View Issue Details

IDProjectCategoryView StatusLast Update
0000832XdebugUncategorizedpublic2012-06-12 15:14
Reporterrbarbosa Assigned Toderick  
PriorityurgentSeveritycrashReproducibilityalways
Status closedResolutionfixed 
PlatformRedhat Linux - Kernel 2.6.18OSLinuxOS Version2.6.18
Product Version2.2.0 
Target Version2.2.1Fixed in Version2.2.1 
Summary0000832: There is a seg fault (11) and core dump during debugging in PhpStorm
Description

While stepping through some of our source code we are seeing a failure in the debugger that is resulting in a crash and a disconnect from the web server.

This readily reproducible in our current project, but that project cannot be shared because it is proprietary code.

The crash occurs while attempting to inspect a variable in the debugger. Either expanding the node that contains the value, or even hovering over the variable name in the source code window will cause the crash.

I can share some core dump files with the developer when the bug is assigned.

Steps To Reproduce

Unfortunately, this is failing 100% of the time in our code base, but the code is proprietary and cannot be shared.

I have not been able to reproduce this issue in a simple setting, only within our application which includes too much complexity to describe here.

Additional Information

This fails in both 5.4.2 and 5.4.3 versions of PHP.

The error is occurring in xdebug-2.2.0/xdebug_var.c:1183.

The failure being reported is:

Core was generated by `/opt/apache2.2.22-rhes5.alt/sbin/httpd -f /opt/apache2.2.22-rhes5.alt/conf/http'.
Program terminated with signal 11, Segmentation fault.
#0 0x0071de99 in xdebug_var_export_xml_node (struc=0x9717b34, name=0x972ca88 "$WR::_action_map", node=0x972ca38, options=0x970d840, level=1) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_var.c:1183
1183 switch (Z_TYPE_PP(struc)) {

TagsNo tags attached.
Operating SystemLinux 2.6.18
PHP Version5.4.2

Activities

pbrookfield

2012-05-11 20:48

reporter   ~0002143

Exactly the same situation for us today, XDebug is completely unusable as a result for us. I apologise that right now I do not have the time to provide sample code (my work pressures are too intense for me to afford to spend time anonymising my code) but my best description it seems to suffer most with our code that uses a lot of static classes running as singletons. CodeIgniter can be stepped through relatively okay, but our code is impossible to debug as a result. PHP 5.4 and XDebug 2.2.0 (and 2.3.0dev from git is still broken.)

Looking forward to seeing this fixed as regressing to PHP 5.3 is not an option for us.

rbarbosa

2012-05-11 21:02

reporter   ~0002144

Last edited: 2012-05-11 21:05

That actually matches our issue as well.

I have an abstract class called CacheManager that exposes functionality for reading and writing key/value pairs to a data store.

Individual derived classes provide implementations for specific data stores like Memcache or MongoDB. These classes are self-stored classes, so they can be serialized and written to the data stores they interface with. They all have private constructors, but they expose a "loadByID()" method which takes in a key and tries to load the CacheManager instance from the data store, if one is not found a new one is created. This technique is similar to the singleton pattern's use of a "getInstance()" method, but there is no restriction on the number of instances that can be created.

loadByID() is implemented in the abstract class, but all derived classes wrap the functionality in type-specific loadByID() methods that enforce rules for building the ID. It is during this call to the static loadByID() method (which in turn calls parent::loadByID()) that the xdebug failure is occurring.

Our project makes use of traits, so rolling back to PHP 5.3.x is not an option for us either, and xdebug unusable with this issue.

rulatir

2012-05-13 19:39

reporter   ~0002145

Same issue here!

dleffler

2012-05-13 19:51

reporter   ~0002146

This is the same problem we're having in Win32 (Win7Pro x64)
Problem signature:
Problem Event Name: APPCRASH
Application Name: httpd.exe
Application Version: 2.2.17.0
Application Timestamp: 4cbbe9e8
Fault Module Name: php_xdebug.dll
Fault Module Version: 2.2.0.5
Fault Module Timestamp: 4fa90762
Exception Code: c0000005
Exception Offset: 0001919c
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

derick

2012-05-13 21:49

administrator   ~0002147

Hi,

In order to reproduce and fix this, I'd need the following information:

  • A short and self-contained script that reproduces the issue while debugging
  • A debugging log, which you can make with setting xdebug.remote_log=/tmp/xdebug.log
  • rbarbosa, if you could type "bt full" on the GDB prompt that you've put in the description, that'd be helpful too.

cheers,
Derick

rbarbosa

2012-05-16 11:45

reporter   ~0002159

Last edited: 2012-05-16 12:04

Hi Derick, I've been unable to create a short sandbox script that shows this error. I'm still trying, but this occurred in a larger system that is fairly complex, so I'm not sure what combination of conditions is causing this disconnect.

In the meantime I will enabled the debugging log. Here is the backtrace from the most recent core file:
<pre>
(gdb) bt full

0 xdebug_var_export_xml_node (struc=0x9d72334, name=0x9d77068 "$this->_CacheManager::_username", node=0x9d71478, options=0x9d6c640, level=1) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_var.c:1183

    myht = &lt;value optimized out>
    class_name = &lt;value optimized out>
    class_name_len = 3084369875

1 0x00769e80 in xdebug_object_element_export_xml_node (item=0xb7cac0cc, num_args=5, args=0xbfa4870c "", hash_key=0xbfa486dc) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_var.c:1038

    level = 0
    parent = 0x9d94358
    node = 0x9d71478
    options = 0x9d6c640
    prop_name = 0xb7d7bfd3 &quot;_username&quot;
    modifier = 0x76f1ea &quot;protected&quot;
    class_name = 0xb7d0edf0 &quot;com\\xxxxxxx\\caching\\MySQLCacheManager&quot;
    prop_class_name = 0xb7d7bfd1 &quot;*&quot;
    parent_name = 0x9d76a80 &quot;$this->_CacheManager&quot;
    full_name = 0x9d77068 &quot;$this->_CacheManager::_username&quot;

2 0x010283d1 in zend_hash_apply_with_arguments (ht=0xb7d15494, apply_func=0x769be0 <xdebug_object_element_export_xml_node>, num_args=5) at /opt/src/apache2.2/php-5.4.3/Zend/zend_hash.c:772

    result = 0
    p = 0xb7cac0c0
    args = 0xbfa4870c &quot;&quot;
    hash_key = {arKey = 0x0, nKeyLength = 0, h = 2}

3 0x0076799f in xdebug_var_export_xml_node (struc=0xbfa487a4, name=0x9d76a80 "$this->_CacheManager", node=0x9d94358, options=0x9d6c640, level=0) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_var.c:1288

    ce = &lt;value optimized out>
    is_temp = 0
    myht = &lt;value optimized out>
    class_name = 0xb7d0edf0 &quot;com\\xxxxxxx\\caching\\MySQLCacheManager&quot;
    class_name_len = 37

4 0x00767b3f in xdebug_get_zval_value_xml_node_ex (name=0x9d75390 "$this->_CacheManager", val=0xb7e7ace0, var_type=0, options=0x9d6c640) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_var.c:1337

    node = 0x9d94358
    short_name = 0x9d754f0 &quot;$this->_CacheManager&quot;
    full_name = 0x9d76a80 &quot;$this->_CacheManager&quot;

5 0x0075d681 in get_symbol (name=0x9d75390 "$this->_CacheManager", name_length=<value optimized out>, options=0x9d6c640) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:687

    retval = 0x9d72334

6 0x0075d735 in add_variable_node (node=0x9d6eb18, name=0x9d72334 "\021", name_length=17, var_only=1, non_null=0, no_eval=0, options=0x9d6c640) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:1700

    contents = &lt;value optimized out>

7 0x0075df12 in xdebug_dbgp_handle_property_get (retval=0xbfa488a8, context=0x771cec, args=0x9d92c48) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:1765

    depth = &lt;value optimized out>
    fse = &lt;value optimized out>
    old_max_data = 1024

8 0x0075572f in xdebug_dbgp_parse_option (context=0x771cec, bail=1) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:2412

    command = 0x7718d0
    cmd = 0x9d71580 &quot;property_get&quot;
    res = 0
    error = &lt;value optimized out>

9 xdebug_dbgp_cmdloop (context=0x771cec, bail=1) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:2461

    option = 0x9d8a5a8 &quot;property_get -i 13 -n $this->_CacheManager -d 0 -c 0 -p 0&quot;
    ret = &lt;value optimized out>
    response = 0x9d6eb18

10 0x00755d0f in xdebug_dbgp_breakpoint (context=0x771cec, stack=0x9d6c3b8, file=0xb7d0baa0 "/home/xxxxxxx/public_html/www/app/com/xxxxxxx/arch/ChannelRegistry.inc", lineno=113, type=1, exception=0x0,

message=0x0) at /opt/src/apache2.2/xdebug-2.2.0/xdebug_handler_dbgp.c:2729
    response = 0x9d74028
    error_container = 0x9d754f0

11 0x0074d435 in xdebug_statement_call (op_array=0xb7ca4898) at /opt/src/apache2.2/xdebug-2.2.0/xdebug.c:1907

    le = 0x9d6c8e0
    brk = 0x9d6e798
    lineno = 113
    file = 0xb7d0baa0 &quot;/home/xxxxxxx/public_html/www/app/com/xxxxxxx/arch/ChannelRegistry.inc&quot;
    level = 17

12 0x01011b44 in zend_llist_apply_with_argument (l=0x14f8688, func=0x103fea0 <zend_extension_statement_handler>, arg=0xb7ca4898) at /opt/src/apache2.2/php-5.4.3/Zend/zend_llist.c:236

    element = 0x9bedd80

13 0x0104745d in ZEND_EXT_STMT_SPEC_HANDLER (execute_data=0xb7e5db34) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:895

No locals.

14 0x0104d238 in execute (op_array=0xb7ca4898) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:410

    ret = &lt;value optimized out>
    execute_data = 0xb7e5db34
    nested = 0 '\000'
    original_in_execution = 1 '\001'

15 0x00750d6e in xdebug_execute (op_array=0xb7ca4898) at /opt/src/apache2.2/xdebug-2.2.0/xdebug.c:1390

    dummy = 0x7509cb
    edata = 0xb7e5d404
    fse = 0x9d71af0
    xfse = &lt;value optimized out>
    magic_cookie = 0xb88775b &lt;Address 0xb88775b out of bounds>
    do_return = 0
    function_nr = 28322
    le = 0x9d706a0
    clear = 0
    return_val = 0x0

16 0x01047160 in zend_do_fcall_common_helper_SPEC (execute_data=0xb7e5d404) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:669

    opline = 0xb7c9dcdc
    should_change_scope = 1 '\001'
    fbc = 0xb7ca4898

17 0x0104d238 in execute (op_array=0xb7e7e3c4) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:410

    ret = &lt;value optimized out>
    execute_data = 0xb7e5d404
    nested = 0 '\000'
    original_in_execution = 1 '\001'

18 0x00750d6e in xdebug_execute (op_array=0xb7e7e3c4) at /opt/src/apache2.2/xdebug-2.2.0/xdebug.c:1390

    dummy = 0x7509cb
    edata = 0xb7e5d1e8
    fse = 0x9d74cb0
    xfse = &lt;value optimized out>
    magic_cookie = 0xb88775b &lt;Address 0xb88775b out of bounds>
    do_return = 0
    function_nr = 28262
    le = 0x9d71020
    clear = 0
    return_val = 0x0

19 0x01047160 in zend_do_fcall_common_helper_SPEC (execute_data=0xb7e5d1e8) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:669

    opline = 0xb7e7dc44
    should_change_scope = 1 '\001'
    fbc = 0xb7e7e3c4

20 0x0104d238 in execute (op_array=0xb7e792c8) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:410

    ret = &lt;value optimized out>
    execute_data = 0xb7e5d1e8
    nested = 0 '\000'
    original_in_execution = 1 '\001'

21 0x00750d6e in xdebug_execute (op_array=0xb7e792c8) at /opt/src/apache2.2/xdebug-2.2.0/xdebug.c:1390

    dummy = 0x7509cb
    edata = 0xb7e5d030
    fse = 0x9d8fcb0
    xfse = &lt;value optimized out>
    magic_cookie = 0xfd7850 &quot;U\211\345WVS\203\354\034\213u\020\213}\b\307E&quot;, &lt;incomplete sequence \360>
    do_return = 0
    function_nr = 28208
    le = 0x9d6e5e0
    clear = 0
    return_val = 0x0

22 0x010633a8 in ZEND_INCLUDE_OR_EVAL_SPEC_VAR_HANDLER (execute_data=0xb7e5d030) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:11475

    opline = 0xb7e78e54
    new_op_array = 0xb7e792c8
    inc_filename = &lt;value optimized out>
    tmp_inc_filename = 0x0
    failure_retval = &lt;value optimized out>

23 0x0104d238 in execute (op_array=0xb7e787b8) at /opt/src/apache2.2/php-5.4.3/Zend/zend_vm_execute.h:410

    ret = &lt;value optimized out>
    execute_data = 0xb7e5d030
    nested = 0 '\000'
    original_in_execution = 0 '\000'

24 0x00750d6e in xdebug_execute (op_array=0xb7e787b8) at /opt/src/apache2.2/xdebug-2.2.0/xdebug.c:1390

    dummy = 0xb7e752d8
    edata = 0x0
    fse = 0x9d6e560
    xfse = &lt;value optimized out>
    magic_cookie = 0x9d6c400 &quot;{main}&quot;
    do_return = 0
    function_nr = 0
    le = 0x9d6e5e0
    clear = 1
    return_val = 0x0

25 0x0101baf7 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /opt/src/apache2.2/php-5.4.3/Zend/zend.c:1272

    files = 0xbfa48eb4 &quot;&quot;
    i = 1
    file_handle = 0xbfa4b0d0
    orig_op_array = 0x0
    orig_retval_ptr_ptr = 0x0

26 0x00fbff9e in php_execute_script (primary_file=0xbfa4b0d0) at /opt/src/apache2.2/php-5.4.3/main/main.c:2473

    realfile = &quot;\000\000\000\000)\000\000\000p!0\000\000\000\000\000\334it\000\001\000\000\000\300\217\032\000\320P\271\t\001\000\000\000\201\\!\000\003v\031\000@\222\032\000?\277?\032\000\030\000\000\000\000\000\000\000\005\000\000\000\003\000\000\000\220\273\305\t(\000\000\000ß\244\277\000\000\000\000X\034\273\tp!0\000\000\000\000\000\364\017\060\000@!0\000@\273\305\tx\237\244\277\267\177!&quot;, '\000' &lt;repeats 13 times>, &quot;X\273\305\t\024k\277\t@\273\305\t?\244\277&lt;\235\002\001\230\273\305\t4\240\244\277 \000\000\000]\323v\000\362p9\252\000\000\000\000\002\000\000\000\000\000\000\000 \000\000\000\064\240\244\277\220?\005\024\000\000\000\201\\!\000pM\272\t@\032\000\000\000\000\000\000T\025!\000@\273\305\t\030\240\244\277\364\017\060\000\000\000\000\000\000\000\000\000\230\000\000\000g\240\244\277p%0\000\363y\325\tp!0\000\364\017\060\000@!&quot;...
    __orig_bailout = 0xbfa4b034
    __bailout = {{__jmpbuf = {15, 162171408, -1079726144, -1079726072, -592777751, 1677041148}, __mask_was_saved = 0, __saved_mask = {__val = {164985516, 163410952, 164970360, 164985528, 21843405, 
            3215241016, 16904006, 1, 43, 3215241016, 16573639, 162171384, 162171408, 3215241224, 16518616, 60, 1, 3215241080, 4479652, 165044912, 600, 50, 3215241268, 162171384, 162171408, 21843405, 
            3215241224, 3702180873, 1676832320, 0, 3086086832, 165046024}}}}
    prepend_file_p = 0x0
    append_file_p = &lt;value optimized out>
    prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, 
            old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'}
    append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, 
            old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'}
    old_cwd = 0xbfa48ec0 &quot;/&quot;
    retval = 0

27 0x010b823b in php_handler (r=0x9d662f0) at /opt/src/apache2.2/php-5.4.3/sapi/apache2handler/sapi_apache2.c:667

    __bailout = {{__jmpbuf = {162171384, 162171408, 21843405, -1079725768, -592784551, 1644502701}, __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 0, 135153495, 165066072, 164995056, 3215241528, 
            135005484, 162171384, 135339289, 3215241384, 134723675, 162189688, 165066016, 165044976, 164995464, 162171407, 165066040, 4433072, 3086086832, 0, 4294967295, 1740736, 4294967295, 4294967295, 0, 
            1683128, 1742888, 0, 1, 1, 0}}}}
    ctx = 0x9d6b6e8
    conf = 0x9ae06d8
    brigade = 0x9d6bf18
    bucket = &lt;value optimized out>
    rv = &lt;value optimized out>
    parent_req = 0x0

28 0x08082e53 in ?? ()

No symbol table info available.
(gdb)
</pre>

derick

2012-05-17 07:35

administrator   ~0002168

rbarbosa, so far, all the GDB traces that I have seen point to the same cause. However, I've still not been able to reproduce this; so I would kindly ask you to help and try and figure out which code causes this, and whether you can isolate it.

rbarbosa

2012-05-22 18:33

reporter   ~0002187

Hi Derick...I still have not been able to isolate this issue.

I've seen a few other issues posted here that might be related, but I'm not sure if they are or not.

Bug 0000830 seems close to what I am seeing from a behavior perspective. Also 0000837 seems similar.

Any luck getting isolated script from any of those folks?

derick

2012-05-28 08:26

administrator   ~0002201

I think I've just pushed a fix to github for this issue. Could you please try it?

derick

2012-06-11 16:17

administrator   ~0002245

Hello?

avanha@photobucket.com

2012-06-12 00:23

reporter   ~0002249

Hi Derick, I'm seeing something similar and wanted to check your fix by running the latest from the master branch. I'm still seeing the segfault, and looking through the logs on github, I don't see any checkin on 5/28 that mentions issue 832. Is the fix on a different branch or was it part of changeset d0f753e714c8fea33f689d7d75b89455b615037d?

rbarbosa

2012-06-12 15:06

reporter   ~0002250

Sorry for the delayed response. The latest build appears to have resolved this issue.

I did not test very long...but I was able to get further into my call stack than ever before. I also ran a parallel debug session and had both running at the same time stepping through the code and neither session crashed.

This looks promising! Awesome work.

Issue History

Date Modified Username Field Change
2012-05-11 14:35 rbarbosa New Issue
2012-05-11 20:48 pbrookfield Note Added: 0002143
2012-05-11 21:02 rbarbosa Note Added: 0002144
2012-05-11 21:04 rbarbosa Note Edited: 0002144
2012-05-11 21:05 rbarbosa Note Edited: 0002144
2012-05-13 19:39 rulatir Note Added: 0002145
2012-05-13 19:51 dleffler Note Added: 0002146
2012-05-13 21:49 derick Note Added: 0002147
2012-05-13 21:51 derick Assigned To => derick
2012-05-13 21:51 derick Status new => feedback
2012-05-15 22:31 derick Target Version => 2.2.1
2012-05-16 11:45 rbarbosa Note Added: 0002159
2012-05-16 11:45 rbarbosa Status feedback => assigned
2012-05-16 11:46 rbarbosa Note Edited: 0002159
2012-05-16 11:48 rbarbosa Note Edited: 0002159
2012-05-16 11:51 rbarbosa Note Edited: 0002159
2012-05-16 12:04 rbarbosa Note Edited: 0002159
2012-05-17 07:35 derick Note Added: 0002168
2012-05-17 07:35 derick Status assigned => feedback
2012-05-22 18:33 rbarbosa Note Added: 0002187
2012-05-22 18:33 rbarbosa Status feedback => assigned
2012-05-28 08:26 derick Note Added: 0002201
2012-05-28 08:26 derick Status assigned => feedback
2012-06-11 16:17 derick Note Added: 0002245
2012-06-12 00:23 avanha@photobucket.com Note Added: 0002249
2012-06-12 15:06 rbarbosa Note Added: 0002250
2012-06-12 15:06 rbarbosa Status feedback => assigned
2012-06-12 15:14 derick Status assigned => closed
2012-06-12 15:14 derick Resolution open => fixed
2012-06-12 15:14 derick Fixed in Version => 2.2.1
2016-07-31 12:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 12:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)
2020-03-12 16:35 derick Category Usage problems (Wrong Results) => Variable Display
2020-03-12 16:38 derick Category Variable Display => Uncategorized