php 7.3.0 roundcube crash on debian 9

Disable xdebug.

root:/usr/include/php/20180731> gdb /usr/sbin/apache2 /var/lib/systemd/coredump/core.apache2.33.6ecc48c1271d4aff8f8a432527e96d8b.2454.1546069566000000
GNU gdb (Debian 8.2-1) 8.2
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/apache2...Reading symbols from /usr/lib/debug/.build-id/e0/4739643d3019f3e932132adbbb8b972afbede5.debug...done.
done.
[New LWP 2454]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  zend_gc_addref (p=0xffffffff00000006) at ./Zend/zend_types.h:1025
1025		return GC_ADDREF(Z_COUNTED_P(pz));
(gdb) bt
#0  zend_gc_addref (p=0xffffffff00000006) at ./Zend/zend_types.h:1025
#1  zval_addref_p (pz=0x7f31f841d310) at ./Zend/zend_types.h:1025
#2  ZEND_SEND_VAR_EX_SPEC_CV_QUICK_HANDLER () at ./Zend/zend_vm_execute.h:37385
#3  execute_ex (ex=0x42) at ./Zend/zend_vm_execute.h:59314
#4  0x00007f31f9070ed7 in execute_ex (ex=0x42) at ./Zend/zend_vm_execute.h:55510
#5  0x00007f31fa652f03 in xdebug_execute_ex (execute_data=0x7f31f841d2c0) at ./build-7.3/xdebug.c:1868
#6  0x00007f31f8e4b379 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:961
#7  0x00007f31f9070ed7 in execute_ex (ex=0x42) at ./Zend/zend_vm_execute.h:55510
#8  0x00007f31fa652f03 in xdebug_execute_ex (execute_data=0x7f31f841d0a0) at ./build-7.3/xdebug.c:1868
#9  0x00007f31f906aadc in ZEND_INCLUDE_OR_EVAL_SPEC_TMPVAR_HANDLER () at ./Zend/zend_vm_execute.h:12738
#10 0x00007f31f9070ed7 in execute_ex (ex=0x42) at ./Zend/zend_vm_execute.h:55510
#11 0x00007f31fa652f03 in xdebug_execute_ex (execute_data=0x7f31f841d030) at ./build-7.3/xdebug.c:1868
#12 0x00007f31f9077407 in zend_execute (op_array=op_array@entry=0x7f31f847f000, return_value=return_value@entry=0x0) at ./Zend/zend_vm_execute.h:60834
#13 0x00007f31f8ff09b3 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at ./Zend/zend.c:1568
#14 0x00007f31f8f91858 in php_execute_script (primary_file=primary_file@entry=0x7ffeaebdc6a0) at ./main/main.c:2630
#15 0x00007f31f907960a in php_handler (r=<optimized out>) at ./sapi/apache2handler/sapi_apache2.c:699
#16 0x000055e38b0719d0 in ap_run_handler (r=r@entry=0x7f31f70730a0) at config.c:170
#17 0x000055e38b071f66 in ap_invoke_handler (r=r@entry=0x7f31f70730a0) at config.c:444
#18 0x000055e38b08a503 in ap_process_async_request (r=0x7f31f70730a0) at http_request.c:453
#19 0x000055e38b08a66e in ap_process_request (r=r@entry=0x7f31f70730a0) at http_request.c:488
#20 0x000055e38b0867bd in ap_process_http_sync_connection (c=0x7f31fa61d290) at http_core.c:210
#21 ap_process_http_connection (c=0x7f31fa61d290) at http_core.c:251
#22 0x000055e38b07b810 in ap_run_process_connection (c=c@entry=0x7f31fa61d290) at connection.c:42
#23 0x000055e38b07bd70 in ap_process_connection (c=c@entry=0x7f31fa61d290, csd=<optimized out>) at connection.c:219
#24 0x00007f31faa403dc in child_main (child_num_arg=child_num_arg@entry=1, child_bucket=child_bucket@entry=0) at prefork.c:615
#25 0x00007f31faa406e4 in make_child (s=0x7f31faade4a0, slot=slot@entry=1, bucket=0) at prefork.c:716
#26 0x00007f31faa4074f in startup_children (number_to_start=4) at prefork.c:735
#27 0x00007f31faa41313 in prefork_run (_pconf=<optimized out>, plog=0x7f31faadb028, s=0x7f31faade4a0) at prefork.c:901
#28 0x000055e38b05460e in ap_run_mpm (pconf=0x7f31fae59028, plog=0x7f31faadb028, s=0x7f31faade4a0) at mpm_common.c:94
#29 0x000055e38b04cf47 in main (argc=<optimized out>, argv=<optimized out>) at main.c:819

#0  zend_gc_addref (p=0xffffffff00000006) at ./Zend/zend_types.h:1025
No locals.
#1  zval_addref_p (pz=0x7f31f841d310) at ./Zend/zend_types.h:1025
No locals.
#2  ZEND_SEND_VAR_EX_SPEC_CV_QUICK_HANDLER () at ./Zend/zend_vm_execute.h:37385
        _z3 = <optimized out>
        _z3 = 0x7f31f841d310
        varptr = 0x7f31f841d390
        arg = <optimized out>
        arg_num = <optimized out>
        varptr = <optimized out>
        arg = <optimized out>
        arg_num = <optimized out>
        _z3 = <optimized out>
        _z1 = <optimized out>
        _z2 = <optimized out>
        _gc = <optimized out>
        _t = <optimized out>
        ref = <optimized out>
        _z1 = <optimized out>
        _z2 = <optimized out>
        _gc = <optimized out>
        _t = <optimized out>
        _z1 = <optimized out>
        _z2 = <optimized out>
        _gc = <optimized out>
        _t = <optimized out>
#3  execute_ex (ex=0x42) at ./Zend/zend_vm_execute.h:59314
        orig_opline = 0x7f31f8412870
        orig_execute_data = <optimized out>
#4  0x00007f31f9070ed7 in execute_ex (ex=0x42) at ./Zend/zend_vm_execute.h:55510
        orig_opline = 0x7f31f8412870
        orig_execute_data = <optimized out>
#5  0x00007f31fa652f03 in xdebug_execute_ex (execute_data=0x7f31f841d2c0) at ./build-7.3/xdebug.c:1868
        op_array = 0x7f31ec4cd3d8
        edata = <optimized out>
        fse = 0x55e38b418c90
        xfse = <optimized out>
        do_return = 0
        function_nr = 2027
        le = <optimized out>
        code_coverage_func_info = {class = 0x55e38b418c90 "\240\331A\213\343U", function = 0xaef8bc95effe5900 <error: Cannot access memory at address 0xaef8bc95effe5900>, 
          type = -129903936, internal = 32561}
        code_coverage_function_name = 0x0
        code_coverage_file_name = 0x7f31f841d2c0 "\330\323L\354\061\177"
        code_coverage_init = 0
#6  0x00007f31f8e4b379 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:961
        call = 0x7f31f841d2c0
        fbc = 0x7f31f8412870
        object = <optimized out>
        ret = 0x0
        retval = <optimized out>
        retval = <optimized out>
#7  0x00007f31f9070ed7 in execute_ex (ex=0x42) at ./Zend/zend_vm_execute.h:55510
        orig_opline = 0x7f31f847f0e0
        orig_execute_data = <optimized out>
#8  0x00007f31fa652f03 in xdebug_execute_ex (execute_data=0x7f31f841d0a0) at ./build-7.3/xdebug.c:1868
        op_array = 0x7f31ec481908
        edata = <optimized out>
        fse = 0x55e38b2749c0
        xfse = <optimized out>
        do_return = 0
        function_nr = 3
        le = <optimized out>
        code_coverage_func_info = {class = 0x55e38b2749c0 "", function = 0x7f31fa6537d2 <xdebug_execute_internal+594> "H\203k\b\001H\203\304\030[]A\\A]A^A_\303f.\017\037\204", type = -129904000, internal = 32561}
        code_coverage_function_name = 0x0
        code_coverage_file_name = 0x7f31f841d0a0 "\b\031H\354\061\177"
        code_coverage_init = 0
#9  0x00007f31f906aadc in ZEND_INCLUDE_OR_EVAL_SPEC_TMPVAR_HANDLER () at ./Zend/zend_vm_execute.h:12738
        return_value = 0x0
        call = 0x7f31f841d0a0
        new_op_array = 0x7f31f847f0e0
        free_op1 = <optimized out>
        inc_filename = <optimized out>
#10 0x00007f31f9070ed7 in execute_ex (ex=0x42) at ./Zend/zend_vm_execute.h:55510
        orig_opline = 0x7f31f847f000
        orig_execute_data = <optimized out>
#11 0x00007f31fa652f03 in xdebug_execute_ex (execute_data=0x7f31f841d030) at ./build-7.3/xdebug.c:1868
        op_array = 0x7f31ec47a8c0
        edata = <optimized out>
        fse = 0x55e38b1931e0
        xfse = <optimized out>
        do_return = 0
        function_nr = 0
        le = <optimized out>
        code_coverage_func_info = {class = 0x7f31f8400040 "", function = 0x1 <error: Cannot access memory at address 0x1>, type = 0, internal = 0}
        code_coverage_function_name = 0x0
        code_coverage_file_name = 0x7f31f841d030 "\300\250G\354\061\177"
        code_coverage_init = 0
#12 0x00007f31f9077407 in zend_execute (op_array=op_array@entry=0x7f31f847f000, return_value=return_value@entry=0x0) at ./Zend/zend_vm_execute.h:60834
        execute_data = 0x7f31f841d030
#13 0x00007f31f8ff09b3 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at ./Zend/zend.c:1568
        files = {{gp_offset = 40, fp_offset = 2002988901, overflow_arg_area = 0x7ffeaebda350, reg_save_area = 0x7ffeaebda2e0}}
        i = 1
        file_handle = 0x7ffeaebdc6a0
        op_array = 0x7f31f847f000
#14 0x00007f31f8f91858 in php_execute_script (primary_file=primary_file@entry=0x7ffeaebdc6a0) at ./main/main.c:2630
        realfile = "$\257;\213\343U\000\000\v\000\000\000\000\000\000\000\200#\274\371\061\177\000\000\000Y\376\370\256 \212;\213\343U\000\000@\257;\213\343U\000\000\000\277\275\256\376\177\000\000\001\000\000\000\000\000\000\000\020\277\275\256\376\177\000\000\264\266\275\256\376\177\000\000\240\346\272\353\061\177\000\000!,\272\353\061\177\000\000\000\200@\370\061\177\000\000 \220@\370\061\177\000\000\220Q@\370\061\177\000\000@E@\370\061\177\000\000\270\266\275\256\376\177\000\000\300\266\275\256\376\177\000\000\254\266\275\256\376\177\000\000\034ź\353\061\177", '\000' <repeats 22 times>, "\377\377\377\377", '\000' <repeats 17 times>, "p@"...
        __orig_bailout = <optimized out>
        __bailout = {{__jmpbuf = {140731830093584, -3839634623574177733, 139852574568608, 0, 5000000, 140731830094196, -3839634620256483269, -3807709722027751365}, __mask_was_saved = 0, __saved_mask = {__val = {139852619977568, 139852619977568, 139852619977568, 139852619977568, 139852619977588, 139852619981663, 139852619977568, 139852619981663, 0, 0, 0, 0, 0, 48, 0, 7}}}}
        prepend_file_p = 0x0
        append_file_p = 0x0
        prepend_file = {handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x0, opened_path = 0x0, type = ZEND_HANDLE_FILENAME, free_filename = 0 '\000'}
        append_file = {handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0x0}, reader = 0x0, fsizer = 0x0, closer = 0x0}}, filename = 0x0, opened_path = 0x0, type = ZEND_HANDLE_FILENAME, free_filename = 0 '\000'}
        old_cwd = 0x7ffeaebda350 "/"
        retval = 0
#15 0x00007f31f907960a in php_handler (r=<optimized out>) at ./sapi/apache2handler/sapi_apache2.c:699
        zfd = {handle = {fd = -197081584, fp = 0x7f31f440c610, stream = {handle = 0x7f31f440c610, isatty = 288, mmap = {len = 139852528017248, pos = 139852528017000, map = 0x7f31f6e666b0, buf = 0xaef8bc95effe5900 <error: Cannot access memory at address 0xaef8bc95effe5900>, old_handle = 0x7f31f440e248, old_closer = 0x7f31f440cad8}, reader = 0x7f31f440d5a8, fsizer = 0x3, closer = 0x0}}, filename = 0x7f31f440c610 "/home/cweiske/dev/tools/roundcubemail/public_html/index.php", opened_path = 0x0, type = ZEND_HANDLE_FILENAME, free_filename = 0 '\000'}
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {139852574568608, 3840371863057598523, 139852574568608, 0, 5000000, 140731830094196, -3839634623576274885, -3807705714632947653}, __mask_was_saved = 0, __saved_mask = {__val = {12608034508986276096, 0, 0, 139852528005280, 139852635738144, 140731830093732, 139852635749192, 139852635402322, 139852528005280, 8, 139852528005280, 139852572134400, 139852631596972, 139852572134400, 139852572124960, 8}}}}
        ctx = 0x7f31f440eaf0
        conf = <optimized out>
        brigade = 0x7f31f4409370
        bucket = <optimized out>
        rv = <optimized out>
        parent_req = 0x0
#16 0x000055e38b0719d0 in ap_run_handler (r=r@entry=0x7f31f70730a0) at config.c:170
        pHook = <optimized out>
        n = 3
        rv = -1
#17 0x000055e38b071f66 in ap_invoke_handler (r=r@entry=0x7f31f70730a0) at config.c:444
        handler = <optimized out>
        p = <optimized out>
        result = 0
        old_handler = 0x7f31f440cac0 "application/x-httpd-php"
        ignore = <optimized out>
#18 0x000055e38b08a503 in ap_process_async_request (r=0x7f31f70730a0) at http_request.c:453
        c = <optimized out>
        access_status = 0
#19 0x000055e38b08a66e in ap_process_request (r=r@entry=0x7f31f70730a0) at http_request.c:488
        bb = 0x0
        b = <optimized out>
        c = 0x7f31fa61d290
        rv = <optimized out>
#20 0x000055e38b0867bd in ap_process_http_sync_connection (c=0x7f31fa61d290) at http_core.c:210
        keep_alive_timeout = 5000000
        r = 0x7f31f70730a0
        cs = <optimized out>
        csd = 0x0
        mpm_state = 0
        r = <optimized out>
        cs = <optimized out>
        csd = <optimized out>
        mpm_state = <optimized out>
        keep_alive_timeout = <optimized out>
#21 ap_process_http_connection (c=0x7f31fa61d290) at http_core.c:251
No locals.
#22 0x000055e38b07b810 in ap_run_process_connection (c=c@entry=0x7f31fa61d290) at connection.c:42
        pHook = <optimized out>
        n = 1
        rv = -1
#23 0x000055e38b07bd70 in ap_process_connection (c=c@entry=0x7f31fa61d290, csd=<optimized out>) at connection.c:219
        rc = <optimized out>
#24 0x00007f31faa403dc in child_main (child_num_arg=child_num_arg@entry=1, child_bucket=child_bucket@entry=0) at prefork.c:615
        current_conn = 0x7f31fa61d290
        csd = 0x7f31fa61d0a0
        thd = 0x7f31fa6270a0
        osthd = 139852635899008
        ptrans = 0x7f31fa61d028
        allocator = 0x55e38b3b9280
        status = <optimized out>
        i = <optimized out>
        lr = <optimized out>
        pollset = 0x7f31fa627158
        sbh = 0x7f31fa627150
        bucket_alloc = 0x7f31f98df028
        last_poll_idx = 0
        lockfile = <optimized out>
#25 0x00007f31faa406e4 in make_child (s=0x7f31faade4a0, slot=slot@entry=1, bucket=0) at prefork.c:716
        pid = 0
#26 0x00007f31faa4074f in startup_children (number_to_start=4) at prefork.c:735
        i = 1
#27 0x00007f31faa41313 in prefork_run (_pconf=<optimized out>, plog=0x7f31faadb028, s=0x7f31faade4a0) at prefork.c:901
        index = <optimized out>
        remaining_children_to_start = <optimized out>
        i = <optimized out>
#28 0x000055e38b05460e in ap_run_mpm (pconf=0x7f31fae59028, plog=0x7f31faadb028, s=0x7f31faade4a0) at mpm_common.c:94
        pHook = <optimized out>
        n = 0
        rv = -1
#29 0x000055e38b04cf47 in main (argc=<optimized out>, argv=<optimized out>) at main.c:819
        c = 0 '\000'
        showcompile = 0
        showdirectives = 0
        confname = 0x55e38b0952a5 "apache2.conf"
        def_server_root = 0x55e38b095298 "/etc/apache2"
        temp_error_log = <optimized out>
        error = <optimized out>
        process = 0x7f31fae5b118
        pconf = 0x7f31fae59028
        plog = 0x7f31faadb028
        ptemp = 0x7f31faadf028
        pcommands = 0x7f31faae5028
        opt = 0x7f31faae5118
        rv = <optimized out>
        mod = <optimized out>
        opt_arg = 0x7f31fae5b028 "(\360\345\372\061\177"
        signal_server = <optimized out>
        rc = <optimized out>