php -v

New info: setting xdebug.collect_params to 0 prevents the crash

Hi, I would need a (short) reproducible script. It seems you can make one as you have a valgrind trace.

Additionally: I would also like a GDB back trace on the moment valgrind bails out. Please run PHP with "export USE_ZEND_ALLOC=0", and then valgrind with --db-attach=yes:

valgrind --db-attach=yes path/to/php etc.

on the prompt, once it has shown you that warning/error, type "bt full".

Hi, I'm still unable to create a reproducible script but will still work on it.

In the meantime I tried to get something from gdb/valgrind. I need to execute the script from within apache so I tried to use apache2 -X to achieve that. I was able to to enter debugger from valgrind when it shows an error but bt and bt full gave me literally no output.

However I successfully crashed it when run using gdb and got the stack trace at the time of SIGSEGV and this is the output:
---CUT HERE---
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff01acc91 in xdebug_objdebug_pp (zval_pp=zval_pp@entry=0x7fffffff9b78, is_tmp=is_tmp@entry=0x7fffffff9b0c)
at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_var.c:57
57 if (!XG(in_debug_info) && Z_OBJ_HANDLER(dzval, get_debug_info)) {
(gdb) bt full
#0 0x00007ffff01acc91 in xdebug_objdebug_pp (zval_pp=zval_pp@entry=0x7fffffff9b78, is_tmp=is_tmp@entry=0x7fffffff9b0c)
at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_var.c:57
dzval = {value = {lval = 0, dval = 0, counted = 0x0, str = 0x0, arr = 0x0, obj = 0x0, res = 0x0, ref = 0x0, ast = 0x0, zv = 0x0, ptr = 0x0, ce = 0x0,
func = 0x0, ww = {w1 = 0, w2 = 0}}, u1 = {v = {type = 8 '\b', type_flags = 12 '\f', const_flags = 0 '\000', reserved = 2 '\002'}, type_info = 33557512},
u2 = {var_flags = 1, next = 1, cache_slot = 1, lineno = 1, num_args = 1, fe_pos = 1, fe_iter_idx = 1}}
tmp = <optimized out>
#1 0x00007ffff01adb3d in xdebug_var_export (struc=struc@entry=0x7fffffff9b78, str=str@entry=0x7fffffff9b80, level=level@entry=1, debug_zval=debug_zval@entry=0,
options=options@entry=0x55555650aa30) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_var.c:1120
myht = <optimized out>
tmp_str = <optimized out>
is_temp = 32767
num = <optimized out>
key = <optimized out>
val = <optimized out>
tmpz = 0x40
0000002 0x00007ffff01ae587 in xdebug_get_zval_value (val=0x7fffd64b8d90, debug_zval=debug_zval@entry=0, options=0x55555650aa30, options@entry=0x0)
at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_var.c:1192
str = {l = 0, a = 0, d = 0x0}
default_options = 1
0000003 0x00007ffff01a6b90 in xdebug_log_stack (error_type_str=error_type_str@entry=0x5555564baa70 "Notice", buffer=<optimized out>,
error_filename=error_filename@entry=0x7fffd914b810 "/usr/wikia/source/trunk/extensions/wikia/EditTagging/EditTaggingHooks.class.php",
error_lineno=error_lineno@entry=214) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_stack.c:223
tmp_varname = 0x55555650c990 ""
tmp_value = <optimized out>
c = 1
variadic_opened = 0
j = 0
tmp_name = <optimized out>
log_buffer = {l = 25, a = 1049, d = 0x555556503ee0 "PHP 10. Article->doEdit("}
le = 0x555556078dc0
i = 0x5555561fdd60
tmp_log_message = <optimized out>
0000004 0x00007ffff01a94f7 in xdebug_error_cb (type=8, error_filename=0x7fffd914b810 "/usr/wikia/source/trunk/extensions/wikia/EditTagging/EditTaggingHooks.class.php",
error_lineno=214, format=<optimized out>, args=<optimized out>) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_stack.c:759
buffer = 0x555556503e40 "Use of undefined constant self - assumed 'self'"
error_type_str = 0x5555564baa70 "Notice"
buffer_len = 47
extra_brk_info = 0x0
error_handling = <optimized out>
exception_class = <optimized out>
0000005 0x00007ffff371fa3c in zend_error (type=type@entry=8, format=format@entry=0x7ffff3964430 "Use of undefined constant %s - assumed '%s'")
at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend.c:1225
str = 0x5555564d6940 "P\361KVUU"
len = <optimized out>
args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffff9ed0, reg_save_area = 0x7fffffff9de0}}
---Type <return> to continue, or q <return> to quit---
usr_copy = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffff9ed0, reg_save_area = 0x7fffffff9de0}}
params = {{value = {lval = 8, dval = 3.9525251667299724e-323, counted = 0x8, str = 0x8, arr = 0x8, obj = 0x8, res = 0x8, ref = 0x8, ast = 0x8, zv = 0x8,
ptr = 0x8, ce = 0x8, func = 0x8, ww = {w1 = 8, w2 = 0}}, u1 = {v = {type = 4 '\004', type_flags = 0 '\000', const_flags = 0 '\000',
reserved = 0 '\000'}, type_info = 4}, u2 = {var_flags = 32767, next = 32767, cache_slot = 32767, lineno = 32767, num_args = 32767, fe_pos = 32767,
fe_iter_idx = 32767}}, {value = {lval = 93825008703024, dval = 4.635571352092013e-310, counted = 0x555556509630, str = 0x555556509630,
arr = 0x555556509630, obj = 0x555556509630, res = 0x555556509630, ref = 0x555556509630, ast = 0x555556509630, zv = 0x555556509630,
ptr = 0x555556509630, ce = 0x555556509630, func = 0x555556509630, ww = {w1 = 1448121904, w2 = 21845}}, u1 = {v = {type = 6 '\006',
type_flags = 20 '\024', const_flags = 0 '\000', reserved = 0 '\000'}, type_info = 5126}, u2 = {var_flags = 32767, next = 32767, cache_slot = 32767,
lineno = 32767, num_args = 32767, fe_pos = 32767, fe_iter_idx = 32767}}, {value = {lval = 93825008725696, dval = 4.6355713532121587e-310,
counted = 0x55555650eec0, str = 0x55555650eec0, arr = 0x55555650eec0, obj = 0x55555650eec0, res = 0x55555650eec0, ref = 0x55555650eec0,
ast = 0x55555650eec0, zv = 0x55555650eec0, ptr = 0x55555650eec0, ce = 0x55555650eec0, func = 0x55555650eec0, ww = {w1 = 1448144576, w2 = 21845}},
u1 = {v = {type = 6 '\006', type_flags = 20 '\024', const_flags = 0 '\000', reserved = 0 '\000'}, type_info = 5126}, u2 = {var_flags = 21845,
next = 21845, cache_slot = 21845, lineno = 21845, num_args = 21845, fe_pos = 21845, fe_iter_idx = 21845}}, {value = {lval = 214,
dval = 1.0573004821002676e-321, counted = 0xd6, str = 0xd6, arr = 0xd6, obj = 0xd6, res = 0xd6, ref = 0xd6, ast = 0xd6, zv = 0xd6, ptr = 0xd6,
ce = 0xd6, func = 0xd6, ww = {w1 = 214, w2 = 0}}, u1 = {v = {type = 4 '\004', type_flags = 0 '\000', const_flags = 0 '\000', reserved = 0 '\000'},
type_info = 4}, u2 = {var_flags = 32767, next = 32767, cache_slot = 32767, lineno = 32767, num_args = 32767, fe_pos = 32767, fe_iter_idx = 32767}}, {
value = {lval = 93825008504080, dval = 4.6355713422628734e-310, counted = 0x5555564d8d10, str = 0x5555564d8d10, arr = 0x5555564d8d10,
obj = 0x5555564d8d10, res = 0x5555564d8d10, ref = 0x5555564d8d10, ast = 0x5555564d8d10, zv = 0x5555564d8d10, ptr = 0x5555564d8d10,
ce = 0x5555564d8d10, func = 0x5555564d8d10, ww = {w1 = 1447922960, w2 = 21845}}, u1 = {v = {type = 7 '\a', type_flags = 28 '\034',
const_flags = 0 '\000', reserved = 0 '\000'}, type_info = 7175}, u2 = {var_flags = 21845, next = 21845, cache_slot = 21845, lineno = 21845,
num_args = 21845, fe_pos = 21845, fe_iter_idx = 21845}}}
retval = {value = {lval = 2, dval = 9.8813129168249309e-324, counted = 0x2, str = 0x2, arr = 0x2, obj = 0x2, res = 0x2, ref = 0x2, ast = 0x2, zv = 0x2,
ptr = 0x2, ce = 0x2, func = 0x2, ww = {w1 = 2, w2 = 0}}, u1 = {v = {type = 2 '\002', type_flags = 0 '\000', const_flags = 0 '\000',
reserved = 0 '\000'}, type_info = 2}, u2 = {var_flags = 21845, next = 21845, cache_slot = 21845, lineno = 21845, num_args = 21845, fe_pos = 21845,
fe_iter_idx = 21845}}
error_filename = 0x7fffd914b810 "/usr/wikia/source/trunk/extensions/wikia/EditTagging/EditTaggingHooks.class.php"
error_lineno = <optimized out>
orig_user_error_handler = {value = {lval = 93824997995920, dval = 4.6355708230907877e-310, counted = 0x555555ad3590, str = 0x555555ad3590,
arr = 0x555555ad3590, obj = 0x555555ad3590, res = 0x555555ad3590, ref = 0x555555ad3590, ast = 0x555555ad3590, zv = 0x555555ad3590, ptr = 0x555555ad3590,
ce = 0x555555ad3590, func = 0x555555ad3590, ww = {w1 = 1437414800, w2 = 21845}}, u1 = {v = {type = 7 '\a', type_flags = 28 '\034',
const_flags = 0 '\000', reserved = 0 '\000'}, type_info = 7175}, u2 = {var_flags = 32767, next = 32767, cache_slot = 32767, lineno = 32767,
num_args = 32767, fe_pos = 32767, fe_iter_idx = 32767}}
in_compilation = 0 '\000'
saved_class_entry = 0x555500000000
loop_var_stack = {size = 0, top = 1437369736, max = 56, elements = 0x2}
delayed_oplines_stack = {size = 124, top = 21845, max = 32767, elements = 0x7ffff751f760 <main_arena>}
symbol_table = <optimized out>
0000006 0x00007ffff38e1219 in ZEND_FETCH_CONSTANT_SPEC_UNUSED_CONST_HANDLER () at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_vm_execute.h:23982
actual = <optimized out>
c = <optimized out>
0000007 0x00007ffff38cbebb in execute_ex (ex=<optimized out>) at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_vm_execute.h:414
orig_opline = 0x7ffff3c40c1c <php_execute.return_semaphore>
orig_execute_data = 0x7fffd64b9380
0000008 0x00007ffff38802a9 in dtrace_execute_ex (execute_data=<optimized out>) at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_dtrace.c:83
lineno = <optimized out>
---Type <return> to continue, or q <return> to quit---
scope = 0x0
filename = <optimized out>
funcname = <optimized out>
classname = <optimized out>
0000009 0x00007ffff019545f in xdebug_execute_ex (execute_data=0x7fffd64b94f0) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug.c:1900
op_array = 0x555556520c28
edata = <optimized out>
dummy = <optimized out>
fse = 0x5555564f0bc0
xfse = <optimized out>
magic_cookie = <optimized out>
do_return = 0
function_nr = 145444
le = <optimized out>
0000010 0x00007ffff3909760 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_vm_execute.h:800
call = 0x7fffd64b94f0
fbc = 0x555556520c28
object = <optimized out>
ret = <optimized out>
0000011 0x00007ffff38cbebb in execute_ex (ex=<optimized out>) at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_vm_execute.h:414
orig_opline = 0x7ffff3c40c1c <php_execute.return_semaphore>
orig_execute_data = 0x7ffff3c591c0 <executor_globals>
0000012 0x00007ffff38802a9 in dtrace_execute_ex (execute_data=<optimized out>) at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_dtrace.c:83
lineno = <optimized out>
scope = 0x0
filename = <optimized out>
funcname = <optimized out>
classname = <optimized out>
0000013 0x00007ffff019545f in xdebug_execute_ex (execute_data=0x7fffd64b9380) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug.c:1900
op_array = 0x5555565205a8
edata = <optimized out>
dummy = <optimized out>
fse = 0x555556433d30
xfse = <optimized out>
magic_cookie = <optimized out>
do_return = 0
function_nr = 145440
le = <optimized out>
0000014 0x00007ffff3881be3 in zend_call_function (fci=fci@entry=0x7fffffffa2e0, fci_cache=fci_cache@entry=0x7fffffffa2b0)
at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_execute_API.c:866
call_via_handler = 0
i = <optimized out>
calling_scope = <optimized out>
call = 0x5
dummy_execute_data = {opline = 0x208, call = 0x7fffffffa2e0, return_value = 0x7fffffffa2b0, func = 0x7ffff751f760 <main_arena>, This = {value = {lval = 176,
---Type <return> to continue, or q <return> to quit---
dval = 8.6955553668059392e-322, counted = 0xb0, str = 0xb0, arr = 0xb0, obj = 0xb0, res = 0xb0, ref = 0xb0, ast = 0xb0, zv = 0xb0, ptr = 0xb0,
ce = 0xb0, func = 0xb0, ww = {w1 = 176, w2 = 0}}, u1 = {v = {type = 0 '\000', type_flags = 0 '\000', const_flags = 0 '\000', reserved = 0 '\000'},
type_info = 0}, u2 = {var_flags = 0, next = 0, cache_slot = 0, lineno = 0, num_args = 0, fe_pos = 0, fe_iter_idx = 0}}, called_scope = 0x7fffffffa2e0,
prev_execute_data = 0x7fffffffa2a0, symbol_table = 0x7fffd64b92c0, run_time_cache = 0x7ffff71e37b0 <__GI___libc_malloc+96>, literals = 0x7fffffffa2e0}
fci_cache_local = {initialized = 160 '\240', function_handler = 0x7fffd64b92c0, calling_scope = 0x0,
called_scope = 0x7ffff38964c3 <zend_is_callable_ex+899>, object = 0x6372756f732f6169}
func = 0x5555565205a8
orig_scope = <optimized out>

....

---CUT HERE---

Please advice on further debugging.

A big clue is probably in:

4 0x00007ffff01a94f7 in xdebug_error_cb (type=8, error_filename=0x7fffd914b810 "/usr/wikia/source/trunk/extensions/wikia/EditTagging/EditTaggingHooks.class.php",
error_lineno=214, format=<optimized out>, args=<optimized out>) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_stack.c:759
buffer = 0x555556503e40 "Use of undefined constant self - assumed 'self'"

That's a bit of an odd error - can you check the PHP source code for that.

There is one issue with the stack trace though, as there are lots of "<optimized out>" for the Xdebug bit. As I can see you compiled Xdebug yourself, can you - after you've ran ./configure in its source tree, edit the Makefile and change every -O2 to -O0 -ggdb3 ? Then try make again. It should compile the extension with debugging symbols.

With that, the stack trace is going to be more helpful.

Additionally, once you are at the GDB prompt, do a "source /path/to/php-7.0.10-source-code/.gdbinit", and then (after bt full), also run "zbacktrace"? That should give a better clue as to where the bug happens.

You might also be better off exporting the environment variable "USE_ZEND_ALLOC=0", which sometimes gives better stack traces.

Thanks for checking this out with me!

Yes, the actual PHP code is probably buggy and the warning message clearly indicates that, but anyway it should not cause SIGSEGV :)

I'll do as much as I can out of what you suggested and will get back with the results.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff01a42b1 in xdebug_objdebug_pp (zval_pp=0x7fffffff9748, is_tmp=0x7fffffff95f4) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_var.c:57
57 if (!XG(in_debug_info) && Z_OBJ_HANDLER(dzval, get_debug_info)) {

(gdb) bt full
#0 0x00007ffff01a42b1 in xdebug_objdebug_pp (zval_pp=0x7fffffff9748, is_tmp=0x7fffffff95f4) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_var.c:57
dzval = {value = {lval = 0, dval = 0, counted = 0x0, str = 0x0, arr = 0x0, obj = 0x0, res = 0x0, ref = 0x0, ast = 0x0, zv = 0x0, ptr = 0x0, ce = 0x0,
func = 0x0, ww = {w1 = 0, w2 = 0}}, u1 = {v = {type = 8 '\b', type_flags = 12 '\f', const_flags = 0 '\000', reserved = 2 '\002'}, type_info = 33557512},
u2 = {var_flags = 1, next = 1, cache_slot = 1, lineno = 1, num_args = 1, fe_pos = 1, fe_iter_idx = 1}}
tmp = 0x1
#1 0x00007ffff01a708a in xdebug_var_export (struc=0x7fffffff9748, str=0x7fffffff9760, level=1, debug_zval=0, options=0x555556460e20)
at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_var.c:1120
myht = 0x5b000000d6
tmp_str = 0x0
is_temp = 21845
num = 0
key = 0x770000006e
val = 0x0
tmpz = 0x20
0000002 0x00007ffff01a74c5 in xdebug_get_zval_value (val=0x7fffd64a2e60, debug_zval=0, options=0x555556460e20) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_var.c:1192
str = {l = 0, a = 0, d = 0x0}
default_options = 1
0000003 0x00007ffff019b8fc in xdebug_log_stack (error_type_str=0x555556437030 "Notice", buffer=0x5555564725a0 "Use of undefined constant self - assumed 'self'",
error_filename=0x7fffd90fb990 "/usr/wikia/source/trunk/extensions/wikia/EditTagging/EditTaggingHooks.class.php", error_lineno=214)
at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_stack.c:223
tmp_varname = 0x555556320240 ""
tmp_value = 0x5555564a71a0 "\250\373Q\367\377\177"
c = 1
variadic_opened = 0
j = 0
tmp_name = 0x555556320240 ""
log_buffer = {l = 25, a = 1049, d = 0x5555564a6d70 "PHP 11. Article->doEdit("}
le = 0x555556014cd0
i = 0x5555561953d0
tmp_log_message = 0x555556470e50 "h\370Q\367\377\177"
0000004 0x00007ffff019d96e in xdebug_error_cb (type=8, error_filename=0x7fffd90fb990 "/usr/wikia/source/trunk/extensions/wikia/EditTagging/EditTaggingHooks.class.php",
error_lineno=214, format=0x7ffff3964430 "Use of undefined constant %s - assumed '%s'", args=0x7fffffff99d0)
at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_stack.c:759
buffer = 0x5555564725a0 "Use of undefined constant self - assumed 'self'"
error_type_str = 0x555556437030 "Notice"
buffer_len = 47
extra_brk_info = 0x0
error_handling = EH_NORMAL
exception_class = 0x0
0000005 0x00007ffff371fa3c in zend_error (type=type@entry=8, format=format@entry=0x7ffff3964430 "Use of undefined constant %s - assumed '%s'")
at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend.c:1225
str = 0x555556493070 "\260\310EVUU"
len = <optimized out>
args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffff9b40, reg_save_area = 0x7fffffff9a50}}
usr_copy = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffff9b40, reg_save_area = 0x7fffffff9a50}}
---Type <return> to continue, or q <return> to quit---
params = {{value = {lval = 8, dval = 3.9525251667299724e-323, counted = 0x8, str = 0x8, arr = 0x8, obj = 0x8, res = 0x8, ref = 0x8, ast = 0x8, zv = 0x8,
ptr = 0x8, ce = 0x8, func = 0x8, ww = {w1 = 8, w2 = 0}}, u1 = {v = {type = 4 '\004', type_flags = 0 '\000', const_flags = 0 '\000',
reserved = 0 '\000'}, type_info = 4}, u2 = {var_flags = 32767, next = 32767, cache_slot = 32767, lineno = 32767, num_args = 32767, fe_pos = 32767,
fe_iter_idx = 32767}}, {value = {lval = 93825008316512, dval = 4.6355713329957829e-310, counted = 0x5555564ab060, str = 0x5555564ab060,
arr = 0x5555564ab060, obj = 0x5555564ab060, res = 0x5555564ab060, ref = 0x5555564ab060, ast = 0x5555564ab060, zv = 0x5555564ab060,
ptr = 0x5555564ab060, ce = 0x5555564ab060, func = 0x5555564ab060, ww = {w1 = 1447735392, w2 = 21845}}, u1 = {v = {type = 6 '\006',
type_flags = 20 '\024', const_flags = 0 '\000', reserved = 0 '\000'}, type_info = 5126}, u2 = {var_flags = 21845, next = 21845, cache_slot = 21845,
lineno = 21845, num_args = 21845, fe_pos = 21845, fe_iter_idx = 21845}}, {value = {lval = 93825008111296, dval = 4.6355713228567654e-310,
counted = 0x555556478ec0, str = 0x555556478ec0, arr = 0x555556478ec0, obj = 0x555556478ec0, res = 0x555556478ec0, ref = 0x555556478ec0,
ast = 0x555556478ec0, zv = 0x555556478ec0, ptr = 0x555556478ec0, ce = 0x555556478ec0, func = 0x555556478ec0, ww = {w1 = 1447530176, w2 = 21845}},
u1 = {v = {type = 6 '\006', type_flags = 20 '\024', const_flags = 0 '\000', reserved = 0 '\000'}, type_info = 5126}, u2 = {var_flags = 0, next = 0,
cache_slot = 0, lineno = 0, num_args = 0, fe_pos = 0, fe_iter_idx = 0}}, {value = {lval = 214, dval = 1.0573004821002676e-321, counted = 0xd6,
str = 0xd6, arr = 0xd6, obj = 0xd6, res = 0xd6, ref = 0xd6, ast = 0xd6, zv = 0xd6, ptr = 0xd6, ce = 0xd6, func = 0xd6, ww = {w1 = 214, w2 = 0}}, u1 = {
v = {type = 4 '\004', type_flags = 0 '\000', const_flags = 0 '\000', reserved = 0 '\000'}, type_info = 4}, u2 = {var_flags = 32767, next = 32767,
cache_slot = 32767, lineno = 32767, num_args = 32767, fe_pos = 32767, fe_iter_idx = 32767}}, {value = {lval = 93825002722544,
dval = 4.6355710566170417e-310, counted = 0x555555f554f0, str = 0x555555f554f0, arr = 0x555555f554f0, obj = 0x555555f554f0, res = 0x555555f554f0,
ref = 0x555555f554f0, ast = 0x555555f554f0, zv = 0x555555f554f0, ptr = 0x555555f554f0, ce = 0x555555f554f0, func = 0x555555f554f0, ww = {
w1 = 1442141424, w2 = 21845}}, u1 = {v = {type = 7 '\a', type_flags = 28 '\034', const_flags = 0 '\000', reserved = 0 '\000'}, type_info = 7175},
u2 = {var_flags = 0, next = 0, cache_slot = 0, lineno = 0, num_args = 0, fe_pos = 0, fe_iter_idx = 0}}}
retval = {value = {lval = 2, dval = 9.8813129168249309e-324, counted = 0x2, str = 0x2, arr = 0x2, obj = 0x2, res = 0x2, ref = 0x2, ast = 0x2, zv = 0x2,
ptr = 0x2, ce = 0x2, func = 0x2, ww = {w1 = 2, w2 = 0}}, u1 = {v = {type = 2 '\002', type_flags = 0 '\000', const_flags = 0 '\000',
reserved = 0 '\000'}, type_info = 2}, u2 = {var_flags = 0, next = 0, cache_slot = 0, lineno = 0, num_args = 0, fe_pos = 0, fe_iter_idx = 0}}
error_filename = 0x7fffd90fb990 "/usr/wikia/source/trunk/extensions/wikia/EditTagging/EditTaggingHooks.class.php"
error_lineno = <optimized out>
orig_user_error_handler = {value = {lval = 93824997998752, dval = 4.6355708232307071e-310, counted = 0x555555ad40a0, str = 0x555555ad40a0,
arr = 0x555555ad40a0, obj = 0x555555ad40a0, res = 0x555555ad40a0, ref = 0x555555ad40a0, ast = 0x555555ad40a0, zv = 0x555555ad40a0, ptr = 0x555555ad40a0,
ce = 0x555555ad40a0, func = 0x555555ad40a0, ww = {w1 = 1437417632, w2 = 21845}}, u1 = {v = {type = 7 '\a', type_flags = 28 '\034',
const_flags = 0 '\000', reserved = 0 '\000'}, type_info = 7175}, u2 = {var_flags = 0, next = 0, cache_slot = 0, lineno = 0, num_args = 0, fe_pos = 0,
fe_iter_idx = 0}}
in_compilation = 0 '\000'
saved_class_entry = 0x7fffd64a35c0
loop_var_stack = {size = 21845, top = 0, max = 1447518528, elements = 0xffff8000000065f1}
delayed_oplines_stack = {size = -699779504, top = 0, max = 32767, elements = 0x7fff00000008}
symbol_table = <optimized out>
0000006 0x00007ffff38e1219 in ZEND_FETCH_CONSTANT_SPEC_UNUSED_CONST_HANDLER () at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_vm_execute.h:23982
actual = <optimized out>
c = <optimized out>
0000007 0x00007ffff38cbebb in execute_ex (ex=<optimized out>) at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_vm_execute.h:414
orig_opline = 0x7ffff3c40c1c <php_execute.return_semaphore>
orig_execute_data = 0x7fffd64a3450
0000008 0x00007ffff38802a9 in dtrace_execute_ex (execute_data=<optimized out>) at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_dtrace.c:83
lineno = <optimized out>
scope = 0x0
filename = <optimized out>
funcname = <optimized out>
---Type <return> to continue, or q <return> to quit---
classname = <optimized out>
0000009 0x00007ffff0182149 in xdebug_execute_ex (execute_data=0x7fffd64a35c0) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug.c:1900
op_array = 0x5555564c19a8
edata = 0x7fffd64a3450
dummy = 0x7ffff751f760 <main_arena>
fse = 0x5555564aedb0
xfse = 0x7fffd64a3450
magic_cookie = 0x0
do_return = 0
function_nr = 123385
le = 0x7ffff3965fc0 <tolower_map>
0000010 0x00007ffff3909760 in ZEND_DO_FCALL_SPEC_HANDLER () at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_vm_execute.h:800
call = 0x7fffd64a35c0
fbc = 0x5555564c19a8
object = <optimized out>
ret = <optimized out>
0000011 0x00007ffff38cbebb in execute_ex (ex=<optimized out>) at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_vm_execute.h:414
orig_opline = 0x7ffff3c40c1c <php_execute.return_semaphore>
orig_execute_data = 0x7ffff3c591c0 <executor_globals>
0000012 0x00007ffff38802a9 in dtrace_execute_ex (execute_data=<optimized out>) at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_dtrace.c:83
lineno = <optimized out>
scope = 0x0
filename = <optimized out>
funcname = <optimized out>
classname = <optimized out>
0000013 0x00007ffff0182149 in xdebug_execute_ex (execute_data=0x7fffd64a3450) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug.c:1900
op_array = 0x5555564c1328
edata = 0x7fffd64a33d0
dummy = 0xd75b89129425de8d
fse = 0x555556457d40
xfse = 0x7ffff3915153 <zend_init_execute_data+323>
magic_cookie = 0x0
do_return = 0
function_nr = 123381
le = 0x6767617474696465
0000014 0x00007ffff3881be3 in zend_call_function (fci=fci@entry=0x7fffffff9f90, fci_cache=fci_cache@entry=0x7fffffff9f60)
at /build/php7.0-BfUUqO/php7.0-7.0.10/Zend/zend_execute_API.c:866
call_via_handler = 0
i = <optimized out>
calling_scope = <optimized out>
call = 0x7ffff751f7b8 <main_arena+88>
dummy_execute_data = {opline = 0x208, call = 0x7fffffff9f90, return_value = 0x7fffffff9f60, func = 0x7ffff751f760 <main_arena>, This = {value = {lval = 176,
dval = 8.6955553668059392e-322, counted = 0xb0, str = 0xb0, arr = 0xb0, obj = 0xb0, res = 0xb0, ref = 0xb0, ast = 0xb0, zv = 0xb0, ptr = 0xb0,
ce = 0xb0, func = 0xb0, ww = {w1 = 176, w2 = 0}}, u1 = {v = {type = 0 '\000', type_flags = 0 '\000', const_flags = 0 '\000', reserved = 0 '\000'},
type_info = 0}, u2 = {var_flags = 0, next = 0, cache_slot = 0, lineno = 0, num_args = 0, fe_pos = 0, fe_iter_idx = 0}}, called_scope = 0x7fffffff9f90,
---Type <return> to continue, or q <return> to quit---
prev_execute_data = 0x7fffffff9f50, symbol_table = 0x7fffd64a3390, run_time_cache = 0x7ffff71e37b0 <__GI___libc_malloc+96>, literals = 0x7fffffff9f90}
fci_cache_local = {initialized = 80 'P', function_handler = 0x7fffd64a3390, calling_scope = 0x0, called_scope = 0x7ffff38964c3 <zend_is_callable_ex+899>,
object = 0x1855ae3db8}
func = 0x5555564c1328
orig_scope = <optimized out>

....

==================================================================================

(gdb) zbacktrace
[0x7fffd64a35c0] EditTaggingHooks::getHandlers() /usr/wikia/source/trunk/extensions/wikia/EditTagging/EditTaggingHooks.class.php:214
[0x7fffd64a3450] EditTaggingHooks::onArticleSaveComplete(reference, reference, "cma", "<autosumm-new>", 0, NULL, NULL, reference, object[0x7fffd64a3530], reference, false) /usr/wikia/source/trunk/extensions/wikia/EditTagging/EditTaggingHooks.class.php:80
[0x7fffd64a33d0] call_user_func_array("EditTaggingHooks::onArticleSaveComplete", array(11)[0x7fffd64a3440]) [internal function]
[0x7fffd64a3210] Hooks::run("ArticleSaveComplete", array(11)[0x7fffd64a3280]) /usr/wikia/source/trunk/includes/Hooks.php:216
[0x7fffd64a3180] wfRunHooks("ArticleSaveComplete", array(11)[0x7fffd64a31f0]) /usr/wikia/source/trunk/includes/GlobalFunctions.php:4043
[0x7fffd64a2f10] WikiPage->doEdit(reference, reference, reference) /usr/wikia/source/trunk/includes/WikiPage.php:1603
[0x7fffd64a2e90] call_user_func_array(array(2)[0x7fffd64a2ef0], array(3)[0x7fffd64a2f00]) [internal function]
[0x7fffd64a2dc0] Article->__call("doEdit", array(3)[0x7fffd64a2e30]) /usr/wikia/source/trunk/includes/Article.php:1895
[0x7fffd64a2b80] EditPage->internalAttemptSave(reference, false) /usr/wikia/source/trunk/includes/EditPage.php:1483
[0x7fffd64a2a80] ArticleComment::doSaveAsArticle("cma", object[0x7fffd64a2af0], object[0x7fffd64a2b00], NULL) /usr/wikia/source/trunk/extensions/wikia/ArticleComments/classes/ArticleComment.class.php:826
[0x7fffd64a2900] ArticleComment::doPost("cma", object[0x7fffd64a2970], object[0x7fffd64a2980], 2525, NULL) /usr/wikia/source/trunk/extensions/wikia/ArticleComments/classes/ArticleComment.class.php:922
[0x7fffd64a2770] WallMessage::buildNewMessageAndPost("cma", object[0x7fffd64a27e0], object[0x7fffd64a27f0], "", object[0x7fffd64a2810]) /usr/wikia/source/trunk/extensions/wikia/Wall/WallMessage.class.php:164
[0x7fffd64a26b0] WallMessage->addNewReply("cma", object[0x7fffd64a2720]) /usr/wikia/source/trunk/extensions/wikia/Wall/WallMessage.class.php:265
[0x7fffd64a2580] WallExternalController->replyToMessage() /usr/wikia/source/trunk/extensions/wikia/Wall/WallExternalController.class.php:610
[0x7fffd64a2310] WikiaDispatcher->dispatch(object[0x7fffd64a2370], object[0x7fffd64a2380]) /usr/wikia/source/trunk/includes/wikia/nirvana/WikiaDispatcher.class.php:214
[0x7fffd64a2200] WikiaApp->sendRequest(NULL, NULL, array(10)[0x7fffd64a2280], false, NULL) /usr/wikia/source/trunk/includes/wikia/nirvana/WikiaApp.class.php:645
[0x7fffd64a2150] WikiaApp->sendExternalRequest(NULL, NULL, NULL) /usr/wikia/source/trunk/includes/wikia/nirvana/WikiaApp.class.php:661
[0x7fffd64a2040] (main) /usr/wikia/source/trunk/wikia.php:48

====================================================================================

/usr/wikia/source/trunk/extensions/wikia/EditTagging/EditTaggingHooks.class.php:

private static function getHandlers() {
    $handlers = new ArrayObject();

L214 > $handlers->append( [ self, 'tagRevisionIfCategoryEdit' ] );
$handlers->append( [ self, 'tagRevisionIfGalleryEdit' ] );
$handlers->append( [ self, 'tagRevisionIfRTESourceEdit' ] );
$handlers->append( [ self, 'tagRevisionIfRTEWysiwygEdit' ] );
$handlers->append( [ self, 'tagRevisionIfSourceEdit' ] );
return $handlers;
}

===================================================================================

What can I do next?

This is a bit more context on the source code:

[0x7fffd64a35c0] EditTaggingHooks::getHandlers() in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/extensions/wikia/EditTagging/EditTaggingHooks.class.php#L214
$handlers->append( [ self, 'tagRevisionIfCategoryEdit' ] );
[0x7fffd64a3450] EditTaggingHooks::onArticleSaveComplete(reference, reference, "cma", "<autosumm-new>", 0, NULL, NULL, reference, object[0x7fffd64a3530], reference, false) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/extensions/wikia/EditTagging/EditTaggingHooks.class.php#L80
$handlerIterator = self::getHandlers()->getIterator();
[0x7fffd64a33d0] call_user_func_array("EditTaggingHooks::onArticleSaveComplete", array(11)[0x7fffd64a3440]) [internal function]
[0x7fffd64a3210] Hooks::run("ArticleSaveComplete", array(11)[0x7fffd64a3280]) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/includes/Hooks.php#L216
$retval = call_user_func_array( $callback, $hook_args );
[0x7fffd64a3180] wfRunHooks("ArticleSaveComplete", array(11)[0x7fffd64a31f0]) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/includes/GlobalFunctions.php#L4043
return Hooks::run( $event, $args );
[0x7fffd64a2f10] WikiPage->doEdit(reference, reference, reference) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/includes/WikiPage.php#L1603
wfRunHooks( 'ArticleSaveComplete', array( &$this, &$user, $text, $summary,
$flags & EDIT_MINOR, null, null, &$flags, $revision, &$status, $baseRevId ) );
[0x7fffd64a2e90] call_user_func_array(array(2)[0x7fffd64a2ef0], array(3)[0x7fffd64a2f00]) [internal function]
[0x7fffd64a2dc0] Article->__call("doEdit", array(3)[0x7fffd64a2e30]) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/includes/Article.php#L1895
return call_user_func_array( array( $this->mPage, $fname ), $args );
[0x7fffd64a2b80] EditPage->internalAttemptSave(reference, false) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/includes/EditPage.php#L1483
$doEditStatus = $this->mArticle->doEdit( $text, $this->summary, $flags );
[0x7fffd64a2a80] ArticleComment::doSaveAsArticle("cma", object[0x7fffd64a2af0], object[0x7fffd64a2b00], NULL) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/extensions/wikia/ArticleComments/classes/ArticleComment.class.php#L826
return $editPage->internalAttemptSave( $result, $bot );
[0x7fffd64a2900] ArticleComment::doPost("cma", object[0x7fffd64a2970], object[0x7fffd64a2980], 2525, NULL) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/extensions/wikia/ArticleComments/classes/ArticleComment.class.php#L922
$retVal = self::doSaveAsArticle( $text, $article, $user, $metadata );
[0x7fffd64a2770] WallMessage::buildNewMessageAndPost("cma", object[0x7fffd64a27e0], object[0x7fffd64a27f0], "", object[0x7fffd64a2810]) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/extensions/wikia/Wall/WallMessage.class.php#L164
$acStatus = ArticleComment::doPost( $body, $user, $userPageTitle, $parent->getId(), null );
[0x7fffd64a26b0] WallMessage->addNewReply("cma", object[0x7fffd64a2720]) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/extensions/wikia/Wall/WallMessage.class.php#L265
$out = self::buildNewMessageAndPost( $body, $this->getArticleTitle(), $user, '', $this );
[0x7fffd64a2580] WallExternalController->replyToMessage() in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/extensions/wikia/Wall/WallExternalController.class.php#L610
$reply = $wallMessage->addNewReply( $body, $this->wg->User );
[0x7fffd64a2310] WikiaDispatcher->dispatch(object[0x7fffd64a2370], object[0x7fffd64a2380]) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/includes/wikia/nirvana/WikiaDispatcher.class.php#L214
$result = $controller->$method( $params );
[0x7fffd64a2200] WikiaApp->sendRequest(NULL, NULL, array(10)[0x7fffd64a2280], false, NULL) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/includes/wikia/nirvana/WikiaApp.class.php#L645
$out = $this->getDispatcher()->dispatch( $this, $request );
[0x7fffd64a2150] WikiaApp->sendExternalRequest(NULL, NULL, NULL) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/includes/wikia/nirvana/WikiaApp.class.php#L661
return $this->sendRequest( $controllerName, $methodName, $params, / internal / false, $exceptionMode );
[0x7fffd64a2040] (main) in https://github.com/Wikia/app/blob/044f5ce71778f6a343e17e1e9f76318711d4d0c1/wikia.php#L48
$response = $app->sendExternalRequest( null, null, null );

This looks interesting:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff01a42b1 in xdebug_objdebug_pp (zval_pp=0x7fffffff98d8, is_tmp=0x7fffffff9784) at /home/wladek/dev/xdebug/xdebug-2.4.1/xdebug_var.c:57
57 if (!XG(in_debug_info) && Z_OBJ_HANDLER(dzval, get_debug_info)) {
(gdb) p dzval
$6 = {value = {lval = 0, dval = 0, counted = 0x0, str = 0x0, arr = 0x0, obj = 0x0, res = 0x0, ref = 0x0, ast = 0x0, zv = 0x0, ptr = 0x0, ce = 0x0, func = 0x0, ww = {
w1 = 0, w2 = 0}}, u1 = {v = {type = 8 '\b', type_flags = 12 '\f', const_flags = 0 '\000', reserved = 2 '\002'}, type_info = 33557512}, u2 = {var_flags = 1,
next = 1, cache_slot = 1, lineno = 1, num_args = 1, fe_pos = 1, fe_iter_idx = 1}}
(gdb) printzv zval_pp
[0x7fffffff98d8] (refcount=0) string_offset

More debugging brings me to the point I'm pretty sure it must be an issue with handling string offsets. I have made the following change and crashes no longer occur:

in EditPage.php I replaced:
---CUT HERE---
$doEditStatus = $this->mArticle->doEdit( $text, $this->summary, $flags );
---CUT HERE---

with:
---CUT HERE---
$text = chr(ord($text[0])) . substr($text,1);
$doEditStatus = $this->mArticle->doEdit( $text, $this->summary, $flags );
---CUT HERE---

so that the $text is a regular string instead of string offset. Then XDebug is generating error info successfully.

@derick: anything else I could help you to diagnose the issue?

I've been trying to reproduce this, but without luck. Is this something you can pack up in a VM for me to play around with?

Ping?

As an additional data point we were seeing a segfault for particular tests when we had opcache, xdebug,collect_params = 1 all true. Setting collect_params = 0 causes no segfault to occur.

Ubuntu 14.04

$ php -v
PHP 7.0.12-1+deb.sury.org~trusty+1 (cli) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.12-1+deb.sury.org~trusty+1, Copyright (c) 1999-2016, by Zend Technologies
with Xdebug v2.4.1, Copyright (c) 2002-2016, by Derick Rethans

bt:

Core was generated by `php /usr/local/bin/phpunit models/'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f31abbb3c0a in xdebug_var_synopsis (level=1, options=0x7f31af63bef0, debug_zval=<optimized out>, str=0x7ffe5430ff20, struc=0x7ffe5430ff08) at /build/xdebug-CUWooE/xdebug-2.4.1/build-7.0/xdebug_var.c:1267
1267 /build/xdebug-CUWooE/xdebug-2.4.1/build-7.0/xdebug_var.c: No such file or directory.
(gdb) bt full
#0 0x00007f31abbb3c0a in xdebug_var_synopsis (level=1, options=0x7f31af63bef0, debug_zval=<optimized out>, str=0x7ffe5430ff20, struc=0x7ffe5430ff08) at /build/xdebug-CUWooE/xdebug-2.4.1/build-7.0/xdebug_var.c:1267
myht = <optimized out>
tmpz = 0x0
#1 xdebug_get_zval_synopsis (val=0x7f31ac01b850, debug_zval=debug_zval@entry=0, options=0x7f31af63bef0, options@entry=0x0) at /build/xdebug-CUWooE/xdebug-2.4.1/build-7.0/xdebug_var.c:1308
str = {l = 0, a = 0, d = 0x0}
default_options = 1
0000002 0x00007f31abbac9bc in add_single_value (collecton_level=<optimized out>, html=<optimized out>, zv=<optimized out>, str=0x7ffe54310050) at /build/xdebug-CUWooE/xdebug-2.4.1/build-7.0/xdebug_stack.c:389
tmp_value = <optimized out>
tmp_fancy_value = <optimized out>
tmp_fancy_synop_value = <optimized out>
tmp_serialized = <optimized out>
len = 0
newlen = 140730310918224
0000003 xdebug_append_printable_stack (str=str@entry=0x7ffe54310050, html=0) at /build/xdebug-CUWooE/xdebug-2.4.1/build-7.0/xdebug_stack.c:483
c = 1
j = <optimized out>
tmp_name = <optimized out>
variadic_opened = <optimized out>
le = 0x7f31af693f10
i = 0x7f31af690ee0
printed_frames = 16
formats = 0x7f31abdc5da0 <text_formats>
0000004 0x00007f31abb9958b in xdebug_throw_exception_hook (exception=0x7f31ac01b810) at /build/xdebug-CUWooE/xdebug-2.4.1/build-7.0/xdebug.c:1515
code = 0x7f319b43d7c8
message = 0x7f319b43d7a8
file = 0x7f319b43d7d8
line = 0x7f319b43d7e8
xdebug_message_trace = <optimized out>
previous_exception = <optimized out>
default_ce = 0x7f319b2483f8
exception_ce = 0x7f319b2483f8
extra_brk_info = 0x2134d49e4375a0
code_str = 0x0
exception_trace = <optimized out>
tmp_str = {l = 2412, a = 3167, d = 0x7f31af6946b0 "\nDoctrine_Record_UnknownPropertyException: Unknown method StarCases::setTriggers

I am pretty sure I fixed the objdebug_pp case, can you please try the latest Xdebug from GitHub's master?

I am pretty sure that I fixed the issue with objdebug_pp - please reopen if you can reproduce this with the latest Xdebug version (2.5.0 at time of writing)