Bug #55665 [Opn]: Segmentation fault in gc_mark_roots()

shm Fri, 28 Jun 2013 00:34:14 -0700

Edit report at https://bugs.php.net/bug.php?id=55665&edit=1


 ID:                 55665
 Updated by:         s...@php.net
 Reported by:        mbecc...@php.net
 Summary:            Segmentation fault in gc_mark_roots()
 Status:             Open
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   FreeBSD 6.2
 PHP Version:        5.3SVN-2011-09-10 (SVN)
 Block user comment: N
 Private report:     N

 New Comment:

Any updates?


Previous Comments:
------------------------------------------------------------------------
[2011-09-29 06:07:17] mbecc...@php.net

Hi Tyrael,

I've switched the test runs to use php 5.3.8 and I got segmentation faults 
again. I will try to investigate during the weekend, but generally speaking it 
should be possible to trigger some. The most recent core file shows a SIGSEGV 
at:

#0  0x000000000094a10c in zval_scan (pz=0x0)
    at /array1/compile/php-src/php/php-src/branches/PHP_5_3/Zend/zend_gc.c:450
450             if (GC_ZVAL_GET_COLOR(pz) == GC_GREY) {

------------------------------------------------------------------------
[2011-09-27 00:00:03] tyr...@php.net

is it still reproducible with 5.3.8?

------------------------------------------------------------------------
[2011-09-10 11:17:29] mbecc...@php.net

Description:
------------
As usual with bugs related to garbage collection, I don't have a short 
reproduce code. The segmentation fault happens when running a pretty heavy 
integration test and is currently reproducible on PHP 5.3 (tested 5.3.4, 
5.3.6RC3, 5.3.8 and PHP_5_3 svn HEAD). Unfortunately garbage collection is a 
bit too much for me to be able to make sense of it and debug the issue.

Interestingly enough I couldn't reproduce it on PHP 5.2 or PHP 5.4.

Happens both with gcc 3.4.6 and 4.2.5 with -O0.

SSH Access to the machine is available for anyone interested in investigating.



Actual result:
--------------
Here is the relevant portion of backtrace and some other gdb commands:

#0  0x000000000094a060 in gc_mark_roots () at 
/array1/compile/php-src/php/php-src/branches/PHP_5_3/Zend/zend_gc.c:434
434                             if (GC_ZVAL_GET_COLOR(current->u.pz) == 
GC_PURPLE) {
(gdb) bt full
#0  0x000000000094a060 in gc_mark_roots () at 
/array1/compile/php-src/php/php-src/branches/PHP_5_3/Zend/zend_gc.c:434
        current = (gc_root_buffer *) 0x11121a0
#1  0x000000000094a90c in gc_collect_cycles () at 
/array1/compile/php-src/php/php-src/branches/PHP_5_3/Zend/zend_gc.c:664
        p = (zval_gc_info *) 0x1e8fbd0
        q = (zval_gc_info *) 0x7fffffffccd8
        orig_free_list = (zval_gc_info *) 0x377c42d8edc99ee
        orig_next_to_free = (zval_gc_info *) 0x901e88190
        count = 0
#2  0x00000000009495c2 in gc_zval_possible_root (zv=0x3e37620) at 
/array1/compile/php-src/php/php-src/branches/PHP_5_3/Zend/zend_gc.c:166
        newRoot = (gc_root_buffer *) 0x0
#3  0x00000000009bb104 in ZEND_FETCH_DIM_W_SPEC_VAR_CV_HANDLER 
(execute_data=0x1390810) at zend_gc.h:183
        opline = (zend_op *) 0x1e8fbf8
        free_op1 = {var = 0x0}
        dim = (zval *) 0x3e37708
        container = (zval **) 0x3057850
#4  0x0000000000953c58 in execute (op_array=0x1e8be08) at zend_vm_execute.h:107
        ret = 0
        execute_data = (zend_execute_data *) 0x1390810
        nested = 1 '\001'
        original_in_execution = 0 '\0'
...
(gdb) print current->u.pz
$1 = (zval *) 0x3e9fd38
(gdb) print *current->u.pz
Cannot access memory at address 0x3e9fd38
(gdb) frame 4
#4  0x0000000000953c58 in execute (op_array=0x1e8be08) at zend_vm_execute.h:107
107                     if ((ret = EX(opline)->handler(execute_data TSRMLS_CC)) 
> 0) {
(gdb) dump_bt executor_globals.current_execute_data
[0x01390810] addItem() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container.php:153
[0x013905c0] addItem() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container.php:108
[0x01390450] createItem() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container.php:196
[0x01390008] createDirective() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container/PHPArray.php:113
[0x0138fbc0] _parseArray() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container/PHPArray.php:111
[0x0138f5a0] _parseArray() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config/Container/PHPArray.php:75
[0x0138ef48] parseDatasrc() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/pear/Config.php:197
[0x0138ebd8] parseConfig() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/OA/Admin/Settings.php:364
[0x0138b9b0] writeConfigArrayToFile() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/OA/Admin/Settings.php:173
[0x0138b7a0] writeConfigChange() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/OX/Plugin/PluginManager.php:870
[0x0138ac18] _setPackage() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/OX/Plugin/PluginManager.php:518
[0x0138a0e8] enablePackage() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/tests/testClasses/TestEnv.php:183
[0x01389198] installPluginPackage() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/plugins_repo/apRetargetingDriverExternal/plugins/apRetargeting/lib/Dal/Drivers/tests/integration/External.plg.test.php:28
[0x01388f80] setUp() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/invoker.php:67
[0x01388e50] invoke() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/invoker.php:126
[0x01388878] invoke() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/errors.php:48
[0x01388748] invoke() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/invoker.php:126
[0x01388228] invoke() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/exceptions.php:42
[0x01387a28] invoke() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/test_case.php:135
[0x013873e0] run() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/test_case.php:588
[0x01386d98] run() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/lib/simpletest/test_case.php:591
[0x01386b08] run() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/tests/testClasses/TestRunner.php:411
[0x01386320] runCase() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/tests/testClasses/TestRunner.php:194
[0x01385040] runFile() 
/usr/local/bamboo/test-home/xml-data/build-dir/RET-TRUNK-PHPBUG/tests/run.php:123



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=55665&edit=1

Bug #55665 [Opn]: Segmentation fault in gc_mark_roots()

Reply via email to