View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001434 | Xdebug | Uncategorized | public | 2017-05-01 20:55 | 2017-05-15 22:34 |
Reporter | nacc | Assigned To | derick | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | Linux | OS | Ubuntu | OS Version | 17.10 i386 |
Product Version | 2.5.3 | ||||
Fixed in Version | 2.5.4 | ||||
Summary | 0001434: phpunit testcases segmentation fault with PHP 7.1.4, xdebug 2.5.3 on 32-bit architectures | ||||
Description | Hello! I am currently migrating Ubuntu from PHP7.0 to 7.1 and while most packages are moving along ok, I am hitting a fatal segmentation fault on 32-bit architectures only in the xdebug code when running the phpunit unittests. From the build directory: ./phpunit --colors=never --coverage-text=php://stdout IgnoreCodeCoverageClassTest tests/_files/IgnoreCodeCoverageClassTest.php --whitelist tests/_files/IgnoreCodeCoverageClass.php PHPUnit 5.4.6 by Sebastian Bergmann and contributors. Runtime: PHP 7.1.4-2ubuntu1 with Xdebug 2.5.3 Configuration: /tmp/autopkgtest.TSCc2n/build.B8M/phpunit-5.4.6/phpunit.xml Segmentation fault (core dumped) Adding gdb: #0 xdebug_set_in_ex (set=0x56adf1a8, position=153391744, noisy=1) at ./build-7.1/xdebug_set.c:71 #1 0xf583204f in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=<optimized out>, position@entry=61, set=set@entry=0x56adf1a8, branch_info=0x0) at ./build-7.1/xdebug_code_coverage.c:719 0000002 0xf583221d in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=54, position@entry=37, set=set@entry=0x56adf1a8, branch_info=0x0) at ./build-7.1/xdebug_code_coverage.c:743 0000003 0xf583221d in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=36, position@entry=25, set=set@entry=0x56adf1a8, branch_info=0x0) at ./build-7.1/xdebug_code_coverage.c:743 0000004 0xf583221d in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=position@entry=24, set=set@entry=0x56adf1a8, branch_info=0x0) at ./build-7.1/xdebug_code_coverage.c:743 0000005 0xf583221d in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=23, position@entry=0, set=set@entry=0x56adf1a8, branch_info=0x0) at ./build-7.1/xdebug_code_coverage.c:743 0000006 0xf583392b in xdebug_analyse_oparray (branch_info=<optimized out>, set=0x56adf1a8, opa=0xf5b2d428) at ./build-7.1/xdebug_code_coverage.c:801 0000007 prefill_from_oparray (filename=0xee8bf3a8 "/usr/share/php/SebastianBergmann/CodeCoverage/CodeCoverage.php", op_array=0xf5b2d428) at ./build-7.1/xdebug_code_coverage.c:886 0000008 0xf5833b58 in prefill_from_function_table (opa=<optimized out>) at ./build-7.1/xdebug_code_coverage.c:928 0000009 prefill_from_class_table (class_entry=0xf5b2c4e8) at ./build-7.1/xdebug_code_coverage.c:964 0000010 xdebug_prefill_code_coverage (op_array=0xf5ad0ae4) at ./build-7.1/xdebug_code_coverage.c:996 0000011 0xf5833bd4 in xdebug_code_coverage_start_of_function (op_array=0xf5ad0ae4, function_name=0x56adf158 "SebastianBergmann\\CodeCoverage\\Filter->getWhitelist") at ./build-7.1/xdebug_code_coverage.c:1009 0000012 0xf582e0f9 in xdebug_execute_ex (execute_data=0xf5a13900) at ./build-7.1/xdebug.c:1990 0000013 0x567fe148 in ?? () 0000014 0x567a07e2 in execute_ex () 0000015 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a13830) at ./build-7.1/xdebug.c:2031 0000016 0x567fe786 in ?? () 0000017 0x567a07e2 in execute_ex () 0000018 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a137c0) at ./build-7.1/xdebug.c:2031 0000019 0x567fe786 in ?? () 0000020 0x567a07e2 in execute_ex () 0000021 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a135f0) at ./build-7.1/xdebug.c:2031 0000022 0x567fe786 in ?? () 0000023 0x567a07e2 in execute_ex () 0000024 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a13430) at ./build-7.1/xdebug.c:2031 0000025 0x567fe786 in ?? () 0000026 0x567a07e2 in execute_ex () 0000027 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a13320) at ./build-7.1/xdebug.c:2031 0000028 0x567fe786 in ?? () 0000029 0x567a07e2 in execute_ex () 0000030 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a131c0) at ./build-7.1/xdebug.c:2031 0000031 0x567fe148 in ?? () 0000032 0x567a07e2 in execute_ex () 0000033 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a130d0) at ./build-7.1/xdebug.c:2031 0000034 0x567fe148 in ?? () #35 0x567a07e2 in execute_ex () 0000036 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a13060) at ./build-7.1/xdebug.c:2031 0000037 0x567fe786 in ?? () 0000038 0x567a07e2 in execute_ex () 0000039 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a13020) at ./build-7.1/xdebug.c:2031 0000040 0x568009b2 in zend_execute () 0000041 0x56756f9d in zend_execute_scripts () 0000042 0x566f2264 in php_execute_script () 0000043 0x56802e0d in ?? () 0000044 0x565c37a8 in main () I will try to get the debug packages installed (I had to build xdebug 2.5.3 locally) to get a better backtrace. | ||||
Steps To Reproduce | I reproduce it using the autopkgtest framework used by Ubuntu and Debian. I believe it would be reproducible with PHP 7.1.4 and xdebug 2.5.3 and phpunit 5.4.6. I've tried a newer phpunit and it also seems to happen there, but I'm trying to verify that still. | ||||
Additional Information | I apologize in advance for the lower quality of this report -- I'm trying to get the information out there in case it's something obvious I'm missing so I can help get PHP7.1 rolled out quickly in the 17.10 cycle. | ||||
Tags | No tags attached. | ||||
Operating System | |||||
PHP Version | 7.1.0-7.1.4 | ||||
|
When you say " From the build directory:", how do I get to that state? |
|
Yeah, a good question :) If you have an ubuntu system (16.04 or later), you should be able to do: $ pull-lp-source -d phpunit $ autopkgtest -s -U phpunit_5.4.6-1.dsc --apt-pocket=proposed -- autopkgtest-virt-lxd ubuntu-daily:artful/i386 This does presume the 'autopkgtest' package is installed and LXD has been configured. It should drop you to a shell in the container when the tests fail. |
|
Sorry, that's probably too much for me to sort out. Can you tell me how to reproduce this otherwise with a phpunit install (or git clone), and a 32-bit PHP 7 available? |
|
Ok, I think I got it with the following (this is done in an Ubuntu 17.10 i386 LXD container, but I think it generalizes): apt build-dep phpunit apt source phpunit cd phpunit ./debian/rules build This should fail with two segmentation faults in testcases. One of which can be run from the extracted env as: ./phpunit --colors=never --coverage-text=php://stdout IgnoreCodeCoverageClassTest tests/_files/IgnoreCodeCoverageClassTest.php --whitelist tests/_files/IgnoreCodeCoverageClass.php The upstream version of phpunit in question is 5.4.6. |
|
Was able to add debug symbols for PHP: #0 xdebug_set_in_ex (set=0x56afbe60, position=153391744, noisy=1) at ./build-7.1/xdebug_set.c:71 #1 0xf5831eff in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=<optimized out>, position@entry=61, set=set@entry=0x56afbe60, branch_info=0x0) at ./build-7.1/xdebug_code_coverage.c:704 0000002 0xf58320cd in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=54, position@entry=37, set=set@entry=0x56afbe60, branch_info=0x0) at ./build-7.1/xdebug_code_coverage.c:728 0000003 0xf58320cd in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=36, position@entry=25, set=set@entry=0x56afbe60, branch_info=0x0) at ./build-7.1/xdebug_code_coverage.c:728 0000004 0xf58320cd in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=position@entry=24, set=set@entry=0x56afbe60, branch_info=0x0) at ./build-7.1/xdebug_code_coverage.c:728 0000005 0xf58320cd in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=23, position@entry=0, set=set@entry=0x56afbe60, branch_info=0x0) at ./build-7.1/xdebug_code_coverage.c:728 0000006 0xf583373b in xdebug_analyse_oparray (branch_info=<optimized out>, set=0x56afbe60, opa=0xf5b2d428) at ./build-7.1/xdebug_code_coverage.c:786 0000007 prefill_from_oparray (filename=0xee8bf3a8 "/usr/share/php/SebastianBergmann/CodeCoverage/CodeCoverage.php", op_array=0xf5b2d428) at ./build-7.1/xdebug_code_coverage.c:871 0000008 0xf5833968 in prefill_from_function_table (opa=<optimized out>) at ./build-7.1/xdebug_code_coverage.c:913 0000009 prefill_from_class_table (class_entry=0xf5b2c4e8) at ./build-7.1/xdebug_code_coverage.c:949 0000010 xdebug_prefill_code_coverage (op_array=0xf5ad0ae4) at ./build-7.1/xdebug_code_coverage.c:981 0000011 0xf58339e4 in xdebug_code_coverage_start_of_function (op_array=0xf5ad0ae4, function_name=0x56adf1d8 "SebastianBergmann\\CodeCoverage\\Filter->getWhitelist") at ./build-7.1/xdebug_code_coverage.c:994 0000012 0xf582e019 in xdebug_execute_ex (execute_data=0xf5a13900) at ./build-7.1/xdebug.c:1954 0000013 0x567fe148 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at ./Zend/zend_vm_execute.h:1076 0000014 0x567a07e2 in execute_ex (ex=0xf5a13830) at ./Zend/zend_vm_execute.h:429 0000015 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a13830) at ./build-7.1/xdebug.c:1995 0000016 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949 0000017 0x567a07e2 in execute_ex (ex=0xf5a137c0) at ./Zend/zend_vm_execute.h:429 0000018 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a137c0) at ./build-7.1/xdebug.c:1995 0000019 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949 0000020 0x567a07e2 in execute_ex (ex=0xf5a135f0) at ./Zend/zend_vm_execute.h:429 0000021 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a135f0) at ./build-7.1/xdebug.c:1995 0000022 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949 0000023 0x567a07e2 in execute_ex (ex=0xf5a13430) at ./Zend/zend_vm_execute.h:429 0000024 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a13430) at ./build-7.1/xdebug.c:1995 0000025 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949 0000026 0x567a07e2 in execute_ex (ex=0xf5a13320) at ./Zend/zend_vm_execute.h:429 0000027 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a13320) at ./build-7.1/xdebug.c:1995 0000028 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949 0000029 0x567a07e2 in execute_ex (ex=0xf5a131c0) at ./Zend/zend_vm_execute.h:429 0000030 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a131c0) at ./build-7.1/xdebug.c:1995 0000031 0x567fe148 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at ./Zend/zend_vm_execute.h:1076 0000032 0x567a07e2 in execute_ex (ex=0xf5a130d0) at ./Zend/zend_vm_execute.h:429 0000033 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a130d0) at ./build-7.1/xdebug.c:1995 0000034 0x567fe148 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at ./Zend/zend_vm_execute.h:1076 #35 0x567a07e2 in execute_ex (ex=0xf5a13060) at ./Zend/zend_vm_execute.h:429 0000036 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a13060) at ./build-7.1/xdebug.c:1995 0000037 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949 0000038 0x567a07e2 in execute_ex (ex=0xf5a13020) at ./Zend/zend_vm_execute.h:429 0000039 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a13020) at ./build-7.1/xdebug.c:1995 0000040 0x568009b2 in zend_execute (op_array=<optimized out>, return_value=<optimized out>) at ./Zend/zend_vm_execute.h:474 0000041 0x56756f9d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at ./Zend/zend.c:1476 0000042 0x566f2264 in php_execute_script (primary_file=0xffffc3c4) at ./main/main.c:2537 0000043 0x56802e0d in do_cli (argc=8, argv=0x5697d260) at ./sapi/cli/php_cli.c:993 0000044 0x565c37a8 in main (argc=<optimized out>, argv=<optimized out>) at ./sapi/cli/php_cli.c:1381 My suspicion on 32-bit issues is that we successfully pass all tests on amd64, ppc64el and s390x and fail the same tests on armhf and i386. |
|
Hopefully this is not just noise, but some more debugging info from gdb: (gdb) info registers eax 0x1249250 19173968 ecx 0x0 0 edx 0x56b88e98 1454935704 ebx 0xf5863c08 -175752184 esp 0xffff956c 0xffff956c ebp 0x9249280 0x9249280 esi 0x0 0 edi 0x6e4 1764 eip 0xf583f2c3 0xf583f2c3 <xdebug_set_in_ex+19> eflags 0x210206 [ PF IF RF ID ] cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x63 99 (gdb) disassemble Dump of assembler code for function xdebug_set_in_ex: 0xf583f2b0 <+0>: mov 0x4(%esp),%edx 0xf583f2b4 <+4>: mov 0x8(%esp),%ecx 0xf583f2b8 <+8>: mov 0x4(%edx),%edx 0xf583f2bb <+11>: mov %ecx,%eax 0xf583f2bd <+13>: and $0x7,%ecx 0xf583f2c0 <+16>: shr $0x3,%eax => 0xf583f2c3 <+19>: movzbl (%edx,%eax,1),%eax 0xf583f2c7 <+23>: mov $0x1,%edx 0xf583f2cc <+28>: shl %cl,%edx 0xf583f2ce <+30>: and %edx,%eax 0xf583f2d0 <+32>: ret |
|
The problem is easy to spot: #0 xdebug_set_in_ex (set=0x56afbe60, position=153391744, noisy=1) at ./build-7.1/xdebug_set.c:71 the position of 153391744 is way too high, and likely the bug. The last comment was noise ;-) I really need to reproduce this now locally before I can continue. |
|
And I can - it is important that opcache is *also* loaded. |
|
Just a note for myself for reproducibility: /dev/php/xdebug-tests/phpunit $ valgrind ./phpunit --colors=never --coverage-text=php://stdout IgnoreCodeCoverageClassTest tests/_files/IgnoreCodeCoverageClassTest.php --whitelist tests/_files/IgnoreCodeCoverageClass.php ==11944== Memcheck, a memory error detector ==11944== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==11944== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info ==11944== Command: ./phpunit --colors=never --coverage-text=php://stdout IgnoreCodeCoverageClassTest tests/_files/IgnoreCodeCoverageClassTest.php --whitelist tests/_files/IgnoreCodeCoverageClass.php ==11944== PHPUnit 5.4.6 by Sebastian Bergmann and contributors. Runtime: PHP 7.1.6-dev with Xdebug 2.5.3 Configuration: /home/derick/dev/php/xdebug-tests/phpunit/phpunit.xml Segmentation fault |
|
Thank you very much for the fix! |
Date Modified | Username | Field | Change |
---|---|---|---|
2017-05-01 20:55 | nacc | New Issue | |
2017-05-01 21:01 | derick | Note Added: 0004330 | |
2017-05-01 21:01 | derick | Assigned To | => derick |
2017-05-01 21:01 | derick | Status | new => feedback |
2017-05-01 21:08 | nacc | Note Added: 0004331 | |
2017-05-01 21:08 | nacc | Status | feedback => assigned |
2017-05-01 22:09 | derick | Note Added: 0004332 | |
2017-05-01 22:09 | derick | Status | assigned => feedback |
2017-05-01 22:37 | nacc | Note Added: 0004333 | |
2017-05-01 22:37 | nacc | Status | feedback => assigned |
2017-05-03 16:16 | nacc | Note Added: 0004336 | |
2017-05-03 17:27 | nacc | Note Added: 0004337 | |
2017-05-03 22:57 | derick | Note Added: 0004338 | |
2017-05-03 23:07 | derick | Note Added: 0004339 | |
2017-05-05 14:22 | derick | Note Added: 0004340 | |
2017-05-14 21:55 | derick | Status | assigned => closed |
2017-05-14 21:55 | derick | Resolution | open => fixed |
2017-05-14 21:55 | derick | Fixed in Version | => 2.5.4 |
2017-05-15 22:34 | nacc | Note Added: 0004342 | |
2020-03-12 16:35 | derick | Category | Usage problems (Wrong Results) => Variable Display |
2020-03-12 16:38 | derick | Category | Variable Display => Uncategorized |