Edit report at https://bugs.php.net/bug.php?id=60457&edit=1
ID: 60457 Comment by: no at snaxor dot com Reported by: Sjon at hortensius dot net Summary: gc_zval_possible_root SIGSEGV Status: Open Type: Bug Package: Scripting Engine problem Operating System: Linux PHP Version: 5.3.8 Block user comment: N Private report: N New Comment: I may be bumping into this one as well, Similarly, I cannot provide a script to reproduce it since it happens in a project with many classes, but I'll see if I can narrow it down and create one. It is very inconsistent. It will die one the same page but with different data it will be fine. What seems to be sparking it in my case is Smarty, with lots of sub-template files. The content is rendered correctly, but during Smarty's cleanup is when it dies. It is trigger-able via php command line or apache module. gc_disable() doesn't unfortunately have any effect. PHP Version: 5.3.8 on OSX. Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000003dca9fd2f1 0x0000000100359618 in gc_zval_possible_root () (gdb) bt #0 0x0000000100359618 in gc_zval_possible_root () #1 0x000000010034a765 in zend_hash_destroy () #2 0x000000010035c86c in zend_object_std_dtor () #3 0x000000010035c4f8 in zend_objects_free_object_storage () #4 0x000000010035faae in zend_objects_store_del_ref_by_handle_ex () #5 0x000000010035fb64 in zend_objects_store_del_ref () #6 0x0000000100334e2d in _zval_ptr_dtor () #7 0x000000010034a765 in zend_hash_destroy () #8 0x000000010033f1b0 in _zval_dtor_func () #9 0x0000000100334e2d in _zval_ptr_dtor () #10 0x000000010034a765 in zend_hash_destroy () #11 0x000000010035c86c in zend_object_std_dtor () #12 0x000000010035c4f8 in zend_objects_free_object_storage () #13 0x000000010035f6eb in zend_objects_store_free_object_storage () #14 0x0000000100337750 in shutdown_executor () #15 0x000000010033feae in zend_deactivate () #16 0x00000001002f08b1 in php_request_shutdown () #17 0x00000001003ba366 in main () #18 0x00000001000010ec in start () Previous Comments: ------------------------------------------------------------------------ [2011-12-12 15:58:33] Sjon at hortensius dot net I am afraid not, gc_disable() doesn't solve this segfault unfortunately ------------------------------------------------------------------------ [2011-12-11 19:41:22] arekm at maven dot pl Isn't this something similar to last comments of #40479 (there is reproduction script there). ------------------------------------------------------------------------ [2011-12-07 14:05:33] Sjon at hortensius dot net Description: ------------ Our application segfaults after completely finishing the request. Unfortunately I cannot provide a script to reproduce this as it occurs in an application consisting of many classes. I have been poking at this with gdb for a while, but can't find the cause for this problem. How can I supply you with the information you need to resolve this? We can 'fix' the problem by die()-ing in the __destruct of the class that seems to cause this Actual result: -------------- #0 0x00000000005bf0e9 in gc_zval_possible_root (zv=0x1985580) at /usr/src/debug/php-5.3.8/Zend/zend_gc.c:143 #1 0x00000000005aeb28 in zend_hash_destroy (ht=0x1363998) at /usr/src/debug/php-5.3.8/Zend/zend_hash.c:529 #2 0x00000000005c0609 in zend_object_std_dtor (object=0x1363970) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:45 #3 0x00000000005c0629 in zend_objects_free_object_storage (object=0x1985580) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:126 #4 0x00000000005c46d6 in zend_objects_store_free_object_storage (objects=0x91bef8) at /usr/src/debug/php-5.3.8/Zend/zend_objects_API.c:92 #5 0x0000000000595757 in shutdown_executor () at /usr/src/debug/php- 5.3.8/Zend/zend_execute_API.c:304 #6 0x00000000005a1fc2 in zend_deactivate () at /usr/src/debug/php- 5.3.8/Zend/zend.c:891 #7 0x000000000054f2ce in php_request_shutdown (dummy=<value optimized out>) at /usr/src/debug/php-5.3.8/main/main.c:1640 #8 0x000000000062b10f in main (argc=3, argv=0x7fffffffea88) at /usr/src/debug/php-5.3.8/sapi/cli/php_cli.c:1363 (gdb) frame 2 #2 0x00000000005c0609 in zend_object_std_dtor (object=0x1363970) at /usr/src/debug/php-5.3.8/Zend/zend_objects.c:45 45 zend_hash_destroy(object->properties); (gdb) print *object->ce $1 = {type = 2 '\002', name = 0xcdce30 "React_Introspection_Controller", name_length = 30, parent = 0xcb3e78, refcount = 1, constants_updated = 1 '\001', ce_flags = 0, function_table = {nTableSize = 32, nTableMask = 31, nNumOfElements = 27, nNextFreeElement = 0, pInternalPointer = 0xcde7b0, pListHead = 0xcde7b0, pListTail = 0xce9d10, arBuckets = 0xce8fa8, pDestructor = 0x599450 <zend_function_dtor>, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, default_properties = {nTableSize = 8, nTableMask = 7, nNumOfElements = 5, nNextFreeElement = 0, pInternalPointer = 0xce74c8, pListHead = 0xce74c8, pListTail = 0xce7660, arBuckets = 0xcdcf50, pDestructor = 0x595420 <_zval_ptr_dtor>, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, properties_info = { nTableSize = 8, nTableMask = 7, nNumOfElements = 5, nNextFreeElement = 0, pInternalPointer = 0xce76c8, pListHead = 0xce76c8, pListTail = 0xce7850, arBuckets = 0xcde670, pDestructor = 0x586190 <zend_destroy_property_info>, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, default_static_members = {nTableSize = 8, nTableMask = 7, nNumOfElements = 0, nNextFreeElement = 0, pInternalPointer = 0x0, pListHead = 0x0, pListTail = 0x0, arBuckets = 0xcde6c0, pDestructor = 0x595420 <_zval_ptr_dtor>, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, static_members = 0x0, constants_table = {nTableSize = 8, nTableMask = 7, nNumOfElements = 0, nNextFreeElement = 0, pInternalPointer = 0x0, pListHead = 0x0, pListTail = 0x0, arBuckets = 0xcde710, pDestructor = 0x595420 <_zval_ptr_dtor>, persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, builtin_functions = 0x0, constructor = 0xca2160, destructor = 0x0, clone = 0x0, __get = 0x0, __set = 0x0, __unset = 0x0, __isset = 0x0, __call = 0x0, __callstatic = 0x0, __tostring = 0x0, serialize_func = 0x0, unserialize_func = 0x0, iterator_funcs = {funcs = 0x0, zf_new_iterator = 0x0, zf_valid = 0x0, zf_current = 0x0, zf_key = 0x0, zf_next = 0x0, zf_rewind = 0x0}, create_object = 0, get_iterator = 0, interface_gets_implemented = 0, get_static_method = 0, serialize = 0, unserialize = 0, interfaces = 0xcde368, num_interfaces = 1, filename = 0xcde018 "[...]/Introspection/Controller.php", line_start = 2, line_end = 82, doc_comment = 0x0, doc_comment_len = 0, module = 0x0} ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=60457&edit=1