#47880 [Asn]: Garbage Collector crashes

[dmitry]

 ID:   47880
 Updated by:   dmi...@php.net
 Reported By:  patric at zap dot lu
 Status:   Assigned
 Bug Type: Scripting Engine problem
 Operating System: Debian Lenny
 PHP Version:  5.3.0RC1
 Assigned To:  dmitry
 New Comment:

Thanks for test.
This is the smallest script which demonstrates the crash.



The bug is not related to GC, so may be the crash in GC shown by the
first backtrace is a side effect of this one, but it also may be some
different unrelated bug.



Previous Comments:


[2009-04-04 10:12:38] patric at zap dot lu

Yes the last testcase created infinite recursion, nevertheless it
should not core dump but reach memory exhausted at the end?

I got a new testcase, I isolated the parts in the framework which
lead to the segfault.

Stripped it down to some weird chain of operations, which lead to
segfault.

This time no deep recursion, at a depth of 18 it begins to segfault.


The piece of code:

class bomb {
static function go($pDepth) {
if ($pDepth>0)
 call_user_func_array(array('bomb', 'go'),array($pDepth-1));

 $backtrace = debug_backtrace(false);
 foreach ($backtrace as $k=>$e) 
  foreach ($e['args'] as $kk=>$arg)
   if (is_array($arg))
$backtrace[$k]['args'][$kk]= 'Foobar';  

 }
}

bomb::go(18);   

### GDB ###

Program terminated with signal 11, Segmentation fault.
[New process 25022]
#0  _zend_mm_free_int (heap=0x9eb81b8, p=0x9fe2da0) at
/blade/install/daemon/php/Zend/zend_alloc.c:1979
1979if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  _zend_mm_free_int (heap=0x9eb81b8, p=0x9fe2da0) at
/blade/install/daemon/php/Zend/zend_alloc.c:1979
#1  0x0832114d in _zval_ptr_dtor (zval_ptr=0x9feb5bc) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#2  0x08337c1e in zend_hash_destroy (ht=0x9fdfc44) at
/blade/install/daemon/php/Zend/zend_hash.c:526
#3  0x0832be75 in _zval_dtor_func (zvalue=0x9fe27c4) at
/blade/install/daemon/php/Zend/zend_variables.c:43
#4  0x0832114d in _zval_ptr_dtor (zval_ptr=0x9fdae88) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#5  0x08337c1e in zend_hash_destroy (ht=0x9febac4) at
/blade/install/daemon/php/Zend/zend_hash.c:526
#6  0x0832be75 in _zval_dtor_func (zvalue=0x9fe0eb8) at
/blade/install/daemon/php/Zend/zend_variables.c:43
#7  0x0832114d in _zval_ptr_dtor (zval_ptr=0x9feb590) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#8  0x08337c1e in zend_hash_destroy (ht=0x9fdf82c) at
/blade/install/daemon/php/Zend/zend_hash.c:526
#9  0x0832be75 in _zval_dtor_func (zvalue=0x9fdf1c0) at
/blade/install/daemon/php/Zend/zend_variables.c:43
#10 0x0832114d in _zval_ptr_dtor (zval_ptr=0xa0111c0) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#11 0x0834e816 in zend_leave_helper_SPEC (execute_data=0x1) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:157
#12 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#13 0x08321ab7 in zend_call_function (fci=0xbfe4521c,
fci_cache=0xbfe45240)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#14 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdefd0, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#15 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010ee8) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#16 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#17 0x08321ab7 in zend_call_function (fci=0xbfe4542c,
fci_cache=0xbfe45450)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#18 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdedc4, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#19 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010c78) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#20 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#21 0x08321ab7 in zend_call_function (fci=0xbfe4563c,
fci_cache=0xbfe45660)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#22 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdebb8, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#23 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010a08) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#24 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#25 0x08321ab7 in zend_call_function (fci=0xbfe4584c,
fci_cache=0xbfe45870)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#26 0x08269947 in zif_call_user_fun

#47880 [Asn]: Garbage Collector crashes

[patric at zap dot lu]

 ID:   47880
 User updated by:  patric at zap dot lu
 Reported By:  patric at zap dot lu
 Status:   Assigned
 Bug Type: Scripting Engine problem
 Operating System: Debian Lenny
 PHP Version:  5.3.0RC1
 Assigned To:  dmitry
 New Comment:

Yes the last testcase created infinite recursion, nevertheless it
should not core dump but reach memory exhausted at the end?

I got a new testcase, I isolated the parts in the framework which
lead to the segfault.

Stripped it down to some weird chain of operations, which lead to
segfault.

This time no deep recursion, at a depth of 18 it begins to segfault.


The piece of code:

class bomb {
static function go($pDepth) {
if ($pDepth>0)
 call_user_func_array(array('bomb', 'go'),array($pDepth-1));

 $backtrace = debug_backtrace(false);
 foreach ($backtrace as $k=>$e) 
  foreach ($e['args'] as $kk=>$arg)
   if (is_array($arg))
$backtrace[$k]['args'][$kk]= 'Foobar';  

 }
}

bomb::go(18);   

### GDB ###

Program terminated with signal 11, Segmentation fault.
[New process 25022]
#0  _zend_mm_free_int (heap=0x9eb81b8, p=0x9fe2da0) at
/blade/install/daemon/php/Zend/zend_alloc.c:1979
1979if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  _zend_mm_free_int (heap=0x9eb81b8, p=0x9fe2da0) at
/blade/install/daemon/php/Zend/zend_alloc.c:1979
#1  0x0832114d in _zval_ptr_dtor (zval_ptr=0x9feb5bc) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#2  0x08337c1e in zend_hash_destroy (ht=0x9fdfc44) at
/blade/install/daemon/php/Zend/zend_hash.c:526
#3  0x0832be75 in _zval_dtor_func (zvalue=0x9fe27c4) at
/blade/install/daemon/php/Zend/zend_variables.c:43
#4  0x0832114d in _zval_ptr_dtor (zval_ptr=0x9fdae88) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#5  0x08337c1e in zend_hash_destroy (ht=0x9febac4) at
/blade/install/daemon/php/Zend/zend_hash.c:526
#6  0x0832be75 in _zval_dtor_func (zvalue=0x9fe0eb8) at
/blade/install/daemon/php/Zend/zend_variables.c:43
#7  0x0832114d in _zval_ptr_dtor (zval_ptr=0x9feb590) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#8  0x08337c1e in zend_hash_destroy (ht=0x9fdf82c) at
/blade/install/daemon/php/Zend/zend_hash.c:526
#9  0x0832be75 in _zval_dtor_func (zvalue=0x9fdf1c0) at
/blade/install/daemon/php/Zend/zend_variables.c:43
#10 0x0832114d in _zval_ptr_dtor (zval_ptr=0xa0111c0) at
/blade/install/daemon/php/Zend/zend_variables.h:35
#11 0x0834e816 in zend_leave_helper_SPEC (execute_data=0x1) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:157
#12 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#13 0x08321ab7 in zend_call_function (fci=0xbfe4521c,
fci_cache=0xbfe45240)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#14 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdefd0, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#15 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010ee8) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#16 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#17 0x08321ab7 in zend_call_function (fci=0xbfe4542c,
fci_cache=0xbfe45450)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#18 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdedc4, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#19 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010c78) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#20 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#21 0x08321ab7 in zend_call_function (fci=0xbfe4563c,
fci_cache=0xbfe45660)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#22 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fdebb8, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#23 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010a08) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#24 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:104
#25 0x08321ab7 in zend_call_function (fci=0xbfe4584c,
fci_cache=0xbfe45870)
at /blade/install/daemon/php/Zend/zend_execute_API.c:936
#26 0x08269947 in zif_call_user_func_array (ht=2,
return_value=0x9fde9ac, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
at /blade/install/daemon/php/ext/standard/basic_functions.c:4745
#27 0x08376a59 in zend_do_fcall_common_helper_SPEC
(execute_data=0xa010798) at
/blade/install/daemon/php/Zend/zend_vm_execute.h:313
#28 0x08354b8e in execute (op_array=0x9fdd56c) at
/blade/install/daemon/php/Zen