View Issue Details

IDProjectCategoryView StatusLast Update
0002139XdebugCode Coveragepublic2022-12-08 23:37
Reportershyim Assigned Toderick  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionno change required 
PlatformGithub ActionOSUbuntuOS Version22.04
Product Version3.1.5 
Summary0002139: PHP crash on generating coverage report using PHPUnit
Description

I am generating a code coverage in the CI using setup-php action and I got an segmentation fault while generating coverage.

See: https://github.com/shyim/platform/actions/runs/3535408200/jobs/5933396514

Steps To Reproduce

Clone https://github.com/shopware/platform
composer install
bin/console system:setup point to an MySQL

/usr/bin/php -d memory_limit=-1 --configuration phpunit.xml.dist --exclude-group needsWebserver,quarantined --testsuite storefront --coverage-cobertura phpunit.coverage.storefront.xml

0x0000555555875f2c in ?? ()
(gdb) bt
#0 0x0000555555875f2c in ?? ()
#1 0x00005555558a1b2f in execute_ex ()
0000002 0x00007ffff566ab72 in xdebug_execute_ex (execute_data=0x7ffff5414020) at ./build-8.1/src/base/base.c:779
0000003 0x000055555582caac in zend_call_function ()
0000004 0x000055555582cd79 in _call_user_function_impl ()
0000005 0x00005555557f3e36 in ?? ()
0000006 0x00005555557ecca4 in _php_stream_free ()
0000007 0x00005555557ecf46 in ?? ()
0000008 0x0000555555850325 in ?? ()
0000009 0x00005555558508dc in ?? ()
0000010 0x000055555582afec in zend_shutdown_executor_values ()
0000011 0x000055555582b0c3 in ?? ()
0000012 0x000055555583afe3 in zend_deactivate ()
0000013 0x00005555557d6d86 in php_request_shutdown ()
0000014 0x0000555555922fa0 in ?? ()
0000015 0x0000555555679f78 in ?? ()
0000016 0x00007ffff7639083 in __libc_start_main (main=0x555555679b70, argc=18, argv=0x7fffffffcef8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffcee8) at ../csu/libc-start.c:308
0000017 0x000055555567a74e in _start ()

We use also Library https://github.com/dg/bypass-finals which does Crazy stuff with file stream wrapper. Maybe that triggers it?

TagsNo tags attached.
Operating System
PHP Version8.1.10-8.1.19

Activities

shyim

2022-11-23 22:32

reporter   ~0006451

Program received signal SIGSEGV, Segmentation fault.
ZEND_CALL_TRAMPOLINE_SPEC_OBSERVER_HANDLER () at ./Zend/zend_vm_execute.h:3458
3458 ./Zend/zend_vm_execute.h: No such file or directory.
(gdb) bt
#0 ZEND_CALL_TRAMPOLINE_SPEC_OBSERVER_HANDLER () at ./Zend/zend_vm_execute.h:3458
#1 0x00005555558a1b2f in execute_ex (ex=0x7ffff5414020) at ./Zend/zend_vm_execute.h:55910
0000002 0x00007ffff566ab72 in xdebug_execute_ex (execute_data=0x7ffff5414020) at ./build-8.1/src/base/base.c:779
0000003 0x000055555582caac in zend_call_function (fci=<optimized out>, fci_cache=<optimized out>) at ./Zend/zend_execute_API.c:908
0000004 0x000055555582cd79 in _call_user_function_impl (object=<optimized out>, function_name=function_name@entry=0x7fffffffaaf0, retval_ptr=retval_ptr@entry=0x7fffffffab00, param_count=param_count@entry=0, params=params@entry=0x0, named_params=named_params@entry=0x0)
at ./Zend/zend_execute_API.c:708
0000005 0x00005555557f3e36 in php_userstreamop_close (stream=<optimized out>, close_handle=<optimized out>) at ./Zend/zend_types.h:556
0000006 0x00005555557ecca4 in _php_stream_free (stream=<optimized out>, close_options=close_options@entry=11) at ./main/streams/streams.c:474
0000007 0x00005555557ecf46 in stream_resource_regular_dtor (rsrc=<optimized out>) at ./main/streams/streams.c:1665
0000008 0x0000555555850325 in zend_resource_dtor (res=<optimized out>) at ./Zend/zend_list.c:73
0000009 0x00005555558508dc in zend_close_rsrc_list (ht=0x555555aba870 <executor_globals+560>) at ./Zend/zend_list.c:224
0000010 0x000055555582afec in zend_shutdown_executor_values (fast_shutdown=fast_shutdown@entry=true) at ./Zend/zend_execute_API.c:270
0000011 0x000055555582b0c3 in shutdown_executor () at ./Zend/zend_execute_API.c:403
0000012 0x000055555583afe3 in zend_deactivate () at ./Zend/zend.c:1271
0000013 0x00005555557d6d86 in php_request_shutdown (dummy=dummy@entry=0x0) at ./main/main.c:1847
0000014 0x0000555555922fa0 in do_cli (argc=18, argv=0x555555ad57b0) at ./sapi/cli/php_cli.c:1135
0000015 0x0000555555679f78 in main (argc=18, argv=0x555555ad57b0) at ./sapi/cli/php_cli.c:1367
(gdb)

Back trace with symbols.

Created also a Coredump using GDB if it helps, but it is 4,7GB

derick

2022-11-23 22:47

administrator   ~0006452

Yeah, don't send me that core dump :-) I'll see if I can reproduce this tomorrow. Can you add your php -i output though please as an attachment?

shyim

2022-11-23 22:51

reporter   ~0006453

Here is the PHP info http://sprunge.us/WfxR0P. Thanks! :)

derick

2022-11-24 17:32

administrator   ~0006455

I had to start the phpunit run differently:

XDEBUG_MODE=coverage php -d memory_limit=-1 ./vendor/bin/phpunit --configuration phpunit.xml.dist --exclude-group needsWebserver,quarantined --testsuite storefront --coverage-cobertura phpunit.coverage.storefront.xml

It's been running for a while now, but no crash yet. From your backtrace I can see it's on request shutdown... so I am going to have to wait for that.

derick

2022-12-06 14:08

administrator   ~0006462

A much faster test that shows the problem (within valgrind) is:

valgrind php -d memory_limit=-1 ./vendor/bin/phpunit --configuration phpunit.xml.dist --exclude-group needsWebserver,quarantined,slow,cache,review,skip-paratest --testsuite storefront --filter 'Framework\Routing\NotFound\NotFoundSubscriberTest::testError'

derick

2022-12-08 17:22

administrator   ~0006464

Hi,

this took some time to figure out, but it looks like this is a bug in PHP, and not in Xdebug — although Xdebug does trigger it. If you swap out Xdebug for the (useless) skeleton extension (https://github.com/derickr/extension-skeleton.git) and load that instead of Xdebug, I get the exact same valgrind error/crash at request shutdown. It does indeed look like DG's Bypass Finals is also required to trigger the bug.

I've made a reproduce case with that extension to be given to the PHP project (where I might work on it myself):
https://gist.github.com/derickr/4d175ae672fdf9ee2a7b5a276df73585

With valgrind, the warning (and subsequent crash) looks like, running as:

USE_ZEND_ALLOC=0 valgrind php -n -dmemory_limit=4G -d extension=skeleton ./vendor/bin/phpunit --configuration phpunit.xml.dist --exclude-group needsWebserver,quarantined,slow,cache,review,skip-paratest --testsuite storefront  --filter 'Framework\\Routing\\NotFound\\NotFoundSubscriberTest::testError' 2>&1 | less

Result:

==3098455== Invalid read of size 8
==3098455==    at 0x9A551A: ZEND_CALL_TRAMPOLINE_SPEC_OBSERVER_HANDLER (zend_vm_execute.h:3459)
==3098455==    by 0xA11233: execute_ex (zend_vm_execute.h:55911)
==3098455==    by 0x48591DE: skeleton_execute_ex (skeleton.c:48)
==3098455==    by 0x94BC5B: zend_call_function (zend_execute_API.c:912)
==3098455==    by 0x94B167: _call_user_function_impl (zend_execute_API.c:712)
==3098455==    by 0x8F15C9: php_userstreamop_close (userspace.c:708)
==3098455==    by 0x8E3463: _php_stream_free (streams.c:475)
==3098455==    by 0x8E6056: stream_resource_regular_dtor (streams.c:1666)
==3098455==    by 0x97FCB5: zend_resource_dtor (zend_list.c:73)
==3098455==    by 0x9801AB: zend_close_rsrc_list (zend_list.c:224)
==3098455==    by 0x949B02: zend_shutdown_executor_values (zend_execute_API.c:270)
==3098455==    by 0x94A404: shutdown_executor (zend_execute_API.c:403)
==3098455==    by 0x96212B: zend_deactivate (zend.c:1271)
==3098455==    by 0x8C661E: php_request_shutdown (main.c:1847)
==3098455==    by 0xACDBE6: do_cli (php_cli.c:1135)
==3098455==    by 0xACE31E: main (php_cli.c:1367)
==3098455==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==3098455== 
==3098455== 
==3098455== Process terminating with default action of signal 11 (SIGSEGV)
==3098455==  Access not within mapped region at address 0x0
==3098455==    at 0x9A551A: ZEND_CALL_TRAMPOLINE_SPEC_OBSERVER_HANDLER (zend_vm_execute.h:3459)
==3098455==    by 0xA11233: execute_ex (zend_vm_execute.h:55911)
==3098455==    by 0x48591DE: skeleton_execute_ex (skeleton.c:48)
==3098455==    by 0x94BC5B: zend_call_function (zend_execute_API.c:912)
==3098455==    by 0x94B167: _call_user_function_impl (zend_execute_API.c:712)
==3098455==    by 0x8F15C9: php_userstreamop_close (userspace.c:708)
==3098455==    by 0x8E3463: _php_stream_free (streams.c:475)
==3098455==    by 0x8E6056: stream_resource_regular_dtor (streams.c:1666)
==3098455==    by 0x97FCB5: zend_resource_dtor (zend_list.c:73)
==3098455==    by 0x9801AB: zend_close_rsrc_list (zend_list.c:224)
==3098455==    by 0x949B02: zend_shutdown_executor_values (zend_execute_API.c:270)
==3098455==    by 0x94A404: shutdown_executor (zend_execute_API.c:403)
==3098455==    by 0x96212B: zend_deactivate (zend.c:1271)
==3098455==    by 0x8C661E: php_request_shutdown (main.c:1847)
==3098455==    by 0xACDBE6: do_cli (php_cli.c:1135)
==3098455==    by 0xACE31E: main (php_cli.c:1367)

cheers,
Derick

shyim

2022-12-08 23:37

reporter   ~0006467

Thanks for digging more into it :)
So the issue happens on any Observer extension? Do you want to create a GitHub issue at php/php-src as I would just copy and paste your findings

And thanks, thanks for looking into!

Issue History

Date Modified Username Field Change
2022-11-23 22:06 shyim New Issue
2022-11-23 22:32 shyim Note Added: 0006451
2022-11-23 22:47 derick Note Added: 0006452
2022-11-23 22:51 shyim Note Added: 0006453
2022-11-24 17:32 derick Note Added: 0006455
2022-12-06 14:08 derick Note Added: 0006462
2022-12-06 14:08 derick Status new => assigned
2022-12-08 17:22 derick Assigned To => derick
2022-12-08 17:22 derick Status assigned => resolved
2022-12-08 17:22 derick Resolution open => no change required
2022-12-08 17:22 derick Note Added: 0006464
2022-12-08 23:37 shyim Note Added: 0006467