View Issue Details

IDProjectCategoryView StatusLast Update
0000731XdebugUsage problems (Wrong Results)public2016-12-04 13:23
ReporteretaylorAssigned Toderick 
PrioritynormalSeverityminorReproducibilityunable to reproduce
Status resolvedResolutionduplicate 
Product Version2.1.0 
Target VersionFixed in Version 
Summary0000731: Infinite loop possible with xdebug_llist_empty() function
DescriptionWe have a long-running and complicated PHP daemon, and at one point it got into a state where the process was using 100% of the CPU, but it wasn't making any syscalls (strace -p listed nothing).

Using gdb we saw this state:

(gdb) where
#0 xdebug_llist_empty (l=0x2f4fe90, user=0x0) at /tmp/buildd/xdebug-2.1.0/build-php5/xdebug_llist.c:173
#1 0x00007f3bc0cea2b4 in xdebug_llist_destroy (l=0x2f4fe90, user=0x0) at /tmp/buildd/xdebug-2.1.0/build-php5/xdebug_llist.c:180
0000002 0x00007f3bc0cd5c72 in zm_post_zend_deactivate_xdebug () at /tmp/buildd/xdebug-2.1.0/build-php5/xdebug.c:830
0000003 0x0000000000682742 in ?? ()
0000004 0x000000000068f9e5 in zend_hash_apply ()
0000005 0x0000000000683317 in ?? ()
0000006 0x000000000062ee95 in php_request_shutdown ()
0000007 0x00000000007127e4 in ?? ()
0000008 0x00007f3bc1b01c4d in __libc_start_main () from /lib/libc.so.6
0000009 0x000000000042d4b9 in _start ()

and looking at the variable l we saw this:

(gdb) print *l
$2 = {head = 0x0, tail = 0x0, dtor = 0x7f3bc0cd53e4 <xdebug_stack_element_dtor>, size = 1}

The code for xdebug_llist_empty() and xdebug_llist_remove() (here:
https://github.com/mayflowergmbh/xdebug/blob/master/xdebug_llist.c#L171
and here:
https://github.com/mayflowergmbh/xdebug/blob/master/xdebug_llist.c#L106
respectively) suggests that indeed an infinite loop is possible.

I'm not sure how the variable l got into this state, but it has a tail of 0x0 and a size of 1, which means the remove() function doesn't make it any shorter, but the empty() function thinks it needs to be made shorter. Presumably the code would benefit from an extra check to catch this situation, to be defensive.
Steps To ReproduceUnfortunately we do not know what caused it to get into this state, and it only happens infrequently.
TagsNo tags attached.
Operating System
PHP Version5.3.3

Relationships

duplicate of 0001168 closedderick Possible infinite loop when PHP's executor shuts down 

Activities

derick

2014-02-27 19:13

administrator   ~0002691

Is this still a problem for you with the latest versions of PHP and Xdebug?

etaylor

2014-03-05 15:38

reporter   ~0002761

I don't think we've seen this happen recently, but that could be because we've removed the code that triggers the XDebug problem. It looks like this fix:
https://github.com/Kozzi11/xdebug/commit/5de5f237a4f79bfcb9abaebc7b1214db99ed9e5f
would do the trick, so the issue reported does seem to be genuine if that patch isn't applied. Thanks for following up.

vitalif

2015-11-24 21:55

reporter   ~0003266

I can confirm this bug, in my case the infinite loop happens with xdebug 2.2.5 and PHP 5.6.14 (debian jessie php5=5.6.14+dfsg-0+deb8u1) which leads to hung apache2 processes eating 100% cpu for long time. gdb shows stack trace similar to that originally reported.

derick

2016-12-04 13:23

administrator   ~0003893

Duplicate of 0001168, which has slightly more information.

Issue History

Date Modified Username Field Change
2011-10-06 15:56 etaylor New Issue
2014-02-27 19:13 derick Note Added: 0002691
2014-02-27 19:13 derick Assigned To => derick
2014-02-27 19:13 derick Status new => feedback
2014-03-05 15:38 etaylor Note Added: 0002761
2014-03-05 15:38 etaylor Status feedback => assigned
2015-11-24 21:55 vitalif Note Added: 0003266
2016-07-31 12:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 12:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)
2016-12-04 13:23 derick Note Added: 0003893
2016-12-04 13:23 derick Relationship added duplicate of 0001168
2016-12-04 13:23 derick Status assigned => resolved
2016-12-04 13:23 derick Resolution open => duplicate