0002292: Apache2 mod_php exit signal Segmentation fault (11) with Xdebug enabled

ID	Project	Category	View Status	Date Submitted	Last Update

0002292	Xdebug	Uncategorized	public	2024-10-04 20:33	2025-06-27 00:16

Reporter	GaryAllan	Assigned To	derick
Priority	normal	Severity	crash	Reproducibility	always
Status	resolved	Resolution	unable to reproduce
Product Version	3.3.2

Summary	0002292: Apache2 mod_php exit signal Segmentation fault (11) with Xdebug enabled
Description	Hello, I'm a developer on the phpIPAM project and have encountered a bug using xdebug to test and develop the code. I am experiencing Segmentation faults with the Xdebug module enabled. I'm aware you would prefer a minimal php script to reproduce but the process to reproduce is complex. The code spawns a number of threads to ping the subnet, sends the data to the main process via IPC and then iterates over the results using NET/DNS2 to resolve DNS names of discovered hosts. Is there a way of obtaining additional debugging info from this Apache2 environment?
Steps To Reproduce	Install phpIPAM on Debian 12 AMD64, Apache 2 mod_php. Install php8.3 project dependencies from deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ bookworm mai Enable Xdebug Use the web application to scan a subnet. Scan will fail to complete. FireFox developer tools will report that the XHR request for subnet-scan-execute.php fails with error NS_ERROR_NET_RESET and /var/log/apache2/error.log will contain the line "child pid 101462 exit signal Segmentation fault (11)" Disabling the xdebug module results in the scan succeeding with no "exit signal Segmentation fault (11)"" errors logged. The crash is 100% reproducible. I've stepped through the code in VSCode using Xdebug. It segfaults with 100% repeatability as NET/DNS2 throws a Net_DNS2_Exception error. This is not caught by a wrapping try catch block. The code behaves as expected with Xdebug 3.3.2 disabled on this system (php 8.3.12) The code behaves as expected on another VM running PHP 7.2.24 and Xdebug 3.1.6 enabled. The code crashes under php8.3.12 with Xdebug 3.3.2 enabled.
Additional Information	php83:/var/log/apache2# php -v PHP 8.3.12 (cli) (built: Sep 27 2024 04:03:53) (NTS) Copyright (c) The PHP Group Zend Engine v4.3.12, Copyright (c) Zend Technologies with Zend OPcache v8.3.12, Copyright (c), by Zend Technologies with Xdebug v3.3.2, Copyright (c) 2002-2024, by Derick Rethans root@php83:/var/log/apache2# cat error.log \| grep Seg [Fri Oct 04 20:48:49.293844 2024] [core:notice] [pid 101457:tid 101457] AH00052: child pid 101462 exit signal Segmentation fault (11) [Fri Oct 04 20:49:05.322734 2024] [core:notice] [pid 101457:tid 101457] AH00052: child pid 101461 exit signal Segmentation fault (11) oot@php83:/var/log/apache2# dpkg -l \| grep php ii libapache2-mod-php8.3 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 server-side, HTML-embedded scripting language (Apache 2 module) ii php-common 2:95+0~20240927.54+debian12~1.gbpe0084c all Common files for PHP packages ii php-composer-ca-bundle 1.3.5-1 all utility library to find a path to the system CA bundle ii php-composer-class-map-generator 1.0.0-2+deb12u1 all Utilities to scan PHP code and generate class maps ii php-composer-metadata-minifier 1.0.0-2 all Small utility library that handles metadata minification and expansion ii php-composer-pcre 3.1.0-1+deb12u1 all PCRE wrapping library that offers type-safe preg_* replacements ii php-composer-semver 3.3.2-1 all utilities, version constraint parsing and validation ii php-composer-spdx-licenses 1.5.7-1 all SPDX licenses list and validation library ii php-composer-xdebug-handler 3.0.3-2+deb12u1 all Restarts a process without Xdebug ii php-curl 2:8.3+95+0~20240927.54+debian12~1.gbpe0084c all CURL module for PHP [default] ii php-gd 2:8.3+95+0~20240927.54+debian12~1.gbpe0084c all GD module for PHP [default] ii php-gmp 2:8.3+95+0~20240927.54+debian12~1.gbpe0084c all GMP module for PHP [default] ii php-intl 2:8.3+95+0~20240927.54+debian12~1.gbpe0084c all Internationalisation module for PHP [default] ii php-json-schema 5.2.12-2 all implementation of JSON schema ii php-ldap 2:8.3+95+0~20240927.54+debian12~1.gbpe0084c all LDAP module for PHP [default] ii php-mbstring 2:8.3+95+0~20240927.54+debian12~1.gbpe0084c all MBSTRING module for PHP [default] ii php-mysql 2:8.3+95+0~20240927.54+debian12~1.gbpe0084c all MySQL module for PHP [default] ii php-pear 1:1.10.13+submodules+notgz+2022032202-2+0~20230612.39+debian12~1.gbpfd4c1d all PEAR Base System ii php-psr-container 1.1.2-1 all Common Container Interface (PHP FIG PSR-11) ii php-psr-log 1.1.4-2 all common interface for logging libraries ii php-react-promise 2.9.0-3 all lightweight implementation of CommonJS Promises/A for PHP ii php-seld-signal-handler 2.0.1-2 all simple cross-platform1 signal handler ii php-snmp 2:8.3+95+0~20240927.54+debian12~1.gbpe0084c all SNMP module for PHP [default] ii php-symfony-console 5.4.23+dfsg-1+deb12u2 all run tasks from the command line ii php-symfony-deprecation-contracts 2.5.2-1+deb12u1 all A generic function and convention to trigger deprecation notices ii php-symfony-filesystem 5.4.23+dfsg-1+deb12u2 all basic filesystem utilities ii php-symfony-finder 5.4.23+dfsg-1+deb12u2 all find files and directories ii php-symfony-process 5.4.23+dfsg-1+deb12u2 all execute commands in sub-processes ii php-symfony-service-contracts 2.5.2-1+deb12u1 all Generic abstractions related to writing services ii php-symfony-string 5.4.23+dfsg-1+deb12u2 all object-oriented API to work with strings ii php-xdebug 3.3.2-1+0~20240420.60+debian12~1.gbp3869a8 amd64 Xdebug Module for PHP ii php-xhprof 2.3.10-1+0~20240714.25+debian12~1.gbp5f4d7a amd64 Hierarchical Profiler for PHP 5.x ii php-xml 2:8.3+95+0~20240927.54+debian12~1.gbpe0084c all DOM, SimpleXML, WDDX, XML, and XSL module for PHP [default] ii php8.3 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c all server-side, HTML-embedded scripting language (metapackage) ii php8.3-cli 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 command-line interpreter for the PHP scripting language ii php8.3-common 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 documentation, examples and common module for PHP ii php8.3-curl 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 CURL module for PHP ii php8.3-gd 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 GD module for PHP ii php8.3-gmp 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 GMP module for PHP ii php8.3-intl 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 Internationalisation module for PHP ii php8.3-ldap 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 LDAP module for PHP ii php8.3-mbstring 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 MBSTRING module for PHP ii php8.3-mysql 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 MySQL module for PHP ii php8.3-opcache 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 Zend OpCache module for PHP ii php8.3-readline 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 readline module for PHP ii php8.3-snmp 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 SNMP module for PHP ii php8.3-xdebug 3.3.2-1+0~20240420.60+debian12~1.gbp3869a8 amd64 Xdebug Module for PHP ii php8.3-xhprof 2.3.10-1+0~20240714.25+debian12~1.gbp5f4d7a amd64 Hierarchical Profiler for PHP 5.x ii php8.3-xml 8.3.12-1+0~20240927.43+debian12~1.gbpad3b8c amd64 DOM, SimpleXML, XML, and XSL module for PHP root@php83:/var/log/apache2# cat /etc/php/8.3/apache2/conf.d/20-xdebug.ini zend_extension=xdebug.so xdebug.mode=develop,debug xdebug.start_with_request=yes xdebug.client_host=<Build PC> xdebug.client_port=9000 xdebug.max_nesting_level=250 The code works as expected on another VM running php7.2.24 and Xdebug 3.1.6 root@php72 ~]# php -v PHP 7.2.24 (cli) (built: Oct 22 2019 08:28:36) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.2.24, Copyright (c) 1999-2018, by Zend Technologies with Xdebug v3.1.6, Copyright (c) 2002-2022, by Derick Rethans
Tags	3.3.2, php8.3

Operating System	Debian 12, AMD64
PHP Version	8.3.10-8.3.19

GaryAllan 2024-10-04 22:28 reporter ~0007055	I've attached gdb output (gdb) c Continuing. [Detaching after vfork from child process 127171] Program received signal SIGSEGV, Segmentation fault. 0x00007c86fcc8f680 in _emalloc () from target:/usr/lib/apache2/modules/libphp8.3.so (gdb) bt 15 #0 0x00007c86fcc8f680 in _emalloc () from target:/usr/lib/apache2/modules/libphp8.3.so #1 0x00007c86fcccb3a2 in zend_hash_str_update () from target:/usr/lib/apache2/modules/libphp8.3.so 0000002 0x00007c86fccbec13 in add_assoc_null_ex () from target:/usr/lib/apache2/modules/libphp8.3.so 0000003 0x00007c86fd4ec5bc in zval_from_stack_add_frame_variables (opa=0x7c86fc693500, symbols=<optimized out>, edata=0x7c86fc618840, frame=0x7c86fc695050) at ./build-8.3/src/develop/stack.c:436 0000004 zval_from_stack_add_frame (output=0x7c86fd50f410 <xdebug_globals+1008>, fse=0x57ec1f8b0940, edata=0x7c86fc618840, add_local_vars=<optimized out>, params_as_values=<optimized out>) at ./build-8.3/src/develop/stack.c:467 0000005 0x00007c86fd4eca2f in zval_from_stack (output=output@entry=0x7c86fd50f410 <xdebug_globals+1008>, add_local_vars=add_local_vars@entry=true, params_as_values=params_as_values@entry=true) at ./build-8.3/src/develop/stack.c:495 0000006 0x00007c86fd4eedf3 in xdebug_develop_throw_exception_hook (exception=exception@entry=0x7c86fc6db300, file=file@entry=0x7c86fc6db358, line=line@entry=0x7c86fc6db368, code=code@entry=0x7c86fc6db348, code_str=code_str@entry=0x57ec1fc68fb0 "3", message=message@entry=0x7c86fc6db328) at ./build-8.3/src/develop/stack.c:1252 0000007 0x00007c86fd4c6087 in xdebug_throw_exception_hook (exception=0x7c86fc6db300) at ./build-8.3/src/base/base.c:1543 0000008 xdebug_throw_exception_hook (exception=0x7c86fc6db300) at ./build-8.3/src/base/base.c:1495 0000009 0x00007c86fcad924d in zend_throw_exception_internal () from target:/usr/lib/apache2/modules/libphp8.3.so 0000010 0x00007c86fcad06f3 in ?? () from target:/usr/lib/apache2/modules/libphp8.3.so 0000011 0x00007c86fcd27423 in execute_ex () from target:/usr/lib/apache2/modules/libphp8.3.so 0000012 0x00007c86fcad7175 in ?? () from target:/usr/lib/apache2/modules/libphp8.3.so 0000013 0x00007c86fcad8043 in ?? () from target:/usr/lib/apache2/modules/libphp8.3.so 0000014 0x00007c86fcad7175 in ?? () from target:/usr/lib/apache2/modules/libphp8.3.so

GaryAllan 2024-10-05 11:36 reporter ~0007056	Additional information attached. I've discovered that the first request after restarting Apache does not crash but all subsequent identical requests do. This lead me to look at OPcache. OPcache module enabled, xdebug module disabled = no crash OPcache module disabled, xdebug module enabled = no crash OPcache module enabled, xdebug module enabled = no crash on 1st run, crash on 2nd+ run OPcache module enabled, xdebug module enabled, USE_ZEND_ALLOC=0 = no crash I'm no longer sure if this a Xdebug, OPcache or PHP Zend Alloc issue. Valgrind trace collected with: USE_ZEND_ALLOC=1 ZEND_DONT_UNLOAD_MODULES=1 APACHE_RUN_USER=www-data APACHE_RUN_GROUP=www-data APACHE_PID_FILE=/var/run/apache2/apache2.pid APACHE_RUN_DIR=/var/run/apache2 APACHE_LOCK_DIR=/var/lock/apache2 APACHE_LOG_DIR=/var/log/apache2 valgrind --leak-check=full --show-reachable=yes --tool=memcheck --error-limit=no --log-file=val.log /usr/sbin/apache2 -DFOREGROUND gdb-bt-full.txt (14,379 bytes) (gdb) continue Continuing. [Detaching after vfork from child process 200682] Program received signal SIGSEGV, Segmentation fault. zend_mm_alloc_small (bin_num=4, heap=0x71731c800040) at ./Zend/zend_alloc.c:1312 1312 ./Zend/zend_alloc.c: No such file or directory. (gdb) bt full #0 zend_mm_alloc_small (bin_num=4, heap=0x71731c800040) at ./Zend/zend_alloc.c:1312 p = 0x71731c953a #1 zend_mm_alloc_heap (size=<optimized out>, heap=0x71731c800040) at ./Zend/zend_alloc.c:1383 ptr = 0x71731c953a ptr = <optimized out> #2 _emalloc (size=<optimized out>) at ./Zend/zend_alloc.c:2613 No locals. #3 0x000071731cdae3a2 in zend_string_alloc (persistent=<optimized out>, len=13) at ./Zend/zend_string.h:174 ret = <optimized out> ret = <optimized out> #4 zend_string_init (persistent=<optimized out>, len=13, str=0x41597f60 "to_scan_hosts") at ./Zend/zend_string.h:196 ret = <optimized out> ret = <optimized out> #5 _zend_hash_str_add_or_update_i (flag=1, pData=0x7ffd884efb20, h=15214260961822239740, len=13, str=0x41597f60 "to_scan_hosts", ht=0x71731c957ea8) at ./Zend/zend_hash.c:953 key = <optimized out> nIndex = <optimized out> idx = <optimized out> p = 0x71731c972ea0 key = <optimized out> nIndex = <optimized out> idx = <optimized out> p = <optimized out> add_to_hash = <optimized out> data = <optimized out> _z1 = <optimized out> --Type <RET> for more, q to quit, c to continue without paging--c _z2 = <optimized out> _gc = <optimized out> _t = <optimized out> _z1 = <optimized out> _z2 = <optimized out> _gc = <optimized out> _t = <optimized out> #6 zend_hash_str_update (ht=ht@entry=0x71731c957ea8, str=str@entry=0x41597f60 "to_scan_hosts", len=len@entry=13, pData=pData@entry=0x7ffd884efb20) at ./Zend/zend_hash.c:1030 h = 15214260961822239740 #7 0x000071731cda1c13 in zend_symtable_str_update (pData=0x7ffd884efb20, len=13, str=0x41597f60 "to_scan_hosts", ht=0x71731c957ea8) at ./Zend/zend_hash.h:576 idx = 7 idx = <optimized out> #8 add_assoc_null_ex (arg=arg@entry=0x7ffd884efba0, key=0x41597f60 "to_scan_hosts", key_len=13) at ./Zend/zend_API.c:1819 tmp = {value = {lval = 140726890331040, dval = 6.9528321958635551e-310, counted = 0x7ffd884efba0, str = 0x7ffd884efba0, arr = 0x7ffd884efba0, obj = 0x7ffd884efba0, res = 0x7ffd884efba0, ref = 0x7ffd884efba0, ast = 0x7ffd884efba0, zv = 0x7ffd884efba0, ptr = 0x7ffd884efba0, ce = 0x7ffd884efba0, func = 0x7ffd884efba0, ww = {w1 = 2286877600, w2 = 32765}}, u1 = {type_info = 1, v = {type = 1 '\001', type_flags = 0 '\000', u = { extra = 0}}}, u2 = {next = 29043, cache_slot = 29043, opline_num = 29043, lineno = 29043, num_args = 29043, fe_pos = 29043, fe_iter_idx = 29043, guard = 29043, constant_flags = 29043, extra = 29043}} #9 0x000071731d5cf5bc in zval_from_stack_add_frame_variables (opa=0x71731c893500, symbols=<optimized out>, edata=0x71731c818840, frame=0x71731c895050) at ./build-8.3/src/develop/stack.c:436 symbol_name = 0x5779b999ce90 symbol = {value = {lval = 1102805128, dval = 5.4485812780235856e-315, counted = 0x41bb7888, str = 0x41bb7888, arr = 0x41bb7888, obj = 0x41bb7888, res = 0x41bb7888, ref = 0x41bb7888, ast = 0x41bb7888, zv = 0x41bb7888, ptr = 0x41bb7888, ce = 0x41bb7888, func = 0x41bb7888, ww = {w1 = 1102805128, w2 = 0}}, u1 = {type_info = 0, v = {type = 0 '\000', type_flags = 0 '\000', u = {extra = 0}}}, u2 = {next = 0, cache_slot = 0, opline_num = 0, lineno = 0, num_args = 0, fe_pos = 0, fe_iter_idx = 0, guard = 0, constant_flags = 0, extra = 0}} j = 7 variables = {value = {lval = 124739214737064, dval = 6.1629360690797464e-310, counted = 0x71731c957ea8, str = 0x71731c957ea8, arr = 0x71731c957ea8, obj = 0x71731c957ea8, res = 0x71731c957ea8, ref = 0x71731c957ea8, ast = 0x71731c957ea8, zv = 0x71731c957ea8, ptr = 0x71731c957ea8, ce = 0x71731c957ea8, func = 0x71731c957ea8, ww = {w1 = 479559336, w2 = 29043}}, u1 = {type_info = 775, v = {type = 7 '\a', type_flags = 3 '\003', u = { extra = 0}}}, u2 = {next = 29043, cache_slot = 29043, opline_num = 29043, lineno = 29043, num_args = 29043, fe_pos = 29043, fe_iter_idx = 29043, guard = 29043, constant_flags = 29043, extra = 29043}} #10 zval_from_stack_add_frame (output=0x71731d5f2410 <xdebug_globals+1008>, fse=0x5779b95e0530, edata=0x71731c818840, add_local_vars=<optimized out>, params_as_values=<optimized out>) at ./build-8.3/src/develop/stack.c:467 frame = <optimized out> #11 0x000071731d5cfa2f in zval_from_stack (output=output@entry=0x71731d5f2410 <xdebug_globals+1008>, add_local_vars=add_local_vars@entry=true, params_as_values=params_as_values@entry=true) at ./build-8.3/src/develop/stack.c:495 fse = 0x5779b95e0530 next_fse = 0x5779b95e0620 i = 1 #12 0x000071731d5d1df3 in xdebug_develop_throw_exception_hook (exception=exception@entry=0x71731c8db300, file=file@entry=0x71731c8db358, line=line@entry=0x71731c8db368, code=code@entry=0x71731c8db348, code_str=code_str@entry=0x5779b9999460 "3", message=message@entry=0x71731c8db328) at ./build-8.3/src/develop/stack.c:1252 exception_ce = 0x41f2bec8 exception_trace = <optimized out> tmp_str = {l = 4019, a = 5222, d = 0x5779b999d830 "<tr><th align='left' bgcolor='#f57900' colspan=\"5\"><span style='background-color: #cc0000; color: #fce94f; font-size: x-large;'>( ! )</span> Net_DNS2_Exception: DNS request failed: The domain name ref"...} z_previous_exception = <optimized out> z_last_exception_slot = <optimized out> z_previous_trace = <optimized out> previous_exception_obj = <optimized out> dummy = {value = {lval = 1106427592, dval = 5.4664786281805523e-315, counted = 0x41f2bec8, str = 0x41f2bec8, arr = 0x41f2bec8, obj = 0x41f2bec8, res = 0x41f2bec8, ref = 0x41f2bec8, ast = 0x41f2bec8, zv = 0x41f2bec8, ptr = 0x41f2bec8, ce = 0x41f2bec8, func = 0x41f2bec8, ww = {w1 = 1106427592, w2 = 0}}, u1 = {type_info = 479048448, v = {type = 0 '\000', type_flags = 179 '\263', u = {extra = 7309}}}, u2 = {next = 29043, cache_slot = 29043, opline_num = 29043, lineno = 29043, num_args = 29043, fe_pos = 29043, fe_iter_idx = 29043, guard = 29043, constant_flags = 29043, extra = 29043}} #13 0x000071731d5a9087 in xdebug_throw_exception_hook (exception=0x71731c8db300) at ./build-8.3/src/base/base.c:1543 code = 0x71731c8db348 message = 0x71731c8db328 file = 0x71731c8db358 line = 0x71731c8db368 exception_ce = <optimized out> code_str = 0x5779b9999460 "3" dummy = {value = {lval = 124739213437088, dval = 6.1629360048523982e-310, counted = 0x71731c81a8a0, str = 0x71731c81a8a0, arr = 0x71731c81a8a0, obj = 0x71731c81a8a0, res = 0x71731c81a8a0, ref = 0x71731c81a8a0, ast = 0x71731c81a8a0, zv = 0x71731c81a8a0, ptr = 0x71731c81a8a0, ce = 0x71731c81a8a0, func = 0x71731c81a8a0, ww = {w1 = 478259360, w2 = 29043}}, u1 = {type_info = 502854521, v = {type = 121 'y', type_flags = 243 '\363', u = {extra = 7672}}}, u2 = {next = 29043, cache_slot = 29043, opline_num = 29043, lineno = 29043, num_args = 29043, fe_pos = 29043, fe_iter_idx = 29043, guard = 29043, constant_flags = 29043, extra = 29043}} #14 xdebug_throw_exception_hook (exception=0x71731c8db300) at ./build-8.3/src/base/base.c:1495 code = <optimized out> message = <optimized out> file = <optimized out> line = <optimized out> exception_ce = <optimized out> code_str = <optimized out> dummy = <optimized out> #15 0x000071731cbbc24d in zend_throw_exception_internal (exception=0x71731c8db300) at ./Zend/zend_exceptions.c:219 No locals. #16 0x000071731cbb36f3 in ZEND_THROW_SPEC_TMPVAR_HANDLER () at ./Zend/zend_vm_execute.h:14697 value = 0x71731c81aaf0 #17 0x000071731ce0a423 in execute_ex (ex=0x14e388) at ./Zend/zend_vm_execute.h:58713 vm_stack_data = {orig_opline = 0x41eee570, orig_execute_data = 0x71731c81a010, hybrid_jit_red_zone = "\240\250\201\034sq\000\000\333\365\343\034sq\000"} #18 0x000071731cbba175 in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at ./Zend/zend_vm_execute.h:2052 call = 0x71731c81a8a0 fbc = <optimized out> ret = <optimized out> #19 0x000071731cbbb043 in execute_ex (ex=0x14e388) at ./Zend/zend_vm_execute.h:57256 vm_stack_data = {orig_opline = 0x41dc8488, orig_execute_data = 0x71731c819a60, hybrid_jit_red_zone = "\020\240\201\034sq\000\000\333\365\343\034sq\000"} #20 0x000071731cbba175 in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at ./Zend/zend_vm_execute.h:2052 call = 0x71731c81a010 fbc = <optimized out> ret = <optimized out> #21 0x000071731cbbb043 in execute_ex (ex=0x14e388) at ./Zend/zend_vm_execute.h:57256 vm_stack_data = {orig_opline = 0x41dc69b8, orig_execute_data = 0x71731c819760, hybrid_jit_red_zone = "`\232\201\034sq\000\000\333\365\343\034sq\000"} #22 0x000071731cbba175 in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at ./Zend/zend_vm_execute.h:2052 call = 0x71731c819a60 fbc = <optimized out> ret = <optimized out> #23 0x000071731cbbb043 in execute_ex (ex=0x14e388) at ./Zend/zend_vm_execute.h:57256 vm_stack_data = {orig_opline = 0x41efbe50, orig_execute_data = 0x71731c818840, hybrid_jit_red_zone = "`\227\201\034sq\000\000\333\365\343\034sq\000"} #24 0x000071731cbba175 in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at ./Zend/zend_vm_execute.h:2052 call = 0x71731c819760 fbc = <optimized out> ret = <optimized out> #25 0x000071731cbbb043 in execute_ex (ex=0x14e388) at ./Zend/zend_vm_execute.h:57256 vm_stack_data = {orig_opline = 0x41ba1b58, orig_execute_data = 0x71731c818020, hybrid_jit_red_zone = "\000\000\000\000\000\000\000\000\333\365\343\034sq\000"} #26 0x000071731cde13cc in ZEND_INCLUDE_OR_EVAL_SPEC_OBSERVER_HANDLER () at ./Zend/zend_vm_execute.h:5125 return_value = <optimized out> call = 0x71731c818840 new_op_array = 0x71731c893500 inc_filename = <optimized out> #27 0x000071731ce09e3a in execute_ex (ex=0x14e388) at ./Zend/zend_vm_execute.h:57332 vm_stack_data = {orig_opline = 0x1, orig_execute_data = 0x7ffd884f2790, hybrid_jit_red_zone = "\000\000\000\000\000\000\000\000\333\365\343\034sq\000"} #28 0x000071731ce13235 in zend_execute (op_array=0x71731c893000, return_value=0x0) at ./Zend/zend_vm_execute.h:61604 execute_data = 0x71731c818020 object_or_called_scope = <optimized out> call_info = <optimized out> #29 0x000071731cd9eeb8 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at ./Zend/zend.c:1893 files = {{gp_offset = 40, fp_offset = 2004317999, overflow_arg_area = 0x7ffd884f0460, reg_save_area = 0x7ffd884f03f0}} i = 1106133584 file_handle = 0x71731c81a8a0 op_array = 0x71731c893000 ret = SUCCESS #30 0x000071731cd3366e in php_execute_script (primary_file=primary_file@entry=0x7ffd884f2790) at ./main/main.c:2528 realfile = '\000' <repeats 920 times>... __orig_bailout = <optimized out> __bailout = {{__jmpbuf = {140726890342288, -5620640057367569252, 124739185016992, 0, 124739185016992, 5000000, -5620640056253981540, -5989135916667609956}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 16 times>}}}} prepend_file_p = <optimized out> append_file_p = <optimized out> prepend_file = {handle = {fp = 0x0, stream = {handle = 0x0, isatty = 0, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x71731c802310, opened_path = 0x0, type = 0 '\000', primary_script = false, in_list = false, buf = 0x0, len = 0} append_file = {handle = {fp = 0x0, stream = {handle = 0x0, isatty = 0, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x0, opened_path = 0x0, type = 0 '\000', primary_script = false, in_list = false, buf = 0x0, len = 0} old_cwd = <optimized out> use_heap = false retval = false #31 0x000071731ce8b898 in php_handler (r=<optimized out>) at ./sapi/apache2handler/sapi_apache2.c:721 zfd = {handle = {fp = 0x0, stream = {handle = 0x0, isatty = 0, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x71731c897300, opened_path = 0x0, type = 0 '\000', primary_script = true, in_list = false, buf = 0x0, len = 0} __orig_bailout = 0x0 __bailout = {{__jmpbuf = {124739185016992, 5621733941223382172, 124739185016992, 0, 124739185016992, 5000000, -5620640057369666404, -5989135585935598436}, __mask_was_saved = 0, __saved_mask = {__val = {17167697038640570368, 171798691840, 12884901888, 18446744073709551615, 18446744073709551615, 124739185024624, 140726890342756, 18446744073709551615, 18446744073709551615, 18446744073709551615, 18446744073709551615, 0, 0, 3, 124739185024689, 0}}}} ctx = 0x7173160fbe10 conf = <optimized out> brigade = 0x7173160fcc48 bucket = <optimized out> rv = <optimized out> parent_req = 0x0 #32 0x00005779b8ebdf00 in ap_run_handler () No symbol table info available. #33 0x00005779b8ebe4e6 in ap_invoke_handler () No symbol table info available. #34 0x00005779b8ed6dd7 in ap_process_async_request () No symbol table info available. #35 0x00005779b8ed6fdf in ap_process_request () No symbol table info available. #36 0x00005779b8ed2fe4 in ?? () No symbol table info available. #37 0x00005779b8ec7d50 in ap_run_process_connection () No symbol table info available. #38 0x000071731dd66ca4 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so No symbol table info available. #39 0x000071731dd67027 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so No symbol table info available. #40 0x000071731dd67089 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so No symbol table info available. #41 0x000071731dd677b3 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so No symbol table info available. #42 0x00005779b8e9e6e0 in ap_run_mpm () No symbol table info available. #43 0x00005779b8e961c2 in main () No symbol table info available. (gdb) gdb-bt-full.txt (14,379 bytes) valgrind.txt.gz (955,041 bytes)

derick 2024-10-13 16:47 administrator ~0007075	I think the culprit in the valgrind output is: `==197826== Use of uninitialised value of size 8 ==197826== at 0x6184B6C: call_end_observers (zend_observer.c:274) ==197826== by 0x6184B6C: zend_observer_fcall_end (zend_observer.c:283) ==197826== by 0x64A9C0F: ??? ==197826== by 0x614EFFF: execute_ex (zend_vm_execute.h:57578) ==197826== by 0x64A9BDF: ??? ==197826== by 0x55CBA69: xdebug_execute_user_code_begin (base.c:793) ==197826== by 0x55CC107: xdebug_execute_begin (base.c:1042) ==197826== by 0x55CC107: xdebug_execute_begin (base.c:1034)` Which I am going to guess is caused by https://github.com/php/php-src/commit/e715dd0afb1babc122efd4142c95623a12e14cfd, which should be fixed in the PHP releases going to be released on Thursday (the 17th of October).

GaryAllan 2024-11-07 18:55 reporter ~0007079	Issue is still present on php8.3.13 when Opcache and Xdebug modules are both enabled. root@php83:~# php -v PHP 8.3.13 (cli) (built: Nov 4 2024 23:34:58) (NTS) Copyright (c) The PHP Group Zend Engine v4.3.13, Copyright (c) Zend Technologies with Zend OPcache v8.3.13, Copyright (c), by Zend Technologies with Xdebug v3.3.2, Copyright (c) 2002-2024, by Derick Rethans root@php83:~# cat /var/log/apache2/error.log [Thu Nov 07 18:50:53.206379 2024] [core:notice] [pid 33472:tid 33472] AH00052: child pid 33478 exit signal Segmentation fault (11) [Thu Nov 07 18:51:00.216094 2024] [core:notice] [pid 33472:tid 33472] AH00052: child pid 33473 exit signal Segmentation fault (11)

derick 2024-11-27 15:50 administrator ~0007086	There are quite a lot of steps in the "Steps to Reproduce" section. Could you perhaps provide a Docker file that has all these steps, and hence shows this crash?

GaryAllan 2024-11-27 21:52 reporter ~0007105	I can still trigger this with 8.3.14 Now i know it needs opcache and xdebug to be enabled I'll work on a cut down test case. If not I'll add instructions on how to recreate with https://hub.docker.com/r/phpipam/phpipam-www root@php83:~# php -v PHP 8.3.14 (cli) (built: Nov 25 2024 18:23:27) (NTS) Copyright (c) The PHP Group Zend Engine v4.3.14, Copyright (c) Zend Technologies with Zend OPcache v8.3.14, Copyright (c), by Zend Technologies with Xdebug v3.3.2, Copyright (c) 2002-2024, by Derick Rethans root@php83:~# cat /var/log/apache2/error.log [Wed Nov 27 21:45:39.406217 2024] [core:notice] [pid 24904:tid 24904] AH00052: child pid 24912 exit signal Segmentation fault (11) [Wed Nov 27 21:45:43.413304 2024] [core:notice] [pid 24904:tid 24904] AH00052: child pid 24914 exit signal Segmentation fault (11)

derick 2024-11-28 13:21 administrator ~0007109	Thanks for checking in. I'll leave this as "Feedback Requested" for now.

derick 2025-04-08 12:52 administrator ~0007237	Did you find time to look at this?

derick 2025-04-24 16:31 administrator ~0007254	Could you please provide the requested feedback?

derick 2025-06-27 00:16 administrator ~0007324	I can't find enough information to reproduce this, and no requested information has been submitted. I'm therefore closing this out. If you can reproduce this with the latest (3.3.4) version, and can provide enough information for me to reproduce this, please open a new ticket.

Date Modified	Username	Field	Change
2024-10-04 20:33	GaryAllan	New Issue
2024-10-04 20:33	GaryAllan	Tag Attached: 3.3.2
2024-10-04 20:33	GaryAllan	Tag Attached: php8.3
2024-10-04 22:28	GaryAllan	Note Added: 0007055
2024-10-05 11:36	GaryAllan	Note Added: 0007056
2024-10-05 11:36	GaryAllan	File Added: gdb-bt-full.txt
2024-10-05 11:36	GaryAllan	File Added: valgrind.txt.gz
2024-10-13 16:47	derick	Note Added: 0007075
2024-10-13 16:47	derick	Assigned To	=> derick
2024-10-13 16:47	derick	Status	new => feedback
2024-11-07 18:55	GaryAllan	Note Added: 0007079
2024-11-07 18:55	GaryAllan	Status	feedback => assigned
2024-11-27 15:50	derick	Status	assigned => feedback
2024-11-27 15:50	derick	Note Added: 0007086
2024-11-27 21:52	GaryAllan	Note Added: 0007105
2024-11-27 21:52	GaryAllan	Status	feedback => assigned
2024-11-28 13:21	derick	Status	assigned => feedback
2024-11-28 13:21	derick	Note Added: 0007109
2025-04-08 12:52	derick	Note Added: 0007237
2025-04-24 16:31	derick	Note Added: 0007254
2025-06-27 00:16	derick	Status	feedback => resolved
2025-06-27 00:16	derick	Resolution	open => unable to reproduce
2025-06-27 00:16	derick	Note Added: 0007324

View Issue Details

Activities

Issue History