From:
Operating system: Linux/Windows
PHP version: 5.3.3
Package: Reproducible crash
Bug Type: Bug
Bug description:Segfault in /Zend/zend_objects_API.c:230
Description:
------------
A PHP process segfaults randomly when I try to build a complex search index
with
Symfony framework and Zend Lucene. Unfortunately, I can't figure out a
short
script to reproduce this problem.
I can reproduce it with all PHP versions, included PHP 5.3.3. In debug
mode, the
problem occurs fastly (the index build can take many hours).
This is how I compiled my PHP installation:
./configure \
--enable-dom \
--enable-libxml \
--with-xsl \
--enable-pdo \
--with-pdo-mysql \
--with-mysql \
--with-mysqli \
--enable-mbstring \
--enable-debug
gdb:
$ gdb /home/foobar/bin/php-5.3.3-debug ./core
Core was generated by `/home/foobar/bin/php-5.3.3-debug -d
memory_limit=1200M
symfony search:populate Q'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000086d775 in zend_objects_store_del_ref_by_handle_ex
(handle=16159,
handlers=0x106b340)
at /home/foobar/bin/php-5.3.3/Zend/zend_objects_API.c:230
230 obj->refcount--;
(gdb) print obj
$1 = (struct _store_object *) 0x7ffc9fc80838
(gdb) print obj->refcount
Cannot access memory at address 0x7ffc9fc80860
The backtrack:
(gdb) bt
#0 0x000000000086d775 in zend_objects_store_del_ref_by_handle_ex
(handle=16159,
handlers=0x106b340)
at /home/foobar/bin/php-5.3.3/Zend/zend_objects_API.c:230
#1 0x000000000086d477 in zend_objects_store_del_ref (zobject=0xd724c90) at
/home/foobar/bin/php-5.3.3/Zend/zend_objects_API.c:172
#2 0x000000000083d822 in _zval_dtor_func (zvalue=0xd724c90,
__zend_filename=0xdceb88
"/home/foobar/bin/php-5.3.3/Zend/zend_execute_API.c",
__zend_lineno=443) at
/home/foobar/bin/php-5.3.3/Zend/zend_variables.c:52
#3 0x000000000082d73a in _zval_dtor (zvalue=0xd724c90,
__zend_filename=0xdceb88
"/home/foobar/bin/php-5.3.3/Zend/zend_execute_API.c",
__zend_lineno=443) at
/home/foobar/bin/php-5.3.3/Zend/zend_variables.h:35
#4 0x000000000082e6c8 in _zval_ptr_dtor (zval_ptr=0xddbaa00,
__zend_filename=0xdd0400
"/home/foobar/bin/php-5.3.3/Zend/zend_variables.c",
__zend_lineno=178) at
/home/foobar/bin/php-5.3.3/Zend/zend_execute_API.c:443
#5 0x000000000083db9f in _zval_ptr_dtor_wrapper (zval_ptr=0xddbaa00) at
/home/foobar/bin/php-5.3.3/Zend/zend_variables.c:178
#6 0x000000000084feb0 in zend_hash_destroy (ht=0xcba0578) at
/home/foobar/bin/php-5.3.3/Zend/zend_hash.c:526
#7 0x0000000000868209 in zend_object_std_dtor (object=0xf2983f0) at
/home/foobar/bin/php-5.3.3/Zend/zend_objects.c:45
#8 0x0000000000868585 in zend_objects_free_object_storage
(object=0xf2983f0) at
/home/foobar/bin/php-5.3.3/Zend/zend_objects.c:128
#9 0x000000000086d710 in zend_objects_store_del_ref_by_handle_ex
(handle=16266,
handlers=0x106b340)
at /home/foobar/bin/php-5.3.3/Zend/zend_objects_API.c:220
#10 0x000000000086d477 in zend_objects_store_del_ref (zobject=0xe67c7b0) at
/home/foobar/bin/php-5.3.3/Zend/zend_objects_API.c:172
#11 0x000000000083d822 in _zval_dtor_func (zvalue=0xe67c7b0,
__zend_filename=0xdceb88
"/home/foobar/bin/php-5.3.3/Zend/zend_execute_API.c",
__zend_lineno=443) at
/home/foobar/bin/php-5.3.3/Zend/zend_variables.c:52
#12 0x000000000082d73a in _zval_dtor (zvalue=0xe67c7b0,
__zend_filename=0xdceb88
"/home/foobar/bin/php-5.3.3/Zend/zend_execute_API.c",
__zend_lineno=443) at
/home/foobar/bin/php-5.3.3/Zend/zend_variables.h:35
#13 0x000000000082e6c8 in _zval_ptr_dtor (zval_ptr=0x7ffca2525c10,
__zend_filename=0xdd6728
"/home/foobar/bin/php-5.3.3/Zend/zend_vm_execute.h",
__zend_lineno=160) at
/home/foobar/bin/php-5.3.3/Zend/zend_execute_API.c:443
#14 0x00000000008732da in zend_leave_helper_SPEC
(execute_data=0x7ffca2525b38)
at /home/foobar/bin/php-5.3.3/Zend/zend_vm_execute.h:160
#15 0x0000000000878335 in ZEND_RETURN_SPEC_CONST_HANDLER
(execute_data=0x7ffca2525b38) at /home/foobar/bin/php-
5.3.3/Zend/zend_vm_execute.h:1686
#16 0x0000000000873131 in execute (op_array=0x33a0410) at
/home/foobar/bin/php-
5.3.3/Zend/zend_vm_execute.h:107
#17 0x00000000008401ec in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /home/foobar/bin/php-5.3.3/Zend/zend.c:1194
#18 0x00000000007ca328 in php_execute_script (primary_file=0x7fffd3b27230)
at
/home/foobar/bin/php-5.3.3/main/main.c:2260
#19 0x00000000009238a3 in main (argc=6, argv=0x7fffd3b27498) at
/home/foobar/bin/php-5.3.3/sapi/cli/php_cli.c:1192
Test script:
---------------
Unfortunately, I can't figure out a short script to reproduce this problem.
Expected result:
----------------
The process should not segfault.
Actual result:
--------------
Segfault
--
Edit bug report at http://bugs.php.net/bug.php?id=52518&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=52518&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=52518&r=trysnapshot53
Try a snapshot (trunk):
http://bugs.php.net/fix.php?id=52518&r=trysnapshottrunk
Fixed in SVN:
http://bugs.php.net/fix.php?id=52518&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=52518&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=52518&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=52518&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=52518&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=52518&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=52518&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=52518&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=52518&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=52518&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=52518&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=52518&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=52518&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=52518&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=52518&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=52518&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=52518&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=52518&r=mysqlcfg
