[PHP-BUG] Bug #55665 [NEW]: Segmentation fault in gc_mark_roots()

mbecc...@php.net Sat, 10 Sep 2011 04:17:59 -0700

From:             mbeccati
Operating system: FreeBSD 6.2
PHP version:      5.3SVN-2011-09-10 (SVN)
Package:          Reproducible crash
Bug Type:         Bug
Bug description:Segmentation fault in gc_mark_roots()


Description:
------------
As usual with bugs related to garbage collection, I don't have a short
reproduce code. The segmentation fault happens when running a pretty heavy
integration test and is currently reproducible on PHP 5.3 (tested 5.3.4,
5.3.6RC3, 5.3.8 and PHP_5_3 svn HEAD). Unfortunately garbage collection is
a bit too much for me to be able to make sense of it and debug the issue.

Interestingly enough I couldn't reproduce it on PHP 5.2 or PHP 5.4.

Happens both with gcc 3.4.6 and 4.2.5 with -O0.

SSH Access to the machine is available for anyone interested in
investigating.



Actual result:
--------------
Here is the relevant portion of backtrace and some other gdb commands:

#0  0x000000000094a060 in gc_mark_roots () at
/array1/compile/php-src/php/php-src/branches/PHP_5_3/Zend/zend_gc.c:434
434                             if (GC_ZVAL_GET_COLOR(current->u.pz) ==
GC_PURPLE) {
(gdb) bt full
#0  0x000000000094a060 in gc_mark_roots () at
/array1/compile/php-src/php/php-src/branches/PHP_5_3/Zend/zend_gc.c:434
        current = (gc_root_buffer *) 0x11121a0
#1  0x000000000094a90c in gc_collect_cycles () at
/array1/compile/php-src/php/php-src/branches/PHP_5_3/Zend/zend_gc.c:664
        p = (zval_gc_info *) 0x1e8fbd0
        q = (zval_gc_info *) 0x7fffffffccd8
        orig_free_list = (zval_gc_info *) 0x377c42d8edc99ee
        orig_next_to_free = (zval_gc_info *) 0x901e88190
        count = 0
#2  0x00000000009495c2 in gc_zval_possible_root (zv=0x3e37620) at
/array1/compile/php-src/php/php-src/branches/PHP_5_3/Zend/zend_gc.c:166
        newRoot = (gc_root_buffer *) 0x0
#3  0x00000000009bb104 in ZEND_FETCH_DIM_W_SPEC_VAR_CV_HANDLER
(execute_data=0x1390810) at zend_gc.h:183
        opline = (zend_op *) 0x1e8fbf8
        free_op1 = {var = 0x0}
        dim = (zval *) 0x3e37708
        container = (zval **) 0x3057850
#4  0x0000000000953c58 in execute (op_array=0x1e8be08) at
zend_vm_execute.h:107
        ret = 0
        execute_data = (zend_execute_data *) 0x1390810
        nested = 1 '\001'
        original_in_execution = 0 '\0'
...
(gdb) print current->u.pz
$1 = (zval *) 0x3e9fd38
(gdb) print *current->u.pz
Cannot access memory at address 0x3e9fd38
(gdb) frame 4
#4  0x0000000000953c58 in execute (op_array=0x1e8be08) at
zend_vm_execute.h:107
107                     if ((ret = EX(opline)->handler(execute_data
TSRMLS_CC)) > 0) {
(gdb) dump_bt executor_globals.current_execute_data
[0x01390810] addItem()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container.php:153
[0x013905c0] addItem()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container.php:108
[0x01390450] createItem()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container.php:196
[0x01390008] createDirective()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container/PHPArray.php:113
[0x0138fbc0] _parseArray()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container/PHPArray.php:111
[0x0138f5a0] _parseArray()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container/PHPArray.php:75
[0x0138ef48] parseDatasrc()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config.php:197
[0x0138ebd8] parseConfig()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/OA/Admin/Settings.php:364
[0x0138b9b0] writeConfigArrayToFile()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/OA/Admin/Settings.php:173
[0x0138b7a0] writeConfigChange()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/OX/Plugin/PluginManager.php:870
[0x0138ac18] _setPackage()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/OX/Plugin/PluginManager.php:518
[0x0138a0e8] enablePackage()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/tests/testClasses/TestEnv.php:183
[0x01389198] installPluginPackage()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/plugins_repo/apRetargetingDriverExternal/plugins/apRetargeting/lib/Dal/Drivers/tests/integration/External.plg.test.php:28
[0x01388f80] setUp()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/invoker.php:67
[0x01388e50] invoke()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/invoker.php:126
[0x01388878] invoke()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/errors.php:48
[0x01388748] invoke()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/invoker.php:126
[0x01388228] invoke()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/exceptions.php:42
[0x01387a28] invoke()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/test_case.php:135
[0x013873e0] run()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/test_case.php:588
[0x01386d98] run()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/test_case.php:591
[0x01386b08] run()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/tests/testClasses/TestRunner.php:411
[0x01386320] runCase()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/tests/testClasses/TestRunner.php:194
[0x01385040] runFile()
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/tests/run.php:123


-- 
Edit bug report at https://bugs.php.net/bug.php?id=55665&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=55665&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=55665&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=55665&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=55665&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=55665&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=55665&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=55665&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=55665&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=55665&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=55665&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=55665&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=55665&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=55665&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=55665&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=55665&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=55665&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=55665&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=55665&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=55665&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=55665&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=55665&r=mysqlcfg

[PHP-BUG] Bug #55665 [NEW]: Segmentation fault in gc_mark_roots()

Reply via email to