View Issue Details

IDProjectCategoryView StatusLast Update
0002090XdebugUncategorizedpublic2022-05-11 13:27
ReporterNiNjA Assigned Toderick  
PrioritynormalSeveritycrashReproducibilityalways
Status closedResolutionfixed 
Product Version3.1.4 
Fixed in Version3.1dev 
Summary0002090: Segfault in __callStatic() after FFI initialization
Description

When I run the attached index.php script from command line or through nginx + php-fpm (and the debugger is attached to PhpStorm) the php process crashes.
This is the command I run and the output I get:

% PHP_IDE_CONFIG=serverName=test XDEBUG_SESSION=1 php index.php
works1 called
works2 called
Hello world!
zsh: segmentation fault (core dumped) PHP_IDE_CONFIG=serverName=test XDEBUG_SESSION=1 php index.php

I expected to get this output without any segfault:
works1 called
works2 called
Hello world!
breaks called

I'm not 100% sure that this is an xdebug issue, however, it works just fine if I disable xdebug. It looks like that after FFI has been initialized, xdebug crashes when __callStatic() is about to be executed. I'm not that familiar with C and gdb, so I have not investigated this much further, but please let me know if you need any additional information. Note that this fails on both PHP 8.1.4 and 8.1.5, but I couldn't select 8.1.5 from the list.

Steps To Reproduce
  1. Ensure an xdebug configuration is up and running
  2. Enable FFI extension
  3. Run the script either through php-fpm or cli
  4. Ensure the debugger attaches to the host process (e.g. PhpStorm)
  5. Make the script run to end
  6. Segfault should occur before the Test::breaks() line
Tagsffi
Operating SystemArch Linux
PHP Version8.1.0-8.1.4

Activities

NiNjA

2022-05-10 20:26

reporter   ~0006292

Added attachments:

  • index.php (test script)
  • systemd-coredump output
systemd-coredump.txt (9,282 bytes)   

systemd-coredump[16072]: [🡕] Process 16068 (php) of user 1000 dumped core.
                                              
                                              Module linux-vdso.so.1 with build-id c44838b6f952044acc4a4965fe03ad60a34a6683
                                              Module gmp.so with build-id 0635853bcedb022e870005ea8600c2bb6018ad0e
                                              Module librt.so.1 with build-id 4761858b348db8303e872e515aa8d56c046c921c
                                              Module apcu.so with build-id da235253166952fc9f7c731bd8e81bd9a1331ca8
                                              Module libnetsnmp.so.40 with build-id fa84b95f8a7bb2371fe4e762b9027a8567d26e6a
                                              Module snmp.so with build-id bd34ed3a96a2e92309133181b4223f6112389a05
                                              Module libsqlite3.so.0 with build-id a72506b3923739d1974e02062460a2720d4b3958
                                              Module sqlite3.so with build-id 43e3ac02b5bf5601992c6ff08be2a53749b03176
                                              Module libsasl2.so.3 with build-id 0c10b132405d1c16805173607ae5496c9bc84ba7
                                              Module liblber.so.2 with build-id f844e98bbeb08a0655a119a71dc0cf46b4dd8c33
                                              Module libldap.so.2 with build-id b3a54862b8bb55c77d244efaa7667141e6cac003
                                              Module libpq.so.5 with build-id 6d2bc0877d34c61f9cc526c1cb456872a45a706c
                                              Module pdo_pgsql.so with build-id 8c49dc28d42f7df3c84889d378acd3f3cff3da8b
                                              Module ffi.so with build-id c15cd11206070920239f3d7edfc99c8f8470d2c9
                                              Module libdl.so.2 with build-id bb9bd2657bfba9f60bd34d2050cc63a7eb024bc4
                                              Module libffi.so.8 with build-id f0a9586cf0f42d2b9971bd1065ca3a6b19f4a2c2
                                              Module libgmp.so.10 with build-id e58d34ab389d1b649c24195c2d145e3ff2e58290
                                              Module libhogweed.so.6 with build-id 2d70cff7b1841b4d9ca4e8e7726cd4b944c07fdc
                                              Module libtasn1.so.6 with build-id ee3429ca5e94718aea4fe5249fc859e0cd88e4e9
                                              Module libbrotlienc.so.1 with build-id 74adbc62e4fbb5da9d37b5aa458471f4130862ff
                                              Module libp11-kit.so.0 with build-id cc372ea3c28c4d3dfc633b4d2e933c8584d2af16
                                              Module libnettle.so.8 with build-id 9a878e513c02007598fcf1e2e286c2203f13536e
                                              Module libgnutls.so.30 with build-id 4532a39b33d508fcd26367e04c94de51cea59a64
                                              Module libbz2.so.1.0 with build-id 919597c477c9b2cb9cdbb7745ed6494ac0e6da60
                                              Module libzip.so.5 with build-id 68e333db519fa50980d49c7b5747320e87196bd1
                                              Module zip.so with build-id 9683d2a775fda26801d304e3843435001fbf4e7c
                                              Module libbrotlicommon.so.1 with build-id acfd597a977c8087bb6184383daae2e828a9ce42
                                              Module libresolv.so.2 with build-id 46ffdf3d477a170314060c26927470d7399bc900
                                              Module libkeyutils.so.1 with build-id ac405ddd17be10ce538da3211415ee50c8f8df79
                                              Module libkrb5support.so.0 with build-id 36db7c21bc57a9b934ad2d3463782db9fef4af07
                                              Module libcom_err.so.2 with build-id 358b783c9b3d12ba8248519ea2e7f3da4c4e0297
                                              Module libk5crypto.so.3 with build-id f1c113fea46023cdf62c7e51cb643c45831abdd5
                                              Module libkrb5.so.3 with build-id 9350783c946d77aec8ee8fd9c6bc12f4f7b72be9
                                              Module libunistring.so.2 with build-id 617dbf3d3d6f85d6556a7a036e23845e95490158
                                              Module libbrotlidec.so.1 with build-id 66c54e9301f7e102ecc1d88547e5f0e8a056fe22
                                              Module libzstd.so.1 with build-id 3bccb8fe08e48d5ea135b1d0f99de0d771dd752f
                                              Module libgssapi_krb5.so.2 with build-id 1813217c8baf82a1078772eed0d868310cd59f8b
                                              Module libpsl.so.5 with build-id 0229a201aaf5652186c9fdc192ebe52baf19d7f1
                                              Module libssh2.so.1 with build-id a4adfe44cc7ebd295b3b783361acc3dcfcea1d50
                                              Module libidn2.so.0 with build-id 1ce2b50ad9f9821c2c629b521cf5a3c99593d332
                                              Module libnghttp2.so.14 with build-id f2738fead8e6593084b4fb8756f460aa8cf5535a
                                              Module libcurl.so.4 with build-id 7e29b0677f65e934f18c62877d6558b2d4896e61
                                              Module curl.so with build-id 4fb11aa2e1d36487d04d94b1ba014d56485d0f8f
                                              Module xdebug.so with build-id 06d58445be551ad73b2a130e4c7804ac694efa12
                                              Module libgcc_s.so.1 with build-id 5d817452a709ca3a213341555ddcf446ecee37fa
                                              Module libstdc++.so.6 with build-id 88ad4eff81a00c684abfe0f863e87434123d8943
                                              Module libicudata.so.71 with build-id 4fef196388e678deb881978139e125e20ee2d94d
                                              Module libpthread.so.0 with build-id 7fa8b52fae071a370ba4ca32bf9490a30aff31c4
                                              Module liblzma.so.5 with build-id 28b40c7af8098a66af6ee093b6986b91cad7694d
                                              Module libicuuc.so.71 with build-id 633fdc0c5385d916571f6140e7a978ad0630ef55
                                              Module ld-linux-x86-64.so.2 with build-id c09c6f50f6bcec73c64a0b4be77eadb8f7202410
                                              Module libncursesw.so.6 with build-id b9917757481e6fa6097e2a1f31f5bb5eaf138c4e
                                              Module libc.so.6 with build-id 85766e9d8458b16e9c7ce6e07c712c02b8471dbc
                                              Module libargon2.so.1 with build-id 209069241761746b12e41c40816e348303146bc6
                                              Module libonig.so.5 with build-id ac54b198c6fe653cb301edb17d50bc2b882fdd81
                                              Module libz.so.1 with build-id fefe3219a96d682ec98fcfb78866b8594298b5a2
                                              Module libpcre2-8.so.0 with build-id a0306c1eb7393936ed0fb7328c8bb117726c2adc
                                              Module libcrypto.so.1.1 with build-id d54a7ee1e288aeae436d073277ff986e03994b15
                                              Module libssl.so.1.1 with build-id 25a55106cb13dec5d495c34ca1caf2c2f3114f11
                                              Module libxml2.so.2 with build-id 6b0ec2acdbc8f1a2255cc5e3e1258472cd99e272
                                              Module libm.so.6 with build-id 596b63a006a4386dcab30912d2b54a7a61827b07
                                              Module libreadline.so.8 with build-id 03c124180216a8077784ca035346856bd16060b9
                                              Module php with build-id b7a88a00960822a1b185529fc611b19e8e019c8c
                                              Stack trace of thread 16068:
                                              #0  0x00007fd97349514a xdebug_lib_register_compiled_variables (xdebug.so + 0x1b14a)
                                              #1  0x00007fd97348f77d n/a (xdebug.so + 0x1577d)
                                              #2  0x0000560b408c58b0 n/a (php + 0x4c58b0)
                                              #3  0x0000560b4090c2e8 execute_ex (php + 0x50c2e8)
                                              #4  0x00007fd97348f4c4 n/a (xdebug.so + 0x154c4)
                                              #5  0x0000560b4090fc3c n/a (php + 0x50fc3c)
                                              #6  0x0000560b4089a6ad zend_execute_scripts (php + 0x49a6ad)
                                              #7  0x0000560b408316eb php_execute_script (php + 0x4316eb)
                                              #8  0x0000560b4097ff28 n/a (php + 0x57ff28)
                                              #9  0x0000560b40642e04 n/a (php + 0x242e04)
                                              #10 0x00007fd9756f6310 __libc_start_call_main (libc.so.6 + 0x2d310)
                                              #11 0x00007fd9756f63c1 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2d3c1)
                                              #12 0x0000560b40643f95 _start (php + 0x243f95)
                                              ELF object binary architecture: AMD x86-64
systemd-coredump.txt (9,282 bytes)   
index.php (289 bytes)   
<?php
declare(strict_types=1);

class Test
{
	public static function __callStatic($name, $args)
	{
		echo "$name called\n";
	}
}

Test::works1();
Test::works2();

$ffi = FFI::cdef('int printf(const char *format, ...);', 'libc.so.6');
$ffi->printf("Hello %s!\n", "world");

Test::breaks();
index.php (289 bytes)   

derick

2022-05-11 09:02

administrator   ~0006295

Hi,

This does look like something dubious going on in ext/FFI, but there is a harmless workaround (an extra guard) to at least hide this problem within Xdebug, for which I have made a pull request:
https://github.com/xdebug/xdebug/pull/837

Once CI is happy, I'll merge it.

Thanks for your detailed report.

cheers,
Derick

Issue History

Date Modified Username Field Change
2022-05-10 20:24 NiNjA New Issue
2022-05-10 20:24 NiNjA Tag Attached: ffi
2022-05-10 20:26 NiNjA Note Added: 0006292
2022-05-10 20:26 NiNjA File Added: systemd-coredump.txt
2022-05-10 20:26 NiNjA File Added: index.php
2022-05-11 09:02 derick Assigned To => derick
2022-05-11 09:02 derick Status new => assigned
2022-05-11 09:02 derick Note Added: 0006295
2022-05-11 13:26 derick Status assigned => closed
2022-05-11 13:26 derick Resolution open => fixed
2022-05-11 13:26 derick Fixed in Version => 3.2dev
2022-05-11 13:27 derick Fixed in Version 3.2dev => 3.1dev