0001643: Segfault in ZEND_SEND_VAR_EX_SPEC_CV_QUICK_HANDLER

ID	Project	Category	View Status	Date Submitted	Last Update

0001643	Xdebug	Step Debugging	public	2019-03-04 14:45	2019-12-08 07:36

Reporter	Bob Albrecht	Assigned To	derick
Priority	urgent	Severity	crash	Reproducibility	sometimes
Status	resolved	Resolution	no change required
Platform	php-fpm	OS	Linux	OS Version	3.10.0-957.1.3.
Product Version	2.7.0RC2

Summary	0001643: Segfault in ZEND_SEND_VAR_EX_SPEC_CV_QUICK_HANDLER
Description	xdebug is crashing php-fpm with a segmentation fault. This only happens with very certain code triggered by an Ajax request. The application is large and we are working on a minimal example to reproduce it. The crash only occurs when xdebug is installed. When zend_extension=xdebug.so is commented out it never occurs. We do have a gdb backtrace for the issue: GDB Trace Program received signal SIGSEGV, Segmentation fault. 0x000055ab03141058 in ZEND_SEND_VAR_EX_SPEC_CV_QUICK_HANDLER () (gdb) bt #0 0x000055ab03141058 in ZEND_SEND_VAR_EX_SPEC_CV_QUICK_HANDLER () #1 0x000055ab033c9e78 in execute_ex () 0000002 0x00007f195d21e26d in xdebug_execute_ex () from /opt/remi/php73/root/usr/lib64/php/modules/xdebug.so 0000003 0x000055ab0313dadd in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () 0000004 0x000055ab033c9e78 in execute_ex () 0000005 0x00007f195d21e26d in xdebug_execute_ex () from /opt/remi/php73/root/usr/lib64/php/modules/xdebug.so 0000006 0x000055ab0313dadd in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () 0000007 0x000055ab033c9e78 in execute_ex () 0000008 0x00007f195d21e26d in xdebug_execute_ex () from /opt/remi/php73/root/usr/lib64/php/modules/xdebug.so 0000009 0x000055ab0313dadd in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () 0000010 0x000055ab033c9e78 in execute_ex () 0000011 0x00007f195d21e26d in xdebug_execute_ex () from /opt/remi/php73/root/usr/lib64/php/modules/xdebug.so 0000012 0x000055ab033d05a3 in zend_execute () 0000013 0x000055ab03341822 in zend_execute_scripts () 0000014 0x000055ab032e17d0 in php_execute_script () 0000015 0x000055ab03146afb in main () (gdb)
Steps To Reproduce	Working on test program. More to come...
Tags	No tags attached.

Operating System	CentOS Linux release 7.6.1810
PHP Version	7.3.0-7.3.1

Bob Albrecht 2019-03-08 16:47 reporter ~0004943	I have some code to reproduce this every time with php 7.3.1. I suspected that one of our PHP extensions was causing the problem so I disabled all extensions except opcache.so and xdebug.so. If I remove either opcache or xdebug the problem goes away. This appears to be similar to a bug that was reported as fixed in 2.7.0rc1 (0001583) but this is happening in 7.3.1. <?php const DB_PERSIST=false; class Database { public function __destruct() { $this->close(); } public function close($arg=DB_PERSIST) {} } function noop() {} $db = new Database(); $db->close(); noop();

Bob Albrecht 2019-03-08 16:49 reporter ~0004944	PHP 7.3.1 (cli) (built: Jan 8 2019 13:55:51) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.1, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.3.1, Copyright (c) 1999-2018, by Zend Technologies with Xdebug v2.7.0RC2, Copyright (c) 2002-2019, by Derick Rethans

derick 2019-03-08 17:07 administrator ~0004946	I can't reproduce this: derick@gargleblaster:~/dev/php/xdebug-xdebug$ cat tests/bug01643.inc <?php const DB_PERSIST=false; class Database { public function __destruct() { $this->close(); } public function close($arg=DB_PERSIST) {} } function noop() {} $db = new Database(); $db->close(); noop(); derick@gargleblaster:~/dev/php/xdebug-xdebug$ php -v PHP 7.3.1 (cli) (built: Feb 1 2019 12:25:05) ( NTS DEBUG ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.1, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.3.1, Copyright (c) 1999-2018, by Zend Technologies with Xdebug v2.7.0RC2, Copyright (c) 2002-2019, by Derick Rethans derick@gargleblaster:~/dev/php/xdebug-xdebug$ php -dxdebug.auto_trace=1 -dxdebug.collect_params=4 tests/bug01643.inc derick@gargleblaster:~/dev/php/xdebug-xdebug$ Can you show the output of <code>php --ri Xdebug</code> ?

Bob Albrecht 2019-03-08 18:13 reporter ~0004947	My php-fpm config is stock except that I have disabled all of the extensions other than opcache and xdebug. If opcache is not configured it does not happen. If xdebug is not configured it does not happen This is reproducible every time: curl "http://YOURBOXIP/crash3.php" or locallycurl "http://localhost/crash3.php" pen. . <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.12.2</center> </body> </html>

Bob Albrecht 2019-03-08 18:15 reporter ~0004948	php --ri Xdebug xdebug xdebug support => enabled Version => 2.7.0RC2 IDE Key => PHPSTORM Supported protocols DBGp - Common DeBuGger Protocol Directive => Local Value => Master Value xdebug.auto_trace => Off => Off xdebug.trace_enable_trigger => Off => Off xdebug.trace_enable_trigger_value => no value => no value xdebug.trace_output_dir => /tmp => /tmp xdebug.trace_output_name => trace.%c => trace.%c xdebug.trace_format => 0 => 0 xdebug.trace_options => 0 => 0 xdebug.coverage_enable => On => On xdebug.collect_includes => On => On xdebug.collect_params => 0 => 0 xdebug.collect_return => Off => Off xdebug.collect_vars => Off => Off xdebug.collect_assignments => Off => Off xdebug.default_enable => On => On xdebug.extended_info => On => On xdebug.file_link_format => no value => no value xdebug.filename_format => no value => no value xdebug.force_display_errors => Off => Off xdebug.force_error_reporting => 0 => 0 xdebug.halt_level => 0 => 0 xdebug.max_nesting_level => 256 => 256 xdebug.max_stack_frames => -1 => -1 xdebug.overload_var_dump => 2 => 2 xdebug.show_error_trace => Off => Off xdebug.show_exception_trace => Off => Off xdebug.show_local_vars => Off => Off xdebug.show_mem_delta => Off => Off xdebug.dump.COOKIE => no value => no value xdebug.dump.ENV => no value => no value xdebug.dump.FILES => no value => no value xdebug.dump.GET => no value => no value xdebug.dump.POST => no value => no value xdebug.dump.REQUEST => no value => no value xdebug.dump.SERVER => no value => no value xdebug.dump.SESSION => no value => no value xdebug.dump_globals => On => On xdebug.dump_once => On => On xdebug.dump_undefined => Off => Off xdebug.profiler_enable => Off => Off xdebug.profiler_output_dir => /tmp => /tmp xdebug.profiler_output_name => cachegrind.out.%p => cachegrind.out.%p xdebug.profiler_enable_trigger => Off => Off xdebug.profiler_enable_trigger_value => no value => no value xdebug.profiler_append => Off => Off xdebug.profiler_aggregate => Off => Off xdebug.remote_enable => On => On xdebug.remote_handler => dbgp => dbgp xdebug.remote_host => localhost => localhost xdebug.remote_mode => req => req xdebug.remote_port => 9123 => 9123 xdebug.remote_autostart => Off => Off xdebug.remote_connect_back => On => On xdebug.remote_log => no value => no value xdebug.idekey => PHPSTORM => PHPSTORM xdebug.remote_cookie_expire_time => 3600 => 3600 xdebug.remote_addr_header => no value => no value xdebug.remote_timeout => 200 => 200 xdebug.var_display_max_children => 128 => 128 xdebug.var_display_max_data => 512 => 512 xdebug.var_display_max_depth => 3 => 3 xdebug.cli_color => 0 => 0 xdebug.scream => Off => Off xdebug.gc_stats_enable => Off => Off xdebug.gc_stats_output_dir => /tmp => /tmp xdebug.gc_stats_output_name => gcstats.%p => gcstats.%p

Bob Albrecht 2019-03-08 20:00 reporter ~0004949	opcache.optimization_level=0xFFFFFBFF makes the problem go away compact literals optimisation needs to be disabled

derick 2019-03-10 16:46 administrator ~0004952	That's odd, as Xdebug should turn that off for you. Can you at the top of your script (right after the <?php) put: <code> var_dump(ini_get("opcache.optimization_level")); </code> ? Alternatively, upgrade to PHP 7.3.2 which should have this bug in OPcache fixed fixed.

Bob Albrecht 2019-03-12 18:19 reporter ~0004960	We are using 7.3.2 now PHP 7.3.2 (cli) (built: Feb 5 2019 13:10:03) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.2, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.3.2, Copyright (c) 1999-2018, by Zend Technologies with Xdebug v2.7.0beta1, Copyright (c) 2002-2018, by Derick Rethans

Bob Albrecht 2019-03-12 18:24 reporter ~0004961	Going back to my box that has php 7.3.1, and checking the opcache settings: <pre class='xdebug-var-dump' dir='ltr'> <small>/var/www/html/crash3.php:2:</small><small>string</small> <font color='#cc0000'>'0xFFFFFFFF'</font> (length=10) Looks like the ini settings are not changed. ls /etc/opt/remi/php73/php.d/ 10-opcache.ini 15-xdebug.ini 20-mysqlnd.ini opcache-default.blacklist Maybe the order has something to do with it. Let me know if you need anything else; if not I am going to recycle the 7.3.1 VM.

derick 2019-03-21 14:12 administrator ~0004974	Hi - if it all works in PHP 7.3.2, I think we can just consider this closed?

derick 2019-12-08 07:36 administrator ~0005201	This seems fixed since PHP 7.3.2 and an earlier version of Xdebug. I'm closing this because I believe this is addressed, and the requested feedback wasn't provided.

Date Modified	Username	Field	Change
2019-03-04 14:45	Bob Albrecht	New Issue
2019-03-08 16:47	Bob Albrecht	Note Added: 0004943
2019-03-08 16:49	Bob Albrecht	Note Added: 0004944
2019-03-08 17:07	derick	Assigned To	=> derick
2019-03-08 17:07	derick	Status	new => feedback
2019-03-08 17:07	derick	Note Added: 0004946
2019-03-08 18:13	Bob Albrecht	Note Added: 0004947
2019-03-08 18:13	Bob Albrecht	Status	feedback => assigned
2019-03-08 18:15	Bob Albrecht	Note Added: 0004948
2019-03-08 20:00	Bob Albrecht	Note Added: 0004949
2019-03-10 16:46	derick	Note Added: 0004952
2019-03-10 17:17	derick	Status	assigned => feedback
2019-03-12 18:19	Bob Albrecht	Note Added: 0004960
2019-03-12 18:19	Bob Albrecht	Status	feedback => assigned
2019-03-12 18:24	Bob Albrecht	Note Added: 0004961
2019-03-21 14:12	derick	Note Added: 0004974
2019-12-08 07:36	derick	Status	assigned => resolved
2019-12-08 07:36	derick	Resolution	open => no change required
2019-12-08 07:36	derick	Note Added: 0005201
2020-03-12 16:33	derick	Category	Remote Debugging => Step Debugging

View Issue Details

Activities

Issue History