Last modified: 2014-10-07 22:38:49 UTC
A core dump was collected showing a crash SplObjectStorage::serialize() while serializing a Wikibase\DataModel\ReferenceList object. The request URL was: http://pt.wikivoyage.org/wiki/Centro-Leste_(Rio_Grande_do_Sul) The crash is currently reproducible with that URL. The PHP backtrace was: #0: serialize #1: HashBagOStuff::get #2: Wikibase\Lib\Store\CachingEntityRevisionLookup::getEntityRevision #3: Wikibase\Lib\Store\RevisionBasedEntityLookup::getEntity #4: call_user_func_array #5: Wikibase\Lib\Store\EntityRedirectResolvingDecorator::__call #6: Wikibase\Lib\Store\EntityRedirectResolvingDecorator::getEntity #7: Wikibase\Lib\Store\RedirectResolvingEntityLookup::getEntity #8: Wikibase\Client\Scribunto\WikibaseLuaBindings::getEntity #9: Scribunto_LuaWikibaseLibrary::getEntity #10: call_user_func_array #11: Scribunto_LuaSandboxCallback::__call #12: Scribunto_LuaSandboxCallback::getEntity #13: LuaSandboxFunction::call #14: call_user_func_array #15: Scribunto_LuaSandboxInterpreter::callFunction #16: Scribunto_LuaEngine::executeFunctionChunk #17: Scribunto_LuaModule::invoke #18: ScribuntoHooks::invokeHook #19: call_user_func_array #20: Parser::callParserFunction #21: Parser::braceSubstitution #22: PPFrame_DOM::expand #23: ExtParserFunctions::ifObj #24: call_user_func_array #25: Parser::callParserFunction #26: Parser::braceSubstitution #27: PPFrame_DOM::expand #28: ExtParserFunctions::ifObj #29: call_user_func_array #30: Parser::callParserFunction #31: Parser::braceSubstitution #32: PPFrame_DOM::expand #33: PPTemplateFrame_DOM::cachedExpand #34: Parser::braceSubstitution #35: PPFrame_DOM::expand #36: Parser::replaceVariables #37: Parser::internalParse #38: Parser::parse #39: WikitextContent::fillParserOutput #40: AbstractContent::getParserOutput #41: PoolWorkArticleView::doWork #42: PoolCounterWork::execute #43: WikiPage::getParserOutput #44: GeoCrumbs::getParserCache #45: GeoCrumbs::makeTrail #46: GeoCrumbs::onSkinTemplateOutputPageBeforeExec #47: call_user_func_array #48: Hooks::run #49: wfRunHooks #50: SkinTemplate::prepareQuickTemplate #51: SkinTemplate::outputPage #52: OutputPage::output #53: MediaWiki::main #54: MediaWiki::run The top of the gdb backtrace was: (gdb) bt #0 0x00007fea99b79e84 in zend_object_store_get_object (zobject=0x7feaa0ee63a0) at /tmp/buildd/php5-5.3.10/Zend/zend_objects_API.c:272 #1 0x00007fea99b76039 in zend_std_object_get_class (object=0x7feaa0ee63a0) at /tmp/buildd/php5-5.3.10/Zend/zend_object_handlers.c:1234 #2 0x00007fea99ac1530 in php_var_serialize_intern (buf=0x7fff49038a70, struc=0xcccccccccccccccd, var_hash=0x7fff49038a00) at /tmp/buildd/php5-5.3.10/ext/standard/var.c:767 #3 0x00007fea99ac1ea6 in php_var_serialize_intern (buf=0x7fff49038a70, struc=0x7fff49038a00, var_hash=0x56) at /tmp/buildd/php5-5.3.10/ext/standard/var.c:866 #4 0x00007fea99ac716c in php_var_serialize (buf=0x7fff49038a70, struc=0x58, var_hash=0x7fea9a28ae80) at /tmp/buildd/php5-5.3.10/ext/standard/var.c:885 #5 0x00007fea99a6cd69 in zim_spl_SplObjectStorage_serialize (ht=-1594987592, return_value=0x7feaa2685458, return_value_ptr=0x7fea9a28ae80, this_ptr=0xb6b84cc231a29827, return_value_used=-1565637857) at /tmp/buildd/php5-5.3.10/ext/spl/spl_observer.c:683 The immediate cause of the crash was an invalid object handle in a zval, out of the bounds of object_buckets, but handlers was apparently correct since it was set to spl_handler_ArrayObject.
Change 165166 had a related patch set uploaded by Tim Starling: HashBagOStuff: use the value itself as the CAS token https://gerrit.wikimedia.org/r/165166
Change 165167 had a related patch set uploaded by Tim Starling: [1.25wmf1] HashBagOStuff: use the value itself as the CAS token https://gerrit.wikimedia.org/r/165167
Change 165168 had a related patch set uploaded by Tim Starling: [1.25wmf2] HashBagOStuff: use the value itself as the CAS token https://gerrit.wikimedia.org/r/165168
Change 165167 merged by jenkins-bot: HashBagOStuff: use the value itself as the CAS token https://gerrit.wikimedia.org/r/165167
Change 165168 merged by jenkins-bot: [1.25wmf2] HashBagOStuff: use the value itself as the CAS token https://gerrit.wikimedia.org/r/165168
*** Bug 71734 has been marked as a duplicate of this bug. ***
Change 165166 merged by jenkins-bot: HashBagOStuff: use the value itself as the CAS token https://gerrit.wikimedia.org/r/165166
Practically (if not essentially) resolved by change I0b0b5f015. That is to say: the underlying bug is still there, but we're no longer hitting it. Since I very much doubt anyone will take the time to chase down an obscure segfault that is no longer reproducible in production, I'm closing this as FIXED.