Edit report at https://bugs.php.net/bug.php?id=60457&edit=1
ID: 60457
User updated by: Sjon at hortensius dot net
Reported by: Sjon at hortensius dot net
Summary: gc_zval_possible_root SIGSEGV
Status: Open
Type: Bug
Package: Scripting Engine problem
Operating System: Linux
PHP Version: 5.3.8
Block user comment: N
Private report: N
New Comment:
For anyone interested, this bug is not related to a single class, but we have
worked around, and seen this bug occur again, in many different places.
I have also been reproducing this in 5.3.6 / 5.3.5 / 5.3.4 and 5.3.3
Previous Comments:
------------------------------------------------------------------------
[2012-01-04 07:31:07] no at snaxor dot com
I may be bumping into this one as well, Similarly, I cannot provide a script to
reproduce it since it happens in a project with many classes, but I'll see if I
can narrow it down and create one.
It is very inconsistent. It will die one the same page but with different data
it will be fine. What seems to be sparking it in my case is Smarty, with lots
of
sub-template files. The content is rendered correctly, but during Smarty's
cleanup is when it dies.
It is trigger-able via php command line or apache module.
gc_disable() doesn't unfortunately have any effect.
PHP Version: 5.3.8 on OSX.
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000003dca9fd2f1
0x0000000100359618 in gc_zval_possible_root ()
(gdb) bt
#0 0x0000000100359618 in gc_zval_possible_root ()
#1 0x000000010034a765 in zend_hash_destroy ()
#2 0x000000010035c86c in zend_object_std_dtor ()
#3 0x000000010035c4f8 in zend_objects_free_object_storage ()
#4 0x000000010035faae in zend_objects_store_del_ref_by_handle_ex ()
#5 0x000000010035fb64 in zend_objects_store_del_ref ()
#6 0x0000000100334e2d in _zval_ptr_dtor ()
#7 0x000000010034a765 in zend_hash_destroy ()
#8 0x000000010033f1b0 in _zval_dtor_func ()
#9 0x0000000100334e2d in _zval_ptr_dtor ()
#10 0x000000010034a765 in zend_hash_destroy ()
#11 0x000000010035c86c in zend_object_std_dtor ()
#12 0x000000010035c4f8 in zend_objects_free_object_storage ()
#13 0x000000010035f6eb in zend_objects_store_free_object_storage ()
#14 0x0000000100337750 in shutdown_executor ()
#15 0x000000010033feae in zend_deactivate ()
#16 0x00000001002f08b1 in php_request_shutdown ()
#17 0x00000001003ba366 in main ()
#18 0x00000001000010ec in start ()
------------------------------------------------------------------------
[2011-12-12 15:58:33] Sjon at hortensius dot net
I am afraid not, gc_disable() doesn't solve this segfault unfortunately
------------------------------------------------------------------------
[2011-12-11 19:41:22] arekm at maven dot pl
Isn't this something similar to last comments of #40479 (there is
reproduction script there).
------------------------------------------------------------------------
[2011-12-07 14:05:33] Sjon at hortensius dot net
Description:
------------
Our application segfaults after completely finishing the request.
Unfortunately I cannot provide a script to reproduce this as it occurs in an
application consisting of many classes. I have been poking at this with gdb for
a
while, but can't find the cause for this problem.
How can I supply you with the information you need to resolve this? We can
'fix'
the problem by die()-ing in the __destruct of the class that seems to cause this
Actual result:
--------------
#0 0x00000000005bf0e9 in gc_zval_possible_root (zv=0x1985580) at
/usr/src/debug/php-5.3.8/Zend/zend_gc.c:143
#1 0x00000000005aeb28 in zend_hash_destroy (ht=0x1363998) at
/usr/src/debug/php-5.3.8/Zend/zend_hash.c:529
#2 0x00000000005c0609 in zend_object_std_dtor (object=0x1363970) at
/usr/src/debug/php-5.3.8/Zend/zend_objects.c:45
#3 0x00000000005c0629 in zend_objects_free_object_storage (object=0x1985580)
at
/usr/src/debug/php-5.3.8/Zend/zend_objects.c:126
#4 0x00000000005c46d6 in zend_objects_store_free_object_storage
(objects=0x91bef8) at /usr/src/debug/php-5.3.8/Zend/zend_objects_API.c:92
#5 0x0000000000595757 in shutdown_executor () at /usr/src/debug/php-
5.3.8/Zend/zend_execute_API.c:304
#6 0x00000000005a1fc2 in zend_deactivate () at /usr/src/debug/php-
5.3.8/Zend/zend.c:891
#7 0x000000000054f2ce in php_request_shutdown (dummy=<value optimized out>) at
/usr/src/debug/php-5.3.8/main/main.c:1640
#8 0x000000000062b10f in main (argc=3, argv=0x7fffffffea88) at
/usr/src/debug/php-5.3.8/sapi/cli/php_cli.c:1363
(gdb) frame 2
#2 0x00000000005c0609 in zend_object_std_dtor (object=0x1363970) at
/usr/src/debug/php-5.3.8/Zend/zend_objects.c:45
45 zend_hash_destroy(object->properties);
(gdb) print *object->ce
$1 = {type = 2 '\002', name = 0xcdce30 "React_Introspection_Controller",
name_length = 30, parent = 0xcb3e78, refcount = 1, constants_updated = 1
'\001',
ce_flags = 0, function_table = {nTableSize = 32,
nTableMask = 31, nNumOfElements = 27, nNextFreeElement = 0,
pInternalPointer
= 0xcde7b0, pListHead = 0xcde7b0, pListTail = 0xce9d10, arBuckets = 0xce8fa8,
pDestructor = 0x599450 <zend_function_dtor>,
persistent = 0 '\000', nApplyCount = 0 '\000', bApplyProtection = 0
'\000'},
default_properties = {nTableSize = 8, nTableMask = 7, nNumOfElements = 5,
nNextFreeElement = 0, pInternalPointer = 0xce74c8,
pListHead = 0xce74c8, pListTail = 0xce7660, arBuckets = 0xcdcf50,
pDestructor = 0x595420 <_zval_ptr_dtor>, persistent = 0 '\000', nApplyCount = 0
'\000', bApplyProtection = 0 '\000'}, properties_info = {
nTableSize = 8, nTableMask = 7, nNumOfElements = 5, nNextFreeElement = 0,
pInternalPointer = 0xce76c8, pListHead = 0xce76c8, pListTail = 0xce7850,
arBuckets = 0xcde670,
pDestructor = 0x586190 <zend_destroy_property_info>, persistent = 0 '\000',
nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, default_static_members =
{nTableSize = 8, nTableMask = 7,
nNumOfElements = 0, nNextFreeElement = 0, pInternalPointer = 0x0, pListHead
= 0x0, pListTail = 0x0, arBuckets = 0xcde6c0, pDestructor = 0x595420
<_zval_ptr_dtor>, persistent = 0 '\000',
nApplyCount = 0 '\000', bApplyProtection = 0 '\000'}, static_members = 0x0,
constants_table = {nTableSize = 8, nTableMask = 7, nNumOfElements = 0,
nNextFreeElement = 0, pInternalPointer = 0x0,
pListHead = 0x0, pListTail = 0x0, arBuckets = 0xcde710, pDestructor =
0x595420 <_zval_ptr_dtor>, persistent = 0 '\000', nApplyCount = 0 '\000',
bApplyProtection = 0 '\000'}, builtin_functions = 0x0,
constructor = 0xca2160, destructor = 0x0, clone = 0x0, __get = 0x0, __set =
0x0, __unset = 0x0, __isset = 0x0, __call = 0x0, __callstatic = 0x0, __tostring
= 0x0, serialize_func = 0x0,
unserialize_func = 0x0, iterator_funcs = {funcs = 0x0, zf_new_iterator = 0x0,
zf_valid = 0x0, zf_current = 0x0, zf_key = 0x0, zf_next = 0x0, zf_rewind =
0x0},
create_object = 0, get_iterator = 0,
interface_gets_implemented = 0, get_static_method = 0, serialize = 0,
unserialize = 0, interfaces = 0xcde368, num_interfaces = 1,
filename = 0xcde018 "[...]/Introspection/Controller.php", line_start = 2,
line_end = 82, doc_comment = 0x0,
doc_comment_len = 0, module = 0x0}
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60457&edit=1
