[xdebug-general] apache worker mpm crashes with xdebug 2.0.2

Hi,

Xdebug is an amazing extension, and it keeps my sanity when trying to debug
PHP apps using open source tools.

Ever since I switched to apache worker MPM, I am getting intermittent crashes
when Xdebug is enabled (without even really debugging anything).
I am running Gentoo on amd64, with apache 2.2.8 and php 5.2.6 (happened with
5.2.5 as well)

This is the last line from apache's error log:
[Thu Mar 13 13:37:17 2008] [notice] child pid 20517 exit signal Segmentation
fault (11), possible coredump in /tmp

And a stack trace from the core file:
(gdb) bt full
#0 0x00002ab718502027 in kill () from /lib/libc.so.6
No symbol table info available.
#1 0x000000000044003e in sig_coredump ()
No symbol table info available.
#2 <signal handler called>
No symbol table info available.
#3 0x00002ab720ccadec in xdebug_compile_file ()
from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/xdebug.so
No symbol table info available.
#4 0x00002ab71daddc73 in zend_execute_scripts (type=8, tsrm_ls=0x2a60be0,
retval=0x0, file_count=3)
    
at /var/tmp/portage/dev-lang/php-5.2.6_rc1-r1/work/php-5.2.6RC1/Zend/zend.c:1126
        files = {{gp_offset = 48, fp_offset = 48, overflow_arg_area =
0x417ffa80, reg_save_area = 0x417ff9b0}}
        i = 1
        file_handle = (zend_file_handle *) 0x41801e60
        orig_op_array = (zend_op_array *) 0x0
        orig_retval_ptr_ptr = (zval **) 0x0
        local_retval = (zval *) 0x0
#5 0x00002ab71da67da2 in php_execute_script (primary_file=0x41801e60,
tsrm_ls=0x2a60be0)
    
at /var/tmp/portage/dev-lang/php-5.2.6_rc1-r1/work/php-5.2.6RC1/main/main.c:2006
        realfile = '\0' <repeats 104
times>, "*(Y\030�*\000\000\000\000\000\000\000\000\000\000)&Y\030�*\000\000\000\000\000\000\000\000\000\000\024\000\000\000\000\000\000\000\000\034\200A", '\0'
<repeats 12
times>, "\f\000\000\000\000\000\000\000\224�Z\030�*\000\000\024\000\000\000\003\000\002\000�\021�G%P\000\000\000\000\000\000\001\000\000\000\024\000\001", '\0'
<repeats 16
times>, "\001\024\000\006\000���������\025\000\000�\025\000\000@\000\000\000\024\000\002\000�\021�G%P\000\000\n@\200�\002\000\000\000\024\000\001\000�\200\000\000\000\000\000\000\002\016.��\\�7\024\000\006\000���������\025\000\000�\025"...
        __orig_bailout = (jmp_buf *) 0x41801d90
        __bailout = {{__jmpbuf = {13325168, -4471320075968971246, 16404824,
8834600, 0, 1098916088, -4471318054180225518,
      -7738285490630427118}, __mask_was_saved = 0, __saved_mask = {__val =
{46965964823378, 16410480, 44436448, 16404824,
        13975423997753163282, 16404824, 8834600, 0, 1098916088,
13975423997654597138, 10708458581961604626, 0, 16721848,
        4516867, 0, 14202120}}}}
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x0
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
handle = {fd = 0, fp = 0x0, stream = {
      handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}},
free_filename = 0 '\0'}
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0,
handle = {fd = 0, fp = 0x0, stream = {
      handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}},
free_filename = 0 '\0'}
        old_cwd = 0x417ffaa0 "/"
        retval = 0
#6 0x00002ab71db766dc in php_handler (r=0xfa5158)
at /var/tmp/portage/dev-lang/php-5.2.6_rc1-r1/work/php-5.2.6RC1/sapi/apache2handler/sapi_apache2.c:629
        zfd = {type = 5 '\005', filename =
0xfa6310 "/home/yuval/work/amen/www/index.php",
  opened_path = 0xda8588 "/home/yuval/work/amen/www/index.php", handle = {fd =
14321448, fp = 0xda8728, stream = {
      handle = 0xda8728, reader = 0x2ab71da85f96 <_php_stream_read>, closer =
0x2ab71da64bb1 <stream_closer_for_zend>,
      fteller = 0x2ab71da64bd5 <stream_fteller_for_zend>, interactive = 0}},
free_filename = 0 '\0'}
        __orig_bailout = (jmp_buf *) 0x0
        __bailout = {{__jmpbuf = {13325168, -4471320075927028206, 16404824,
8834600, 0, 1098916088, -4471320075966874094,
      -7738285345315095022}, __mask_was_saved = 0, __saved_mask = {__val =
{872, 16409360, 1205306874000000,
        1203321484000000, 1205306874000000, 16410176, 0, 0, 16409704,
16401480, 46965952864779, 14202120, 2, 16409736,
        1098915692, 14202120}}}}
        ctx = (php_struct * volatile) 0xfa6698
        conf = (void *) 0xfa1928
        brigade = (apr_bucket_brigade * volatile) 0xff2ec0
        bucket = (apr_bucket *) 0x7ef9f8
        rv = 10935
        parent_req = (request_rec * volatile) 0x0
        tsrm_ls = (void ***) 0x2a60be0
#7 0x0000000000437e49 in ap_run_handler ()
No symbol table info available.
#8 0x000000000043af3c in ap_invoke_handler ()
No symbol table info available.
#9 0x00000000004450aa in ap_internal_redirect ()
No symbol table info available.
#10 0x00002ab71caf2380 in handler_redirect ()
from /usr/lib64/apache2/modules/mod_rewrite.so
No symbol table info available.
#11 0x0000000000437e49 in ap_run_handler ()
No symbol table info available.
#12 0x000000000043af3c in ap_invoke_handler ()
No symbol table info available.
#13 0x0000000000445228 in ap_process_request ()
No symbol table info available.
#14 0x00000000004426a8 in ap_process_http_connection ()
No symbol table info available.
#15 0x000000000043ead1 in ap_run_process_connection ()
No symbol table info available.
#16 0x0000000000449a76 in worker_thread ()
No symbol table info available.
#17 0x00002ab7182ba257 in ?? () from /lib/libpthread.so.0

I have confirmed this does not happen with prefork MPM, or when xdebug is not
installed. It looks to me like a thread safety issue..

I've done my best to include as much debug information as I could here. Please
let me know if you need any further information to investigate this.

Thanks for the great work!

-- 
Yuval Hager
[T] +972-77-341-4155
[@] yuval[@]avramzon.net