php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61866 SEGFAULT in gc_zval_possible_root
Submitted: 2012-04-27 13:59 UTC Modified: 2013-02-18 00:35 UTC
From: ales at ignition dot cz Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.4.1 OS: Gentoo VServer, kernel 2.6.35
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ales at ignition dot cz
New email:
PHP Version: OS:

 

 [2012-04-27 13:59 UTC] ales at ignition dot cz
Description:
------------
PHP script keeps SEGFAULTing at the end of run. The script's output and HTTP headers sent by application are sent to browser along with Apache's 500 error document after the PHP's output.

The same behaviour when run as FastCGI (Apache 2.2.22, mod_fastcgi 2.4.7_pre0910052141, PHP-FPM) or CLI (except for the Apache's error document obviously). The below php info and GDB backtrace is taken from CLI run.

I tried to recompile whole server but the problem still persists. I also tried different PHP version's, it is the same for PHP 5.3.10, 5.4.0 and 5.4.1.

gc_disable() run in the begining solves the issue partialy - on some sites under some conditions. I unfortunately did not have the chance to identify the conditions, it seems to be connected with loading a lot of records (100+) from database. The below output is without gc_disable().

I am unable to provide test case as the application is big and uses __destructors, __autoload and __toString methods a lot along with OutputBuffering (but the script SEGFAULTs with output buffer turned off too).

My PHP info:

System => Linux hosting.ignition.cz 2.6.35-vs2.3.0.36.32-gentoo #4 SMP Sat May 28 09:55:08 CEST 2011 x86_64
Build Date => Apr 26 2012 21:35:55
Configure Command =>  './configure'  '--prefix=/usr' '--build=x86_64-pc-linux-gnu' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--loc
alstatedir=/var/lib' '--prefix=/usr/lib64/php5.4' '--mandir=/usr/lib64/php5.4/man' '--infodir=/usr/lib64/php5.4/info' '--libdir=/usr/lib64/php5.4/lib' '--with-libdir=lib64' '--without-pear' '--disable-maintainer-zts
' '--enable-bcmath' '--with-bz2' '--enable-calendar' '--enable-ctype' '--with-curl' '--without-curlwrappers' '--enable-dom' '--with-enchant=/usr' '--enable-exif' '--enable-fileinfo' '--enable-filter' '--enable-ftp'
'--with-gettext' '--with-gmp' '--enable-hash' '--with-mhash' '--with-iconv' '--enable-intl' '--disable-ipv6' '--enable-json' '--without-kerberos' '--enable-libxml' '--enable-mbstring' '--with-mcrypt' '--without-mssq
l' '--with-onig=/usr' '--with-openssl' '--with-openssl-dir=/usr' '--enable-pcntl' '--enable-phar' '--enable-pdo' '--with-pgsql' '--enable-posix' '--with-pspell' '--without-recode' '--enable-simplexml' '--disable-shm
op' '--with-snmp' '--enable-soap' '--enable-sockets' '--with-sqlite3=/usr' '--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem' '--disable-sysvshm' '--with-tidy' '--enable-tokenizer' '--enable-wddx' '--enab
le-xml' '--enable-xmlreader' '--enable-xmlwriter' '--with-xmlrpc' '--with-xsl' '--enable-zip' '--with-zlib' '--disable-debug' '--enable-dba' '--without-cdb' '--with-db4' '--disable-flatfile' '--with-gdbm' '--disable
-inifile' '--without-qdbm' '--with-freetype-dir=/usr' '--with-t1lib=/usr' '--disable-gd-jis-conv' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--with-gd' '--with-imap' '--with-imap-ssl' '--wit
h-interbase=/usr' '--with-mysql=mysqlnd' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-mysqli=mysqlnd' '--without-pdo-dblib' '--with-pdo-mysql=mysqlnd' '--with-pdo-pgsql' '--with-pdo-sqlite=/usr' '--withou
t-pdo-odbc' '--with-readline' '--without-libedit' '--without-mm' '--with-pcre-regex=/usr' '--with-pcre-dir=/usr' '--with-config-file-path=/etc/php/cli-php5.4' '--with-config-file-scan-dir=/etc/php/cli-php5.4/ext-act
ive' '--disable-embed' '--enable-cli' '--disable-cgi' '--disable-fpm' '--without-apxs2'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /etc/php/cli-php5.4
Loaded Configuration File => /etc/php/cli-php5.4/php.ini
Scan this dir for additional .ini files => /etc/php/cli-php5.4/ext-active
Additional .ini files parsed => /etc/php/cli-php5.4/ext-active/cairo.ini,
/etc/php/cli-php5.4/ext-active/haru.ini,
/etc/php/cli-php5.4/ext-active/imagick.ini,
/etc/php/cli-php5.4/ext-active/uploadprogress.ini

PHP API => 20100412
PHP Extension => 20100525
Zend Extension => 220100525
Zend Extension Build => API220100525,NTS
PHP Extension Build => API20100525,NTS
Debug Build => no
Thread Safety => disabled
Zend Signal Handling => disabled
Zend Memory Manager => enabled
Zend Multibyte Support => provided by mbstring
IPv6 Support => disabled
DTrace Support => disabled

If needed, please instruct me how to get more information about the SEGFAULT, I will gladly provide more information.

Expected result:
----------------
Clean script exit.

Actual result:
--------------
SEGFAULT with following GDB backtrace:

Program terminated with signal 11, Segmentation fault.
#0  0x00007f7a5086e8e1 in gc_zval_possible_root ()
#1  0x00007f7a50870aa2 in zend_object_std_dtor ()
#2  0x00007f7a50870afd in zend_objects_free_object_storage ()
#3  0x00007f7a50876f43 in zend_objects_store_free_object_storage ()
#4  0x00007f7a508398f3 in shutdown_executor ()
#5  0x00007f7a5084a6b5 in zend_deactivate ()
#6  0x00007f7a507e1e4a in php_request_shutdown ()
#7  0x00007f7a5090757c in ?? ()
#8  0x00007f7a50908b78 in main ()


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-04-30 21:11 UTC] sixd@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

Without a testcase not much can be done.  Please see if you can create one.
 [2012-04-30 21:11 UTC] sixd@php.net
-Status: Open +Status: Feedback
 [2013-02-18 00:35 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 12:01:27 2024 UTC