php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55630 GC causes SEGFAULT
Submitted: 2011-09-07 08:20 UTC Modified: 2011-09-16 14:08 UTC
From: ladislav at marek dot su Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5.3SVN-2011-09-07 (snap) OS: Linux x86
Private report: No CVE-ID: None
 [2011-09-07 08:20 UTC] ladislav at marek dot su
Description:
------------
PHP sometimes ends with segfault. It actually works with gc_disabled().


Test script:
---------------
Im unable to reproduce it with small script and I cannot provide whole application, it is possible to discover where problem is only with backtrace from GDB?.

Expected result:
----------------
no SEGFAULT

Actual result:
--------------
#0  zval_mark_grey (pz=0xa059808) at /home/lm/php-5.3.8/Zend/zend_gc.c:372
#1  0x083bb129 in zval_mark_grey (pz=0xa059808) at
/home/lm/php-5.3.8/Zend/zend_gc.c:379
#2  0x083bb129 in zval_mark_grey (pz=0xa059808) at
/home/lm/php-5.3.8/Zend/zend_gc.c:379
#3  0x083bb129 in zval_mark_grey (pz=0xa059808) at
/home/lm/php-5.3.8/Zend/zend_gc.c:379
#4  0x083bb129 in zval_mark_grey (pz=0xa059808) at
/home/lm/php-5.3.8/Zend/zend_gc.c:379
#5  0x083bb129 in zval_mark_grey (pz=0xa059808) at
/home/lm/php-5.3.8/Zend/zend_gc.c:379
#6  0x083bb9ed in gc_mark_roots () at /home/lm/php-5.3.8/Zend/zend_gc.c:435
#7  gc_collect_cycles () at /home/lm/php-5.3.8/Zend/zend_gc.c:664
#8  0x083bbbfb in gc_zval_possible_root (zv=0xa995780) at
/home/lm/php-5.3.8/Zend/zend_gc.c:166
#9  0x0841692e in gc_zval_check_possible_root (execute_data=0x2) at
/home/lm/php-5.3.8/Zend/zend_gc.h:183
#10 zend_pzval_unlock_func (execute_data=0x2) at
/home/lm/php-5.3.8/Zend/zend_execute.c:80
#11 _get_zval_ptr_var (execute_data=0x2) at
/home/lm/php-5.3.8/Zend/zend_execute.c:211
#12 ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0x2) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:27425
#13 0x083c3396 in execute (op_array=0x9fd1f44) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:107
#14 0x083963da in zend_call_function (fci=0xbfd7cd00,
fci_cache=0xbfd7cd24) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:968
#15 0x082de05b in zif_call_user_func_array (ht=2,
return_value=0xa5bf698, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1) at
/home/lm/php-5.3.8/ext/standard/basic_functions.c:4797
#16 0x083e7691 in zend_do_fcall_common_helper_SPEC
(execute_data=0x9f605d4) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:320
#17 0x083c3396 in execute (op_array=0xa058148) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:107
#18 0x083963da in zend_call_function (fci=0xbfd7cf9c,
fci_cache=0xbfd7cfc0) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:968
#19 0x083b510b in zend_call_method (object_pp=0x9f42860,
obj_ce=0xa094fdc, fn_proxy=0x9f4285c, function_name=0x9f51090
"nette\\loaders\\robotloader::tryload*", function_name_len=39,
retval_ptr_ptr=0xbfd7d068, param_count=1,
   arg1=0xa4cda10, arg2=0x0) at /home/lm/php-5.3.8/Zend/zend_interfaces.c:97
#20 0x0826bc0a in zif_spl_autoload_call (ht=1, return_value=0xa535e3c,
return_value_ptr=0xbfd7d250, this_ptr=0x0, return_value_used=1) at
/home/lm/php-5.3.8/ext/spl/php_spl.c:405
#21 0x0839648a in zend_call_function (fci=0xbfd7d208,
fci_cache=0xbfd7d22c) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:990
#22 0x083969eb in zend_lookup_class_ex (name=0xa58c5fc
"I\\have\\to\\hide\\className", name_length=39,
use_autoload=1, ce=0xbfd7d2ac) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:1125
#23 0x08396cb3 in zend_fetch_class (class_name=0xa58c5fc
"I\\have\\to\\hide\\className", class_name_len=39,
fetch_type=4) at /home/lm/php-5.3.8/Zend/zend_execute_API.c:1567
#24 0x083c1f25 in ZEND_FETCH_CLASS_SPEC_CONST_HANDLER
(execute_data=0x9f5f4f0) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:731
#25 0x083c3396 in execute (op_array=0xa58bc4c) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:107
#26 0x083963da in zend_call_function (fci=0xbfd7d49c,
fci_cache=0xbfd7d4c0) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:968
#27 0x083b510b in zend_call_method (object_pp=0x9f42860,
obj_ce=0xa094fdc, fn_proxy=0x9f4285c, function_name=0x9f51090
"nette\\loaders\\robotloader::tryload*", function_name_len=39,
retval_ptr_ptr=0xbfd7d568, param_count=1,
   arg1=0xa4cbc28, arg2=0x0) at /home/lm/php-5.3.8/Zend/zend_interfaces.c:97
#28 0x0826bc0a in zif_spl_autoload_call (ht=1, return_value=0xa54d134,
return_value_ptr=0xbfd7d760, this_ptr=0x0, return_value_used=1) at
/home/lm/php-5.3.8/ext/spl/php_spl.c:405
#29 0x0839648a in zend_call_function (fci=0xbfd7d718,
fci_cache=0xbfd7d73c) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:990
#30 0x083969eb in zend_lookup_class_ex (name=0xa35f380
"I\\have\\to\\hide\\className",
name_length=61, use_autoload=1, ce=0xbfd7d7bc) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:1125
#31 0x08396cb3 in zend_fetch_class (class_name=0xa35f380
"I\\have\\to\\hide\\className",
class_name_len=61, fetch_type=4) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:1567
#32 0x083c1f25 in ZEND_FETCH_CLASS_SPEC_CONST_HANDLER
(execute_data=0x9f5edb4) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:731
#33 0x083c3396 in execute (op_array=0xa393054) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:107
#34 0x083963da in zend_call_function (fci=0xbfd7d9a8,
fci_cache=0xbfd7d9cc) at
/home/lm/php-5.3.8/Zend/zend_execute_API.c:968
#35 0x08219d25 in zim_reflection_method_invokeArgs (ht=2,
return_value=0xa4bfa48, return_value_ptr=0x0, this_ptr=0xa4bfaa8,
return_value_used=1) at
/home/lm/php-5.3.8/ext/reflection/php_reflection.c:2750
#36 0x083e7691 in zend_do_fcall_common_helper_SPEC
(execute_data=0x9f5eb4c) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:320
#37 0x083c3396 in execute (op_array=0xa4c7c7c) at
/home/lm/php-5.3.8/Zend/zend_vm_execute.h:107
#38 0x0839f4e6 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /home/lm/php-5.3.8/Zend/zend.c:1236
#39 0x0834e636 in php_execute_script (primary_file=0xbfd81fa8) at
/home/lm/php-5.3.8/main/main.c:2284
#40 0x08428d37 in main (argc=1, argv=0xbfd82104) at
/home/lm/php-5.3.8/sapi/fpm/fpm/fpm_main.c:1902

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-07 15:45 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2011-09-07 15:45 UTC] felipe@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2011-09-07 15:46 UTC] felipe@php.net
-Package: Class/Object related +Package: Scripting Engine problem
 [2011-09-16 14:08 UTC] ladislav at marek dot su
-Status: Feedback +Status: Closed
 [2011-09-16 14:08 UTC] ladislav at marek dot su
> To properly diagnose the problem, we need a short but complete example
> script to be able to reproduce this bug ourselves

Which I'm unable to provide, as I noted in report...
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Jan 18 08:01:26 2021 UTC