Edit report at https://bugs.php.net/bug.php?id=53976&edit=1
ID: 53976
Comment by: fidian at rumkin dot com
Reported by: matthew dot scott dot day at gmail dot com
Summary: running phpunit causes seg fault in php garbage
collection
Status: Open
Type: Bug
Package: Reproducible crash
Operating System: ubuntu 10.10
PHP Version: 5.3.5
Block user comment: N
Private report: N
New Comment:
I'm using Ubuntu 12.04 with PHP 5.3.14 (from ppa:team-mayhem/ppa), xdebug 2.2.0
(again from the ppa) and phpunit 3.6.11. PHP from the ppa has the stock Debian
patches in it, but applied against the newer source version. xdebug 2.2.0 in
the ppa is compiled with three lines commented out (a potential fix for this
bug, but we were wrong and it should get reverted soon). We've written our own
coverage collection tools instead of using the one built into phpunit.
This elusive problem happens randomly across machines and will spontaneously
stop happening every now and then. Trying to do various things to the machine,
like rebooting, have mixed results. Trying to do bisects with git repos of PHP
and xDebug have proved ineffective since I can get false passes with a version
that just failed a dozen times in a row.
According to the backtrace, the offensive code looks like this:
root->next->prev = root->prev;
Since it's a segmentation fault, I assume that root->next isn't pointing to
memory that is allocated to PHP (eg. NULL). Here's part of our backtrace, in
the hopes that it helps:
Program received signal SIGSEGV, Segmentation fault.
0x00000000006b9440 in gc_remove_zval_from_buffer (zv=0x7fffffff7570)
at /build/buildd/php5-5.3.14/Zend/zend_gc.h:189
189 /build/buildd/php5-5.3.14/Zend/zend_gc.h: No such file or directory.
in /build/buildd/php5-5.3.14/Zend/zend_gc.h
(gdb) bt full
#0 0x00000000006b9440 in gc_remove_zval_from_buffer (zv=0x7fffffff7570)
at /build/buildd/php5-5.3.14/Zend/zend_gc.h:189
root_buffer = 0x7ffff497ae84
#1 0x000000000068d613 in _zval_ptr_dtor (zval_ptr=0x7fffffff7570)
at /build/buildd/php5-5.3.14/Zend/zend_execute_API.c:446
zv = 0x7fffffff7570
#2 0x00000000006a9900 in zend_hash_destroy (ht=0x4a3af20)
at /build/buildd/php5-5.3.14/Zend/zend_hash.c:729
No locals.
#3 0x000000000069afdf in _zval_dtor_func (zvalue=0x4a33b50)
at /build/buildd/php5-5.3.14/Zend/zend_variables.c:46
No locals.
#4 0x000000000068d621 in _zval_ptr_dtor (zval_ptr=0x7fffffff7570)
at /build/buildd/php5-5.3.14/Zend/zend_variables.h:35
zv = 0x4a33b50
#5 0x00000000006a9900 in zend_hash_destroy (ht=0x4acb800)
at /build/buildd/php5-5.3.14/Zend/zend_hash.c:729
No locals.
#6 0x000000000069afdf in _zval_dtor_func (zvalue=0x4acb7b0)
at /build/buildd/php5-5.3.14/Zend/zend_variables.c:46
No locals.
#7 0x000000000068d621 in _zval_ptr_dtor (zval_ptr=0x7fffffff7570)
at /build/buildd/php5-5.3.14/Zend/zend_variables.h:35
zv = 0x4acb7b0
#8 0x00000000006a9900 in zend_hash_destroy (ht=0x4acb698)
at /build/buildd/php5-5.3.14/Zend/zend_hash.c:729
No locals.
#9 0x000000000069afdf in _zval_dtor_func (zvalue=0x4a402c8)
at /build/buildd/php5-5.3.14/Zend/zend_variables.c:46
No locals.
#10 0x000000000068d621 in _zval_ptr_dtor (zval_ptr=0x7fffffff7570)
at /build/buildd/php5-5.3.14/Zend/zend_variables.h:35
zv = 0x4a402c8
#11 0x00000000006a9900 in zend_hash_destroy (ht=0x4ac9638)
at /build/buildd/php5-5.3.14/Zend/zend_hash.c:729
No locals.
#12 0x000000000069afdf in _zval_dtor_func (zvalue=0x4ac9890)
at /build/buildd/php5-5.3.14/Zend/zend_variables.c:46
No locals.
#13 0x000000000068d621 in _zval_ptr_dtor (zval_ptr=0x7fffffff7570)
at /build/buildd/php5-5.3.14/Zend/zend_variables.h:35
zv = 0x4ac9890
#14 0x00000000006a9900 in zend_hash_destroy (ht=0x49484e8)
at /build/buildd/php5-5.3.14/Zend/zend_hash.c:729
No locals.
#15 0x00000000006bd0f9 in zend_object_std_dtor (object=0x4ac9920)
at /build/buildd/php5-5.3.14/Zend/zend_objects.c:45
No locals.
#16 0x00000000006bd119 in zend_objects_free_object_storage (object=0x4ac9920)
---Type <return> to continue, or q <return> to quit---
at /build/buildd/php5-5.3.14/Zend/zend_objects.c:126
No locals.
#17 0x00000000006c10ff in zend_objects_store_del_ref_by_handle_ex (
handle=80060752, handlers=0x1b80775c085)
at /build/buildd/php5-5.3.14/Zend/zend_objects_API.c:220
__orig_bailout = <incomplete type>
__bailout = {{__jmpbuf = {4294936880, 32767, 76854688, 0, 3129251656,
3229462939, 74648968, 0}, __mask_was_saved = 465475400,
__saved_mask = {__val = {0, 0, 4159544400, 32767, 4159542736,
32767, 7060918, 0, 0, 0, 3219008960, 3493151322, 78464592, 0,
7060918, 0}}}}
obj = 0x1f480
failure = 0
#18 0x00000000006c1123 in zend_objects_store_del_ref (zobject=0x494b5a0)
at /build/buildd/php5-5.3.14/Zend/zend_objects_API.c:172
handle = 4294931824
#19 0x000000000068d621 in _zval_ptr_dtor (zval_ptr=0x7fffffff7570)
at /build/buildd/php5-5.3.14/Zend/zend_variables.h:35
zv = 0x494b5a0
#20 0x00000000006a9900 in zend_hash_destroy (ht=0x46e5fc0)
at /build/buildd/php5-5.3.14/Zend/zend_hash.c:729
No locals.
#21 0x00000000006bd0f9 in zend_object_std_dtor (object=0x4773440)
at /build/buildd/php5-5.3.14/Zend/zend_objects.c:45
No locals.
#22 0x00000000006bd119 in zend_objects_free_object_storage (object=0x4773440)
at /build/buildd/php5-5.3.14/Zend/zend_objects.c:126
No locals.
#23 0x00000000006c10ff in zend_objects_store_del_ref_by_handle_ex (
handle=80059216, handlers=0x1b80775c085)
at /build/buildd/php5-5.3.14/Zend/zend_objects_API.c:220
__orig_bailout = <incomplete type>
__bailout = {{__jmpbuf = {4294949504, 32767, 78957200, 0, 574920520,
1065506460, 18355672, 0}, __mask_was_saved = 465475400,
__saved_mask = {__val = {0, 32767, 4103582289, 32767, 0, 0, 0, 0,
727, 0, 4159542024, 32767, 0, 0, 61724704, 0}}}}
obj = 0x1ee80
failure = 0
#24 0x00000000006c1123 in zend_objects_store_del_ref (zobject=0x4b4ca90)
at /build/buildd/php5-5.3.14/Zend/zend_objects_API.c:172
handle = 4294931824
#25 0x000000000068d621 in _zval_ptr_dtor (zval_ptr=0x7fffffff7570)
at /build/buildd/php5-5.3.14/Zend/zend_variables.h:35
zv = 0x4b4ca90
#26 0x00000000006c66ee in zend_leave_helper_SPEC (execute_data=0x7ffff7ed9308)
at /build/buildd/php5-5.3.14/Zend/zend_vm_execute.h:160
cv = 0x7ffff7ed93a0
end = 0x7ffff7ed93b0
nested = 160 '\240'
---Type <return> to continue, or q <return> to quit---
op_array = 0x11815d8
#27 0x00000000006ed2e8 in ZEND_HANDLE_EXCEPTION_SPEC_HANDLER (
execute_data=0x7ffff7ed9308)
at /build/buildd/php5-5.3.14/Zend/zend_vm_execute.h:683
op_num = 11
catch_op_num = 18355672
catched = 0
restored_error_reporting = {value = {lval = 4159542024,
dval = 6.9533491169375569e-310, str = {
val = 0x7ffff7ed9308 "\200", <incomplete sequence \345>,
len = -29984}, ht = 0x7ffff7ed9308, obj = {handle = 4159542024,
handlers = 0x1007fffffff8ae0}}, refcount__gc = 4103494072,
type = 255 '\377', is_ref__gc = 127 '\177'}
stack_frame = 0x0
#28 0x00000000006c1e6b in execute (op_array=0x11815d8)
at /build/buildd/php5-5.3.14/Zend/zend_vm_execute.h:107
ret = -191385980
execute_data = 0x7ffff7ed9308
nested = 0 '\000'
original_in_execution = 1 '\001'
#29 0x00007ffff4963f2d in xdebug_execute (op_array=0x11815d8)
at /build/buildd/xdebug-2.2.0/build-php5/xdebug.c:1390
dummy = 0x6bbdb6
edata = 0x7fffffff8cb0
fse = 0x25be230
xfse = 0x6c66ee
magic_cookie = 0x0
do_return = 0
function_nr = 3410608
le = 0xe56f20
eval_id = 0
clear = 0
return_val = 0x0
Previous Comments:
------------------------------------------------------------------------
[2012-02-07 19:42:48] rasta at lj dot sk
i am having the same problem.
running phpunit -dzend.enable_gc=0 works without failure
------------------------------------------------------------------------
[2011-10-28 14:10:04] deviantintegral at gmail dot com
I'm running into this with running phpunit for symfony2 tests on Ubuntu 10.04.
If I disable garbage collection by running phpunit with "-dzend.enable_gc=0"
everything runs fine.
------------------------------------------------------------------------
[2011-08-23 07:57:23] francesco dot monte at gmail dot com
I'm expecting the same issue. Did you got what caused it?
------------------------------------------------------------------------
[2011-07-24 18:32:28] zhengxiang dot pan at alcatel-lucent dot com
I observed this program too.
mongodb PHP driver unit test testEnsureUniqueIndex in MongoCollectionTest.php
can reproduce this program. I run php 5.3.6 on Ubuntu.
------------------------------------------------------------------------
[2011-02-13 04:38:00] [email protected]
This is nigh-impossible to debug without a reproducing script; the stack trace
is the most generic crash on shutdown you can get. The fact the crash doesn't
happen on xdebug code doesn't mean it wasn't xdebug that corrupted the state
and ultimately caused the crash on shutdown.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=53976
--
Edit this bug report at https://bugs.php.net/bug.php?id=53976&edit=1
