View Issue Details

IDProjectCategoryView StatusLast Update
0001590XdebugUncategorizedpublic2019-01-22 21:57
Reporterdwilks Assigned Toderick  
PriorityhighSeveritycrashReproducibilityalways
Status resolvedResolutionduplicate 
PlatformN/AOS* 
Product Version2.7.0beta1 
Summary0001590: Xdebug segfaults
Description

Run the attached main.php through Apache (standard config not PFM). It does not reproduce as a script. With xdebug enabled I reliably get a segfault without xdebug enabled everything works.

Steps To Reproduce

Extract the attached tar file
Point a browser or curl at main.php
Seg Fault

In a fuller version of the test case with too much IP to post a second execution would cause an opcache assertion error

Assertion failed: (op_array->opcodes[def].result_type & ((1<<1)|(1<<2))), function dce_live_ranges, file /Users/dwilks/src/php-src-PHP-7.3.0/ext/opcache/Optimizer/dce.c, line 515.

Additional Information

PHP 7.3.0RC6 (cli) (built: Nov 21 2018 11:50:03) ( NTS DEBUG )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.0-dev, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.3.0RC6, Copyright (c) 1999-2018, by Zend Technologies
with Xdebug v2.7.0beta2-dev, Copyright (c) 2002-2018, by Derick Rethans

Back trace

  • thread #1, queue = com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0xffffffffffffffff)
    • frame #0: 0x000000010f03db31 libphp73.sozend_gc_addref(p=0xffffffffffffffff) at zend_types.h:991 frame #1: 0x000000010f03d570 libphp73.sozval_addref_p(pz=0x000000011621f2a0) at zend_types.h:1025
      frame 0000002: 0x000000010efdceb3 libphp73.soZEND_SEND_VAR_EX_SPEC_CV_QUICK_HANDLER(execute_data=0x000000011621f240) at zend_vm_execute.h:37385 frame 0000003: 0x000000010f022102 libphp73.soZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f240) at zend_vm_execute.h:1829
      frame 0000004: 0x000000010efb5944 libphp73.soexecute_ex(ex=0x000000011621f240) at zend_vm_execute.h:55287 frame 0000005: 0x000000011618c9a0 xdebug.soxdebug_execute_ex(execute_data=0x000000011621f240) at xdebug.c:1868
      frame 0000006: 0x000000010efdb3e5 libphp73.soZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER(execute_data=0x000000011621f1d0) at zend_vm_execute.h:1083 frame 0000007: 0x000000010f022102 libphp73.soZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f1d0) at zend_vm_execute.h:1829
      frame 0000008: 0x000000010efb5944 libphp73.soexecute_ex(ex=0x000000011621f1d0) at zend_vm_execute.h:55287 frame 0000009: 0x000000011618c9a0 xdebug.soxdebug_execute_ex(execute_data=0x000000011621f1d0) at xdebug.c:1868
      frame 0000010: 0x000000010efe1e4a libphp73.soZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data=0x000000011621f180) at zend_vm_execute.h:3295 frame 0000011: 0x000000010f022102 libphp73.soZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f180) at zend_vm_execute.h:1829
      frame 0000012: 0x000000010efb5944 libphp73.soexecute_ex(ex=0x000000011621f180) at zend_vm_execute.h:55287 frame 0000013: 0x000000011618c9a0 xdebug.soxdebug_execute_ex(execute_data=0x000000011621f180) at xdebug.c:1868
      frame 0000014: 0x000000010efe1e4a libphp73.soZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data=0x000000011621f130) at zend_vm_execute.h:3295 frame 0000015: 0x000000010f022102 libphp73.soZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f130) at zend_vm_execute.h:1829
      frame 0000016: 0x000000010efb5944 libphp73.soexecute_ex(ex=0x000000011621f130) at zend_vm_execute.h:55287 frame 0000017: 0x000000011618c9a0 xdebug.soxdebug_execute_ex(execute_data=0x000000011621f130) at xdebug.c:1868
      frame 0000018: 0x000000010efe1e4a libphp73.soZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data=0x000000011621f0e0) at zend_vm_execute.h:3295 frame 0000019: 0x000000010f022102 libphp73.soZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f0e0) at zend_vm_execute.h:1829
      frame 0000020: 0x000000010efb5944 libphp73.soexecute_ex(ex=0x000000011621f0e0) at zend_vm_execute.h:55287 frame 0000021: 0x000000011618c9a0 xdebug.soxdebug_execute_ex(execute_data=0x000000011621f0e0) at xdebug.c:1868
      frame 0000022: 0x000000010efe1e4a libphp73.soZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data=0x000000011621f090) at zend_vm_execute.h:3295 frame 0000023: 0x000000010f022102 libphp73.soZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f090) at zend_vm_execute.h:1829
      frame 0000024: 0x000000010efb5944 libphp73.soexecute_ex(ex=0x000000011621f090) at zend_vm_execute.h:55287 frame 0000025: 0x000000011618c9a0 xdebug.soxdebug_execute_ex(execute_data=0x000000011621f090) at xdebug.c:1868
      frame 0000026: 0x000000010efe1e4a libphp73.soZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data=0x000000011621f030) at zend_vm_execute.h:3295 frame 0000027: 0x000000010f022102 libphp73.soZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f030) at zend_vm_execute.h:1829
      frame 0000028: 0x000000010efb5944 libphp73.soexecute_ex(ex=0x000000011621f030) at zend_vm_execute.h:55287 frame 0000029: 0x000000011618c9a0 xdebug.soxdebug_execute_ex(execute_data=0x000000011621f030) at xdebug.c:1868
      frame 0000030: 0x000000010efb5b4a libphp73.sozend_execute(op_array=0x0000000116282200, return_value=0x0000000000000000) at zend_vm_execute.h:60834 frame 0000031: 0x000000010ef48902 libphp73.sozend_execute_scripts(type=8, retval=0x0000000000000000, file_count=3) at zend.c:1568
      frame 0000032: 0x000000010ee9a8e4 libphp73.sophp_execute_script(primary_file=0x00007ffee191a300) at main.c:2630 frame 0000033: 0x000000010f055fbd libphp73.sophp_handler(r=0x00007fd31885e6a0) at sapi_apache2.c:699
      frame 0000034: 0x000000010e2e8787 httpdap_run_handler + 51 frame #35: 0x000000010e2e8d47 httpdap_invoke_handler + 246
      frame 0000036: 0x000000010e31e138 httpdap_process_async_request + 861 frame 0000037: 0x000000010e31e1cf httpdap_process_request + 20
      frame 0000038: 0x000000010e31ade1 httpdap_process_http_connection + 302 frame 0000039: 0x000000010e2f8e6d httpdap_run_process_connection + 51
      frame 0000040: 0x000000010e32587e httpdchild_main + 1084 frame 0000041: 0x000000010e32532d httpdmake_child + 404
      frame 0000042: 0x000000010e325386 httpdstartup_children + 89 frame 0000043: 0x000000010e324567 httpdprefork_run + 286
      frame 0000044: 0x000000010e2fb1f7 httpdap_run_mpm + 64 frame 0000045: 0x000000010e2efb9c httpdmain + 2108
      frame 0000046: 0x00007fff7ea4d08d libdyld.dylib`start + 1
TagsNo tags attached.
Attached Files
php73segfault.tgz (44,633 bytes)
Operating System
PHP Version7.3-dev

Relationships

duplicate of 0001583 closedderick Xdebug crashes when OPcache's compact literals optimisation is on 

Activities

derick

2018-11-30 11:49

administrator   ~0004730

Last edited: 2018-11-30 11:50

I can reproduce this without Apache, and just running it just like a script and using ZEND_DONT_UNLOAD_MODULES=1 USE_ZEND_ALLOC=0. Valgrind gives me the same (or very similar) trace when running just "ZEND_DONT_UNLOAD_MODULES=1 USE_ZEND_ALLOC=0 php main.php":

<pre>
derick@singlemalt:/tmp/php73segfault $ valgrind php main.php
==27111== Memcheck, a memory error detector
==27111== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==27111== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==27111== Command: php main.php
==27111==
==27111== Conditional jump or move depends on uninitialised value(s)
==27111== at 0x9FE4ED: ZEND_RECV_INIT_SPEC_CONST_HANDLER (zend_vm_execute.h:2229)
==27111== by 0x9FD487: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:1829)
==27111== by 0xA62225: execute_ex (zend_vm_execute.h:55510)
==27111== by 0x86C1555: xdebug_execute_ex (xdebug.c:1868)
==27111== by 0x9FB06C: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1083)
==27111== by 0x9FD487: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:1829)
==27111== by 0xA62225: execute_ex (zend_vm_execute.h:55510)
==27111== by 0x86C1555: xdebug_execute_ex (xdebug.c:1868)
==27111== by 0xA0081F: ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (zend_vm_execute.h:3295)
==27111== by 0x9FD487: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:1829)
==27111== by 0xA62225: execute_ex (zend_vm_execute.h:55510)
==27111== by 0x86C1555: xdebug_execute_ex (xdebug.c:1868)
==27111==
done==27111==
</pre>

dwilks

2018-12-08 00:24

reporter   ~0004754

Just FYI... here's the opcache assertion that I mentioned distilled into a case simpler than this one. https://bugs.php.net/bug.php?id=77266 this fails w/o xdebug.

derick

2018-12-11 11:07

administrator   ~0004762

This looks the same as 0001592.

derick

2019-01-22 21:24

administrator   ~0004821

This is a duplicate of 0001583.

Issue History

Date Modified Username Field Change
2018-11-29 20:56 dwilks New Issue
2018-11-29 20:56 dwilks File Added: php73segfault.tgz
2018-11-30 11:48 derick Summary segfault running script first time in restarted apache => Xdebug segfaults
2018-11-30 11:48 derick Additional Information Updated
2018-11-30 11:49 derick Note Added: 0004730
2018-11-30 11:49 derick Assigned To => derick
2018-11-30 11:49 derick Status new => acknowledged
2018-11-30 11:49 derick Note Edited: 0004730
2018-11-30 11:50 derick Note Edited: 0004730
2018-11-30 11:50 derick Status acknowledged => confirmed
2018-11-30 11:50 derick Priority normal => high
2018-11-30 11:50 derick Category Feature/Change request => Usage problems (Wrong Results)
2018-11-30 11:50 derick OS OS X => *
2018-11-30 11:50 derick OS Version 10.14.1 =>
2018-11-30 11:50 derick Platform Mac => N/A
2018-11-30 11:50 derick Target Version => 2.7.0dev
2018-12-08 00:24 dwilks Note Added: 0004754
2018-12-11 11:07 derick Note Added: 0004762
2019-01-22 21:24 derick Note Added: 0004821
2019-01-22 21:24 derick Relationship added duplicate of 0001583
2019-01-22 21:24 derick Status confirmed => resolved
2019-01-22 21:24 derick Resolution open => duplicate
2019-01-22 21:57 derick Target Version 2.7.0dev =>
2020-03-12 16:35 derick Category Usage problems (Wrong Results) => Variable Display
2020-03-12 16:38 derick Category Variable Display => Uncategorized