View Issue Details

IDProjectCategoryView StatusLast Update
0001643XdebugRemote Debuggingpublic2019-03-21 14:12
ReporterBob AlbrechtAssigned Toderick 
PriorityurgentSeveritycrashReproducibilitysometimes
Status assignedResolutionopen 
Platformphp-fpmOSLinuxOS Version 3.10.0-957.1.3.
Product Version2.7.0RC2 
Target VersionFixed in Version 
Summary0001643: Segfault in ZEND_SEND_VAR_EX_SPEC_CV_QUICK_HANDLER
Descriptionxdebug is crashing php-fpm with a segmentation fault. This only happens with very certain code triggered by an Ajax request. The application is large and we are working on a minimal example to reproduce it. The crash only occurs when xdebug is installed. When zend_extension=xdebug.so is commented out it never occurs. We do have a gdb backtrace for the issue:

GDB Trace
Program received signal SIGSEGV, Segmentation fault.
0x000055ab03141058 in ZEND_SEND_VAR_EX_SPEC_CV_QUICK_HANDLER ()
(gdb) bt
#0 0x000055ab03141058 in ZEND_SEND_VAR_EX_SPEC_CV_QUICK_HANDLER ()
#1 0x000055ab033c9e78 in execute_ex ()
0000002 0x00007f195d21e26d in xdebug_execute_ex () from /opt/remi/php73/root/usr/lib64/php/modules/xdebug.so
0000003 0x000055ab0313dadd in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER ()
0000004 0x000055ab033c9e78 in execute_ex ()
0000005 0x00007f195d21e26d in xdebug_execute_ex () from /opt/remi/php73/root/usr/lib64/php/modules/xdebug.so
0000006 0x000055ab0313dadd in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER ()
0000007 0x000055ab033c9e78 in execute_ex ()
0000008 0x00007f195d21e26d in xdebug_execute_ex () from /opt/remi/php73/root/usr/lib64/php/modules/xdebug.so
0000009 0x000055ab0313dadd in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER ()
0000010 0x000055ab033c9e78 in execute_ex ()
0000011 0x00007f195d21e26d in xdebug_execute_ex () from /opt/remi/php73/root/usr/lib64/php/modules/xdebug.so
0000012 0x000055ab033d05a3 in zend_execute ()
0000013 0x000055ab03341822 in zend_execute_scripts ()
0000014 0x000055ab032e17d0 in php_execute_script ()
0000015 0x000055ab03146afb in main ()
(gdb)
Steps To ReproduceWorking on test program. More to come...
TagsNo tags attached.
Operating SystemCentOS Linux release 7.6.1810
PHP Version7.3.0-7.3.1

Activities

Bob Albrecht

2019-03-08 16:47

reporter   ~0004943

I have some code to reproduce this every time with php 7.3.1.
I suspected that one of our PHP extensions was causing the problem so I disabled all extensions except opcache.so and xdebug.so. If I remove either opcache or xdebug the problem goes away.
This appears to be similar to a bug that was reported as fixed in 2.7.0rc1 (0001583) but this is happening in 7.3.1.

<?php
const DB_PERSIST=false;
class Database {
        public function __destruct() {
                $this->close();
        }
        public function close($arg=DB_PERSIST) {}
}
function noop() {}
$db = new Database();
$db->close();
noop();

Bob Albrecht

2019-03-08 16:49

reporter   ~0004944

PHP 7.3.1 (cli) (built: Jan 8 2019 13:55:51) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.1, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.1, Copyright (c) 1999-2018, by Zend Technologies
    with Xdebug v2.7.0RC2, Copyright (c) 2002-2019, by Derick Rethans

derick

2019-03-08 17:07

administrator   ~0004946

I can't reproduce this:

derick@gargleblaster:~/dev/php/xdebug-xdebug$ cat tests/bug01643.inc
<?php
const DB_PERSIST=false;
class Database {
        public function __destruct() {
                $this->close();
        }
        public function close($arg=DB_PERSIST) {}
}
function noop() {}
$db = new Database();
$db->close();
noop();

derick@gargleblaster:~/dev/php/xdebug-xdebug$ php -v
PHP 7.3.1 (cli) (built: Feb  1 2019 12:25:05) ( NTS DEBUG )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.1, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.1, Copyright (c) 1999-2018, by Zend Technologies
    with Xdebug v2.7.0RC2, Copyright (c) 2002-2019, by Derick Rethans

derick@gargleblaster:~/dev/php/xdebug-xdebug$ php -dxdebug.auto_trace=1 -dxdebug.collect_params=4 tests/bug01643.inc

derick@gargleblaster:~/dev/php/xdebug-xdebug$


Can you show the output of <code>php --ri Xdebug</code> ?

Bob Albrecht

2019-03-08 18:13

reporter   ~0004947

My php-fpm config is stock except that I have disabled all of the extensions other than opcache and xdebug. If opcache is not configured it does not happen. If xdebug is not configured it does not happen

This is reproducible every time:

curl "http://YOURBOXIP/crash3.php"
or locallycurl "http://localhost/crash3.php"
pen.
.
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

Bob Albrecht

2019-03-08 18:15

reporter   ~0004948

php --ri Xdebug

xdebug

xdebug support => enabled
Version => 2.7.0RC2
IDE Key => PHPSTORM

Supported protocols
DBGp - Common DeBuGger Protocol

Directive => Local Value => Master Value
xdebug.auto_trace => Off => Off
xdebug.trace_enable_trigger => Off => Off
xdebug.trace_enable_trigger_value => no value => no value
xdebug.trace_output_dir => /tmp => /tmp
xdebug.trace_output_name => trace.%c => trace.%c
xdebug.trace_format => 0 => 0
xdebug.trace_options => 0 => 0
xdebug.coverage_enable => On => On
xdebug.collect_includes => On => On
xdebug.collect_params => 0 => 0
xdebug.collect_return => Off => Off
xdebug.collect_vars => Off => Off
xdebug.collect_assignments => Off => Off
xdebug.default_enable => On => On
xdebug.extended_info => On => On
xdebug.file_link_format => no value => no value
xdebug.filename_format => no value => no value
xdebug.force_display_errors => Off => Off
xdebug.force_error_reporting => 0 => 0
xdebug.halt_level => 0 => 0
xdebug.max_nesting_level => 256 => 256
xdebug.max_stack_frames => -1 => -1
xdebug.overload_var_dump => 2 => 2
xdebug.show_error_trace => Off => Off
xdebug.show_exception_trace => Off => Off
xdebug.show_local_vars => Off => Off
xdebug.show_mem_delta => Off => Off
xdebug.dump.COOKIE => no value => no value
xdebug.dump.ENV => no value => no value
xdebug.dump.FILES => no value => no value
xdebug.dump.GET => no value => no value
xdebug.dump.POST => no value => no value
xdebug.dump.REQUEST => no value => no value
xdebug.dump.SERVER => no value => no value
xdebug.dump.SESSION => no value => no value
xdebug.dump_globals => On => On
xdebug.dump_once => On => On
xdebug.dump_undefined => Off => Off
xdebug.profiler_enable => Off => Off
xdebug.profiler_output_dir => /tmp => /tmp
xdebug.profiler_output_name => cachegrind.out.%p => cachegrind.out.%p
xdebug.profiler_enable_trigger => Off => Off
xdebug.profiler_enable_trigger_value => no value => no value
xdebug.profiler_append => Off => Off
xdebug.profiler_aggregate => Off => Off
xdebug.remote_enable => On => On
xdebug.remote_handler => dbgp => dbgp
xdebug.remote_host => localhost => localhost
xdebug.remote_mode => req => req
xdebug.remote_port => 9123 => 9123
xdebug.remote_autostart => Off => Off
xdebug.remote_connect_back => On => On
xdebug.remote_log => no value => no value
xdebug.idekey => PHPSTORM => PHPSTORM
xdebug.remote_cookie_expire_time => 3600 => 3600
xdebug.remote_addr_header => no value => no value
xdebug.remote_timeout => 200 => 200
xdebug.var_display_max_children => 128 => 128
xdebug.var_display_max_data => 512 => 512
xdebug.var_display_max_depth => 3 => 3
xdebug.cli_color => 0 => 0
xdebug.scream => Off => Off
xdebug.gc_stats_enable => Off => Off
xdebug.gc_stats_output_dir => /tmp => /tmp
xdebug.gc_stats_output_name => gcstats.%p => gcstats.%p

Bob Albrecht

2019-03-08 20:00

reporter   ~0004949

opcache.optimization_level=0xFFFFFBFF

makes the problem go away
compact literals optimisation needs to be disabled

derick

2019-03-10 16:46

administrator   ~0004952

That's odd, as Xdebug should turn that off *for* you. Can you at the top of your script (right after the <?php) put:
<code>
var_dump(ini_get("opcache.optimization_level"));
</code>
?

Alternatively, upgrade to PHP 7.3.2 which should have this bug in OPcache fixed fixed.

Bob Albrecht

2019-03-12 18:19

reporter   ~0004960

We are using 7.3.2 now
PHP 7.3.2 (cli) (built: Feb 5 2019 13:10:03) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.2, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.2, Copyright (c) 1999-2018, by Zend Technologies
    with Xdebug v2.7.0beta1, Copyright (c) 2002-2018, by Derick Rethans

Bob Albrecht

2019-03-12 18:24

reporter   ~0004961

Going back to my box that has php 7.3.1, and checking the opcache settings:

<pre class='xdebug-var-dump' dir='ltr'>
<small>/var/www/html/crash3.php:2:</small><small>string</small> <font color='#cc0000'>'0xFFFFFFFF'</font> (length=10)


Looks like the ini settings are not changed.
ls /etc/opt/remi/php73/php.d/
10-opcache.ini 15-xdebug.ini 20-mysqlnd.ini opcache-default.blacklist

Maybe the order has something to do with it.

Let me know if you need anything else; if not I am going to recycle the 7.3.1 VM.

derick

2019-03-21 14:12

administrator   ~0004974

Hi - if it all works in PHP 7.3.2, I think we can just consider this closed?

Issue History

Date Modified Username Field Change
2019-03-04 14:45 Bob Albrecht New Issue
2019-03-08 16:47 Bob Albrecht Note Added: 0004943
2019-03-08 16:49 Bob Albrecht Note Added: 0004944
2019-03-08 17:07 derick Assigned To => derick
2019-03-08 17:07 derick Status new => feedback
2019-03-08 17:07 derick Note Added: 0004946
2019-03-08 18:13 Bob Albrecht Note Added: 0004947
2019-03-08 18:13 Bob Albrecht Status feedback => assigned
2019-03-08 18:15 Bob Albrecht Note Added: 0004948
2019-03-08 20:00 Bob Albrecht Note Added: 0004949
2019-03-10 16:46 derick Note Added: 0004952
2019-03-10 17:17 derick Status assigned => feedback
2019-03-12 18:19 Bob Albrecht Note Added: 0004960
2019-03-12 18:19 Bob Albrecht Status feedback => assigned
2019-03-12 18:24 Bob Albrecht Note Added: 0004961
2019-03-21 14:12 derick Note Added: 0004974