MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000832XdebugUsage problems (Wrong Results)public2012-05-11 15:352012-06-12 16:14
Reporterrbarbosa 
Assigned Toderick 
PriorityurgentSeveritycrashReproducibilityalways
StatusclosedResolutionfixed 
PlatformRedhat Linux - Kernel 2.6.18OSLinuxOS Version2.6.18
Product Version2.2.0 
Target Version2.2.1Fixed in Version2.2.1 
Summary0000832: There is a seg fault (11) and core dump during debugging in PhpStorm
DescriptionWhile stepping through some of our source code we are seeing a failure in the debugger that is resulting in a crash and a disconnect from the web server.

This readily reproducible in our current project, but that project cannot be shared because it is proprietary code.

The crash occurs while attempting to inspect a variable in the debugger. Either expanding the node that contains the value, or even hovering over the variable name in the source code window will cause the crash.

I can share some core dump files with the developer when the bug is assigned.
Steps To ReproduceUnfortunately, this is failing 100% of the time in our code base, but the code is proprietary and cannot be shared.

I have not been able to reproduce this issue in a simple setting, only within our application which includes too much complexity to describe here.
Additional InformationThis fails in both 5.4.2 and 5.4.3 versions of PHP.

The error is occurring in xdebug-2.2.0/xdebug_var.c:1183.

The failure being reported is:

Core was generated by `/opt/apache2.2.22-rhes5.alt/sbin/httpd -f /opt/apache2.2.22-rhes5.alt/conf/http'.
Program terminated with signal 11, Segmentation fault.
#0 0x0071de99 in xdebug_var_export_xml_node (struc=0x9717b34, name=0x972ca88 "$WR::_action_map", node=0x972ca38, options=0x970d840, level=1) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_var.c:1183
1183 switch (Z_TYPE_PP(struc)) {
TagsNo tags attached.
Operating SystemLinux 2.6.18
PHP Version5.4.2
Attached Files

- Relationships

-  Notes
(0002143)
pbrookfield (reporter)
2012-05-11 21:48

Exactly the same situation for us today, XDebug is completely unusable as a result for us. I apologise that right now I do not have the time to provide sample code (my work pressures are too intense for me to afford to spend time anonymising my code) but my best description it seems to suffer most with our code that uses a lot of static classes running as singletons. CodeIgniter can be stepped through relatively okay, but our code is impossible to debug as a result. PHP 5.4 and XDebug 2.2.0 (and 2.3.0dev from git is still broken.)

Looking forward to seeing this fixed as regressing to PHP 5.3 is not an option for us.
(0002144)
rbarbosa (reporter)
2012-05-11 22:02
edited on: 2012-05-11 22:05

That actually matches our issue as well.

I have an abstract class called CacheManager that exposes functionality for reading and writing key/value pairs to a data store.

Individual derived classes provide implementations for specific data stores like Memcache or MongoDB. These classes are self-stored classes, so they can be serialized and written to the data stores they interface with. They all have private constructors, but they expose a "loadByID()" method which takes in a key and tries to load the CacheManager instance from the data store, if one is not found a new one is created. This technique is similar to the singleton pattern's use of a "getInstance()" method, but there is no restriction on the number of instances that can be created.

loadByID() is implemented in the abstract class, but all derived classes wrap the functionality in type-specific loadByID() methods that enforce rules for building the ID. It is during this call to the static loadByID() method (which in turn calls parent::loadByID()) that the xdebug failure is occurring.

Our project makes use of traits, so rolling back to PHP 5.3.x is not an option for us either, and xdebug unusable with this issue.

(0002145)
rulatir (reporter)
2012-05-13 20:39

Same issue here!
(0002146)
dleffler (reporter)
2012-05-13 20:51

This is the same problem we're having in Win32 (Win7Pro x64)
Problem signature:
  Problem Event Name: APPCRASH
  Application Name: httpd.exe
  Application Version: 2.2.17.0
  Application Timestamp: 4cbbe9e8
  Fault Module Name: php_xdebug.dll
  Fault Module Version: 2.2.0.5
  Fault Module Timestamp: 4fa90762
  Exception Code: c0000005
  Exception Offset: 0001919c
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 1033
  Additional Information 1: 0a9e
  Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
  Additional Information 3: 0a9e
  Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
(0002147)
derick (administrator)
2012-05-13 22:49

Hi,

In order to reproduce and fix this, I'd need the following information:

- A *short* and *self-contained* script that reproduces the issue while debugging
- A debugging log, which you can make with setting xdebug.remote_log=/tmp/xdebug.log
- rbarbosa, if you could type "bt full" on the GDB prompt that you've put in the description, that'd be helpful too.

cheers,
Derick
(0002159)
rbarbosa (reporter)
2012-05-16 12:45
edited on: 2012-05-16 13:04

Hi Derick, I've been unable to create a short sandbox script that shows this error. I'm still trying, but this occurred in a larger system that is fairly complex, so I'm not sure what combination of conditions is causing this disconnect.

In the meantime I will enabled the debugging log. Here is the backtrace from the most recent core file:
(gdb) bt full
# 0  xdebug_var_export_xml_node (struc=0x9d72334, name=0x9d77068 "$this->_CacheManager::_username", 
node=0x9d71478, options=0x9d6c640, level=1) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_var.c:1183
        myht = <value optimized out>
        class_name = <value optimized out>
        class_name_len = 3084369875
# 1  0x00769e80 in xdebug_object_element_export_xml_node (item=0xb7cac0cc, num_args=5, args=0xbfa4870c 
"", hash_key=0xbfa486dc) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_var.c:1038
        level = 0
        parent = 0x9d94358
        node = 0x9d71478
        options = 0x9d6c640
        prop_name = 0xb7d7bfd3 "_username"
        modifier = 0x76f1ea "protected"
        class_name = 0xb7d0edf0 "com\\xxxxxxx\\caching\\MySQLCacheManager"
        prop_class_name = 0xb7d7bfd1 "*"
        parent_name = 0x9d76a80 "$this->_CacheManager"
        full_name = 0x9d77068 "$this->_CacheManager::_username"
# 2  0x010283d1 in zend_hash_apply_with_arguments (ht=0xb7d15494, apply_func=0x769be0 <xdebug_object_element_export_xml_node>, 
num_args=5) at /opt/src/apache2.2/php-5.4.3/Zend/zend_hash.c:772
        result = 0
        p = 0xb7cac0c0
        args = 0xbfa4870c ""
        hash_key = {arKey = 0x0, nKeyLength = 0, h = 2}
# 3  0x0076799f in xdebug_var_export_xml_node (struc=0xbfa487a4, name=0x9d76a80 "$this->_CacheManager", 
node=0x9d94358, options=0x9d6c640, level=0) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_var.c:1288
        ce = <value optimized out>
        is_temp = 0
        myht = <value optimized out>
        class_name = 0xb7d0edf0 "com\\xxxxxxx\\caching\\MySQLCacheManager"
        class_name_len = 37
# 4  0x00767b3f in xdebug_get_zval_value_xml_node_ex (name=0x9d75390 "$this->_CacheManager", 
val=0xb7e7ace0, var_type=0, options=0x9d6c640) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_var.c:1337
        
node = 0x9d94358
        short_name = 0x9d754f0 "$this->_CacheManager"
        full_name = 0x9d76a80 "$this->_CacheManager"
# 5  0x0075d681 in get_symbol (name=0x9d75390 "$this->_CacheManager", name_length=<value 
optimized out>, options=0x9d6c640) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:687
        retval = 0x9d72334
# 6  0x0075d735 in add_variable_node (node=0x9d6eb18, name=0x9d72334 "\021", name_length=17, 
var_only=1, non_null=0, no_eval=0, options=0x9d6c640) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:1700
        
contents = <value optimized out>
# 7  0x0075df12 in xdebug_dbgp_handle_property_get (retval=0xbfa488a8, context=0x771cec, args=0x9d92c48) 
at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:1765
        depth = <value optimized out>
        fse = <value optimized out>
        old_max_data = 1024
# 8  0x0075572f in xdebug_dbgp_parse_option (context=0x771cec, bail=1) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:2412
        
command = 0x7718d0
        cmd = 0x9d71580 "property_get"
        res = 0
        error = <value optimized out>
# 9  xdebug_dbgp_cmdloop (context=0x771cec, bail=1) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:2461
        
option = 0x9d8a5a8 "property_get -i 13 -n $this->_CacheManager -d 0 -c 0 -p 0"
        ret = <value optimized out>
        response = 0x9d6eb18
# 10 0x00755d0f in xdebug_dbgp_breakpoint (context=0x771cec, stack=0x9d6c3b8, file=0xb7d0baa0 "/home/xxxxxxx/public_html/www/app/com/xxxxxxx/arch/ChannelRegistry.inc", 
lineno=113, type=1, exception=0x0, 
    message=0x0) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:2729
        response = 0x9d74028
        error_container = 0x9d754f0
# 11 0x0074d435 in xdebug_statement_call (op_array=0xb7ca4898) at /opt/src/apache2.2/xdebug-2.2.0/xdebug.c:1907
        
le = 0x9d6c8e0
        brk = 0x9d6e798
        lineno = 113
        file = 0xb7d0baa0 "/home/xxxxxxx/public_html/www/app/com/xxxxxxx/arch/ChannelRegistry.inc"
        
level = 17
# 12 0x01011b44 in zend_llist_apply_with_argument (l=0x14f8688, func=0x103fea0 <zend_extension_statement_handler>, 
arg=0xb7ca4898) at /opt/src/apache2.2/php-5.4.3/Zend/zend_llist.c:236
        element = 0x9bedd80
# 13 0x0104745d in ZEND_EXT_STMT_SPEC_HANDLER (execute_data=0xb7e5db34) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:895

No locals.
# 14 0x0104d238 in execute (op_array=0xb7ca4898) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:410
        
ret = <value optimized out>
        execute_data = 0xb7e5db34
        nested = 0 '\000'
        original_in_execution = 1 '\001'
# 15 0x00750d6e in xdebug_execute (op_array=0xb7ca4898) at /opt/src/apache2.2/xdebug-2.2.0/xdebug.c:1390
        
dummy = 0x7509cb
        edata = 0xb7e5d404
        fse = 0x9d71af0
        xfse = <value optimized out>
        magic_cookie = 0xb88775b <Address 0xb88775b out of bounds>
        do_return = 0
        function_nr = 28322
        le = 0x9d706a0
        clear = 0
        return_val = 0x0
# 16 0x01047160 in zend_do_fcall_common_helper_SPEC (execute_data=0xb7e5d404) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:669
        
opline = 0xb7c9dcdc
        should_change_scope = 1 '\001'
        fbc = 0xb7ca4898
# 17 0x0104d238 in execute (op_array=0xb7e7e3c4) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:410
        
ret = <value optimized out>
        execute_data = 0xb7e5d404
        nested = 0 '\000'
        original_in_execution = 1 '\001'
# 18 0x00750d6e in xdebug_execute (op_array=0xb7e7e3c4) at /opt/src/apache2.2/xdebug-2.2.0/xdebug.c:1390
        
dummy = 0x7509cb
        edata = 0xb7e5d1e8
        fse = 0x9d74cb0
        xfse = <value optimized out>
        magic_cookie = 0xb88775b <Address 0xb88775b out of bounds>
        do_return = 0
        function_nr = 28262
        le = 0x9d71020
        clear = 0
        return_val = 0x0
# 19 0x01047160 in zend_do_fcall_common_helper_SPEC (execute_data=0xb7e5d1e8) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:669
        
opline = 0xb7e7dc44
        should_change_scope = 1 '\001'
        fbc = 0xb7e7e3c4
# 20 0x0104d238 in execute (op_array=0xb7e792c8) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:410
        
ret = <value optimized out>
        execute_data = 0xb7e5d1e8
        nested = 0 '\000'
        original_in_execution = 1 '\001'
# 21 0x00750d6e in xdebug_execute (op_array=0xb7e792c8) at /opt/src/apache2.2/xdebug-2.2.0/xdebug.c:1390
        
dummy = 0x7509cb
        edata = 0xb7e5d030
        fse = 0x9d8fcb0
        xfse = <value optimized out>
        magic_cookie = 0xfd7850 "U\211\345WVS\203\354\034\213u\020\213}\b\307E", <incomplete 
sequence \360>
        do_return = 0
        function_nr = 28208
        le = 0x9d6e5e0
        clear = 0
        return_val = 0x0
# 22 0x010633a8 in ZEND_INCLUDE_OR_EVAL_SPEC_VAR_HANDLER (execute_data=0xb7e5d030) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:11475
        
opline = 0xb7e78e54
        new_op_array = 0xb7e792c8
        inc_filename = <value optimized out>
        tmp_inc_filename = 0x0
        failure_retval = <value optimized out>
# 23 0x0104d238 in execute (op_array=0xb7e787b8) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:410
        
ret = <value optimized out>
        execute_data = 0xb7e5d030
        nested = 0 '\000'
        original_in_execution = 0 '\000'
# 24 0x00750d6e in xdebug_execute (op_array=0xb7e787b8) at /opt/src/apache2.2/xdebug-2.2.0/xdebug.c:1390
        
dummy = 0xb7e752d8
        edata = 0x0
        fse = 0x9d6e560
        xfse = <value optimized out>
        magic_cookie = 0x9d6c400 "{main}"
        do_return = 0
        function_nr = 0
        le = 0x9d6e5e0
        clear = 1
        return_val = 0x0
# 25 0x0101baf7 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /opt/src/apache2.2/php-5.4.3/Zend/zend.c:1272
        
files = 0xbfa48eb4 ""
        i = 1
        file_handle = 0xbfa4b0d0
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
# 26 0x00fbff9e in php_execute_script (primary_file=0xbfa4b0d0) at /opt/src/apache2.2/php-5.4.3/main/main.c:2473
        
realfile = "\000\000\000\000)\000\000\000p!0\000\000\000\000\000\334it\000\001\000\000\000\300\217\032\000\320P\271\t\001\000\000\000\201\\!\000\003v\031\000@\222\032\000?\277?\032\000\030\000\000\000\000\000\000\000\005\000\000\000\003\000\000\000\220\273\305\t(\000\000\000ß\244\277\000\000\000\000X\034\273\tp!0\000\000\000\000\000\364\017\060\000@!0\000@\273\305\tx\237\244\277\267\177!", 
'\000' <repeats 13 times>, "X\273\305\t\024k\277\t@\273\305\t?\244\277<\235\002\001\230\273\305\t4\240\244\277 
\000\000\000]\323v\000\362p9\252\000\000\000\000\002\000\000\000\000\000\000\000 \000\000\000\064\240\244\277\220?\005\024\000\000\000\201\\!\000pM\272\t@\032\000\000\000\000\000\000T\025!\000@\273\305\t\030\240\244\277\364\017\060\000\000\000\000\000\000\000\000\000\230\000\000\000g\240\244\277p%0\000\363y\325\tp!0\000\364\017\060\000@!"...
        
__orig_bailout = 0xbfa4b034
        __bailout = {{__jmpbuf = {15, 162171408, -1079726144, -1079726072, -592777751, 1677041148}, __mask_was_saved 
= 0, __saved_mask = {__val = {164985516, 163410952, 164970360, 164985528, 21843405, 
                3215241016, 16904006, 1, 43, 3215241016, 16573639, 162171384, 162171408, 3215241224, 
16518616, 60, 1, 3215241080, 4479652, 165044912, 600, 50, 3215241268, 162171384, 162171408, 21843405, 
                
3215241224, 3702180873, 1676832320, 0, 3086086832, 165046024}}}}
        prepend_file_p = 0x0
        append_file_p = <value optimized out>
        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd 
= 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, 
                
old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'}
        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 
0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, 
                old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename 
= 0 '\000'}
        old_cwd = 0xbfa48ec0 "/"
        retval = 0
# 27 0x010b823b in php_handler (r=0x9d662f0) at /opt/src/apache2.2/php-5.4.3/sapi/apache2handler/sapi_apache2.c:667
        
__bailout = {{__jmpbuf = {162171384, 162171408, 21843405, -1079725768, -592784551, 1644502701}, __mask_was_saved 
= 0, __saved_mask = {__val = {0, 0, 0, 135153495, 165066072, 164995056, 3215241528, 
                135005484, 162171384, 135339289, 3215241384, 134723675, 162189688, 165066016, 165044976, 
164995464, 162171407, 165066040, 4433072, 3086086832, 0, 4294967295, 1740736, 4294967295, 4294967295, 
0, 
                1683128, 1742888, 0, 1, 1, 0}}}}
        ctx = 0x9d6b6e8
        conf = 0x9ae06d8
        brigade = 0x9d6bf18
        bucket = <value optimized out>
        rv = <value optimized out>
        parent_req = 0x0
# 28 0x08082e53 in ?? ()
No symbol table info available.
(gdb)


(0002168)
derick (administrator)
2012-05-17 08:35

rbarbosa, so far, all the GDB traces that I have seen point to the same cause. However, I've still not been able to reproduce this; so I would kindly ask you to help and try and figure out which code causes this, and whether you can isolate it.
(0002187)
rbarbosa (reporter)
2012-05-22 19:33

Hi Derick...I still have not been able to isolate this issue.

I've seen a few other issues posted here that might be related, but I'm not sure if they are or not.

Bug 0000830 seems close to what I am seeing from a behavior perspective. Also 0000837 seems similar.

Any luck getting isolated script from any of those folks?
(0002201)
derick (administrator)
2012-05-28 09:26

I think I've just pushed a fix to github for this issue. Could you please try it?
(0002245)
derick (administrator)
2012-06-11 17:17

Hello?
(0002249)
avanha@photobucket.com (reporter)
2012-06-12 01:23

Hi Derick, I'm seeing something similar and wanted to check your fix by running the latest from the master branch. I'm still seeing the segfault, and looking through the logs on github, I don't see any checkin on 5/28 that mentions issue 832. Is the fix on a different branch or was it part of changeset d0f753e714c8fea33f689d7d75b89455b615037d?
(0002250)
rbarbosa (reporter)
2012-06-12 16:06

Sorry for the delayed response. The latest build appears to have resolved this issue.

I did not test very long...but I was able to get further into my call stack than ever before. I also ran a parallel debug session and had both running at the same time stepping through the code and neither session crashed.

This looks promising! Awesome work.

- Issue History
Date Modified Username Field Change
2012-05-11 15:35 rbarbosa New Issue
2012-05-11 21:48 pbrookfield Note Added: 0002143
2012-05-11 22:02 rbarbosa Note Added: 0002144
2012-05-11 22:04 rbarbosa Note Edited: 0002144 View Revisions
2012-05-11 22:05 rbarbosa Note Edited: 0002144 View Revisions
2012-05-13 20:39 rulatir Note Added: 0002145
2012-05-13 20:51 dleffler Note Added: 0002146
2012-05-13 22:49 derick Note Added: 0002147
2012-05-13 22:51 derick Assigned To => derick
2012-05-13 22:51 derick Status new => feedback
2012-05-15 23:31 derick Target Version => 2.2.1
2012-05-16 12:45 rbarbosa Note Added: 0002159
2012-05-16 12:45 rbarbosa Status feedback => assigned
2012-05-16 12:46 rbarbosa Note Edited: 0002159 View Revisions
2012-05-16 12:48 rbarbosa Note Edited: 0002159 View Revisions
2012-05-16 12:51 rbarbosa Note Edited: 0002159 View Revisions
2012-05-16 13:04 rbarbosa Note Edited: 0002159 View Revisions
2012-05-17 08:35 derick Note Added: 0002168
2012-05-17 08:35 derick Status assigned => feedback
2012-05-22 19:33 rbarbosa Note Added: 0002187
2012-05-22 19:33 rbarbosa Status feedback => assigned
2012-05-28 09:26 derick Note Added: 0002201
2012-05-28 09:26 derick Status assigned => feedback
2012-06-11 17:17 derick Note Added: 0002245
2012-06-12 01:23 avanha@photobucket.com Note Added: 0002249
2012-06-12 16:06 rbarbosa Note Added: 0002250
2012-06-12 16:06 rbarbosa Status feedback => assigned
2012-06-12 16:14 derick Status assigned => closed
2012-06-12 16:14 derick Resolution open => fixed
2012-06-12 16:14 derick Fixed in Version => 2.2.1
2016-07-31 13:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 13:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)


Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker