sw_zend_call_function_ex segfault on 4.5.4

[ajurgensen]

Please answer these questions before submitting your issue. Thanks!

1. What did you do? If possible, provide a simple script for reproducing the error.

Quite a complex application, using HTTP Server with many nested coroutines, loads of table use and yielding.

2. What did you expect to see?

no segfaults :)

3. What did you see instead?

Thread 7 "php" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f45f5efe700 (LWP 1815)] 0x000055e9438cae1d in execute_ex () (gdb) bt

0 0x000055e9438cae1d in execute_ex ()

1 0x000055e943836023 in zend_call_function ()

2 0x00007f45ff30d2a5 in sw_zend_call_function_ex (retval=0x7f45f5efd840, params=0x7f45f5efd890, param_count=, fci_cache=0x7f45fe6cc160, function_name=0x0)

at /tmp/swoole-4.5.4/php_swoole.h:1004

3 0x00007f45ff30d2a5 in php_swoole_server_dispatch_func(swoole::Server, swConnection, swSendData*) (serv=0x55e944192eb0, conn=, data=)

at /tmp/swoole-4.5.4/swoole_server.cc:1878

4 0x00007f45ff2a0160 in swoole::Server::schedule_worker(int, swoole::SendData*) (data=0x7f45f5efd960, fd=245, this=0x55e944192eb0)

at /tmp/swoole-4.5.4/include/swoole_server.h:1136

5 0x00007f45ff2a0160 in swFactoryProcess_dispatch(swoole::Factory, swoole::SendData) (factory=, task=0x7f45f5efd960)

at /tmp/swoole-4.5.4/src/server/process.cc:204

6 0x00007f45ff2a415e in swoole::Server::dispatch_task(swoole::Protocol, swoole::network::Socket, char const*, unsigned int) (proto=proto@entry=0x55e944193790, _socket=_socket@entry=0x55e944782ef0, data=0x7f45dc1751d0 "GET /extt/2/4567/susie51@mclaughlin.net/7843d795103dba358f300fe08397c24a?pid=1 HTTP/1.0\r\nHost: webserver\r\nScheme: http\r\nSERVER_PORT: 81\r\nREMOTE_ADDR: 172.21.0.7\r\nX-Forwarded-For: 172.21.0.7\r\nX-hash-ha"..., length=369) at /tmp/swoole-4.5.4/src/server/reactor_thread.cc:1033

7 0x00007f45ff29d152 in swoole::Port_onRead_http(swoole::Reactor, swoole::ListenPort, swoole::Event*) (reactor=0x7f45dc014d00, port=0x55e944193610, event=0x7f45f5efdb40) at /tmp/swoole-4.5.4/src/server/port.cc:495

8 0x00007f45ff2a4e1e in ReactorThread_onRead(swoole::Reactor, swoole::Event) (reactor=0x7f45dc014d00, event=0x7f45f5efdb40)

at /tmp/swoole-4.5.4/src/server/reactor_thread.cc:607

9 0x00007f45ff290a1b in swReactorEpoll_wait(swoole::Reactor, timeval) (reactor=0x7f45dc014d00, timeo=) at /tmp/swoole-4.5.4/src/reactor/epoll.cc:229

10 0x00007f45ff2aaa9e in swoole_event_wait() () at /tmp/swoole-4.5.4/src/wrapper/event.cc:77

11 0x00007f45ff2a3d53 in ReactorThread_loop(swoole::Server*, int) (serv=0x55e944192eb0, reactor_id=) at /tmp/swoole-4.5.4/src/server/reactor_thread.cc:958

12 0x00007f46148ab6df in () at /usr/lib/x86_64-linux-gnu/libstdc++.so.6

13 0x00007f4616d056db in start_thread (arg=0x7f45f5efe700) at pthread_create.c:463

14 0x00007f461703ea3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

4. What version of Swoole are you using (show your php --ri swoole)? swoole

Swoole => enabled Author => Swoole Team team@swoole.com Version => 4.5.4 Built => Sep 22 2020 14:21:50 coroutine => enabled epoll => enabled eventfd => enabled signalfd => enabled cpu_affinity => enabled spinlock => enabled rwlock => enabled openssl => OpenSSL 1.1.1g 21 Apr 2020 pcre => enabled zlib => 1.2.11 mutex_timedlock => enabled pthread_barrier => enabled futex => enabled mysqlnd => enabled async_redis => enabled

Directive => Local Value => Master Value swoole.enable_coroutine => On => On swoole.enable_library => On => On swoole.enable_preemptive_scheduler => Off => Off swoole.display_errors => On => On swoole.use_shortname => On => On swoole.unixsock_buffer_size => 8388608 => 8388608

5. What is your machine environment used (show your uname -a & php -v & gcc -v) ?

Linux 55392e011f19 4.19.76-linuxkit #1 SMP Tue May 26 11:42:35 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

PHP 7.4.10 (cli) (built: Sep 9 2020 06:36:14) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies with Zend OPcache v7.4.10, Copyright (c), by Zend Technologies

Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper OFFLOAD_TARGET_NAMES=nvptx-none OFFLOAD_TARGET_DEFAULT=1 Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Ubuntu 7.5.0-3ubuntu1~18.04' --with-bugurl=file:///usr/share/doc/gcc-7/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ --prefix=/usr --with-gcc-major-version-only --program-suffix=-7 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)

[matyhtf]

Please provide reproducible PHP code, and use valgrind to analyze memory errors.

USE_ZEND_ALLOC=0 valgrind php your_code.php

[compwright]

I also encountered this issue, and was able to narrow it to this line:

$obj = clone $this;

Refactoring to remove that line fixed the crash.