php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69521 Segfault in gc_collect_cycles().
Submitted: 2015-04-24 07:53 UTC Modified: 2015-05-08 07:55 UTC
From: arjen at react dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: master-Git-2015-04-24 (Git) OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: arjen at react dot com
New email:
PHP Version: OS:

 

 [2015-04-24 07:53 UTC] arjen at react dot com
Description:
------------
USE_ZEND_ALLOC=0 valgrind --vgdb=yes --tool=memcheck --smc-check=all --track-origins=yes --error-limit=no --leak-check=full sapi/cli/php runTests.php

Internal testsuite crashes when gc_collect_cycles is called.

Fix in https://github.com/php/php-src/commit/6718b56e4563b899ccc115f451f2d3623f528919 indeed not complete.

Could not find a status report for it. Any progress yet? Do you have a testcase available or can I help by finding one?

Test script:
---------------
Internal testsuite.

Expected result:
----------------
No segfault.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x0000000000968a65 in gc_mark_grey (ref=0x0) at /home/arjen/phpng/php-src/Zend/zend_gc.c:478
478				GC_REFCOUNT(ref)--;

#0  0x0000000000968a65 in gc_mark_grey (ref=0x0) at /home/arjen/phpng/php-src/Zend/zend_gc.c:478
#1  0x0000000000968aba in gc_mark_roots () at /home/arjen/phpng/php-src/Zend/zend_gc.c:490
#2  0x0000000000969a5b in zend_gc_collect_cycles () at /home/arjen/phpng/php-src/Zend/zend_gc.c:911
#3  0x0000000000950d85 in zif_gc_collect_cycles (execute_data=0xc57d320, return_value=0xc57d150)
    at /home/arjen/phpng/php-src/Zend/zend_builtin_functions.c:378
#4  0x000000000098e81f in ZEND_DO_ICALL_SPEC_HANDLER ()
    at /home/arjen/phpng/php-src/Zend/zend_vm_execute.h:558
#5  0x000000000098e25e in execute_ex (ex=0xc57b0b0) at /home/arjen/phpng/php-src/Zend/zend_vm_execute.h:394
#6  0x000000000098e374 in zend_execute (op_array=0xc5c55b0, return_value=0x0)
    at /home/arjen/phpng/php-src/Zend/zend_vm_execute.h:434
#7  0x00000000009379da in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/arjen/phpng/php-src/Zend/zend.c:1389
#8  0x00000000008ac790 in php_execute_script (primary_file=0xffeffff30)
    at /home/arjen/phpng/php-src/main/main.c:2468
#9  0x00000000009f6c0d in do_cli (argc=4, argv=0xbf604c0)
    at /home/arjen/phpng/php-src/sapi/cli/php_cli.c:967
#10 0x00000000009f7bb6 in main (argc=4, argv=0xbf604c0)
    at /home/arjen/phpng/php-src/sapi/cli/php_cli.c:1334

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-24 11:39 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2015-04-24 11:39 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2015-04-24 12:14 UTC] arjen at react dot com
Let me quote myself: "Do you have a testcase available or can I help by finding one?"

I recompiled with -DZEND_GC_DEBUG=2 and got the following:

[0xfdbe400] rc=1 addr=0 black array(1) ->purple
[...]
[0xfdbe400] rc=1 addr=2947 purple array(-1019662895) ->grey

After the last line, the segfault occurs. These are the only occurences of 0xfdbe400
 [2015-04-24 13:35 UTC] rasmus@php.net
But which test is triggering it?
 [2015-04-29 13:05 UTC] arjen at react dot com
-Status: Feedback +Status: Open
 [2015-04-29 13:05 UTC] arjen at react dot com
Testcase and output @ https://gist.github.com/arjenschol/a640117e58935572cf87
 [2015-05-08 07:55 UTC] arjen at react dot com
PR @ https://github.com/php/php-src/pull/1266
 [2015-06-24 08:19 UTC] arjen at react dot com
PR with fix and phpt testcase waiting at https://github.com/php/php-src/pull/1266

Could someone pull this for 7.0alpha2?
 [2015-07-02 10:47 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=72b0627315e6606310c1042a51dad6e835620bab
Log: Fixed bug #69521 (Segfault in gc_collect_cycles()).
 [2015-07-02 10:47 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2015-07-07 23:36 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=72b0627315e6606310c1042a51dad6e835620bab
Log: Fixed bug #69521 (Segfault in gc_collect_cycles()).
 [2016-07-20 11:38 UTC] davey@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=72b0627315e6606310c1042a51dad6e835620bab
Log: Fixed bug #69521 (Segfault in gc_collect_cycles()).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 05 17:01:30 2024 UTC