PHP Segmentation fault debugging

readme.md

Build a PHP debug image

Add --enable-debug and remove --strip-all.

https://github.com/enumag/php/commit/8533c9e2851a07c3bd1bfdd8ad31d9386afafe1c

I also downgraded PHP version to 8.1.2

https://github.com/enumag/php/commit/9dfecbbc70659f742ed18ae96ce48391d397f776

This was in order to have an easily reproducible segfault.

php/php-src#8083

Then just build the image. In my case I used:

docker build --pull --no-cache 8.1/bullseye/cli --tag enumag/php-debug:8.1.2

Run a script and get core dump

docker run enumag/php-debug:8.1.2 sh -c "apt update && apt -y install gdb && echo '<?php function func(){ static \$i; } var_dump(func(...));' > test.php && gdb --return-child-result php -ex 'set pagination off' -ex 'run test.php' -ex backtrace -ex detach -ex quit"

This gave me a core dump:

Starting program: /usr/local/bin/php test.php
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x0000558c8dc223a8 in zend_closure_get_debug_info (object=0x7f7db9c6f300, is_temp=0x7ffddf7efd5c) at /usr/src/php/Zend/zend_closures.c:564
564     /usr/src/php/Zend/zend_closures.c: No such file or directory.
#0  0x0000558c8dc223a8 in zend_closure_get_debug_info (object=0x7f7db9c6f300, is_temp=0x7ffddf7efd5c) at /usr/src/php/Zend/zend_closures.c:564
#1  0x0000558c8dc3fbb3 in zend_std_get_properties_for (obj=0x7f7db9c6f300, purpose=ZEND_PROP_PURPOSE_DEBUG) at /usr/src/php/Zend/zend_object_handlers.c:1880
#2  0x0000558c8dc3fc9c in zend_get_properties_for (obj=0x7f7db9c150e0, purpose=ZEND_PROP_PURPOSE_DEBUG) at /usr/src/php/Zend/zend_object_handlers.c:1909
#3  0x0000558c8d9ef83d in php_var_dump (struc=0x7f7db9c150e0, level=1) at /usr/src/php/ext/standard/var.c:163
#4  0x0000558c8d9efd8a in zif_var_dump (execute_data=0x7f7db9c15090, return_value=0x7ffddf7eff30) at /usr/src/php/ext/standard/var.c:228
#5  0x0000558c8db8ed1b in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER () at /usr/src/php/Zend/zend_vm_execute.h:1235
#6  0x0000558c8dc057a1 in execute_ex (ex=0x7f7db9c15020) at /usr/src/php/Zend/zend_vm_execute.h:55310
#7  0x0000558c8dc0a0ad in zend_execute (op_array=0x7f7db9c5f280, return_value=0x0) at /usr/src/php/Zend/zend_vm_execute.h:59673
#8  0x0000558c8db5246a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php/Zend/zend.c:1761
#9  0x0000558c8daa82f8 in php_execute_script (primary_file=0x7ffddf7f2730) at /usr/src/php/main/main.c:2535
#10 0x0000558c8dcc88b4 in do_cli (argc=2, argv=0x558c8f140af0) at /usr/src/php/sapi/cli/php_cli.c:965
#11 0x0000558c8dcc9a93 in main (argc=2, argv=0x558c8f140af0) at /usr/src/php/sapi/cli/php_cli.c:1367
Detaching from program: /usr/local/bin/php, process 447
[Inferior 1 (process 447) detached]

Related PRs:

• docker-library/php#1280
• docker-library/php#1287

With these it's possible to build a debug image like this:

docker build --pull --no-cache 8.0/buster/fpm --build-arg DEBUG=1 --tag enumag/php-debug:8.0-fpm-buster
docker push enumag/php-debug:8.0-fpm-buster

Note to self: Send another PR to install gdb in the base image when the new DEBUG argument is on.

To have core dumps saved into /tmp do the following:

apt-get update
apt-get install procps
sysctl -w kernel.core_pattern=/tmp/core-%e.%p.%h.%t

The sysctl called seems to require docker run --privileged to work. It will change the /proc/sys/kernel/core_pattern file.

https://ma.ttias.be/generate-php-core-dumps-segfaults-php-fpm/

https://wiki.debian.org/HowToGetABacktrace#Automatically_loading_debugging_symbol_from_the_Internet
https://aurelien-riv.github.io/php/2019/12/07/which-function-php-executing.html

https://coder-question.com/cq-blog/174906