vat AS price\12                     ...", array(2)[0x7f5c54215f70], array(0)[0x7f5c54215f80]) /...../include/DB/Connection.php:248 
[0x7f5c54215e70] ZZZZZ\DB\Connection->fetchAll("SELECT spare_id AS sid, spare_id_name AS pnid, discount, stock,\12                            (!ISNULL(spare_id) + !ISNULL(spare_id_name) + !ISNULL(stock)) AS conditions,\12                            discounted_sell_price_no_vat AS price\12                     ...", array(2)[0x7f5c54215ed0]) /...../include/DB/Connection.php:298 
[0x7f5c54215de0] ZZZZZ\Price2\Helper\DiscountCalculator->ZZZZZ\Price2\Helper\{closure}() /...../include/Price2/Helper/DiscountCalculator.php:155 
[0x7f5c54215d40] cache_remember("_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 3600, object[0x7f5c54215db0]) /...../include/memcache.functions.php:112 
[0x7f5c54215b90] ZZZZZ\Price2\Helper\DiscountCalculator->find_abcxyz_discount(array(68)[0x7f5c54215be0], 0.000000) /...../include/Price2/Helper/DiscountCalculator.php:153 
[0x7f5c54215a90] ZZZZZ\Price2\Discount\MassiveDiscount->getDiscountPercent() /...../include/Price2/Discount/MassiveDiscount.php:46 
[0x7f5c542159e0] ZZZZZ\Price2\Helper\DiscountCalculator->getMaxDiscountByDiscounts(array(4)[0x7f5c54215a30]) /...../include/Price2/Helper/DiscountCalculator.php:383 
[0x7f5c54215850] ZZZZZ\Price2\Helper\DiscountCalculator->calculateDiscount(array(4)[0x7f5c542158a0], 0.000000, object[0x7f5c542158c0], array(68)[0x7f5c542158d0], object[0x7f5c542158e0]) /...../include/Price2/Helper/DiscountCalculator.php:317 
[0x7f5c54215700] ZZZZZ\Price2\Helper\DiscountCalculator->calculate_discount(array(68)[0x7f5c54215750], array(0)[0x7f5c54215760], 0) /...../include/Price2/Helper/DiscountCalculator.php:306 
[0x7f5c54215600] calculate_discount(array(68)[0x7f5c54215650], "catalog", 0, array(0)[0x7f5c54215680]) /...../include/ZZZZZ.functions.php:3742 
[0x7f5c542154c0] CatalogView->get_price_data(array(66)[0x7f5c54215510], array(0)[0x7f5c54215520], "ZZZZZZ-ZZZZZ") /...../include/CatalogView.class.php:358 
[0x7f5c54215280] ZZZZZ\CatalogBundle\DependencyInjection\Spare\SparesCatalogViewService->spareDetailData(30331702, array(66)[0x7f5c542152e0], array(6)[0x7f5c542152f0], array(1)[0x7f5c54215300], array(6)[0x7f5c54215310], object[0x7f5c54215320], NULL, 1) /...../Bundles/CatalogBundle/DependencyInjection/Spare/SparesCatalogViewService.php:219 
[0x7f5c542149c0] ZZZZZ\CatalogBundle\Controller\SpareDetailViewController->getSpareDetailViewData(object[0x7f5c54214a10], object[0x7f5c54214a20], object[0x7f5c54214a30], object[0x7f5c54214a40], object[0x7f5c54214a50], object[0x7f5c54214a60], object[0x7f5c54214a70], object[0x7f5c54214a80], object[0x7f5c54214a90], object[0x7f5c54214aa0], object[0x7f5c54214ab0], object[0x7f5c54214ac0], object[0x7f5c54214ad0], object[0x7f5c54214ae0], object[0x7f5c54214af0], object[0x7f5c54214b00], 30923983, 16050, NULL, NULL, NULL, 3, false, false, object[0x7f5c54214b90]) /...../Bundles/CatalogBundle/Controller/SpareDetailViewController.php:1200 
[0x7f5c54214420] ZZZZZ\CatalogBundle\Controller\SpareDetailViewController->indexAction(object[0x7f5c54214470], object[0x7f5c54214480], object[0x7f5c54214490], object[0x7f5c542144a0], object[0x7f5c542144b0], object[0x7f5c542144c0], object[0x7f5c542144d0], object[0x7f5c542144e0], object[0x7f5c542144f0], object[0x7f5c54214500], object[0x7f5c54214510], object[0x7f5c54214520], object[0x7f5c54214530], object[0x7f5c54214540], object[0x7f5c54214550], object[0x7f5c54214560], object[0x7f5c54214570], object[0x7f5c54214580], object[0x7f5c54214590], object[0x7f5c542145a0], object[0x7f5c542145b0], object[0x7f5c542145c0], object[0x7f5c542145d0], object[0x7f5c542145e0], 30923983, NULL, NULL, NULL, NULL) /...../Bundles/CatalogBundle/Controller/SpareDetailViewController.php:324 
[0x7f5c54214340] Symfony\Component\HttpKernel\HttpKernel->handleRaw(object[0x7f5c54214390], 1) /...../vendor/symfony/http-kernel/HttpKernel.php:163 
[0x7f5c54214270] Symfony\Component\HttpKernel\HttpKernel->handle(object[0x7f5c542142c0], 1, true) /...../vendor/symfony/http-kernel/HttpKernel.php:74 
[0x7f5c542141b0] Symfony\Component\HttpKernel\Kernel->handle(object[0x7f5c54214200]) /...../vendor/symfony/http-kernel/Kernel.php:184 
[0x7f5c54214100] (main) /...../web/app.php:10 
[0x7f5c54214020] (main) /...../index.php:53 

DiscountCalculator.php:155

$dataGeneral = cache_remember('_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', 60*60, static function() use($conn) {
  $conn->setDebugData(__FILE__, __LINE__);
    return $conn->fetchAll('xxxxxxx', [DomainConf::getDomainId()]);
});

``

### PHP Version

8.2.5

### Operating System

OL8

[nielsdos]

It looks like a heap corruption, so the origin of the actual problem could be anywhere I'm afraid.

Some questions to begin with:

• Does this problem occur frequently, i.e. does it always happen, only sometimes, or rarely?
• When the problem happens, is it always in the same location it crashes?
• Do you use SSL/TLS-enabled database connections? I'm asking this because I did a change related to SSL database connections in 8.2.5...
• Are you able to compile PHP yourself? This would allow to get more info about the issue by using the address sanitizer and by enabling debug assertions.

[sitnikov]

1 - yes 30-50% requests will crash
2 - some location ok
3 - no
4 - yes, custom build

this is prod server and i can't run this version again without fix.

You can see screenshot and log from dnf

2023-06-02T00:07:01+0300 DEBUG ---> Package php82-fpm.x86_64 8.2.1-1 will be upgraded
2023-06-02T00:46:28+0300 DEBUG Downgraded: php82-fpm-8.2.1-1.x86_64

[nielsdos]

If you can give a way so we can reproduce the issue on our own systems, that would be great. Otherwise it's going to be difficult to debug this.

Alternatively if you are able to trigger the issue with a custom build in a test environment, this would allow you to get more info. If that's possible, then you can configure your PHP build with the ./configure options --enable-address-sanitizer and --enable-debug-assertions (besides the ones you already use). If you then set the environment variable USE_ZEND_ALLOC=0 then the address sanitizer will be able to report memory corruptions.

Alternatively, performing a bisect between the commits of 8.2.1 and 8.2.5 would also work I guess.

Of course I understand if this is not really possible in your situation. The problem right now is that there's too little information to figure out what goes wrong I'm afraid...

[github-actions]

No feedback was provided. The issue is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so. Thank you.

[sitnikov]

Crash still exist, please don't close ticket

[iluuu1994]

@sitnikov Can you try the steps above from @nielsdos?

[sitnikov]

the crash was observed on the prod, I'm looking for options to reproduce it in the dev environment