0002297: Crash in exception handler - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0002297	Xdebug	Uncategorized	public	2024-10-12 12:43	2024-10-13 16:02

Reporter	schlndh	Assigned To	derick
Priority	normal	Severity	crash	Reproducibility	always
Status	confirmed	Resolution	open
Product Version	3.3.2

Summary	0002297: Crash in exception handler
Description	I'm working on a web application which uses Tracy to catch and report errors. However, when I run into an exception with Xdebug enabled then PHP often crashes (SIGSEGV) inside of Tracy. I was able to reduce the issue down from thousands of lines of code to 3 small files by gradually inlining and removing code. At this point it seems that I can't remove any more code.
Steps To Reproduce	Download the attached php and phtml files. Run index.php like this: php -n -d zend_extension=xdebug.so -d xdebug.mode=develop,debug index.php
Additional Information	php -v: PHP 8.3.12 (cli) (built: Sep 29 2024 09:30:18) (NTS) Copyright (c) The PHP Group Zend Engine v4.3.12, Copyright (c) Zend Technologies with Xdebug v3.3.2, Copyright (c) 2002-2024, by Derick Rethans The crash does NOT happen when Xdebug is not loaded. The crash also does NOT happen with USE_ZEND_ALLOC=0 ZEND_DONT_UNLOAD_MODULES=1.
Tags	segfault
Attached Files	valgrind.log (4,099 bytes) ==1655039== Memcheck, a memory error detector ==1655039== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. ==1655039== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info ==1655039== Command: /usr/bin/php -n -d zend_extension=xdebug.so -d xdebug.mode=develop,debug index.php ==1655039== ==1655039== Invalid read of size 8 ==1655039== at 0x5E6524: zend_mm_alloc_small (zend_alloc.c:1312) ==1655039== by 0x5E6524: zend_mm_alloc_heap (zend_alloc.c:1383) ==1655039== by 0x5E6524: _emalloc (zend_alloc.c:2613) ==1655039== by 0x6259A1: zend_string_alloc (zend_string.h:174) ==1655039== by 0x6259A1: zend_string_init (zend_string.h:196) ==1655039== by 0x6259A1: _zend_hash_str_add_or_update_i (zend_hash.c:953) ==1655039== by 0x6259A1: zend_hash_str_update (zend_hash.c:1030) ==1655039== by 0x6195BC: zend_symtable_str_update (zend_hash.h:576) ==1655039== by 0x6195BC: add_assoc_zval_ex (zend_API.c:1906) ==1655039== by 0x7B4D092: UnknownInlinedFun (stack.c:438) ==1655039== by 0x7B4D092: zval_from_stack_add_frame (stack.c:467) ==1655039== by 0x7B4D4AE: zval_from_stack (stack.c:495) ==1655039== by 0x7B4FB23: xdebug_develop_throw_exception_hook (stack.c:1252) ==1655039== by 0x7B2BF87: UnknownInlinedFun (base.c:1543) ==1655039== by 0x7B2BF87: xdebug_throw_exception_hook (base.c:1495) ==1655039== by 0x34AA3D: zend_throw_exception_internal (zend_exceptions.c:219) ==1655039== by 0x34AB3C: zend_throw_exception_zstr (zend_exceptions.c:839) ==1655039== by 0x34ABD1: zend_throw_exception (zend_exceptions.c:848) ==1655039== by 0x335B43: zend_type_error (zend.c:1775) ==1655039== by 0x637A0E: ZEND_STRLEN_SPEC_CV_HANDLER (zend_vm_execute.h:40393) ==1655039== Address 0x250000000007c577 is not stack'd, malloc'd or (recently) free'd ==1655039== ==1655039== ==1655039== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==1655039== General Protection Fault ==1655039== at 0x5E6524: zend_mm_alloc_small (zend_alloc.c:1312) ==1655039== by 0x5E6524: zend_mm_alloc_heap (zend_alloc.c:1383) ==1655039== by 0x5E6524: _emalloc (zend_alloc.c:2613) ==1655039== by 0x6259A1: zend_string_alloc (zend_string.h:174) ==1655039== by 0x6259A1: zend_string_init (zend_string.h:196) ==1655039== by 0x6259A1: _zend_hash_str_add_or_update_i (zend_hash.c:953) ==1655039== by 0x6259A1: zend_hash_str_update (zend_hash.c:1030) ==1655039== by 0x6195BC: zend_symtable_str_update (zend_hash.h:576) ==1655039== by 0x6195BC: add_assoc_zval_ex (zend_API.c:1906) ==1655039== by 0x7B4D092: UnknownInlinedFun (stack.c:438) ==1655039== by 0x7B4D092: zval_from_stack_add_frame (stack.c:467) ==1655039== by 0x7B4D4AE: zval_from_stack (stack.c:495) ==1655039== by 0x7B4FB23: xdebug_develop_throw_exception_hook (stack.c:1252) ==1655039== by 0x7B2BF87: UnknownInlinedFun (base.c:1543) ==1655039== by 0x7B2BF87: xdebug_throw_exception_hook (base.c:1495) ==1655039== by 0x34AA3D: zend_throw_exception_internal (zend_exceptions.c:219) ==1655039== by 0x34AB3C: zend_throw_exception_zstr (zend_exceptions.c:839) ==1655039== by 0x34ABD1: zend_throw_exception (zend_exceptions.c:848) ==1655039== by 0x335B43: zend_type_error (zend.c:1775) ==1655039== by 0x637A0E: ZEND_STRLEN_SPEC_CV_HANDLER (zend_vm_execute.h:40393) ==1655039== ==1655039== HEAP SUMMARY: ==1655039== in use at exit: 2,416,628 bytes in 19,768 blocks ==1655039== total heap usage: 22,106 allocs, 2,338 frees, 3,080,151 bytes allocated ==1655039== ==1655039== LEAK SUMMARY: ==1655039== definitely lost: 25,120 bytes in 785 blocks ==1655039== indirectly lost: 40 bytes in 1 blocks ==1655039== possibly lost: 1,735,712 bytes in 12,447 blocks ==1655039== still reachable: 655,756 bytes in 6,535 blocks ==1655039== suppressed: 0 bytes in 0 blocks ==1655039== Rerun with --leak-check=full to see details of leaked memory ==1655039== ==1655039== For lists of detected and suppressed errors, rerun with: -s ==1655039== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) valgrind.log (4,099 bytes) my-tracy-page.phtml (165 bytes) <?php $code = $exception->getCode() ? ' #' . $exception->getCode() : ''; $ex = $exception; $exceptions = []; require __DIR__ . '/my-tracy-section-exception.phtml'; my-tracy-page.phtml (165 bytes) index.php (2,126 bytes) <?php declare(strict_types=1); class My_BlueScreen { public function __construct() { } /** * Renders blue screen. / public function render(\Throwable $exception): void { $dump = $this->getDumper(); require __DIR__ . '/my-tracy-page.phtml'; } /* * Should a file be collapsed in stack trace? * @internal / public function isCollapsed(string $file): bool { $file = strtr($file, '\\', '/') . '/'; return false; } /* * Extract a snippet from the code, highlights the row and column, and adds line numbers. / public static function highlightLine(string $html, int $line, int $column = 0): string { $lines = explode("\n", "\n" . $html); return ''; } /* * Returns syntax highlighted source code. / public static function highlightFile( string $file, int $line, int $lines = 15, bool $php = true, int $column = 0, ): ?string { $source = @file_get_contents($file); // @ file may not exist if ($source === false) { return null; } return self::highlightLine($source, $line, $column); } public function renderAsHtml(): string { $location = null; $html = null; return ($location \|\| strlen($html) > 100 ? "\n" : ''); } /* @internal / public function getDumper(): \Closure { return function ($var, $key = null): string { return $this->renderAsHtml(); }; } } set_exception_handler(function (\Throwable $ex) { (new My_BlueScreen())->render($ex); echo "done\n"; exit(255); }); class My_NotFoundException2 extends \RuntimeException { protected string $from; public function __construct(string $message, int $code = 404, ?Throwable $previous = null) { parent::__construct($message, $code, $previous); $this->from = $this->getTrace()[1]['class'] ?? $this->getTrace()[0]['class'] ?? self::class; } } class Dispatcher { public function dispatch( ) { throw new My_NotFoundException2('adasd'); } } class FrontController { public function dispatch() { $dispatcher = new Dispatcher(); $dispatcher->dispatch(new stdClass(), new stdClass()); } } $fc = (new FrontController())->dispatch(); die('here'); index.php (2,126 bytes) my-tracy-section-exception.phtml (697 bytes) <?php namespace FooBar; $title ='a'; $code = ''; if ($ex->getMessage()): htmlspecialchars($title . $code, ENT_QUOTES \| ENT_SUBSTITUTE \| ENT_HTML5, 'UTF-8'); endif; $stack = $ex->getTrace(); if (in_array($stack[0]['class'] ?? null, [], true)) { } if ( $this->isCollapsed($ex->getFile()) ) { } if (!$stack) { return; } foreach ($stack as $row): $sourceOriginal = isset($row['file']) && @is_file($row['file']) ? [$row['file'], $row['line']] : null; if ($sourceOriginal): \My_BlueScreen::highlightFile(...$sourceOriginal); endif; if (!empty($row['args'])): foreach ($row['args'] as $k => $v) { $dump($v, $k); } endif; endforeach; my-tracy-section-exception.phtml (697 bytes) backtrace.txt (21,639 bytes) (gdb) bt full #0 zend_mm_alloc_small (heap=0x7ffff4e00040, bin_num=3) at /usr/src/debug/php/php-8.3.12/Zend/zend_alloc.c:1312 p = 0x2500007ffff4e578 #1 zend_mm_alloc_heap (heap=0x7ffff4e00040, size=<optimized out>) at /usr/src/debug/php/php-8.3.12/Zend/zend_alloc.c:1383 ptr = <optimized out> ptr = <optimized out> #2 _emalloc (size=<optimized out>) at /usr/src/debug/php/php-8.3.12/Zend/zend_alloc.c:2613 No locals. #3 0x000055555591d9a2 in zend_string_alloc (len=5, persistent=<optimized out>) at /usr/src/debug/php/php-8.3.12/Zend/zend_string.h:174 ret = <optimized out> ret = <optimized out> #4 zend_string_init (str=0x7ffff4e57a58 "title", len=5, persistent=<optimized out>) at /usr/src/debug/php/php-8.3.12/Zend/zend_string.h:196 ret = <optimized out> ret = <optimized out> #5 _zend_hash_str_add_or_update_i (ht=0x7ffff4e03cb0, str=0x7ffff4e57a58 "title", len=5, h=9223372247583795751, pData=0x7fffffffa280, flag=1) at /usr/src/debug/php/php-8.3.12/Zend/zend_hash.c:953 key = <optimized out> nIndex = <optimized out> idx = 1 p = 0x7ffff4e6c340 key = <optimized out> nIndex = <optimized out> idx = <optimized out> p = <optimized out> add_to_hash = <optimized out> data = <optimized out> _z1 = <optimized out> _z2 = <optimized out> _gc = <optimized out> _t = <optimized out> _z1 = <optimized out> _z2 = <optimized out> _gc = <optimized out> _t = <optimized out> #6 zend_hash_str_update (ht=ht@entry=0x7ffff4e03cb0, str=str@entry=0x7ffff4e57a58 "title", len=len@entry=5, pData=0x7fffffffa280) at /usr/src/debug/php/php-8.3.12/Zend/zend_hash.c:1030 h = 9223372247583795751 #7 0x00005555559115bd in zend_symtable_str_update (ht=0x7ffff4e03cb0, str=0x7ffff4e57a58 "title", len=5, pData=0x5) at /usr/src/debug/php/php-8.3.12/Zend/zend_hash.h:576 idx = 140737302067800 idx = <optimized out> #8 add_assoc_zval_ex (arg=arg@entry=0x7fffffffa270, key=0x7ffff4e57a58 "title", key_len=5, value=value@entry=0x7fffffffa280) at /usr/src/debug/php/php-8.3.12/Zend/zend_API.c:1906 No locals. #9 0x00007ffff5352093 in zval_from_stack_add_frame_variables (opa=0x7ffff4e7f400, symbols=<optimized out>, edata=0x7ffff4e14290, frame=0x7ffff4e5f0e0) at /usr/src/debug/xdebug/xdebug-3.3.2/src/develop/stack.c:438 symbol_name = 0x555556a42740 symbol = {value = {lval = 93825012086272, dval = 4.6355715192466739e-310, counted = 0x555556843600, str = 0x555556843600, arr = 0x555556843600, obj = 0x555556843600, res = 0x555556843600, ref = 0x555556843600, ast = 0x555556843600, zv = 0x555556843600, ptr = 0x555556843600, ce = 0x555556843600, func = 0x555556843600, ww = {w1 = 1451505152, w2 = 21845}}, u1 = { type_info = 6, v = {type = 6 '\006', type_flags = 0 '\000', u = {extra = 0}}}, u2 = {next = 3355382166, cache_slot = 3355382166, opline_num = 3355382166, lineno = 3355382166, num_args = 3355382166, fe_pos = 3355382166, fe_iter_idx = 3355382166, guard = 3355382166, constant_flags = 3355382166, extra = 3355382166}} j = 0 variables = {value = {lval = 140737301724336, dval = 6.9533465870388447e-310, counted = 0x7ffff4e03cb0, str = 0x7ffff4e03cb0, arr = 0x7ffff4e03cb0, obj = 0x7ffff4e03cb0, res = 0x7ffff4e03cb0, ref = 0x7ffff4e03cb0, ast = 0x7ffff4e03cb0, zv = 0x7ffff4e03cb0, ptr = 0x7ffff4e03cb0, ce = 0x7ffff4e03cb0, func = 0x7ffff4e03cb0, ww = {w1 = 4108336304, w2 = 32767}}, u1 = { type_info = 775, v = {type = 7 '\a', type_flags = 3 '\003', u = {extra = 0}}}, u2 = {next = 21845, cache_slot = 21845, opline_num = 21845, lineno = 21845, num_args = 21845, fe_pos = 21845, fe_iter_idx = 21845, guard = 21845, constant_flags = 21845, extra = 21845}} #10 zval_from_stack_add_frame (output=0x7ffff5377480 <xdebug_globals+1024>, fse=0x555556a3f360, edata=0x7ffff4e14290, add_local_vars=true, params_as_values=true) at /usr/src/debug/xdebug/xdebug-3.3.2/src/develop/stack.c:467 frame = <optimized out> #11 0x00007ffff53524af in zval_from_stack (output=output@entry=0x7ffff5377480 <xdebug_globals+1024>, add_local_vars=add_local_vars@entry=true, params_as_values=params_as_values@entry=true) at /usr/src/debug/xdebug/xdebug-3.3.2/src/develop/stack.c:495 fse = 0x555556a3f360 next_fse = 0x555556a3f450 i = 3 #12 0x00007ffff5354b24 in xdebug_develop_throw_exception_hook (exception=0x7ffff4e5d500, file=0x7ffff4e5d558, line=0x7ffff4e5d568, code=<optimized out>, code_str=<optimized out>, message=0x7ffff4e5d528) at /usr/src/debug/xdebug/xdebug-3.3.2/src/develop/stack.c:1252 exception_ce = 0x5555568df120 exception_trace = <optimized out> tmp_str = {l = 1868, a = 2431, d = 0x555556a41d10 "\nTypeError: strlen(): Argument #1 ($string) must be of type string, null given in /home/schlndh/devel/custom/xdebug-sigsegv/index.php on line 68\n\nCall Stack:\n 0.0002 482592 1. {closure:/home/"...} z_previous_exception = <optimized out> z_last_exception_slot = <optimized out> z_previous_trace = <optimized out> previous_exception_obj = <optimized out> dummy = {value = {lval = 140737488331680, dval = 6.9533558066666379e-310, counted = 0x7fffffffa3a0, str = 0x7fffffffa3a0, arr = 0x7fffffffa3a0, obj = 0x7fffffffa3a0, res = 0x7fffffffa3a0, ref = 0x7fffffffa3a0, ast = 0x7fffffffa3a0, zv = 0x7fffffffa3a0, ptr = 0x7fffffffa3a0, ce = 0x7fffffffa3a0, func = 0x7fffffffa3a0, ww = {w1 = 4294943648, w2 = 32767}}, u1 = { type_info = 4108679456, v = {type = 32 ' ', type_flags = 121 'y', u = {extra = 62693}}}, u2 = {next = 32767, cache_slot = 32767, opline_num = 32767, lineno = 32767, num_args = 32767, fe_pos = 32767, fe_iter_idx = 32767, guard = 32767, constant_flags = 32767, extra = 32767}} #13 0x00007ffff5330f88 in xdebug_throw_exception_hook (exception=0x7ffff4e5d500) at /usr/src/debug/xdebug/xdebug-3.3.2/src/base/base.c:1543 code = 0x7ffff4e5d548 message = 0x7ffff4e5d528 file = 0x7ffff4e5d558 line = 0x7ffff4e5d568 exception_ce = <optimized out> code_str = 0x0 dummy = {value = {lval = 140737488331824, dval = 6.9533558066737524e-310, counted = 0x7fffffffa430, str = 0x7fffffffa430, arr = 0x7fffffffa430, obj = 0x7fffffffa430, res = 0x7fffffffa430, ref = 0x7fffffffa430, ast = 0x7fffffffa430, zv = 0x7fffffffa430, ptr = 0x7fffffffa430, ce = 0x7fffffffa430, func = 0x7fffffffa430, ww = {w1 = 4294943792, w2 = 32767}}, u1 = { type_info = 1081540096, v = {type = 0 '\000', type_flags = 254 '\376', u = {extra = 16502}}}, u2 = {next = 3355382166, cache_slot = 3355382166, opline_num = 3355382166, lineno = 3355382166, num_args = 3355382166, fe_pos = 3355382166, fe_iter_idx = 3355382166, guard = 3355382166, constant_flags = 3355382166, extra = 3355382166}} #14 xdebug_throw_exception_hook (exception=0x7ffff4e5d500) at /usr/src/debug/xdebug/xdebug-3.3.2/src/base/base.c:1495 code = <optimized out> message = <optimized out> file = <optimized out> line = <optimized out> exception_ce = <optimized out> code_str = <optimized out> dummy = <optimized out> #15 0x0000555555642a3e in zend_throw_exception_internal (exception=0x7ffff4e5d500) at /usr/src/debug/php/php-8.3.12/Zend/zend_exceptions.c:219 No locals. #16 0x0000555555642b3d in zend_throw_exception_zstr (exception_ce=exception_ce@entry=0x5555568df120, message=message@entry=0x7ffff4e7b3c0, code=code@entry=0) at /usr/src/debug/php/php-8.3.12/Zend/zend_exceptions.c:839 ex = {value = {lval = 140737302091008, dval = 6.9533466051548485e-310, counted = 0x7ffff4e5d500, str = 0x7ffff4e5d500, arr = 0x7ffff4e5d500, obj = 0x7ffff4e5d500, res = 0x7ffff4e5d500, ref = 0x7ffff4e5d500, ast = 0x7ffff4e5d500, zv = 0x7ffff4e5d500, ptr = 0x7ffff4e5d500, ce = 0x7ffff4e5d500, func = 0x7ffff4e5d500, ww = {w1 = 4108702976, w2 = 32767}}, u1 = { type_info = 776, v = {type = 8 '\b', type_flags = 3 '\003', u = {extra = 0}}}, u2 = {next = 32767, cache_slot = 32767, opline_num = 32767, lineno = 32767, num_args = 32767, fe_pos = 32767, fe_iter_idx = 32767, guard = 32767, constant_flags = 32767, extra = 32767}} tmp = {value = {lval = 140737302213568, dval = 6.9533466112101171e-310, counted = 0x7ffff4e7b3c0, str = 0x7ffff4e7b3c0, arr = 0x7ffff4e7b3c0, obj = 0x7ffff4e7b3c0, res = 0x7ffff4e7b3c0, ref = 0x7ffff4e7b3c0, ast = 0x7ffff4e7b3c0, zv = 0x7ffff4e7b3c0, ptr = 0x7ffff4e7b3c0, ce = 0x7ffff4e7b3c0, func = 0x7ffff4e7b3c0, ww = {w1 = 4108825536, w2 = 32767}}, u1 = { type_info = 262, v = {type = 6 '\006', type_flags = 1 '\001', u = {extra = 0}}}, u2 = {next = 0, cache_slot = 0, opline_num = 0, lineno = 0, num_args = 0, fe_pos = 0, fe_iter_idx = 0, guard = 0, constant_flags = 0, extra = 0}} #17 0x0000555555642bd2 in zend_throw_exception (exception_ce=0x5555568df120, message=message@entry=0x7ffff4e7f500 "strlen(): Argument #1 ($string) must be of type string, null given", code=code@entry=0) at /usr/src/debug/php/php-8.3.12/Zend/zend_exceptions.c:848 msg_str = 0x7ffff4e7b3c0 ex = <optimized out> #18 0x000055555562db44 in zend_type_error (format=format@entry=0x555555c20e8e "strlen(): Argument #1 ($string) must be of type string, %s given") at /usr/src/debug/php/php-8.3.12/Zend/zend.c:1775 va = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffa610, reg_save_area = 0x7fffffffa540}} message = 0x7ffff4e7f500 "strlen(): Argument #1 ($string) must be of type string, null given" #19 0x000055555592fa0f in ZEND_STRLEN_SPEC_CV_HANDLER () at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:40393 strict = <optimized out> value = 0x7ffff4e146e0 #20 0x000055555597dd2d in execute_ex (ex=0x818a0) at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:60627 vm_stack_data = {orig_opline = 0x7ffff4e970a0, orig_execute_data = 0x7ffff4e145e0, hybrid_jit_red_zone = "\200p7\365\377\177\000\0000\274\241VUU\000"} #21 0x00005555556406eb in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:2052 call = 0x7ffff4e14680 fbc = 0x7ffff4e13b48 ret = <optimized out> #22 0x0000555555641913 in execute_ex (ex=0x818a0) at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:57256 vm_stack_data = {orig_opline = 0x7ffff4ea9b80, orig_execute_data = 0x7ffff4e14290, hybrid_jit_red_zone = "\200p7\365\377\177\000\0000\274\241VUU\000"} #23 0x00005555556406eb in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:2052 call = 0x7ffff4e145e0 fbc = 0x7ffff4e7c638 ret = <optimized out> #24 0x0000555555641913 in execute_ex (ex=0x818a0) at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:57256 vm_stack_data = {orig_opline = 0x7ffff4e94500, orig_execute_data = 0x7ffff4e14170, hybrid_jit_red_zone = "X6\340\364\377\177\000\0000\274\241VUU\000"} #25 0x000055555594fbee in ZEND_INCLUDE_OR_EVAL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:5125 return_value = <optimized out> --Type <RET> for more, q to quit, c to continue without paging-- call = 0x7ffff4e14290 new_op_array = 0x7ffff4e7f400 inc_filename = <optimized out> #26 0x000055555597c0e9 in execute_ex (ex=0x818a0) at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:57332 vm_stack_data = {orig_opline = 0x7ffff4e7c3c0, orig_execute_data = 0x7ffff4e140c0, hybrid_jit_red_zone = "\200{\345\364\377\177\000\0000\274\241VUU\000"} #27 0x000055555594fbee in ZEND_INCLUDE_OR_EVAL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:5125 return_value = <optimized out> call = 0x7ffff4e14170 new_op_array = 0x7ffff4e7f300 inc_filename = <optimized out> #28 0x000055555597c0e9 in execute_ex (ex=0x818a0) at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:57332 vm_stack_data = {orig_opline = 0x7ffff4e715c0, orig_execute_data = 0x7ffff4e14020, hybrid_jit_red_zone = "\200p7\365\377\177\000\0000\274\241VUU\000"} #29 0x00005555556406eb in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:2052 call = 0x7ffff4e140c0 fbc = 0x7ffff4e13788 ret = <optimized out> #30 0x0000555555641913 in execute_ex (ex=0x818a0) at /usr/src/debug/php/php-8.3.12/Zend/zend_vm_execute.h:57256 vm_stack_data = {orig_opline = 0x0, orig_execute_data = 0x7fffffffad10, hybrid_jit_red_zone = "\020\255\377\377\377\177\000\0000\274\241VUU\000"} #31 0x00005555558fc8e9 in zend_call_function (fci=fci@entry=0x7fffffffad10, fci_cache=<optimized out>, fci_cache@entry=0x0) at /usr/src/debug/php/php-8.3.12/Zend/zend_execute_API.c:957 orig_jit_trace_num = 0 i = <optimized out> call = 0x7ffff4e14020 fci_cache_local = {function_handler = 0x7ffff4e7c4b8, calling_scope = 0x0, called_scope = 0x0, object = 0x0, closure = 0x7ffff4e7c480} func = <optimized out> call_info = <optimized out> object_or_called_scope = <optimized out> orig_fake_scope = 0x0 #32 0x00005555558fcbe7 in _call_user_function_impl (object=object@entry=0x0, function_name=function_name@entry=0x7fffffffad70, retval_ptr=retval_ptr@entry=0x7fffffffad80, param_count=param_count@entry=1, params=params@entry=0x7fffffffad90, named_params=named_params@entry=0x0) at /usr/src/debug/php/php-8.3.12/Zend/zend_execute_API.c:753 fci = {size = 64, function_name = {value = {lval = 140737302217856, dval = 6.9533466114219724e-310, counted = 0x7ffff4e7c480, str = 0x7ffff4e7c480, arr = 0x7ffff4e7c480, obj = 0x7ffff4e7c480, res = 0x7ffff4e7c480, ref = 0x7ffff4e7c480, ast = 0x7ffff4e7c480, zv = 0x7ffff4e7c480, ptr = 0x7ffff4e7c480, ce = 0x7ffff4e7c480, func = 0x7ffff4e7c480, ww = {w1 = 4108829824, w2 = 32767}}, u1 = {type_info = 776, v = {type = 8 '\b', type_flags = 3 '\003', u = {extra = 0}}}, u2 = {next = 32767, cache_slot = 32767, opline_num = 32767, lineno = 32767, num_args = 32767, fe_pos = 32767, fe_iter_idx = 32767, guard = 32767, constant_flags = 32767, extra = 32767}}, retval = 0x7fffffffad80, params = 0x7fffffffad90, object = 0x0, param_count = 1, named_params = 0x0} #33 0x000055555562dec8 in zend_user_exception_handler () at /usr/src/debug/php/php-8.3.12/Zend/zend.c:1849 orig_user_exception_handler = {value = {lval = 140737302217856, dval = 6.9533466114219724e-310, counted = 0x7ffff4e7c480, str = 0x7ffff4e7c480, arr = 0x7ffff4e7c480, obj = 0x7ffff4e7c480, res = 0x7ffff4e7c480, ref = 0x7ffff4e7c480, ast = 0x7ffff4e7c480, zv = 0x7ffff4e7c480, ptr = 0x7ffff4e7c480, ce = 0x7ffff4e7c480, func = 0x7ffff4e7c480, ww = {w1 = 4108829824, w2 = 32767}}, u1 = {type_info = 776, v = {type = 8 '\b', type_flags = 3 '\003', u = {extra = 0}}}, u2 = {next = 32767, cache_slot = 32767, opline_num = 32767, lineno = 32767, num_args = 32767, fe_pos = 32767, fe_iter_idx = 32767, guard = 32767, constant_flags = 32767, extra = 32767}} params = {{value = {lval = 140737302234048, dval = 6.9533466122219635e-310, counted = 0x7ffff4e803c0, str = 0x7ffff4e803c0, arr = 0x7ffff4e803c0, obj = 0x7ffff4e803c0, res = 0x7ffff4e803c0, ref = 0x7ffff4e803c0, ast = 0x7ffff4e803c0, zv = 0x7ffff4e803c0, ptr = 0x7ffff4e803c0, ce = 0x7ffff4e803c0, func = 0x7ffff4e803c0, ww = {w1 = 4108846016, w2 = 32767}}, u1 = { type_info = 776, v = {type = 8 '\b', type_flags = 3 '\003', u = {extra = 0}}}, u2 = {next = 21845, cache_slot = 21845, opline_num = 21845, lineno = 21845, num_args = 21845, fe_pos = 21845, fe_iter_idx = 21845, guard = 21845, constant_flags = 21845, extra = 21845}}} retval2 = {value = {lval = 140737301790752, dval = 6.9533465903202311e-310, counted = 0x7ffff4e14020, str = 0x7ffff4e14020, arr = 0x7ffff4e14020, obj = 0x7ffff4e14020, res = 0x7ffff4e14020, ref = 0x7ffff4e14020, ast = 0x7ffff4e14020, zv = 0x7ffff4e14020, ptr = 0x7ffff4e14020, ce = 0x7ffff4e14020, func = 0x7ffff4e14020, ww = {w1 = 4108402720, w2 = 32767}}, u1 = { type_info = 0, v = {type = 0 '\000', type_flags = 0 '\000', u = {extra = 0}}}, u2 = {next = 0, cache_slot = 0, opline_num = 0, lineno = 0, num_args = 0, fe_pos = 0, fe_iter_idx = 0, guard = 0, constant_flags = 0, extra = 0}} old_exception = 0x7ffff4e803c0 #34 0x000055555562df89 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /usr/src/debug/php/php-8.3.12/Zend/zend.c:1897 files = {{gp_offset = 40, fp_offset = 32767, overflow_arg_area = 0x7fffffffae80, reg_save_area = 0x7fffffffae10}} i = 1 file_handle = 0x7fffffffd2c0 op_array = 0x7ffff4e7f000 ret = SUCCESS #35 0x000055555589a4a5 in php_execute_script (primary_file=primary_file@entry=0x7fffffffd2c0) at /usr/src/debug/php/php-8.3.12/main/main.c:2528 realfile = "/home/schlndh/devel/custom/xdebug-sigsegv/index.php", '\000' <repeats 853 times>... __orig_bailout = <optimized out> __bailout = {{__jmpbuf = {93825012039168, -323519010319077086, 93825012039424, 93825011722688, 93825012039424, 93825011101016, -323519011109703390, -5847935384189112030}, __mask_was_saved = 0, __saved_mask = {__val = {140737343569904, 140737488338928, 140737342096468, 140737488338976, 140737488338976, 93825012964512, 4096, 140737488339200, 93824995949707, 140737488216064, 140737488351232, 8388608, 18446744073709551615, 7234582441407964727, 7378645706714656869, 3472387902693336678}}}} prepend_file_p = <optimized out> append_file_p = <optimized out> prepend_file = {handle = {fp = 0x1b6, stream = {handle = 0x1b6, isatty = 1452383392, reader = 0x5555ffffffff, fsizer = 0x7ffff75ebff0 <_IO_file_jumps>, closer = 0x7fffffffbf30}}, filename = 0x7ffff75ebea0 <__io_vtables>, opened_path = 0x0, type = 136 '\210', primary_script = 255, in_list = 255, buf = 0x0, len = 93825012882240} append_file = {handle = {fp = 0x7fffffffbf60, stream = {handle = 0x7fffffffbf60, isatty = -146098738, reader = 0x7fffffffc000, fsizer = 0x7fffffffc008, closer = 0x555556905c06}}, filename = 0x555556919ca0, opened_path = 0x0, type = 0 '\000', primary_script = false, in_list = false, buf = 0x7fffffffbf90 "", len = 18446744073709551496} old_cwd = <optimized out> use_heap = <optimized out> retval = false #36 0x0000555555a03876 in do_cli (argc=argc@entry=7, argv=argv@entry=0x555556837dd0) at /usr/src/debug/php/php-8.3.12/sapi/cli/php_cli.c:966 __orig_bailout = 0x7fffffffe4d0 __bailout = {{__jmpbuf = {0, -323519008616189662, 0, 0, 93825011824736, 93825011101016, -323519010329562846, -5847935577361190622}, __mask_was_saved = 0, __saved_mask = {__val = {93824999345658, 93824999345667, 93824999345691, 93824999345704, 93824999345721, 93824999345742, 93824999345762, 93824999345779, 93824999345800, 93824999345810, 93824999345824, 93824999345846, 93824999345865, 93824999345892, 93824999345921, 93824999345949}}}} c = <optimized out> file_handle = {handle = {fp = 0x555556919ca0, stream = {handle = 0x555556919ca0, isatty = 0, reader = 0x555555989430 <zend_stream_stdio_reader>, fsizer = 0x555555989360 <zend_stream_stdio_fsizer>, closer = 0x555555989400 <zend_stream_stdio_closer>}}, filename = 0x7ffff4e02000, opened_path = 0x7ffff4e700a0, type = 2 '\002', primary_script = true, in_list = true, buf = 0x7ffff4e59e00 "<?php\n\ndeclare(strict_types=1);\n\nclass My_BlueScreen\n{\n\tpublic function __construct()\n\t{\n\t}\n\n\n\t/\n\t Renders blue screen.\n\t */\n\tpublic function render(\\Throwable $exception): void\n\t{\n\t\t$dump = $this"..., len = 2126} behavior = 1 reflection_what = 0x0 request_started = 1 php_optarg = 0x555556837ed0 "xdebug.mode=develop,debug" orig_optarg = 0x0 php_optind = 7 orig_optind = 1 exec_direct = 0x0 exec_run = 0x0 exec_begin = 0x0 exec_end = 0x0 arg_free = <optimized out> arg_excp = <optimized out> script_file = 0x555556837f00 "index.php" translated_path = <optimized out> interactive = false param_error = <optimized out> hide_argv = false num_repeats = 1 pid = 1652913 #37 0x000055555564cb8f in main (argc=7, argv=0x555556837dd0) at /usr/src/debug/php/php-8.3.12/sapi/cli/php_cli.c:1340 __orig_bailout = 0x0 __bailout = {{__jmpbuf = {1, -323519008601509598, 0, 0, 93825011824736, 93825011101016, -323519008626675422, -5847937195823959774}, __mask_was_saved = 0, __saved_mask = {__val = {4607, 140737488348968, 93825011962528, 140737488348512, 140737343576768, 4607, 18446744073709551552, 140737488348968, 140737306378936, 140737488348576, 140737342255106, 140737488348576, 140737306378848, 3348558691198135399, 73728, 3348558691198135399}}}} c = <optimized out> exit_status = 0 module_started = 1 sapi_started = 1 php_optarg = 0x555556837ed0 "xdebug.mode=develop,debug" php_optind = 6 use_extended_info = <optimized out> ini_path_override = 0x0 ini_builder = {value = 0x5555568381a0 "html_errors=0\nregister_argc_argv=1\nimplicit_flush=1\noutput_buffering=0\nmax_execution_time=0\nmax_input_time=-1\nzend_extension=xdebug.so\nxdebug.mode=develop,debug\n", length = 161} ini_ignore = <optimized out> sapi_module = <optimized out> backtrace.txt (21,639 bytes)

Operating System	ArchLinux (kernel 6.11.2)
PHP Version	8.3.10-8.3.19

derick 2024-10-13 14:28 administrator ~0007072	I can indeed replicate this with your excellent reproducible case. Thanks! I'll have a look to see as to how to fix this.

derick 2024-10-13 16:02 administrator ~0007073	I can now reproduce this with a much smaller case: `<?php set_exception_handler(function (\Throwable $exception) { $code = '#' . $exception->getCode(); eval('$code = 43; strlen();'); }); throw new RuntimeException('');` Run with: `USE_ZEND_ALLOC=0 valgrind php -n -d zend_extension=xdebug.so -d xdebug.mode=develop,debug index.php`

Date Modified	Username	Field	Change
2024-10-12 12:43	schlndh	New Issue
2024-10-12 12:43	schlndh	Tag Attached: segfault
2024-10-12 12:43	schlndh	File Added: valgrind.log
2024-10-12 12:43	schlndh	File Added: my-tracy-page.phtml
2024-10-12 12:43	schlndh	File Added: index.php
2024-10-12 12:43	schlndh	File Added: my-tracy-section-exception.phtml
2024-10-12 12:43	schlndh	File Added: backtrace.txt
2024-10-13 14:28	derick	Assigned To	=> derick
2024-10-13 14:28	derick	Status	new => confirmed
2024-10-13 14:28	derick	Note Added: 0007072
2024-10-13 16:02	derick	Note Added: 0007073