From:
Operating system: Linux
PHP version: 5.3.8
Package: Scripting Engine problem
Bug Type: Bug
Bug description:gc_zval_possible_root SIGSEGV
Description:
------------
Our application segfaults after completely finishing the request.
Unfortunately I cannot provide a script to reproduce this as it occurs in
an
application consisting of many classes. I have been poking at this with gdb
for a
while, but can't find the cause for this problem.
How can I supply you with the information you need to resolve this? We can
'fix'
the problem by die()-ing in the __destruct of the class that seems to cause
this
Actual result:
--------------
#0 0x00000000005bf0e9 in gc_zval_possible_root (zv=0x1985580) at
/usr/src/debug/php-5.3.8/Zend/zend_gc.c:143
#1 0x00000000005aeb28 in zend_hash_destroy (ht=0x1363998) at
/usr/src/debug/php-5.3.8/Zend/zend_hash.c:529
#2 0x00000000005c0609 in zend_object_std_dtor (object=0x1363970) at
/usr/src/debug/php-5.3.8/Zend/zend_objects.c:45
#3 0x00000000005c0629 in zend_objects_free_object_storage
(object=0x1985580) at
/usr/src/debug/php-5.3.8/Zend/zend_objects.c:126
#4 0x00000000005c46d6 in zend_objects_store_free_object_storage
(objects=0x91bef8) at /usr/src/debug/php-5.3.8/Zend/zend_objects_API.c:92
#5 0x0000000000595757 in shutdown_executor () at /usr/src/debug/php-
5.3.8/Zend/zend_execute_API.c:304
#6 0x00000000005a1fc2 in zend_deactivate () at /usr/src/debug/php-
5.3.8/Zend/zend.c:891
#7 0x000000000054f2ce in php_request_shutdown (dummy=<value optimized
out>) at
/usr/src/debug/php-5.3.8/main/main.c:1640
#8 0x000000000062b10f in main (argc=3, argv=0x7fffffffea88) at
/usr/src/debug/php-5.3.8/sapi/cli/php_cli.c:1363
(gdb) frame 2
#2 0x00000000005c0609 in zend_object_std_dtor (object=0x1363970) at
/usr/src/debug/php-5.3.8/Zend/zend_objects.c:45
45 zend_hash_destroy(object->properties);
(gdb) print *object->ce
$1 = {type = 2 '\002', name = 0xcdce30 "React_Introspection_Controller",
name_length = 30, parent = 0xcb3e78, refcount = 1, constants_updated = 1
'\001',
ce_flags = 0, function_table = {nTableSize = 32,
nTableMask = 31, nNumOfElements = 27, nNextFreeElement = 0,
pInternalPointer
= 0xcde7b0, pListHead = 0xcde7b0, pListTail = 0xce9d10, arBuckets =
0xce8fa8,
pDestructor = 0x599450 <zend_function_dtor>,
persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0
'\000'},
default_properties = {nTableSize = 8, nTableMask = 7, nNumOfElements = 5,
nNextFreeElement = 0, pInternalPointer = 0xce74c8,
pListHead = 0xce74c8, pListTail = 0xce7660, arBuckets = 0xcdcf50,
pDestructor = 0x595420 <_zval_ptr_dtor>, persistent = 0 '\000', nApplyCount
= 0
'\000', bApplyProtection = 0 '\000'}, properties_info = {
nTableSize = 8, nTableMask = 7, nNumOfElements = 5, nNextFreeElement =
0,
pInternalPointer = 0xce76c8, pListHead = 0xce76c8, pListTail = 0xce7850,
arBuckets = 0xcde670,
pDestructor = 0x586190 <zend_destroy_property_info>, persistent = 0
'\000',
nApplyCount = 0 '\000', bApplyProtection = 0 '\000'},
default_static_members =
{nTableSize = 8, nTableMask = 7,
nNumOfElements = 0, nNextFreeElement = 0, pInternalPointer = 0x0,
pListHead
= 0x0, pListTail = 0x0, arBuckets = 0xcde6c0, pDestructor = 0x595420
<_zval_ptr_dtor>, persistent = 0 '\000',
nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, static_members =
0x0,
constants_table = {nTableSize = 8, nTableMask = 7, nNumOfElements = 0,
nNextFreeElement = 0, pInternalPointer = 0x0,
pListHead = 0x0, pListTail = 0x0, arBuckets = 0xcde710, pDestructor =
0x595420 <_zval_ptr_dtor>, persistent = 0 '\000', nApplyCount = 0 '\000',
bApplyProtection = 0 '\000'}, builtin_functions = 0x0,
constructor = 0xca2160, destructor = 0x0, clone = 0x0, __get = 0x0, __set
=
0x0, __unset = 0x0, __isset = 0x0, __call = 0x0, __callstatic = 0x0,
__tostring
= 0x0, serialize_func = 0x0,
unserialize_func = 0x0, iterator_funcs = {funcs = 0x0, zf_new_iterator =
0x0,
zf_valid = 0x0, zf_current = 0x0, zf_key = 0x0, zf_next = 0x0, zf_rewind =
0x0},
create_object = 0, get_iterator = 0,
interface_gets_implemented = 0, get_static_method = 0, serialize = 0,
unserialize = 0, interfaces = 0xcde368, num_interfaces = 1,
filename = 0xcde018 "[...]/Introspection/Controller.php", line_start = 2,
line_end = 82, doc_comment = 0x0,
doc_comment_len = 0, module = 0x0}
--
Edit bug report at https://bugs.php.net/bug.php?id=60457&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=60457&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=60457&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=60457&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=60457&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=60457&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=60457&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=60457&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=60457&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=60457&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=60457&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=60457&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=60457&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=60457&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=60457&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=60457&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=60457&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=60457&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=60457&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=60457&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=60457&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=60457&r=mysqlcfg
