MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001590XdebugUsage problems (Wrong Results)public2018-11-29 20:562018-12-11 11:07
Reporterdwilks 
Assigned Toderick 
PriorityhighSeveritycrashReproducibilityalways
StatusconfirmedResolutionopen 
PlatformN/AOS*OS Version
Product Version2.7.0beta1 
Target Version2.7.0devFixed in Version 
Summary0001590: Xdebug segfaults
DescriptionRun the attached main.php through Apache (standard config not PFM). It does not reproduce as a script. With xdebug enabled I reliably get a segfault without xdebug enabled everything works.
Steps To ReproduceExtract the attached tar file
Point a browser or curl at main.php
Seg Fault

In a fuller version of the test case with too much IP to post a second execution would cause an opcache assertion error

Assertion failed: (op_array->opcodes[def].result_type & ((1<<1)|(1<<2))), function dce_live_ranges, file /Users/dwilks/src/php-src-PHP-7.3.0/ext/opcache/Optimizer/dce.c, line 515.
Additional InformationPHP 7.3.0RC6 (cli) (built: Nov 21 2018 11:50:03) ( NTS DEBUG )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.0-dev, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.0RC6, Copyright (c) 1999-2018, by Zend Technologies
    with Xdebug v2.7.0beta2-dev, Copyright (c) 2002-2018, by Derick Rethans


Back trace
* thread #1, queue = com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0xffffffffffffffff)
  * frame #0: 0x000000010f03db31 libphp73.so`zend_gc_addref(p=0xffffffffffffffff) at zend_types.h:991
    frame #1: 0x000000010f03d570 libphp73.so`zval_addref_p(pz=0x000000011621f2a0) at zend_types.h:1025
    frame 0000002: 0x000000010efdceb3 libphp73.so`ZEND_SEND_VAR_EX_SPEC_CV_QUICK_HANDLER(execute_data=0x000000011621f240) at zend_vm_execute.h:37385
    frame 0000003: 0x000000010f022102 libphp73.so`ZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f240) at zend_vm_execute.h:1829
    frame 0000004: 0x000000010efb5944 libphp73.so`execute_ex(ex=0x000000011621f240) at zend_vm_execute.h:55287
    frame 0000005: 0x000000011618c9a0 xdebug.so`xdebug_execute_ex(execute_data=0x000000011621f240) at xdebug.c:1868
    frame 0000006: 0x000000010efdb3e5 libphp73.so`ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER(execute_data=0x000000011621f1d0) at zend_vm_execute.h:1083
    frame 0000007: 0x000000010f022102 libphp73.so`ZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f1d0) at zend_vm_execute.h:1829
    frame 0000008: 0x000000010efb5944 libphp73.so`execute_ex(ex=0x000000011621f1d0) at zend_vm_execute.h:55287
    frame 0000009: 0x000000011618c9a0 xdebug.so`xdebug_execute_ex(execute_data=0x000000011621f1d0) at xdebug.c:1868
    frame 0000010: 0x000000010efe1e4a libphp73.so`ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data=0x000000011621f180) at zend_vm_execute.h:3295
    frame 0000011: 0x000000010f022102 libphp73.so`ZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f180) at zend_vm_execute.h:1829
    frame 0000012: 0x000000010efb5944 libphp73.so`execute_ex(ex=0x000000011621f180) at zend_vm_execute.h:55287
    frame 0000013: 0x000000011618c9a0 xdebug.so`xdebug_execute_ex(execute_data=0x000000011621f180) at xdebug.c:1868
    frame 0000014: 0x000000010efe1e4a libphp73.so`ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data=0x000000011621f130) at zend_vm_execute.h:3295
    frame 0000015: 0x000000010f022102 libphp73.so`ZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f130) at zend_vm_execute.h:1829
    frame 0000016: 0x000000010efb5944 libphp73.so`execute_ex(ex=0x000000011621f130) at zend_vm_execute.h:55287
    frame 0000017: 0x000000011618c9a0 xdebug.so`xdebug_execute_ex(execute_data=0x000000011621f130) at xdebug.c:1868
    frame 0000018: 0x000000010efe1e4a libphp73.so`ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data=0x000000011621f0e0) at zend_vm_execute.h:3295
    frame 0000019: 0x000000010f022102 libphp73.so`ZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f0e0) at zend_vm_execute.h:1829
    frame 0000020: 0x000000010efb5944 libphp73.so`execute_ex(ex=0x000000011621f0e0) at zend_vm_execute.h:55287
    frame 0000021: 0x000000011618c9a0 xdebug.so`xdebug_execute_ex(execute_data=0x000000011621f0e0) at xdebug.c:1868
    frame 0000022: 0x000000010efe1e4a libphp73.so`ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data=0x000000011621f090) at zend_vm_execute.h:3295
    frame 0000023: 0x000000010f022102 libphp73.so`ZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f090) at zend_vm_execute.h:1829
    frame 0000024: 0x000000010efb5944 libphp73.so`execute_ex(ex=0x000000011621f090) at zend_vm_execute.h:55287
    frame 0000025: 0x000000011618c9a0 xdebug.so`xdebug_execute_ex(execute_data=0x000000011621f090) at xdebug.c:1868
    frame 0000026: 0x000000010efe1e4a libphp73.so`ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(execute_data=0x000000011621f030) at zend_vm_execute.h:3295
    frame 0000027: 0x000000010f022102 libphp73.so`ZEND_USER_OPCODE_SPEC_HANDLER(execute_data=0x000000011621f030) at zend_vm_execute.h:1829
    frame 0000028: 0x000000010efb5944 libphp73.so`execute_ex(ex=0x000000011621f030) at zend_vm_execute.h:55287
    frame 0000029: 0x000000011618c9a0 xdebug.so`xdebug_execute_ex(execute_data=0x000000011621f030) at xdebug.c:1868
    frame 0000030: 0x000000010efb5b4a libphp73.so`zend_execute(op_array=0x0000000116282200, return_value=0x0000000000000000) at zend_vm_execute.h:60834
    frame 0000031: 0x000000010ef48902 libphp73.so`zend_execute_scripts(type=8, retval=0x0000000000000000, file_count=3) at zend.c:1568
    frame 0000032: 0x000000010ee9a8e4 libphp73.so`php_execute_script(primary_file=0x00007ffee191a300) at main.c:2630
    frame 0000033: 0x000000010f055fbd libphp73.so`php_handler(r=0x00007fd31885e6a0) at sapi_apache2.c:699
    frame 0000034: 0x000000010e2e8787 httpd`ap_run_handler + 51
    frame #35: 0x000000010e2e8d47 httpd`ap_invoke_handler + 246
    frame 0000036: 0x000000010e31e138 httpd`ap_process_async_request + 861
    frame 0000037: 0x000000010e31e1cf httpd`ap_process_request + 20
    frame 0000038: 0x000000010e31ade1 httpd`ap_process_http_connection + 302
    frame 0000039: 0x000000010e2f8e6d httpd`ap_run_process_connection + 51
    frame 0000040: 0x000000010e32587e httpd`child_main + 1084
    frame 0000041: 0x000000010e32532d httpd`make_child + 404
    frame 0000042: 0x000000010e325386 httpd`startup_children + 89
    frame 0000043: 0x000000010e324567 httpd`prefork_run + 286
    frame 0000044: 0x000000010e2fb1f7 httpd`ap_run_mpm + 64
    frame 0000045: 0x000000010e2efb9c httpd`main + 2108
    frame 0000046: 0x00007fff7ea4d08d libdyld.dylib`start + 1

TagsNo tags attached.
Operating System
PHP Version7.3-dev
Attached Filestgz file icon php73segfault.tgz [^] (44,633 bytes) 2018-11-29 20:56

- Relationships

-  Notes
(0004730)
derick (administrator)
2018-11-30 11:49
edited on: 2018-11-30 11:50

I can reproduce this without Apache, and just running it just like a script and using ZEND_DONT_UNLOAD_MODULES=1 USE_ZEND_ALLOC=0. Valgrind gives me the same (or very similar) trace when running just "ZEND_DONT_UNLOAD_MODULES=1 USE_ZEND_ALLOC=0 php main.php":

derick@singlemalt:/tmp/php73segfault $ valgrind php main.php
==27111== Memcheck, a memory error detector
==27111== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==27111== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==27111== Command: php main.php
==27111== 
==27111== Conditional jump or move depends on uninitialised value(s)
==27111==    at 0x9FE4ED: ZEND_RECV_INIT_SPEC_CONST_HANDLER (zend_vm_execute.h:2229)
==27111==    by 0x9FD487: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:1829)
==27111==    by 0xA62225: execute_ex (zend_vm_execute.h:55510)
==27111==    by 0x86C1555: xdebug_execute_ex (xdebug.c:1868)
==27111==    by 0x9FB06C: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1083)
==27111==    by 0x9FD487: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:1829)
==27111==    by 0xA62225: execute_ex (zend_vm_execute.h:55510)
==27111==    by 0x86C1555: xdebug_execute_ex (xdebug.c:1868)
==27111==    by 0xA0081F: ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (zend_vm_execute.h:3295)
==27111==    by 0x9FD487: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:1829)
==27111==    by 0xA62225: execute_ex (zend_vm_execute.h:55510)
==27111==    by 0x86C1555: xdebug_execute_ex (xdebug.c:1868)
==27111== 
done==27111== 


(0004754)
dwilks (reporter)
2018-12-08 00:24

Just FYI... here's the opcache assertion that I mentioned distilled into a case simpler than this one. https://bugs.php.net/bug.php?id=77266 [^] this fails w/o xdebug.
(0004762)
derick (administrator)
2018-12-11 11:07

This looks the same as 0001592.

- Issue History
Date Modified Username Field Change
2018-11-29 20:56 dwilks New Issue
2018-11-29 20:56 dwilks File Added: php73segfault.tgz
2018-11-30 11:48 derick Summary segfault running script first time in restarted apache => Xdebug segfaults
2018-11-30 11:48 derick Additional Information Updated View Revisions
2018-11-30 11:49 derick Note Added: 0004730
2018-11-30 11:49 derick Assigned To => derick
2018-11-30 11:49 derick Status new => acknowledged
2018-11-30 11:49 derick Note Edited: 0004730 View Revisions
2018-11-30 11:50 derick Note Edited: 0004730 View Revisions
2018-11-30 11:50 derick Status acknowledged => confirmed
2018-11-30 11:50 derick Priority normal => high
2018-11-30 11:50 derick Category Feature/Change request => Usage problems (Wrong Results)
2018-11-30 11:50 derick OS OS X => *
2018-11-30 11:50 derick OS Version 10.14.1 =>
2018-11-30 11:50 derick Platform Mac => N/A
2018-11-30 11:50 derick Target Version => 2.7.0dev
2018-12-08 00:24 dwilks Note Added: 0004754
2018-12-11 11:07 derick Note Added: 0004762


Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker