Segfaults with PHP 7.4.27 fpm and mysqlnd driver

[niclashoyer]

Frequently asked questions

• I have read Frequently Asked Questions

Describe the bug
We started to get a lot of segfaults recently using PHP 7.4.27 FPM. Every segfault is related to the mysqlnd extension and it seems that something goes wrong while executing a PDO statement.

Is this something we can further debug here, or should I open a bug report directly with the PHP developers? Edit: I just figured that new PHP bugs are also on Github now, so I also created an issue there: php/php-src#7877

Feel free to close this, if it is not related to deb.sury.org packaging / compiling.

To Reproduce
I tried to reproduce the error in a minimal example using similar queries, but that did not trigger the problem.

Expected behavior
A call to PDOStatement->execute should not run into a segfault.

Distribution (please complete the following information):

• OS: Ubuntu 20.04
• Architecture: amd64
• Repository: Ubuntu PPA

Package(s) (please complete the following information):

php7.4-fpm:
  Installed: 7.4.27-1+ubuntu20.04.1+deb.sury.org+1
  Candidate: 7.4.27-1+ubuntu20.04.1+deb.sury.org+1
  Version table:
 *** 7.4.27-1+ubuntu20.04.1+deb.sury.org+1 500
        500 http://ppa.launchpad.net/ondrej/php/ubuntu focal/main amd64 Packages
        100 /var/lib/dpkg/status
     7.4.3-4ubuntu2.8 500
        500 http://de.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages focal-updates/universe amd64 Packages
     7.4.3-4ubuntu2.7 500
        500 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages focal-security/universe amd64 Packages
     7.4.3-4ubuntu1 500
        500 http://de.archive.ubuntu.com/ubuntu focal/universe amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages focal/universe amd64 Packages

Additional context
Backtrace using gdb:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f3157ed21bb in ?? () from /usr/lib/php/20190902/mysqlnd.so
(gdb) bt
#0  0x00007f3157ed21bb in ?? () from /usr/lib/php/20190902/mysqlnd.so
#1  0x00007f3157ed3708 in ?? () from /usr/lib/php/20190902/mysqlnd.so
#2  0x00007f3157ede815 in ?? () from /usr/lib/php/20190902/mysqlnd.so
#3  0x00007f3157edaf6d in ?? () from /usr/lib/php/20190902/mysqlnd.so
#4  0x00007f3157eddd8d in ?? () from /usr/lib/php/20190902/mysqlnd.so
#5  0x00007f3157eccaaf in ?? () from /usr/lib/php/20190902/mysqlnd.so
#6  0x00007f3154b20bc6 in ?? () from /usr/lib/php/20190902/pdo_mysql.so
#7  0x00007f3157eab191 in ?? () from /usr/lib/php/20190902/pdo.so
#8  0x000055775c2aafe5 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at ./Zend/zend_vm_execute.h:1730
#9  execute_ex (ex=0x7ffcfb317090) at ./Zend/zend_vm_execute.h:53525
#10 0x000055775c213f6f in zend_call_function (fci=fci@entry=0x7ffcfb317b80, fci_cache=0x7f31452277c8, fci_cache@entry=0x7ffcfb317b60)
    at ./Zend/zend_execute_API.c:820
#11 0x000055775c23ee5c in zend_call_method (object=0x7f30e56e3430, obj_ce=<optimized out>, fn_proxy=0x7f3142c29cd0, 
    function_name=0x55775c2e5bdd "getiterator", function_name_len=<optimized out>, retval_ptr=0x7ffcfb317c60, param_count=0, arg1=0x0, arg2=0x0)
    at ./Zend/zend_interfaces.c:103
#12 0x000055775c23f623 in zend_user_it_new_iterator (ce=ce@entry=0x7f3142c21040, object=object@entry=0x7f30e56e3430, retval=retval@entry=0x7ffcfb317c60)
    at ./Zend/zend_interfaces.c:127

[oerdnj]

This doesn't seem like a packaging issue, so you should report this to the upstream bug tracker. Also I would recommend installing the extra debug symbols for the pdo.so, pdo_mysql.so and mysqlnd.so modules, otherwise the trace is pretty much useless.

Feel free to post the upstream bug URL here when you report it to the upstream.

[niclashoyer]

Upstream just responded that 7.4.27 won't receive bugfixes, but just security fixes: php/php-src#7877 (comment) so we're trying to reproduce on 8.x now

[oerdnj]

If there's a clear patch for 8.x, I can pull it into 7.4 (if possible).