View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000630XdebugUncategorizedpublic2010-10-22 05:512014-03-05 09:11
Reporterjcuzella Assigned Toderick  
PrioritynormalSeveritycrashReproducibilitysometimes
Status resolvedResolutionunable to reproduce 
OSLinux 
Product Version2.1.0 
Summary0000630: Segfault when starting remote debug session
Description

I'm getting a segfault when trying to debug some code for the shopp wordpress plugin. It's not reproducible always, but I just got it to crash once while I was running apache2 in single process mode.

I'm running:

Apache 2.2.16
PHP 5.3.3-pl1-gentoo with Suhosin-Patch (cli) (built: Oct 21 2010 20:48:03) (DEBUG)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans
with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH

Here's a backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x508b8700 (LWP 2102)]
0x4f3408cb in xdebug_execute_internal (current_execute_data=0x84536d4, return_value_used=0)
at /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug.c:1321
1321 /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug.c: No such file or directory.
in /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug.c
(gdb) bt
#0 0x4f3408cb in xdebug_execute_internal (current_execute_data=0x84536d4, return_value_used=0)
at /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug.c:1321
#1 0x4f325e2c in suhosin_execute_internal (execute_data_ptr=0x84536d4, return_value_used=0)
at /var/tmp/portage/dev-php5/suhosin-0.9.31/work/suhosin-0.9.31/execute.c:1661
0000002 0x50107ff6 in zend_do_fcall_common_helper_SPEC (execute_data=0x84536d4)
at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_vm_execute.h:318
0000003 0x5010d601 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x84536d4)
at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_vm_execute.h:1606
0000004 0x5010719d in execute (op_array=0x83fb64c) at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_vm_execute.h:107
0000005 0x4f34064a in xdebug_execute (op_array=0x83fb64c) at /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug.c:1272
0000006 0x4f323ebd in suhosin_execute_ex (op_array=0x83fb64c, zo=0, dummy=0) at /var/tmp/portage/dev-php5/suhosin-0.9.31/work/suhosin-0.9.31/execute.c:583
0000007 0x4f323f07 in suhosin_execute (op_array=0x83fb64c) at /var/tmp/portage/dev-php5/suhosin-0.9.31/work/suhosin-0.9.31/execute.c:595
0000008 0x500d33d3 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend.c:1266
0000009 0x5005ad2d in php_execute_script (primary_file=0x5ce4f600) at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/main/main.c:2275
0000010 0x501a9913 in php_handler (r=0x8437138) at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/sapi/apache2handler/sapi_apache2.c:673
0000011 0x08075c34 in ap_run_handler (r=0x8437138) at config.c:158
0000012 0x08078be5 in ap_invoke_handler (r=0x8437138) at config.c:376
0000013 0x080832b2 in ap_internal_redirect (new_uri=0x8437128 "/index.php", r=0x8430b40) at http_request.c:502
0000014 0x5080b0a4 in handler_redirect (r=0x8430b40) at mod_rewrite.c:4856
0000015 0x08075c34 in ap_run_handler (r=0x8430b40) at config.c:158
0000016 0x08078be5 in ap_invoke_handler (r=0x8430b40) at config.c:376
0000017 0x0808342e in ap_process_request (r=0x8430b40) at http_request.c:282
0000018 0x0808081c in ap_process_http_connection (c=0x84244f0) at http_core.c:190
0000019 0x0807c8c0 in ap_run_process_connection (c=0x84244f0) at connection.c:43
0000020 0x08087f26 in child_main (child_num_arg=<value optimized out>) at prefork.c:662
0000021 0x080881c1 in make_child (s=0x80b22c8, slot=0) at prefork.c:702
0000022 0x0808889d in ap_mpm_run (_pconf=0x80b03d0, plog=0x80de488, s=0x80b22c8) at prefork.c:978
0000023 0x08063c12 in main (argc=Cannot access memory at address 0x0
) at main.c:740

Steps To Reproduce

Doesn't happen every time, but:

1) start remote debug session via easy Xdebug FF extension
2) Hit F8 to continue in Eclipse after break on first line
3) Verify that apache has crashed in error_log

Additional Information

Although I run a hardened kernel, apache2, php, xdebug, and suhosin were all rebuilt with the standard i686-pc-linux-gnu-4.3.4-vanilla toolchain.

I had to do this to get debug symbols in all of them anyway ;-)

TagsNo tags attached.
Operating SystemGentoo Linux 2.6.28-hardened-r9
PHP Version5.3.3

Activities

jcuzella

2010-10-22 06:22

reporter   ~0001587

Maybe this info from gdb can help too:

(gdb) frame 0
#0 0x4f3408cb in xdebug_execute_internal (current_execute_data=0x84536d4, return_value_used=0)
at /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug.c:1321
1321 in /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug.c
(gdb) print current_execute_data
$1 = (zend_execute_data ) 0x84536d4
(gdb) print return_value_used
$2 = 0
(gdb) x 0x84536d4
0x84536d4: 0x083fbe00
(gdb) x 0x083fbe00
0x83fbe00: 0x5010d530
(gdb) x 0x5010d530
0x5010d530 <ZEND_DO_FCALL_SPEC_CONST_HANDLER>: 0x57e58955
(gdb) print edata
$3 = (zend_execute_data ) 0x0
(gdb) print fse
$4 = (function_stack_entry ) 0x0
(gdb) print cur_opcode
$5 = (zend_op ) 0xffffffff
(gdb) print do_return
$6 = 0

jcuzella

2010-10-24 01:02

reporter   ~0001588

Starting to see some memory leaks reported in apache's log too today:

[Sat Oct 23 17:56:13 2010] [notice] Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Sat Oct 23 18:04:04 2010] Script: '/home/trinitronx/sites/truthnaturals.com/wp-admin/index-extra.php'
/var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/main/SAPI.c(940) : Freeing 0x0A3D5DCC (16 bytes), script=/home/trinitronx/sites/truthnatural
s.com/wp-admin/index-extra.php
=== Total 1 memory leaks detected ===
[Sat Oct 23 18:04:02 2010] Script: '/home/trinitronx/sites/truthnaturals.com/wp-admin/index-extra.php'
/var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/main/SAPI.c(940) : Freeing 0x0A3F3204 (16 bytes), script=/home/trinitronx/sites/truthnatural
s.com/wp-admin/index-extra.php
=== Total 1 memory leaks detected ===
[Sat Oct 23 18:04:12 2010] Script: '/home/trinitronx/sites/truthnaturals.com/wp-admin/update-core.php'
/var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/main/SAPI.c(940) : Freeing 0x0A9251F8 (16 bytes), script=/home/trinitronx/sites/truthnatural
s.com/wp-admin/update-core.php
=== Total 1 memory leaks detected ===
[Sat Oct 23 18:03:49 2010] Script: '/home/trinitronx/sites/truthnaturals.com/wp-admin/index.php'
/var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/main/SAPI.c(940) : Freeing 0x0A4233EC (16 bytes), script=/home/trinitronx/sites/truthnatural
s.com/wp-admin/index.php
=== Total 1 memory leaks detected ===
[Sat Oct 23 18:04:05 2010] Script: '/home/trinitronx/sites/truthnaturals.com/wp-admin/index-extra.php'
/var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/main/SAPI.c(940) : Freeing 0x0A901774 (16 bytes), script=/home/trinitronx/sites/truthnatural
s.com/wp-admin/index-extra.php
=== Total 1 memory leaks detected ===
[Sat Oct 23 18:04:02 2010] Script: '/home/trinitronx/sites/truthnaturals.com/wp-admin/index-extra.php'
/var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/main/SAPI.c(940) : Freeing 0x0A8A4524 (16 bytes), script=/home/trinitronx/sites/truthnatural
s.com/wp-admin/index-extra.php
=== Total 1 memory leaks detected ===
[Sat Oct 23 18:57:33 2010] [notice] child pid 29651 exit signal Segmentation fault (11)
[Sat Oct 23 18:57:35 2010] [notice] child pid 29590 exit signal Segmentation fault (11)
[Sat Oct 23 18:58:34 2010] [notice] child pid 29585 exit signal Segmentation fault (11)
[Sat Oct 23 18:59:44 2010] [notice] child pid 28269 exit signal Segmentation fault (11)
[Sat Oct 23 18:59:45 2010] [notice] child pid 30170 exit signal Segmentation fault (11)

jcuzella

2010-10-24 01:19

reporter   ~0001589

Tried having xdebug create trace file in tmp during a debug session today, and the only thing it recorded before segfaulting was this:

TRACE START [2010-10-24 01:10:35]
0.0720 385200 -> {main}() /home/trinitronx/sites/truthnaturals.com/index.php:0

Did another gdb backtrace too, and it looks a bit different:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x4f383700 (LWP 30951)]
0x4eb9b500 in _zval_dtor_func (zvalue=0x59b9d064,
__zend_filename=0x4de2c06c "/var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug_handler_dbgp.c", __zend_lineno=1225)
at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_variables.c:35
35 /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_variables.c: No such file or directory.
in /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_variables.c

(gdb) bt
#0 0x4eb9b500 in _zval_dtor_func (zvalue=0x59b9d064,
zend_filename=0x4de2c06c "/var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug_handler_dbgp.c", zend_lineno=1225)
at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_variables.c:35
#1 0x4de146dc in _zval_dtor (zvalue=0x59b9d064,
zend_filename=0x4de2c06c "/var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug_handler_dbgp.c", zend_lineno=1225)
at /usr/lib/php5/include/php/Zend/zend_variables.h:35
0000002 0x4de1469c in xdebug_dbgp_handle_eval (retval=0x59b9d17c, context=0x4de32d54, args=0x848e5f8)
at /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug_handler_dbgp.c:1225
0000003 0x4de1aadc in xdebug_dbgp_parse_option (context=0x4de32d54, line=0x848e498 "eval -i 5591 -- JHRoaXMtPnJhdGVbJ3NlcnZpY2VzJ10=", flags=0,
retval=0x848dd80) at /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug_handler_dbgp.c:2260
0000004 0x4de1ae84 in xdebug_dbgp_cmdloop (context=0x4de32d54, bail=1) at /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug_handler_dbgp.c:2309
0000005 0x4de1c60a in xdebug_dbgp_breakpoint (context=0x4de32d54, stack=0x8443d48, file=0x83f9db8 "/home/trinitronx/sites/truthnaturals.com/index.php",
lineno=14, type=2, exception=0x0, message=0x0) at /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug_handler_dbgp.c:2606
0000006 0x4de0caf5 in xdebug_statement_call (op_array=0x83f9bb0) at /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug.c:1748
0000007 0x4ebd05dd in zend_extension_statement_handler (extension=0x82fcfc0, op_array=0x83f9bb0)
at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_execute.c:740
0000008 0x4eb919b1 in zend_llist_apply_with_argument (l=0x4f10d0cc, func=0x4ebd05bf <zend_extension_statement_handler>, arg=0x83f9bb0)
at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_llist.c:428
0000009 0x4ebd4941 in ZEND_EXT_STMT_SPEC_HANDLER (execute_data=0x844d8cc)
at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_vm_execute.h:530
0000010 0x4ebd5468 in ZEND_USER_OPCODE_SPEC_HANDLER (execute_data=0x844d8cc)
at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_vm_execute.h:706
0000011 0x4ebd219d in execute (op_array=0x83f9bb0) at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend_vm_execute.h:107
0000012 0x4de0b64a in xdebug_execute (op_array=0x83f9bb0) at /var/tmp/portage/dev-php5/xdebug-2.1.0/work/xdebug-2.1.0/xdebug.c:1272
0000013 0x4ddeeebd in suhosin_execute_ex (op_array=0x83f9bb0, zo=0, dummy=0) at /var/tmp/portage/dev-php5/suhosin-0.9.31/work/suhosin-0.9.31/execute.c:583
0000014 0x4ddeef07 in suhosin_execute (op_array=0x83f9bb0) at /var/tmp/portage/dev-php5/suhosin-0.9.31/work/suhosin-0.9.31/execute.c:595
0000015 0x4eb9e3d3 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/Zend/zend.c:1266
0000016 0x4eb25d2d in php_execute_script (primary_file=0x59b9f820) at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/main/main.c:2275
0000017 0x4ec74913 in php_handler (r=0x8431330) at /var/tmp/portage/dev-lang/php-5.3.3-r1/work/sapis-build/apache2/sapi/apache2handler/sapi_apache2.c:673
0000018 0x08075c34 in ap_run_handler (r=0x8431330) at config.c:158
0000019 0x08078be5 in ap_invoke_handler (r=0x8431330) at config.c:376
0000020 0x080832b2 in ap_internal_redirect (new_uri=0x8431320 "/index.php", r=0x842ad38) at http_request.c:502
0000021 0x4f2d60a4 in handler_redirect (r=0x842ad38) at mod_rewrite.c:4856
0000022 0x08075c34 in ap_run_handler (r=0x842ad38) at config.c:158
0000023 0x08078be5 in ap_invoke_handler (r=0x842ad38) at config.c:376
0000024 0x0808342e in ap_process_request (r=0x842ad38) at http_request.c:282
0000025 0x0808081c in ap_process_http_connection (c=0x841e6e8) at http_core.c:190
0000026 0x0807c8c0 in ap_run_process_connection (c=0x841e6e8) at connection.c:43
0000027 0x08087f26 in child_main (child_num_arg=<value optimized out>) at prefork.c:662
0000028 0x080881c1 in make_child (s=0x80ac4e8, slot=0) at prefork.c:702
0000029 0x0808889d in ap_mpm_run (_pconf=0x80aa5f0, plog=0x80d86a8, s=0x80ac4e8) at prefork.c:978
0000030 0x08063c12 in main (argc=Cannot access memory at address 0x0
) at main.c:740

jcuzella

2011-05-01 02:37

reporter   ~0001734

Recently I upgraded to php version 5.3.6-pl0-gentoo, and xdebug version 2.1.2dev. I also recompiled without -O2 (see http://bugs.xdebug.org/view.php?id=154).

I still am getting segfaults during a debug session. The session will start ok, however after hitting 'continue' in Eclipse, apache segfaults.

derick

2012-03-12 16:44

administrator   ~0001974

I've improved handling things with eval in Xdebug 2.1.3 and later. Can you please try?

derick

2012-04-27 23:52

administrator   ~0002108

Hello, can you please try Xdebug 2.2.0RC2?

memoryleak

2012-05-05 01:55

reporter   ~0002129

I ran first with PHP 5.3.8 and now running with PHP 5.4.2, as I get segmentation aults. With 5.3.8 it happend occasionally, now with 5.4.2 it happens instantly:

With xdebug 2.2.0RC2, PHP 5.2.4 it crashes instantly, without executing a single line of code - everytime:

http://pastebin.com/sSri8b6k

derick

2012-05-05 14:04

administrator   ~0002130

memoryleak, can you reproduce this with a commandline script as well? If so, could you make a real backtrace as is described at https://bugs.php.net/bugs-generating-backtrace.php ?

memoryleak

2012-05-06 10:47

reporter   ~0002133

Hi Derick, I've set up nginx + PHP-FPM, and works now without problems. Just with Apache it doesn't.

derick

2012-05-06 11:03

administrator   ~0002134

memoryleak, which MPM are you using with Apache? prefork, worker, something else?

memoryleak

2012-05-22 11:44

reporter   ~0002184

Hi Derick,

Server-pool management (MPM prefork specific)

523 StartServers 1
524 MinSpareServers 1
525 MaxSpareServers 1
526 # ServerLimit and MaxClients support n% syntax which sets them to a
527 # fraction of the current RLIMIT_NPROC limit.
528 ServerLimit 50%
529 MaxClients 50%
530 ListenBackLog 512
531 MaxRequestsPerChild 100000

Further information: That's the Apache configuration that is comes with OS X Lion by default.

derick

2014-02-27 19:37

administrator   ~0002703

Is this still a problem for you?

jcuzella

2014-03-04 17:33

reporter   ~0002737

@derick: The old gentoo system that I had installed this on is currently out of commission, and since I have no easy way of reproducing the bug... Not anymore ;-)

derick

2014-03-05 09:11

administrator   ~0002739

Okay, thanks. Closing this out then.

Issue History

Date Modified Username Field Change
2010-10-22 05:51 jcuzella New Issue
2010-10-22 06:22 jcuzella Note Added: 0001587
2010-10-24 01:02 jcuzella Note Added: 0001588
2010-10-24 01:19 jcuzella Note Added: 0001589
2011-05-01 02:37 jcuzella Note Added: 0001734
2012-03-12 16:44 derick Note Added: 0001974
2012-03-12 16:44 derick Assigned To => derick
2012-03-12 16:44 derick Status new => feedback
2012-04-27 23:52 derick Note Added: 0002108
2012-05-05 01:55 memoryleak Note Added: 0002129
2012-05-05 14:04 derick Note Added: 0002130
2012-05-06 10:47 memoryleak Note Added: 0002133
2012-05-06 11:03 derick Note Added: 0002134
2012-05-22 11:44 memoryleak Note Added: 0002184
2014-02-27 19:37 derick Note Added: 0002703
2014-03-04 17:33 jcuzella Note Added: 0002737
2014-03-04 17:33 jcuzella Status feedback => assigned
2014-03-05 09:11 derick Note Added: 0002739
2014-03-05 09:11 derick Status assigned => resolved
2014-03-05 09:11 derick Resolution open => unable to reproduce
2016-07-31 12:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 12:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)
2020-03-12 16:35 derick Category Usage problems (Wrong Results) => Variable Display
2020-03-12 16:38 derick Category Variable Display => Uncategorized