View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002221XdebugUncategorizedpublic2023-12-01 09:582023-12-15 12:24
ReporterWarxcell Assigned Toderick  
PrioritynoneSeveritycrashReproducibilityN/A
Status closedResolutionfixed 
Product Version3.3.0 
Target Version3.3devFixed in Version3.3.1 
Summary0002221: Crash when other extensions run PHP code without the stack being initialised yet
Description

[ 5863.067928] php[741299]: segfault at 8 ip 00007fe78b0b098b sp 00007ffe7f860700 error 4 in xdebug.so[7fe78b0ab000+34000] likely on CPU 3 (core 3, socket 0)

during ./vendor/bin/codecept build, or sometimes inbin/console doctrine:migrations:migrate

Steps To Reproduce

Not sure how to reproduce.

Additional Information

enviornment info:

PHP 8.2.13 (cli) (built: Nov 30 2023 23:58:09) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.13, Copyright (c) Zend Technologies
with Zend OPcache v8.2.13, Copyright (c), by Zend Technologies
with Xdebug v3.3.0, Copyright (c) 2002-2023, by Derick Rethans
with blackfire v1.92.2~linux-musl-x64-non_zts82, https://blackfire.io, by Blackfire

inside image php:8.2-cli-alpine

TagsNo tags attached.
Operating Systemalpine
PHP Version8.2.0-8.2.9

Activities

Szpadel

2023-12-01 10:16

reporter   ~0006692

I believe we are hitting the same issue
php 8.2.13 crashes on start with xdebug enabled
Crash only happens when blackfire extension is also loaded

Program received signal SIGSEGV, Segmentation fault.
xdebug_add_stack_frame (zdata=<optimized out>, zdata@entry=0x0, op_array=op_array@entry=0x7ffff3af5000, type=type@entry=1) at /usr/src/debug/php-pecl-xdebug3-3.3.0/src/src/base/base.c:622
622 tmp = (function_stack_entry) xdebug_vector_push(XG_BASE(stack));
(gdb) print xdebug_globals.globals.base.stack
$1 = (xdebug_vector ) 0x0

looks like stack is for some reason null here

php -v
PHP 8.2.13 (cli) (built: Nov 21 2023 09:55:59) (NTS gcc x86_64)
Copyright (c) The PHP Group
Zend Engine v4.2.13, Copyright (c) Zend Technologies
with blackfire v1.92.2~linux-x64-non_zts82, https://blackfire.io, by Blackfire

CentOS Linux release 7.9.2009 (Core)

Szpadel

2023-12-01 10:17

reporter   ~0006693

I included not correct php -v (without xdebug enabled)
this is correct version:

PHP 8.2.13 (cli) (built: Nov 21 2023 09:55:59) (NTS gcc x86_64)
Copyright (c) The PHP Group
Zend Engine v4.2.13, Copyright (c) Zend Technologies
with Zend OPcache v8.2.13, Copyright (c), by Zend Technologies
with Xdebug v3.3.0, Copyright (c) 2002-2023, by Derick Rethans
with blackfire v1.92.2~linux-x64-non_zts82, https://blackfire.io, by Blackfire

Szpadel

2023-12-01 10:21

reporter   ~0006694

Also xdebug 3.2.2 works without crashing (while keeping everything else the same), I tried to find what could be the reason in github diff, but I'm not familiar with xdebug code base enough to be able to find anything

lv2u

2023-12-01 10:28

reporter   ~0006695

We ran into the same issue this morning. Our quick fix was to revert to 3.2.2.

It looks like 3.3.0 in combination with certain other extension causes the sigfault. In our case it's in combination with Swoole.

I'm currently building a Dockerfile to reproduce the issue. Dropping it here shortly

lv2u

2023-12-01 10:46

reporter   ~0006696

The Dockerfile attached builds an image that runs into the segfaults with 3.3.0.

I must add to this, that we intentionally didn't update Swoole yet in our product. The Dockerfile contains version 5.0.3 of Swoole because of this very reason.
The segfault issue does NOT occur when using the latest version (5.1.1) of Swoole.

Hopefully this provides people smarter than me enough information to understand why this happens.

Dockerfile (1,109 bytes)    
FROM php:8.2.13-cli-alpine3.18@sha256:bc920d642c7ced77868277f93d0ed6182ba1abd75d483da4663ca2cc11aeb328

RUN set -ex \
    && apk update \
    && apk add --no-cache postgresql-dev \
    && apk add --no-cache --virtual .build-requirements $PHPIZE_DEPS linux-headers curl-dev \
    && docker-php-ext-install sockets \
    && docker-php-source extract

# swoole extension
RUN mkdir /usr/src/php/ext/swoole \
    && curl -sfL https://github.com/swoole/swoole-src/archive/v5.0.3.tar.gz -o swoole.tar.gz \
    && tar xfz swoole.tar.gz --strip-components=1 -C /usr/src/php/ext/swoole \
    && docker-php-ext-configure swoole --enable-swoole-pgsql --enable-openssl --enable-sockets --enable-swoole-curl \
    && docker-php-ext-install -j$(nproc) swoole \
    && rm -f swoole.tar.gz $HOME/.composer/*-old.phar


RUN docker-php-source delete \
    && apk del .build-requirements

# xdebug extension
RUN apk add --no-cache --update --virtual build-requirements linux-headers $PHPIZE_DEPS \
    && pecl install xdebug \
    && docker-php-ext-enable xdebug \
    && apk del build-requirements \
    && rm -rf /usr/src/php*
Dockerfile (1,109 bytes)   

Toguy

2023-12-01 12:09

reporter   ~0006697

If someone wants to check out a github thread about this issue on Laravel/sail, here it is: https://github.com/laravel/sail/issues/641
It may helps pinpointing the source of the problem, I don't know.

derick

2023-12-01 13:56

administrator   ~0006698

Szpadel, can you type "bt full" on the gdb prompt after you see "print xdebug_globals.globals.base.stack" — looks like some conflict with blackfire.

Szpadel

2023-12-01 18:44

reporter   ~0006699

sure, let me know if you need anything else

(gdb) bt full
#0 xdebug_add_stack_frame (zdata=<optimized out>, zdata@entry=0x0, op_array=op_array@entry=0x7ffff3af5000, type=type@entry=1) at /usr/src/debug/php-pecl-xdebug3-3.3.0/src/src/base/base.c:622
edata = 0x0
opline_ptr = 0x0
tmp = <optimized out>
cur_opcode = <optimized out>
#1 0x00007ffff7e93884 in xdebug_execute_user_code_begin () at /usr/src/debug/php-pecl-xdebug3-3.3.0/src/src/base/base.c:752
op_array = 0x7ffff3af5000
edata = 0x0
fse = <optimized out>
0000002 0x00007ffff7e93a85 in xdebug_execute_ex (execute_data=0x7ffff3a13020) at /usr/src/debug/php-pecl-xdebug3-3.3.0/src/src/base/base.c:880
run_user_handler = <optimized out>
0000003 0x0000555555a2f9e1 in zend_execute (op_array=0x7ffff3af5000, return_value=0x7ffffffed520) at /usr/src/debug/php-8.2.13/Zend/zend_vm_execute.h:60409
execute_data = 0x7ffff3a13020
object_or_called_scope = <optimized out>
call_info = <optimized out>
0000004 0x00007fffe1fb05a0 in bf_load_embedded_code () from /usr/lib64/php/modules/blackfire.so
No symbol table info available.
0000005 0x00007fffe1f96998 in zm_activate_blackfire () from /usr/lib64/php/modules/blackfire.so
No symbol table info available.
0000006 0x00005555559c5a20 in zend_activate_modules () at /usr/src/debug/php-8.2.13/Zend/zend_API.c:3095
module = 0x7fffe1fdce40
p = 0x55555631b188
0000007 0x0000555555958036 in php_request_startup () at /usr/src/debug/php-8.2.13/main/main.c:1785
orig_bailout = 0x7fffffffcdf0
bailout = {{jmpbuf = {93825002852832, 2865474553841697765, 93824999100360, 93824999100448, 0, 0, 8255487333605295077, 2865473712718070757}, mask_was_saved = 0, saved_mask = {val = {0, 1, 140737488342736, 140737488342576, 5, 140737280737344,
93824998929743, 1, 0, 0, 93824996675202, 140737488342576, 140737488342352, 0, 93824998929743, 19}}}}
retval = SUCCESS
0000008 0x0000555555aa419e in do_cli (argc=3, argv=0x555555f751d0) at /usr/src/debug/php-8.2.13/sapi/cli/php_cli.c:930
orig_bailout = 0x7fffffffdf60
bailout = {{jmpbuf = {0, -8255487335057603611, 0, 93824999101400, 0, 0, 8255487333575934949, 2865473908024263653}, mask_was_saved = 0, saved_mask = {val = {93824998929439, 93824998929448, 93824998929472, 93824998929485, 93824998929502, 93824998929523,
93824998929543, 93824998929560, 93824998929581, 93824998929591, 93824998929605, 93824998929627, 93824998929646, 93824998929673, 93824998929702, 93824998929730}}}}
c = <optimized out>
file_handle = {handle = {fp = 0x7ffff511b640 <_IO_2_1stdin>, stream = {handle = 0x7ffff511b640 <_IO_2_1stdin>, isatty = 0, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x7ffff3a02000, opened_path = 0x0, type = 1 '\001', primary_script = true,
in_list = false, buf = 0x0, len = 0}
behavior = 1
reflection_what = 0x0
request_started = 0
php_optarg = 0x555555f75240 "/etc/php-xdebug-cli.ini"
php_optind = 3
exec_direct = 0x0
exec_run = 0x0
exec_begin = 0x0
exec_end = 0x0
arg_free = 0x555555f75240 "/etc/php-xdebug-cli.ini"
arg_excp = 0x555555f751e0
script_file = <optimized out>
translated_path = 0x0
interactive = false
param_error = <optimized out>
hide_argv = false
num_repeats = 1
pid = 6224
0000009 0x000055555578fdec in main (argc=3, argv=0x555555f751d0) at /usr/src/debug/php-8.2.13/sapi/cli/php_cli.c:1333
orig_bailout = 0x0
bailout = {{jmpbuf = {0, 2865474536548582373, 0, 93824999101400, 0, 0, 8255487333953422309, 2865473485012845541}, mask_was_saved = 0, saved_mask = {val = {135136, 0, 93825002848864, 134560, 140737301529066, 4185718668, 140737301505312, 140737301508448,
0, 0, 140737301509019, 140737301508448, 93825002848304, 140737311258146, 93824997842813, 1}}}}
c = <optimized out>
exit_status = 0
module_started = 1
sapi_started = 1
php_optarg = 0x555555f75240 "/etc/php-xdebug-cli.ini"
php_optind = 3
use_extended_info = 0
ini_path_override = 0x555555f75260 "/etc/php-xdebug-cli.ini"
ini_builder = {value = 0x555555f754c0 "html_errors=0\nregister_argc_argv=1\nimplicit_flush=1\noutput_buffering=0\nmax_execution_time=0\nmax_input_time=-1\n", length = 110}
ini_ignore = 0
sapi_module = <optimized out>

derick

2023-12-02 19:17

administrator   ~0006700

Szpadel, I think you can work around this, by making sure Xdebug gets loaded after blackfire (so that it shows up below blackfire in php -v) output.

The real issue is, is that improved the way how Xdebug overrides functions, and by doing so moved the check whether the stack was empty into the wrong place. My test suite doesn't cover it, as things like blackfire are closed source. I think the patch in https://github.com/xdebug/xdebug/pull/934 — You can also check out this by cloning my fork (git@github.com:derickr/xdebug.git) and using the issue2221-empty-stack-blackfire branch.

edsrzf

2023-12-04 19:40

reporter   ~0006702

Thanks Derick, I can confirm that your fix addresses a similar crash I was seeing with the Datadog tracing extension.

derick

2023-12-06 17:59

administrator   ~0006706

https://github.com/xdebug/xdebug/pull/936

Yurun

2023-12-08 02:27

reporter   ~0006715

The fix in https://github.com/xdebug/xdebug/commit/5e13c7b7b1d2b2efc21098bc47d2047878d714a7 is not complete, Swoole still has a segfault.

This is my pr: https://github.com/xdebug/xdebug/pull/938

derick

2023-12-12 18:37

administrator   ~0006725

https://github.com/xdebug/xdebug/pull/942

derick

2023-12-15 12:24

administrator   ~0006729

I have released Xdebug 3.3.1, in which I believe this is now all fixed. Please try it, and if there are still issues, please file a new ticket.

Issue History

Date Modified Username Field Change
2023-12-01 09:58 Warxcell New Issue
2023-12-01 10:16 Szpadel Note Added: 0006692
2023-12-01 10:17 Szpadel Note Added: 0006693
2023-12-01 10:21 Szpadel Note Added: 0006694
2023-12-01 10:28 lv2u Note Added: 0006695
2023-12-01 10:46 lv2u Note Added: 0006696
2023-12-01 10:46 lv2u File Added: Dockerfile
2023-12-01 12:09 Toguy Note Added: 0006697
2023-12-01 13:56 derick Assigned To => derick
2023-12-01 13:56 derick Status new => feedback
2023-12-01 13:56 derick Note Added: 0006698
2023-12-01 18:44 Szpadel Note Added: 0006699
2023-12-02 19:17 derick Note Added: 0006700
2023-12-02 19:17 derick Target Version => 3.3dev
2023-12-02 19:17 derick Summary php command killed with exit code 319 => Crash when other extensions run PHP code without the stack being initialised yet
2023-12-04 19:40 edsrzf Note Added: 0006702
2023-12-06 17:59 derick Note Added: 0006706
2023-12-06 18:00 derick Status feedback => closed
2023-12-06 18:00 derick Resolution open => fixed
2023-12-06 18:00 derick Fixed in Version => 3.3dev
2023-12-08 02:27 Yurun Note Added: 0006715
2023-12-12 18:37 derick Status closed => confirmed
2023-12-12 18:37 derick Note Added: 0006725
2023-12-13 12:14 derick Status confirmed => closed
2023-12-14 17:32 derick Fixed in Version 3.3dev => 3.3.1
2023-12-15 12:24 derick Note Added: 0006729