Bug #62358 [Com]: Segfault when using traits a lot

Mon, 20 Aug 2012 08:12:42 -0700 

Edit report at https://bugs.php.net/bug.php?id=62358&edit=1

 ID:                 62358
 Comment by:         maciej dot sz at gmail dot com
 Reported by:        maciej dot sz at gmail dot com
 Summary:            Segfault when using traits a lot
 Status:             Assigned
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   Linux 3.2.0-25-generic Ubuntu
 PHP Version:        5.4.4
 Assigned To:        laruence
 Block user comment: N
 Private report:     N

 New Comment:

I could, until I restarted computer to check if it's still there... Now it 
crashes running from bash, but not from gdb console. I'll get back to you as 
soon as it occur again.


Previous Comments:
------------------------------------------------------------------------
[2012-08-20 14:58:29] larue...@php.net

if yes, could you please also print the child and parent out in frame 1 ? it 
will 
be very helpful..

thanks

------------------------------------------------------------------------
[2012-08-20 14:52:38] larue...@php.net

you can reproduce this in 100% chance?

------------------------------------------------------------------------
[2012-08-20 14:48:30] maciej dot sz at gmail dot com

Nope, no cache, not even Xdebug nor Zend debug. Pure PHP compiled with 
following configuration:

'./configure'  '--with-mysql' '--with-pgsql' '--with-zlib' '--enable-calendar' 
'--with-curl' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-gd' 
'--enable-bcmath' '--enable-soap' '--with-pdo-mysql' '--with-pdo-pgsql' 
'--with-pdo-sqlite' '--with-config-file-path=/usr/local/php54/etc' 
'--with-config-file-scan-dir=/usr/local/php54/etc/conf.d' 
'--prefix=/usr/local/php54' '--enable-debug' '--with-mysqli' 
'--enable-mbstring' '--enable-fpm'

------------------------------------------------------------------------
[2012-08-20 14:39:26] larue...@php.net

did you use some opcodes cache?

seems the function struct is totally mess.

------------------------------------------------------------------------
[2012-08-20 14:30:42] maciej dot sz at gmail dot com

It is close to impossible to reproduce this bug on two separate machines. I've 
tried moving exact code which caused the segfault on one computer to another, 
but it executed normally there.

Meanwhile I've encountered another, very similar fault with slightly different 
backtrace, which I think is related (maybe this one will be of any help?):

Program received signal SIGSEGV, Segmentation fault.
0x000000000094e506 in zend_get_function_declaration (fptr=0x1e68018)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3072
3072                            if (arg_info->class_name) {


(gdb) bt
#0  0x000000000094e506 in zend_get_function_declaration (fptr=0x1e68018)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3072
#1  0x000000000094f37b in do_inheritance_check_on_method (child=0x1eb8700, 
parent=0x1e6e320)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3263
#2  0x000000000094f531 in do_inherit_method_check 
(child_function_table=0x1ea6a80, parent=0x1e6e320, 
    hash_key=0x7fffffff9db0, child_ce=0x1ea6a58)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3288
#3  0x0000000000988bf0 in zend_hash_replace_checker_wrapper (target=0x1ea6a80, 
source_data=0x1e6e320, 
    p=0x1e7af20, pParam=0x1ea6a58, merge_checker_func=0x94f4aa 
<do_inherit_method_check>)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_hash.c:878
#4  0x0000000000988c71 in zend_hash_merge_ex (target=0x1ea6a80, 
source=0x1e501a8, 
    pCopyConstructor=0x94ddb3 <do_inherit_method>, size=240, 
    pMergeSource=0x94f4aa <do_inherit_method_check>, pParam=0x1ea6a58)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_hash.c:892
#5  0x00000000009507df in zend_do_inheritance (ce=0x1ea6a58, 
parent_ce=0x1e50180)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3519
#6  0x00000000009540a7 in do_bind_inherited_class (op_array=0x1e60190, 
opline=0x1ea6f90, 
    class_table=0x126eeb0, parent_ce=0x1e50180, compile_time=0 '\000')
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:4570
#7  0x00000000009b742a in ZEND_DECLARE_INHERITED_CLASS_SPEC_HANDLER 
(execute_data=0x7ffff7f94f30)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_vm_execute.h:936
#8  0x00000000009b4122 in execute (op_array=0x1e60190)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_vm_execute.h:410
#9  0x000000000096381c in zend_call_function (fci=0x7fffffffa3f0, 
fci_cache=0x7fffffffa440)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_execute_API.c:958
#10 0x0000000000717021 in zim_reflection_method_invokeArgs (ht=2, 
return_value=0x1ea8ac0, 
    return_value_ptr=0x0, this_ptr=0x1e66070, return_value_used=1)
    at /home/maciek/Downloads/php-5.4.6RC1/ext/reflection/php_reflection.c:3024
#11 0x00000000009b5838 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7ffff7f937e8)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_vm_execute.h:642
#12 0x00000000009b66dc in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER 
(execute_data=0x7ffff7f937e8)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_vm_execute.h:752
#13 0x00000000009b4122 in execute (op_array=0x7ffff083e960)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_vm_execute.h:410
#14 0x0000000000976ca1 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3)
    at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend.c:1289
#15 0x00000000008e90aa in php_execute_script (primary_file=0x7fffffffcdb0)
    at /home/maciek/Downloads/php-5.4.6RC1/main/main.c:2473
#16 0x0000000000abf8c1 in do_cli (argc=6, argv=0x7fffffffe198)
    at /home/maciek/Downloads/php-5.4.6RC1/sapi/cli/php_cli.c:988
#17 0x0000000000ac09fa in main (argc=6, argv=0x7fffffffe198)
    at /home/maciek/Downloads/php-5.4.6RC1/sapi/cli/php_cli.c:1364


(gdb) p *arg_info
Cannot access memory at address 0xcf5d2b8b


(gdb) p *fptr
$3 = {type = 152 '\230', common = {type = 152 '\230', function_name = 0x1e7c320 
"\001", 
    scope = 0x1e7c288, fn_flags = 9911106, prototype = 0x5a010000, num_args = 
2241651391, 
    required_num_args = 1515870810, arg_info = 0xcf5d2b8b}, op_array = {type = 
152 '\230', 
    function_name = 0x1e7c320 "\001", scope = 0x1e7c288, fn_flags = 9911106, 
prototype = 0x5a010000, 
    num_args = 2241651391, required_num_args = 1515870810, arg_info = 
0xcf5d2b8b, refcount = 0x79, 
    opcodes = 0xa1, last = 1930623196, vars = 0xfb24d0, last_var = 2019, T = 0, 
brk_cont_array = 0x0, 
    last_brk_cont = 0, try_catch_array = 0x20, last_try_catch = 1011079938, 
    static_variables = 0x7ffff7f1f490, this_var = 32, 
    filename = 0x600000001 <Address 0x600000001 out of bounds>, line_start = 0, 
line_end = 0, 
    doc_comment = 0x5a5a5a5a859ce2bf <Address 0x5a5a5a5a859ce2bf out of 
bounds>, 
    doc_comment_len = 3478989571, early_binding = 0, literals = 0x81, 
last_literal = 121, 
    run_time_cache = 0x7312f8dc, last_cache_slot = 16458960, reserved = {0x7e3, 
0x0, 0x0, 0x20}}, 
  internal_function = {type = 152 '\230', function_name = 0x1e7c320 "\001", 
scope = 0x1e7c288, 
    fn_flags = 9911106, prototype = 0x5a010000, num_args = 2241651391, 
required_num_args = 1515870810, 
    arg_info = 0xcf5d2b8b, handler = 0x79, module = 0xa1}}

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=62358


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=62358&edit=1

Reply via email to