View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002046 | Xdebug | Tracing | public | 2021-11-22 10:30 | 2021-12-01 15:39 |
| Reporter | eater | Assigned To | derick | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | x86_64 | OS | Void Linux | ||
| Product Version | 3.1.1 | ||||
| Fixed in Version | 3.1.2 | ||||
| Summary | 0002046: Segault on xdebug_get_function_stack inside a Fiber | ||||
| Description | When I call xdebug_get_function_stack inside a Fiber I expect to see the function stack originating from the Fiber entry point instead php segfaults instantly | ||||
| Steps To Reproduce | Run the following on PHP 8.1.0RC6 with xdebug 3.1.1 <?php var_dump(xdebug_get_function_stack()); $f->start(); | ||||
| Additional Information | From preliminary inspection it looks like xdebug tries to retrieve the file of the Fiber (see https://github.com/xdebug/xdebug/blob/3.1.1/src/develop/stack.c#L1069 ) but the closure has no file associated with it as can been seen in PHP's backtrace, thus segfaulting on copying it relevant valgrind/gdb excerpts (full logs in attachments) valgrind: gdb: | ||||
| Tags | No tags attached. | ||||
| Attached Files | valgrind.log (3,556 bytes)
==7983== Memcheck, a memory error detector
==7983== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==7983== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==7983== Command: php -d xdebug.mode=develop ./test.php
==7983==
/home/eater/test.php:3:
array(1) {
[0] =>
array(4) {
'function' =>
string(6) "{main}"
'file' =>
string(20) "/home/eater/test.php"
'line' =>
int(0)
'params' =>
array(0) {
}
}
}
==7983== Warning: client switching stacks? SP change: 0x1ffeffbfe0 --> 0x6e47fc0
==7983== to suppress, use: --max-stackframe=137306521632 or greater
/home/eater/test.php:5:
array(2) {
[0] =>
array(2) {
'function' =>
string(9) "{closure}"
'args' =>
array(0) {
}
}
[1] =>
array(7) {
'file' =>
string(20) "/home/eater/test.php"
'line' =>
int(9)
'function' =>
string(5) "start"
'class' =>
string(5) "Fiber"
'object' =>
class Fiber#1 (0) {
}
'type' =>
string(2) "->"
'args' =>
array(0) {
}
}
}
==7983== Invalid read of size 1
==7983== at 0x60FDA75: zend_string_copy (zend_string.h:191)
==7983== by 0x60FDA75: zif_xdebug_get_function_stack (stack.c:1069)
==7983== by 0x60D991C: xdebug_execute_internal (base.c:897)
==7983== by 0x5D1B1B: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1872)
==7983== by 0x5D1B1B: execute_ex (zend_vm_execute.h:54541)
==7983== by 0x60D9081: xdebug_execute_ex (base.c:779)
==7983== by 0x55A7CF: zend_call_function (zend_execute_API.c:896)
==7983== by 0x5FD132: zend_fiber_execute (zend_fibers.c:475)
==7983== by 0x5FDE66: zend_fiber_trampoline (zend_fibers.c:287)
==7983== Address 0x4 is not stack'd, malloc'd or (recently) free'd
==7983==
==7983==
==7983== Process terminating with default action of signal 11 (SIGSEGV)
==7983== Access not within mapped region at address 0x4
==7983== at 0x60FDA75: zend_string_copy (zend_string.h:191)
==7983== by 0x60FDA75: zif_xdebug_get_function_stack (stack.c:1069)
==7983== by 0x60D991C: xdebug_execute_internal (base.c:897)
==7983== by 0x5D1B1B: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1872)
==7983== by 0x5D1B1B: execute_ex (zend_vm_execute.h:54541)
==7983== by 0x60D9081: xdebug_execute_ex (base.c:779)
==7983== by 0x55A7CF: zend_call_function (zend_execute_API.c:896)
==7983== by 0x5FD132: zend_fiber_execute (zend_fibers.c:475)
==7983== by 0x5FDE66: zend_fiber_trampoline (zend_fibers.c:287)
==7983== If you believe this happened as a result of a stack
==7983== overflow in your program's main thread (unlikely but
==7983== possible), you can try to increase the size of the
==7983== main thread stack using the --main-stacksize= flag.
==7983== The main thread stack size used in this run was 8388608.
==7983==
==7983== HEAP SUMMARY:
==7983== in use at exit: 3,045,394 bytes in 23,119 blocks
==7983== total heap usage: 25,596 allocs, 2,477 frees, 4,089,403 bytes allocated
==7983==
==7983== LEAK SUMMARY:
==7983== definitely lost: 28,280 bytes in 884 blocks
==7983== indirectly lost: 1,065 bytes in 2 blocks
==7983== possibly lost: 2,133,914 bytes in 17,183 blocks
==7983== still reachable: 882,135 bytes in 5,050 blocks
==7983== suppressed: 0 bytes in 0 blocks
==7983== Rerun with --leak-check=full to see details of leaked memory
==7983==
==7983== For lists of detected and suppressed errors, rerun with: -s
==7983== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
gdb.log (4,209 bytes)
Starting program: /usr/bin/php -d xdebug.mode=develop ./test.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib64/libthread_db.so.1".
/home/eater/test.php:3:
array(1) {
[0] =>
array(4) {
'function' =>
string(6) "{main}"
'file' =>
string(20) "/home/eater/test.php"
'line' =>
int(0)
'params' =>
array(0) {
}
}
}
Program received signal SIGSEGV, Segmentation fault.
zif_xdebug_get_function_stack (execute_data=<optimized out>, return_value=0x5555568acc20) at /builddir/xdebug-3.1.1/src/develop/stack.c:1069
1069 /builddir/xdebug-3.1.1/src/develop/stack.c: No such file or directory.
(gdb) bt all
No symbol "all" in current context.
(gdb) bt full
#0 zif_xdebug_get_function_stack (execute_data=<optimized out>, return_value=0x5555568acc20) at /builddir/xdebug-3.1.1/src/develop/stack.c:1069
sent_variables = <optimized out>
fse = 0x5555568ab150
i = 0
j = <optimized out>
frame = 0x5555568b1c80
params = <optimized out>
variadic_opened = 0
#1 0x00007ffff6ade91d in xdebug_execute_internal (current_execute_data=0x5555568acca0, return_value=0x5555568acc20) at /builddir/xdebug-3.1.1/src/base/base.c:897
edata = <optimized out>
fse = 0x5555568ab2f0
function_nr = 6
function_call_traced = <optimized out>
restore_error_handler_situation = 0
tmp_error_cb = 0x0
#2 0x00005555558c9b1c in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /builddir/php-8.1.0RC6/Zend/zend_vm_execute.h:1872
retval = <optimized out>
call = 0x5555568acca0
fbc = 0x55555687df30
ret = <optimized out>
call = <optimized out>
fbc = <optimized out>
ret = <optimized out>
retval = <optimized out>
#3 execute_ex (ex=0x5555568b1768) at /builddir/php-8.1.0RC6/Zend/zend_vm_execute.h:54541
vm_stack_data = {orig_opline = 0x7ffff6b20c80 <xdebug_globals>, orig_execute_data = 0x5555568ab220, hybrid_jit_red_zone = '\000' <repeats 15 times>}
#4 0x00007ffff6ade082 in xdebug_execute_ex (execute_data=0x5555568acbd0) at /builddir/xdebug-3.1.1/src/base/base.c:779
op_array = 0x555556717b88
edata = <optimized out>
fse = 0x5555568acbd0
function_nr = 5
code_coverage_function_name = 0x0
code_coverage_filename = 0x0
code_coverage_init = 0
#5 0x00005555558527d0 in zend_call_function (fci=fci@entry=0x5555568b1e18, fci_cache=fci_cache@entry=0x5555568b1e58) at /builddir/php-8.1.0RC6/Zend/zend_execute_API.c:896
orig_jit_trace_num = 0
i = <optimized out>
call = 0x5555568acbd0
fci_cache_local = {function_handler = 0x770000007b, calling_scope = 0x7c00000072, called_scope = 0x0, object = 0x3ff}
func = 0x555556717b88
call_info = <optimized out>
object_or_called_scope = <optimized out>
orig_fake_scope = 0x0
#6 0x00005555558f5133 in zend_fiber_execute (transfer=0x7ffff62eefb0) at /builddir/php-8.1.0RC6/Zend/zend_fibers.c:475
stack = <optimized out>
__orig_bailout = 0x0
__bailout = {{__jmpbuf = {93825012538800, -6372625461540119318, 0, 0, 0, 0, -6372625461573673750, -947262616570127126}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 16 times>}}}}
fiber = 0x5555568b1d70
error_reporting = 22527
#7 0x00005555558f5e67 in zend_fiber_trampoline (data=...) at /builddir/php-8.1.0RC6/Zend/zend_fibers.c:287
transfer = {context = 0x5555568749a0, value = {value = {lval = 0, dval = 0, counted = 0x0, str = 0x0, arr = 0x0, obj = 0x0, res = 0x0, ref = 0x0, ast = 0x0, zv = 0x0, ptr = 0x0, ce = 0x0, func = 0x0, ww = {w1 = 0, w2 = 0}}, u1 = {type_info = 1, v = {type = 1 '\001', type_flags = 0 '\000', u = {extra = 0}}},
u2 = {next = 0, cache_slot = 0, opline_num = 0, lineno = 0, num_args = 0, fe_pos = 0, fe_iter_idx = 0, property_guard = 0, constant_flags = 0, extra = 0}}, flags = 0 '\000'}
from = <optimized out>
context = 0x5555568b1db0
#8 0x00005555557f876f in make_fcontext () at make_x86_64_sysv_elf_gas.S:71
No locals.
#9 0x0000000000000000 in ?? ()
No symbol table info available.
| ||||
| Operating System | |||||
| PHP Version | 8.1.0-8.1.4 | ||||
|
|
I can indeed reproduce this with Xdebug 3.1.1, but not with the latest code in the xdebug_3_1 branch. I think this is a duplicated of 0002036. If you can try the latest xdebug_3_1 (or master) branch from GitHub to verify, that'd be great. The fix for 0002036 will be in Xdebug 3.1.2, which I am intending to release this week. |
|
|
Indeed works for me on master! thanks :) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-11-22 10:30 | eater | New Issue | |
| 2021-11-22 10:30 | eater | File Added: valgrind.log | |
| 2021-11-22 10:30 | eater | File Added: gdb.log | |
| 2021-11-22 11:00 | derick | Assigned To | => derick |
| 2021-11-22 11:00 | derick | Status | new => feedback |
| 2021-11-22 11:00 | derick | Note Added: 0006160 | |
| 2021-11-22 11:15 | eater | Note Added: 0006161 | |
| 2021-11-22 11:15 | eater | Status | feedback => assigned |
| 2021-11-24 10:19 | derick | Status | assigned => closed |
| 2021-11-24 10:19 | derick | Resolution | open => fixed |
| 2021-11-24 10:19 | derick | Fixed in Version | => 3.1dev |
| 2021-11-24 10:19 | derick | Relationship added | duplicate of 0002036 |
| 2021-12-01 15:39 | derick | Fixed in Version | 3.1dev => 3.1.2 |
