Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:70558
Return-Path: <ralph@ralphschindler.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 49173 invoked from network); 9 Dec 2013 17:25:54 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Dec 2013 17:25:54 -0000
Authentication-Results: pb1.pair.com smtp.mail=ralph@ralphschindler.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=ralph@ralphschindler.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain ralphschindler.com from 209.85.214.177 cause and error)
X-PHP-List-Original-Sender: ralph@ralphschindler.com
X-Host-Fingerprint: 209.85.214.177 mail-ob0-f177.google.com  
Received: from [209.85.214.177] ([209.85.214.177:45677] helo=mail-ob0-f177.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id D6/C1-40251-02DF5A25 for <internals@lists.php.net>; Mon, 09 Dec 2013 12:25:53 -0500
Received: by mail-ob0-f177.google.com with SMTP id va2so4036395obc.36
        for <internals@lists.php.net>; Mon, 09 Dec 2013 09:25:50 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
         :subject:content-type;
        bh=cCGUM+1qKMo/rqUBkbUZs9LlUBEBV1cU9qmwLgC+zHU=;
        b=EGKsEZcCwQM1Els6hlllrYhgpCw0xpS1GzfQGklHbaWz4uxXXv8cUXfAlV6ZHJpE/p
         jY5XvlVk6Pc1M65kPg/Z0yIP8oktxY45A3OBrBDVGBC7GEToQosQLkYXb+nwD4e3afjf
         T8puN2vIQmIM9qC6tqhWFqveBuSeWqN6AJMGPb/vU8AQmaKkaa7fo/QcO2bMXaWDRIRw
         JPUyPFRtHYmZEW4Xd5o9vNR9uyeqOs1eOMckyICOR6oSdP3nbuGy6CvsOyseXyLrRADh
         71oZERwJQ9AG6HAOSbPhZuIY+xdwsT+P8HlN7KQKmjFKCz3M5XHwOTZyNuAzTsvgrazK
         R6EA==
X-Gm-Message-State: ALoCoQmvXNwIrD/5TNOQbpSaKuSKGLpWc4wTg9QcIuyBVHEPfqnIpQ/4TfvWh4aqg7cVMMI8O0Y4
X-Received: by 10.182.220.225 with SMTP id pz1mr3322726obc.51.1386609949968;
        Mon, 09 Dec 2013 09:25:49 -0800 (PST)
Received: from [172.16.1.40] (ip174-73-14-247.no.no.cox.net. [174.73.14.247])
        by mx.google.com with ESMTPSA id nw5sm16688466obc.9.2013.12.09.09.25.48
        for <internals@lists.php.net>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Mon, 09 Dec 2013 09:25:49 -0800 (PST)
Message-ID: <52A5FD1B.2020301@ralphschindler.com>
Date: Mon, 09 Dec 2013 11:25:47 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: internals <internals@lists.php.net>
Content-Type: multipart/mixed;
 boundary="------------040509010501020907080507"
Subject: SegFault 11 on 5.5.6 on function return
From: ralph@ralphschindler.com (Ralph Schindler)

--------------040509010501020907080507
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi all,

We started noticing Segfaults in Travis when PHP was upgraded to 5.5.6. 
  I've tested this particular issue on both linux and mac and can 
produce the segfault in both place.

Looking at the backtrace (provided), can anyone offer assistance as to 
what changed between 5.5.5 and 5.5.6 that might be causing this?

I've been able to isolate the last line of PHP code that executes before 
the segfault:

 
https://github.com/sebastianbergmann/phpunit/blob/3.7/PHPUnit/Util/Type.php#L203

I know the value of $value there to be null when this SegFault occurs.

Also, the backtrace seems to hint at a problem in the garbage collector 
since the source of the issue emanates from gc_remove_from_buffer().

My guesses...

Is it possible that either the garbage collector is running and 
destroying the stack, and that when unwinding the stack frames it is in 
an inconsistent state and/or the return value for that particular 
function is not placed on the stack so that the stack is in the proper 
context when the return is processed?

I can do additional research if anyone would like to point me in the 
right direction, or I can provide access to a VM where this particular 
backtrace was produced from.

Thanks in advance.
-ralph

--------------040509010501020907080507
Content-Type: text/plain; charset=UTF-8;
 name="segfault-5.5.6-phpunit-zf2.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="segfault-5.5.6-phpunit-zf2.txt"

travis@debug-ralphschindler-hs-3881-php-1386357134:~/zendframework/zf2/tests$ /home/travis/.phpenv/versions/5.5.6/bin/php --version
PHP 5.5.6 (cli) (built: Nov 30 2013 14:49:24)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2013 Zend Technologies
    with Zend OPcache v7.0.3-dev, Copyright (c) 1999-2013, by Zend Technologies
    with Xdebug v2.2.3, Copyright (c) 2002-2013, by Derick Rethans

travis@debug-ralphschindler-hs-3881-php-1386357134:~/zendframework/zf2/tests$ gdb --args /home/travis/.phpenv/versions/5.5.6/bin/php ../vendor/bin/phpunit --tap ZendTest/Soap/Client/DotNetTest.php
GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /home/travis/.phpenv/versions/5.5.6/bin/php...done.
(gdb) run
Starting program: /home/travis/.phpenv/versions/5.5.6/bin/php ../vendor/bin/phpunit --tap ZendTest/Soap/Client/DotNetTest.php
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7fff000
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
TAP version 13
ok 1 - ZendTest\Soap\Client\DotNetTest::testADefaultCurlClientIsUsedIfNoneIsInjected
ok 2 - ZendTest\Soap\Client\DotNetTest::testCurlClientCanBeInjected
ok 3 - ZendTest\Soap\Client\DotNetTest::testCurlClientRequestIsDoneWhenUsingNtlmAuthentication

Program received signal SIGSEGV, Segmentation fault.
0x00000000008a696e in gc_remove_from_buffer (tsrm_ls=0x114fea0, root=0x141e330) at /tmp/php-build/source/5.5.6/Zend/zend_gc.h:189
189	/tmp/php-build/source/5.5.6/Zend/zend_gc.h: No such file or directory.
(gdb) bt
#0  0x00000000008a696e in gc_remove_from_buffer (tsrm_ls=0x114fea0, root=0x141e330) at /tmp/php-build/source/5.5.6/Zend/zend_gc.h:189
#1  gc_remove_zval_from_buffer (zv=0x7fffffff7c30, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_gc.c:265
#2  0x000000000093d0f3 in i_zval_ptr_dtor (zval_ptr=0x7fffffff7c30) at /tmp/php-build/source/5.5.6/Zend/zend_execute.h:80
#3  i_free_compiled_variables (execute_data=0x7ffff7f99ef8) at /tmp/php-build/source/5.5.6/Zend/zend_execute.c:1511
#4  zend_leave_helper_SPEC (execute_data=0x7ffff7f99ef8, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:399
#5  0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f99ef8, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#6  0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f99ef8, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#7  0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f99d98, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#8  0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f99d98, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#9  0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f99d98, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#10 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f99b50, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#11 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f99b50, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#12 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f99b50, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#13 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f99820, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#14 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f99820, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#15 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f99820, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#16 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f99268, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#17 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f99268, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#18 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f99268, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#19 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f990a8, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#20 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f990a8, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#21 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f990a8, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#22 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f98e60, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#23 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f98e60, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#24 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f98e60, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#25 0x0000000000875190 in zend_call_function (fci=0x7fffffff8a30, fci_cache=<optimized out>, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_execute_API.c:939
#26 0x00000000006c1466 in zim_reflection_method_invokeArgs (tsrm_ls=0x114fea0, this_ptr=<optimized out>, return_value=0x1793928, ht=<optimized out>, return_value_ptr=<optimized out>,
    return_value_used=<optimized out>) at /tmp/php-build/source/5.5.6/ext/reflection/php_reflection.c:3018
#27 zim_reflection_method_invokeArgs (ht=<optimized out>, return_value=0x1793928, return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>, tsrm_ls=0x114fea0)
    at /tmp/php-build/source/5.5.6/ext/reflection/php_reflection.c:2921
#28 0x00007fffedb5b7dd in xdebug_execute_internal (current_execute_data=0x7ffff7f989f0, fci=0x0, return_value_used=1, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1553
#29 0x000000000093f61a in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>, tsrm_ls=<optimized out>) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:552
#30 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f989f0, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#31 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f989f0, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#32 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f97f78, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#33 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f97f78, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#34 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f97f78, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#35 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f96c90, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#36 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f96c90, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#37 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f96c90, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#38 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f957e0, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#39 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f957e0, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#40 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f957e0, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#41 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f94770, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#42 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f94770, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#43 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f94770, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#44 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f94548, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#45 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f94548, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#46 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f94548, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#47 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f93218, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#48 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f93218, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#49 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f93218, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#50 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f90d90, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#51 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f90d90, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#52 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f90d90, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#53 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f90478, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#54 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f90478, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#55 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f90478, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#56 0x000000000093fd83 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f902c0, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:584
#57 0x00000000008fd67b in execute_ex (execute_data=0x7ffff7f902c0, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/Zend/zend_vm_execute.h:363
#58 0x00007fffedb5d0d5 in xdebug_execute_ex (execute_data=0x7ffff7f902c0, tsrm_ls=0x114fea0) at /tmp/php-build/source/xdebug-2.2.3/xdebug.c:1437
#59 0x00000000008862f8 in zend_execute_scripts (type=8, tsrm_ls=0x114fea0, retval=0x0, file_count=3) at /tmp/php-build/source/5.5.6/Zend/zend.c:1320
#60 0x0000000000815964 in php_execute_script (primary_file=0x7fffffffc530, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/main/main.c:2489
---Type <return> to continue, or q <return> to quit---
#61 0x0000000000943581 in do_cli (argc=4, argv=0x114fd40, tsrm_ls=0x114fea0) at /tmp/php-build/source/5.5.6/sapi/cli/php_cli.c:994
#62 0x0000000000446c00 in main (argc=4, argv=0x114fd40) at /tmp/php-build/source/5.5.6/sapi/cli/php_cli.c:1378
--------------040509010501020907080507--